Mozilla patches Critical memory corruption vulnerability in NSS
The Mozilla Foundation has patched a memory corruption vulnerability CVE-2021-43527 in network security services (NSS) via DER-encoded DSA and RSA-PSS signatures.
Cryptography
NSA issues new guidance on encrypted DNS
The National Security Agency (NSA) has issued new guidance for adopting encrypted DNS over HTTPS dubbed “DoH.”
NSA: New guidance to eliminate obsolete TLS protocols
The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).
NIST SP 800-208: Recommendation for Stateful Hash-Based Signature Schemes
The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-208 Recommendation for Stateful Hash-Based Signature Schemes.
GnuTLS patches TLS vulnerability that could cause MITM attack
The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.
Kr00k: Wi-Fi encryption vulnerability impacts billion+ devices
Security researchers have discovered a new vulnerability dubbed Kr00k (or “KrØØk”) that impacts devices with Broadcom and Cypress Wi-Fi chips.
NIST SP 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.
YubiKey FIPS devices recalled after security issue found
Yubico has issued a recall of certain models of its YubiKey FIPS series devices after the company discovered security issues.
WordPress 5.2 “Jaco” comes with new security features
WordPress version 5.2 dubbed “Jaco” is available for download and includes a number of new security features and improvements, such as digitally-signed updates, Site Health Check, and PHP error protection.
Facebook says Millions of Instagram passwords stored in clear text
Facebook provided an update to a previously disclosed incident involving insecurely storing “tens of thousands” of Instagram users’ passwords on internal servers in clear text. Facebook now says that “millions” of Instagram accounts are now impacted.