Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new versions, upcoming conferences, new
Web site features, etc. right to your email box. Common Vulnerabilities and Exposures
(CVE) is the standard for information security vulnerability names. CVE content results
from the collaborative efforts of the CVE Editorial Board, which is comprised of leading
representatives from the information security community. Details on subscribing (and
unsubscribing) to the email newsletter are at the end. Please feel free to pass this
newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/July 3, 2014
-------------------------------------------------------
Contents:
1. CVE Identifiers Used throughout Symantec's "2014 Internet Security Threat Report"
2. CVE Identifier "CVE-2014-0224" Cited in Numerous Security Advisories and News Media
References about the Most Critical OpenSSL Vulnerability since Heartbleed
3. Also in this Issue
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE Identifiers Used throughout Symantec's "2014 Internet Security Threat Report"
CVE Identifiers are used throughout Symantec Corporation's "2014 Internet Security
Threat Report, Volume 19," which was released in April 2014, to uniquely identify many
of the vulnerabilities referenced in the report text and infographics.
Symantec is a member of the CVE Editorial Board, and its DeepSight Alert Services and
SecurityFocus Vulnerability Database are recognized as "Officially CVE-Compatible" in
the CVE-Compatible Products and Services section.
The free report is available for download at
http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_
21291018.en-us.pdf.
LINKS:
Symantec - http://www.symantec.com/
CVE Editorial Board - https://cve.mitre.org/community/board/index.html#current_members
CVE-Compatible Products and Services - https://cve.mitre.org/compatible/
News page article -
https://cve.mitre.org/news/index.html#june112014_CVE_Identifiers_Used_throughout_Symante
cs_2014_Internet_Security_Threat_Report
---------------------------------------------------------------
CVE Identifier "CVE-2014-0224" Cited in Numerous Security Advisories and News Media
References about the Most Critical OpenSSL Vulnerability since Heartbleed
CVE-2014-0224 was cited in numerous major advisories, posts, and articles related to the
most recent critical OpenSSL vulnerability since Heartbleed-an SSL man-in-the-middle
(MITM) vulnerability-including the following examples:
http://www.zdnet.com/openssl-fixes-another-severe-vulnerability-7000030253/
http://www.scmagazine.com/seven-vulnerabilities-addressed-in-openssl-update-one-enables-
mitm-attack/article/351323/
http://www.darkreading.com/vulnerabilities---threats/new-openssl-flaw-exposes-ssl-to-man
-in-the-middle-attack/d/d-id/1269452
http://www.networkworld.com/article/2360229/microsoft-subnet/critical-flaw-in-encryption
-has-been-in-openssl-code-for-over-15-years.html
http://www.eweek.com/security/openssl-finds-and-fixes-7-new-security-flaws.html
http://www.theregister.co.uk/2014/06/05/openssl_bug_batch/
http://www.cio-today.com/article/index.php?story_id=021000Q2VJNI
http://www.net-security.org/secworld.php?id=16966
http://www.pcworld.com/article/2360560/new-openssl-vulnerability-puts-encrypted-communic
ations-at-risk-of-spying.html
http://arstechnica.com/security/2014/06/still-reeling-from-heartbleed-openssl-suffers-fr
om-crypto-bypass-flaw/
http://www.pcpro.co.uk/news/389161/new-vulnerability-discovered-in-openssl
http://www.techweekeurope.co.uk/news/openssl-patch-heartbleed-146886
http://www.eweek.com/security/new-openssl-flaws-arent-a-heartbleed-repeat.html
http://www.itworldcanada.com/post/the-bleed-goes-on-new-openssl-flaws-found
http://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106
470
http://nakedsecurity.sophos.com/2014/06/06/latest-openssl-flaws-can-lead-to-information-
leakage-code-execution-and-dos/
http://thevarguy.com/network-security-and-data-protection-software-solutions/060614/open
ssl-bitten-another-security-bug
http://www.itproportal.com/2014/06/06/new-openssl-bugs-uncovered-in-the-wake-of-heartble
ed/
http://www.computerweekly.com/news/2240222088/Heartbleed-leads-to-discover-of-more-OpenS
SL-flaws
http://www.v3.co.uk/v3-uk/news/2348696/openssl-man-in-the-middle-flaw-found-after-16-yea
rs
http://www.internetnews.com/security/openssl-patches-mitm-flaws.html
Other news articles may be found by searching on "CVE-2014-0224" using your preferred
search engine. Also, please see the CVE Identifier page
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 for a list of advisories
used as references.
LINKS:
CVE-2014-0224 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
News page article -
https://cve.mitre.org/news/index.html#june112014_CVE_Identifier_CVE-2014-0224_Cited_in_N
umerous_Security_Advisories_and_News_Media_References_about_the_Most_Critical_OpenSSL_Vu
lnerability_since_Heartbleed
---------------------------------------------------------------
ALSO IN THIS ISSUE:
* CVE, CWE, and CAPEC Are Main Topics of Article about the "Heartbleed" Bug on MITRE's
Cybersecurity Blog
Read these stories and more news at https://cve.mitre.org/news
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Steve Boyle, Information Security Technical Center. Writer: Bob
Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial
technical guidance to the CVE Editorial Board on all matters related to ongoing
development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-list", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2014, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation.
For more information about CVE, visit the CVE Web site at https://cve.mitre.org or send
an email to cve@mitre.org.
Learn more about Making Security Measurable at http://measurablesecurity.mitre.org and
Strengthening Cyber Defense at
http://www.mitre.org/work/cybersecurity/cyber_standards.html.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment