FreshRSS

πŸ”’
β–³ πŸ”ƒ
☐ β˜† βœ‡ The Hacker News

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

By Ravie Lakshmanan β€” February 8th 2023 at 17:18
The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized forΒ lightweight cryptographyΒ applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators," NISTΒ said.
☐ β˜† βœ‡ Naked Security

OpenSSL fixes High Severity data-stealing bug – patch now!

By Paul Ducklin β€” February 8th 2023 at 02:58
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

☐ β˜† βœ‡ Naked Security

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

By Paul Ducklin β€” February 6th 2023 at 21:53
Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

☐ β˜† βœ‡ Naked Security

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

By Paul Ducklin β€” February 2nd 2023 at 17:50
Latest episode - listen now!

☐ β˜† βœ‡ Naked Security

Password-stealing β€œvulnerability” reported in KeePass – bug or feature?

By Paul Ducklin β€” February 1st 2023 at 19:58
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

☐ β˜† βœ‡ Naked Security

Serious Security: The Samba logon bug caused by outdated crypto

By Paul Ducklin β€” January 30th 2023 at 19:59
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

☐ β˜† βœ‡ Naked Security

GoTo admits: Customer cloud backups stolen together with decryption key

By Paul Ducklin β€” January 25th 2023 at 01:37
We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.

☐ β˜† βœ‡ Naked Security

Serious Security: Unravelling the LifeLock β€œhacked passwords” story

By Paul Ducklin β€” January 17th 2023 at 17:59
Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.

☐ β˜† βœ‡ Naked Security

S3 Ep117: The crypto crisis that wasn’t (and farewell forever to Win 7) [Audio + Text]

By Paul Ducklin β€” January 12th 2023 at 17:59
Tell us in the comments... What's the REAL reason there was no Windows 9? (No theory too far-fetched!)

☐ β˜† βœ‡ Naked Security

Popular JWT cloud security library patches β€œremote” code execution hole

By Paul Ducklin β€” January 10th 2023 at 19:59
It's remotely triggerable, but attackers would already have pretty deep network access if they could "prime" your server for compromise.

☐ β˜† βœ‡ Naked Security

RSA crypto cracked? Or perhaps not!

By Paul Ducklin β€” January 6th 2023 at 19:59
Stand down from blue alert, it seems... but why not plan your cryptographic agility anyway?

☐ β˜† βœ‡ Naked Security

S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]

By Paul Ducklin β€” January 5th 2023 at 17:52
Lots of big issues this week: breaches, encryption, supply chains and patching problems. Listen now! (Full transcript inside.)

☐ β˜† βœ‡ Naked Security

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

By Paul Ducklin β€” January 4th 2023 at 19:50
Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

☐ β˜† βœ‡ Naked Security

US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?

By Paul Ducklin β€” December 29th 2022 at 20:45
Cryptographic agility: the ability and the willingness to change quickly when needed.

sc-daa-1200

☐ β˜† βœ‡ The Hacker News

Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm

By Ravie Lakshmanan β€” December 16th 2022 at 07:39
The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce,Β announcedΒ Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-oldΒ hash functionΒ used in cryptography and has since beenΒ deemedΒ brokenΒ owing to the risk ofΒ collision attacks. While hashes are designed to be
☐ β˜† βœ‡ The Hacker News

Royal Ransomware Threat Takes Aim at U.S. Healthcare System

By Ravie Lakshmanan β€” December 12th 2022 at 07:57
The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial motivation as their goal," the agency's Health Sector Cybersecurity
❌