March 17, Softpedia – (International) D-Link patches against critical remote command and code execution flaws. D-Link released firmware updates patching two critical vulnerabilities that allowed attackers to intercept network traffic and execute commands on vulnerable devices and exploit cross-site request forgery (CSRF) attacks to create, modify, or delete data and execute code. Source
March 16, IDG News Service – (International) OpenSSL mystery patches due for release Thursday. The OpenSSL Project Team released an advisory stating that several undisclosed security vulnerabilities in the open-source encryption software which utilizes the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol will be patched March 19 in versions 1.0.2a, 1.0.1m, 1.0.0r, and 0.9.8zf. Source
March 14, ZDNet – (International) BlackBerry begins slow rollout for FREAK security flaw, most devices still at risk. BlackBerry confirmed that all versions of newer BlackBerry 10 and older 7.1 devices, along with Blackberry Enterprise Service 12 and earlier, as well as the BlackBerry messenger app on Android, iPhones, Windows phones, and iPads are all vulnerable to Factoring RSA-EXPORT Key (FREAK) attacks that intercept encrypted traffic and force weaker encryption. Blackberry is working to mitigate the vulnerability. Source