International Cyber Expo International Cyber Expo
  • About Us
Sunday, 19 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Time is Ticking on a New OpenSSL Vulnerability

On Thursday, October 27th, 2022, developers of the OpenSSL cryptography library had taken the unusual step of pre-warning that a critical update is due to be announced on Tuesday, November 1, which will address a critical vulnerability.

by Tara Antoni
October 31, 2022
in Featured
Time is Ticking on a New OpenSSL Vulnerability
Share on FacebookShare on Twitter

On Thursday, October 27th, 2022, developers of the OpenSSL cryptography library had taken the unusual step of pre-warning that a critical update is due to be announced on Tuesday, November 1, which will address a critical vulnerability. The OpenSSL library is exactly what it sounds like – an open-source implementation of the SSL and TLS cryptographic protocols, which make secure communications possible. Think of the lock icon to the left of your web address in your browser. Not much is yet known about the upcoming critical fix (OpenSSL 3.0.7), other than it is restricted to OpenSSL version 3.0, the latest release line of the library. OpenSSL states it does not affect previous versions. While no details of the upcoming patch, or the critical flaw it tackles, have been released, there is some speculation it centers around a possible DDoS vulnerability. OpenSSL 3.0.x was released in 2021, a factor that hopefully, will limit the extent of the problems Tuesday’s upcoming announcement will reveal.

Chris Dobrec, VP of Product and Industry Solutions, at Armis recommends the following for security teams to do to prepare.

OpenSSL does provide for a command line utility and a quick query will return the results of your SSL library running on any device:

% openssl version
OpenSSL 3.0.5 5 Jul 2022 (Library: OpenSSL 3.0.5 5 Jul 2022)

The results above depict a system with an SSL 3.x library in need of the patch that will be released Tuesday, November 1st.

In addition to this check, you may need to search for non-standard installations, as it is possible for systems to also be running application software or appliances that include OpenSSL. Keep an eye out for communications from all your software suppliers, particularly those that supply Internet-facing software or hardware.

While taking the requisite time to identify and remediate the upcoming OpenSSL 3.x vulnerabilities, know that there have been other critical OpenSSL vulnerabilities identified that should be patched along the way: CVE-2016-6309, and the biggest OpenSSL issue of all – Heartbleed, disclosed in 2014 (Heartbleed predates OpenSSL’s severity criteria). Heartbleed allowed remote attackers to expose sensitive data and continued to wreak havoc years after the event. It exposed the Internet’s dependence on small and unfashionable projects run by volunteers, and spawned forks like LibreSSL and BoringSSL that attempted to clean up OpenSSL’s complex codebase.

As additional important information comes to light as we approach November 1st’s release, and thereafter, we will update this post with the most relevant information including how to use Armis to search for and identify all IT, OT, and IoT devices in your environment that are vulnerable to this security flaw.

Join Armis’s latest webinar ‘OpenSSL Vulnerability Explained’ on Wednesday 2nd November 2022 at 11:30 EST/15:30pm GMT to hear from their security experts discuss and explain the latest OpenSSL vulnerability and what it means to you and your firm. Click here to register.

 

ShareTweet
Previous Post

Most Inspiring Women in Cyber Awards 2022

Next Post

Biggest Copper Producer in Europe Targeted by Cyber-Attack

Recent News

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

July 17, 2026
AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol