FreshRSS

πŸ”’
β–³ πŸ”ƒ
☐ β˜† βœ‡ Naked Security

Serious Security: Unravelling the LifeLock β€œhacked passwords” story

By Paul Ducklin β€” January 17th 2023 at 17:59
Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.

☐ β˜† βœ‡ Naked Security

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

By Paul Ducklin β€” January 12th 2023 at 17:59
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

☐ β˜† βœ‡ Naked Security

Popular JWT cloud security library patches β€œremote” code execution hole

By Paul Ducklin β€” January 10th 2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.

☐ β˜† βœ‡ Naked Security

RSA crypto cracked? Or perhaps not!

By Paul Ducklin β€” January 6th 2023 at 19:59
Stand down from blue alert, it seems... but why not plan your cryptographic agility anyway?

☐ β˜† βœ‡ Naked Security

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

By Paul Ducklin β€” January 5th 2023 at 17:52
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)

☐ β˜† βœ‡ Naked Security

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

By Paul Ducklin β€” January 4th 2023 at 19:50
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

☐ β˜† βœ‡ Naked Security

US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?

By Paul Ducklin β€” December 29th 2022 at 20:45
Cryptographic agility: the ability and the willingness to change quickly when needed.

sc-daa-1200

☐ β˜† βœ‡ The Hacker News

Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm

By Ravie Lakshmanan β€” December 16th 2022 at 07:39
The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce,Β announcedΒ Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-oldΒ hash functionΒ used in cryptography and has since beenΒ deemedΒ brokenΒ owing to the risk ofΒ collision attacks. While hashes are designed to be
☐ β˜† βœ‡ The Hacker News

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

By Ravie Lakshmanan β€” December 12th 2022 at 07:57
The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity
☐ β˜† βœ‡ The Hacker News

Open Source Ransomware Toolkit Cryptonite Turns Into Accidental Wiper Malware

By Ravie Lakshmanan β€” December 6th 2022 at 06:11
A version of an open source ransomware toolkit calledΒ CryptoniteΒ has been observed in the wild with wiper capabilities due to its "weak architecture and programming." Cryptonite, unlike other ransomware strains, is not available for sale on the cybercriminal underground, and was instead offered for free by an actor named CYBERDEVILZ until recently through a GitHub repository. The source code and
☐ β˜† βœ‡ The Hacker News

CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs

By Ravie Lakshmanan β€” December 2nd 2022 at 13:32
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server
☐ β˜† βœ‡ Naked Security

Serious Security: MD5 considered harmful – to the tune of $600,000

By Paul Ducklin β€” November 30th 2022 at 17:58
It's not just the hashing, by the way. It's the salting and the stretching, too!

☐ β˜† βœ‡ The Hacker News

Dell, HP, and Lenovo Devices Found Using Outdated OpenSSL Versions

By Ravie Lakshmanan β€” November 25th 2022 at 11:15
An analysis of firmware images across devices from Dell, HP, and Lenovo has revealed the presence of outdated versions of theΒ OpenSSLΒ cryptographic library, underscoring a supply chain risk. EFI Development Kit, akaΒ EDK, is an open source implementation of the Unified Extensible Firmware Interface (UEFI), which functions as an interface between the operating system and the firmware embedded in
❌