The Latest in IT Security

By Jim Finkle BOSTON (Reuters) – Security researchers have uncovered new bugs in the Web encryption software that caused the pernicious “Heartbleed” Internet threat that surfaced in April. Experts said the newly discovered vulnerabilities in OpenSSL, which could allow hackers to spy on communications, do not appear to be as serious a threat as Heartbleed. The new bugs were disclosed on Thursday as the group responsible for developing that software released an OpenSSL update that contains seven security fixes. This will take some time, said Lee Weiner, senior vice president with cybersecurity software maker Rapid7. OpenSSL technology is used on about two-thirds of all websites, including ones run by Amazon.com Inc, Facebook Inc, Google Inc and Yahoo Inc. It is also incorporated into thousands of technology products from companies, including Cisco Systems Inc, Hewlett-Packard Co, IBM, Intel Corp and Oracle Corp. The widespread Heartbleed bug surfaced in April when it was disclosed that the flaw potentially exposed users of those websites and technologies to attack by hackers who could steal large quantities of data without leaving a trace.