Bad ROBOT: Return of Bleichenbacher spells trouble for vendors' TLS implementations

Security Digest Information security news and advice from TechTarget's network |December 13, 2017 FEATURED STORY Return of Bleichenbacher: ROBOT attack means trouble for TLS by Peter Loshin, Site Editor A team of security researchers discovered many vendors' TLS implementations are vulnerable to the Bleichenbacher oracle attack, which was first discovered 19 years ago. (SearchSecurity.com) Advertisement NEWS   1.4 billion stolen credentials found on dark web A massive repository containing more than 1.4 billion stolen credentials was found on the dark web with special features for malicious actors. (SearchSecurity.com)   Hacker behind Uber data breach was paid off through bug bounty News roundup: The man responsible for the 2016 Uber data breach is a 20-year-old from Florida. Plus, Ethiopia reportedly targeted dissidents with Israeli spyware, and more. (SearchSecurity.com)   OWASP Top Ten: Surviving in the cyber wilderness The latest version of the OWASP Top Ten web application risks is much like previous versions, and that's not a bad thing at all.  (SearchSecurity.com)   Emergency Microsoft patch out for Malware Protection Engine A critical vulnerability found in the Windows Malware Protection Engine required an emergency Microsoft patch, but one expert said Microsoft hasn't handled the announcement well. (SearchSecurity.com)   Army cyber officer hiring to build the future of warfare A new initiative plans Army cyber officer hiring over the course of five years, but experts are skeptical it can attract the best candidates away from the private sector. (SearchSecurity.com)   Risk & Repeat: Analyzing the accidental data breach In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rise of accidental data breaches following a series of enterprise exposures of user data online. (SearchSecurity.com) EXPERT ADVICE   How machine learning-powered password guessing impacts security A new password guessing technique takes advantage of machine learning technologies. Expert Michael Cobb discusses how much of a threat this is to enterprise security. (SearchSecurity.com)   How to create and edit HTTP response header configuration files HTTP response header configuration files on servers need to be set up properly to secure sensitive data. Expert Judith Myerson outlines how to do this on different types of servers. (SearchSecurity.com)   Ransomware in the cloud: How to handle the threat Expert Ed Moyle looks at ransomware in the cloud and how it differs from traditional ransomware attacks. Find out how your organization can prepare for both. (SearchCloudSecurity.com)   How does port swapping work to bypass two-factor authentication? With a port swapping attack, hackers can bypass two-factor authentication and control a victim's mobile device. Judith Myerson explains how the attacks work and how to stop them. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2017 TechTarget. All rights reserved.