PCI DSS and SSL v 3

With widespread and disastrous SSL/TLS vulnerabilities taking place such as POODLE and FREAK, SSL and early TLS versions are no longer considered strong cryptography and any web site that still uses them is insecure. According to the new rules in PCI DSS v3.1, companies have until June 30, 2016 to update to a more recent version of TLS …

PCI DSS and SSL v 3 Read More »

GHOST – The latest Linux Vunlerability

During a code audit performed internally at Qualys, a buffer overflow in the GNU C Library (glibc) was found. Qualys worked closely with Linux distribution vendors to create a patch for all distributions impacted. Vendors made the patch available Wednesday January 28, 2015. GHOST exposes a buffer overflow that can be triggered locally and remotely …

GHOST – The latest Linux Vunlerability Read More »

Application Firewall Signature – 201410020822 (Baseline Version Update)

A baseline version for ZZ Servers’ Application Firewall 201410020822 is now available.  ZZ Servers will be performing baseline version updates on the Application Firewall. ChangeLog for Baseline Version 201410020822 Changed rule: bash injection CVE-2014-6271 and CVE-2014-7169 – Reason: IMPORTANT: We will enable the "apply_patterns_to_keys" in the BaselineProtectionHandler for full protection against ShellShock. If you have …

Application Firewall Signature – 201410020822 (Baseline Version Update) Read More »

Scroll to Top