Stay updated on OpenSSL news with the latest trends, vulnerabilities, and updates in the information security world. Your hub for OpenSSL insights.
Search across headline titles and summaries.
Background for this topic.
OpenSSL is an open-source software library that provides a robust set of tools for implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It's widely used to secure communications over computer networks against eavesdropping and need-to-know information about identity on the internet.
In the context of information security, OpenSSL plays a critical role by encrypting data transmitted over the internet, ensuring that sensitive information such as passwords, credit card numbers, and personal data remains confidential. It also offers functionalities for creating and managing digital certificates, which are essential for establishing trusted connections between web servers and clients.
Moreover, OpenSSL includes various cryptographic algorithms and capabilities such as cipher suites, key generation, and certificate management, making it a vital component for maintaining the integrity and security of data in transit. As such, OpenSSL is integral to web security and is implemented in a wide array of software products and services to protect against cyber threats.
Weekly headline count for the current query.
The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time
A recent update has fixed 12 vulnerabilities in OpenSSL, some existing in the codebase for years
One of these flaws detected using LLMs was in the widely used OpenSSL library
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library
OSS-Fuzz is making a strong argument for LLMs in security research Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library.…
OpenSSL, LibreSSL, OpenSSH users, don't worry – you can sit this one out An academic study has shown how it's possible for someone to snoop on certain devices' SSH connections and, with a bit of luck, impersonate that equipment after silently figuring out the hosts' private RSA keys.…
$50k to breathe new life into its corpse. The rest of us must move on to OpenSSL 3.0 OpenSSL 1.1.1 has reached the end of its life, making a move to a later version essential for all, bar those with extremely deep pockets.…
Last week, we wrote about a bunch of memory management bugs that were fixed in the latest security update for the popular OpenSSL encryption library. Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption. In this bug, firing the same encrypted message over and over again […]
The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...
In 2022, multiple high-profile vulnerabilities like Log4j and OpenSSL provided important takeaways for future public reporting.
An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of the OpenSSL cryptographic library, underscoring a supply chain risk
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days
Find out if your container-based applications are vulnerable to the new OpenSSL vulnerabilities and the recommendations to help ensure you are protected.
How to Hack! Finding OpenSSL library files and accurately identifying their version numbers...
Experts still recommend patching affected systems
Relax, there's more chance of Babbage coming back to life to hack your system than this flaw being exploited OpenSSL today issued a fix for a critical-turned-high-severity vulnerability that project maintainers warned about last week. …
Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...
The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. [...]