September 22, SecurityWeek – (International) Yahoo confirms massive data breach of 500 million accounts. Yahoo Inc. confirmed September 22 that a hacker, dubbed “Peace” and “peace_of_mind” accessed the data from at least 500 million user accounts, including names, email address, hashed passwords, and birth dates, among other information, during a 2014 cyberattack. Yahoo stated unencrypted security questions and answers were invalidated and advised potentially affected users to change their passwords. Source
September 22, SecurityWeek – (International) Over a dozen vulnerabilities patched in OpenSSL. The OpenSSL project released OpenSSL versions 1.1.0a, 1.0.2i, and 1.0.1u resolving more than 12 vulnerabilities, including a high severity flaw after a security researcher from Qihoo 360 discovered the issue can be exploited to carry out denial-of-service (DoS) attacks by sending the targeted device a large Online Certificate Status Protocol (OCSP) Status Request extension, among other vulnerabilities. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report