OpenSSL Project Fixes 12 Security Issues

The OpenSSL Project has released fixes to address a dozen flaws in the open source cryptographic protocol implementation (OpenSSL Security Advisory). One of the vulnerabilities has been classified as high severity; it could be exploited to cause denial-of-service (DoS) conditions.

Users should update, however it’s nowhere near serious as Heartbleed was.

Who this affects: clients that connect to an OpenSSL 1.0.2 server. Earlier versions of OpenSSL are not affected.

Read the story in the news.

Apple Security Update

Apple has issued its second security update this month. Turns out the security holes fixed the previous week needed a repatch. The company released security update 2015-003 for OS X Yosemite last week, addressing 2 vulnerabilities.  One vulnerability could potentially allow an attacker with a “privileged network position” to execute arbitrary code.  The other vulnerability is an privilege escalation issue.

Users can update by going to the App Store and clicking Updates. To receive updates automatically, go to System Preferences > App Store, then check the boxes for installing and downloading available updates.

Learn more about this security update.

Security Training By SANS

SANS ( offers all kinds of training for professionals who are involved in cybersecurity. There are various ways to access their quality training material: by attending a live conference, accessing your training on demand (online) or hosting a training session in your community.

Courses include a range of topics including: hacker tools and techniques, forensic analysis, intrusion detection, network penetration testing, incident response and many more.

Find a training by course, location or date:

Find or host a training in your community:

On demand training:

Microsoft Security Updates for March

On Patch Tuesday, Microsoft released the highest number of security bulletins in recent history with 14 bulletins containing 46 updates for March (MS15-018 through MS15-031). Systems affected are Windows and Office (whose patches are rated critical), Exchange and Internet Explorer. Not all of the updates were security-related. A break-down of what was contained in this month’s batch of updates can be found here.

Good news is that Microsoft has covered many issues, including all the open issues from the Google Project Zero list; they addressed the “FREAK” vulnerability in Windows, which can be exploited to intercept communications and downgrade encryption strength; and issued a patch to fix a flaw exploited by Stuxnet that was incompletely patched in 2010.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Read the story in the news.

Apple Updates for iOS and OS X

Apple has released security updates for iOS and OS X. Both include fixes for the FREAK vulnerability in SSL/TLS. Apple’s Security Update 2015-002 addresses five vulnerabilities; Apple’s iOS 8.2 addresses six vulnerabilities and includes Apple Watch capabilities. Be sure to accept the updates as they occur, or on your computer go to the App Store and click on Updates.

Read the full story in the news.

Superfish Removed from 250,000 Windows Machines

Microsoft, along with Lenovo and other software manufacturers, has managed to scrub Superfish adware from 250,000 Windows-based PCs. According to Microsoft’s security team, the daily number of Lenovo machines infected has dropped below 1,000; at its peak, Superfish had been found daily on 60,000 PCs.

Read the full story in the news.

FREAK Still Affects Some Cloud Services

Despite fixes from Apple and Microsoft this past week, the FREAK vulnerability still affects more than 600 cloud services, according to an estimate from Skyhigh Networks. The company scanned its registry of more than 10,000 services. Read the full story in the news.

Learn more about FREAK.


Get every new post delivered to your Inbox.

Join 73 other followers