CVE-2019-5739

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service DoS attack...

CVE-2019-3685

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...

CVE-2019-3685

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...

CVE-2019-3685

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...

CVE-2019-3685

Open Build Service osc client did not validate TLS certificates for HTTPS connections before version 0.165.4. Affected components: osc binary used by Open Build Service. Impact: potential trust/security risk due to improper TLS validation (CVSS data in sources indicates high severity). Remediatio...

CVE-2019-3685

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...

CVE-2019-3685 Missing TLS certificate validation for HTTPS connections in osc

Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary...

CVE-2019-15042

An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1...

Google to Experiment 'DNS over HTTPS' (DoH) Feature in Chrome 78

Immediately after Mozilla announced its plan to soon enable 'DNS over HTTPS' DoH by default for Firefox users in the United States, Google today says it is planning an experiment with the privacy-focused technology in its upcoming Chrome 78. Under development since 2017, 'DNS over HTTPS' performs...

Firefox to Automatically Trust OS-Installed CA Certificates to Prevent TLS Errors

Mozilla has finally introduced a mechanism to let Firefox browser automatically fix certain TLS errors, often triggered when antivirus software installed on a system tries to intercept secure HTTPS connections. Most Antivirus software offers web security feature that intercepts encrypted HTTPS...

Google Chrome to Introduce Improved Cookie Controls Against Online Tracking

At the company's I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser. In an attempt to allow users to block online tracking, Google has announced two new features—Improved...

Denial Of Service (DoS)

node is vulnerable to denial of service DoS attacks. The vulnerability exists when a malicious user sends headers while keeping HTTP/HTTPS connections alive for a long period of time...

8 Ways to Avoid the Cybersecurity Grinch This Holiday Season

'Tis the season to be jolly…unless you work in cybersecurity. According to the Carbon Black Threat Analysis Unit TAU, organizations should expect to see a spike in potential cyberattacks starting with Black Friday/Cyber Monday and continuing through the holiday shopping season. TAU’s analysis...

KLA11341 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities were found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, gain privileges, read local files, spoof user interface and execute arbitrary code. Below is a comple...

Design/Logic Flaw

On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud preventi...

CVE-2016-6562 ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections

On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login...

How to Generate and Install an SSL Certificate on a StoreFront Server for HTTPS connections

This article explains how to generate and install an SSL certificate on a StoreFront server for HTTPS connections. If you have already generated an SSL certificate on one of your StoreFront servers in the StoreFront server group, you can just export the existing SSL certificate and import the...

Debian DSA-3985-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-5111 Luat Nguyen discovered a use-after-free issue in the pdfium library. - CVE-2017-5112 Tobias Klein discovered a buffer overflow issue in the webgl library. - CVE-2017-5113 A buffer overflow issue was discover...

Unverified SSL Certificates

hammercli uses unverified SSL certificates by default. When hammercli initiates HTTPS connections using apipie-binding and rest-clients, it doesn't verify that the SSL certificate is correct. This allows man-in-the-middle MitM attacks...

APT29 Domain Fronting With TOR

Mandiant has observed Russian nation-state attackers APT29 employing domain fronting techniques for stealthy backdoor access to victim environments for at least two years. There has been considerable discussion about domain fronting following the release of a paper detailing these techniques...