Cloud providers have been slow to fix their infrastructure against the Drown vulnerability and this is putting users at risk of attacks.
According to Sekhar Sarukkai, co-founder of Skyhigh Networks, a week after the critical flaw was disclosed, the firm found that 620 cloud services remained vulnerable to attack. This is only slightly lower that the 653 services thought to be vulnerable last week. He said that cloud providers have been slower to respond to Drown compared with other SSL vulnerabilities of similar scope such as Heartbleed and Poodle. Sarukkai said it was troubling that cloud providers had been slow to patch services against Drown.Read more
A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer.
Dubbed DROWN, the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS communications, including passwords and credit card details and that too in a matter of hours or in some cases almost immediately, a team of 15 security researchers from various universities and the infosec community warned Tuesday.Read more