Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability management can be more than just running scans and sorting by Common Vulnerability Scoring System scores! Take your program to the next level by adding a threat-based approach to vulnerability management by combining the hacker mindset with cyber threat intelligence. With so many vulnerabilities published daily, having a team knowledgeable with the latest threats can help IT teams quickly identify assets that require expedited remediation.

OpenSSL released version 3.0.7 with security fixes for High Severity vulnerabilities CVE-2022-3786 & CVE-2022-3602 discussed here. Here's how to know if you're affected and what to do if you are.

The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786) on October 25, which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7 which was released November 1. OpenSSL 1.X versions are unaffected by the vulnerabilities.

On Oct 25, 2022 The OpenSSL project announced a forthcoming release of OpenSSL (version 3.0.7) to address a critical security vulnerability. This release should go live on Tuesday, November 1, 2022 between 1300 and 1700 UTC. Snyk has published a placeholder advisory with the current known details, and will update the advisory when official vulnerability details are publicized. The last critical vulnerability in OpenSSL was released in 2016.

A critical vulnerability was discovered in current versions of OpenSSL affecting almost every organization. A fix is now out. Learn more about the vulnerabilities and what to do if you have been impacted.

In 2022, AWS (Amazon Web Services) remains one of the dominant cloud platforms and continues to be recognized as a leader in Cloud Infrastructure and Platform Services. AWS accounts for 34% of the cloud infrastructure service providers, so many organizations today have either all, most, or at least some of their infrastructure on AWS.

When building applications in Java, we highly depend on external libraries and frameworks. And each Java package that is imported likely also depends on more libraries. This means that the amount of Java packages included in your application is often not really transparent. As a developer, these nested (transitive) dependencies create the problem that you probably do not know all the libraries you are actually using.

Last week, the OpenSSL Project announced that on Tuesday, November 1, 2022 1300-1700 (UTC), they will release OpenSSL version 3.0.7 to address a critical CVE.

This is a developing story. Updates will be amended as new information and guidance become available.

This is a work-in-progress blog post. It will be updated when more information is available. For more detailed information about the vulnerability, see the How the Critical OpenSSL Vulnerability may affect Popular Container Images blog post. A critical vulnerability with an expected high or critical severity rate of CVSS score is about to be announced on November 1st on the OpenSSL project. There are still no details besides an announcement on the OpenSSL mailing list on October 25th.