FreshRSS

πŸ”’
β–³ πŸ”ƒ
☐ β˜† βœ‡ Naked Security

S3 Ep125: When security hardware has security holes [Audio + Text]

By Paul Ducklin β€” March 9th 2023 at 18:58
Lastest episode - listen now! (Full transcript inside.)

☐ β˜† βœ‡ Naked Security

Serious Security: TPM 2.0 vulns – is your super-secure data at risk?

By Paul Ducklin β€” March 7th 2023 at 19:59
Security bugs in the very code you've been told you must have to improve the security of your computer...

☐ β˜† βœ‡ Naked Security

DoppelPaymer ransomware supsects arrested in Germany and Ukraine

By Naked Security writer β€” March 6th 2023 at 16:16
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in DΓΌsseldorf.

☐ β˜† βœ‡ Naked Security

S3 Ep124: When so-called security apps go rogue [Audio + Text]

By Paul Ducklin β€” March 2nd 2023 at 19:40
Rogue software packages. Rogue "sysadmins". Rogue keyloggers. Rogue authenticators. Rogue ROGUES!

s3-ep124-auth--1200

☐ β˜† βœ‡ Naked Security

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

By Paul Ducklin β€” February 27th 2023 at 02:10
Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)

☐ β˜† βœ‡ Naked Security

Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug

By Paul Ducklin β€” February 13th 2023 at 17:59
Conditional code considered cryptographically counterproductive.

☐ β˜† βœ‡ The Hacker News

NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices

By Ravie Lakshmanan β€” February 8th 2023 at 17:18
The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized forΒ lightweight cryptographyΒ applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators," NISTΒ said.
☐ β˜† βœ‡ Naked Security

OpenSSL fixes High Severity data-stealing bug – patch now!

By Paul Ducklin β€” February 8th 2023 at 02:58
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

☐ β˜† βœ‡ Naked Security

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

By Paul Ducklin β€” February 6th 2023 at 21:53
Hear renowned cybersecurity author Andy Greenberg's thoughtful commentary about the "war on crypto" as we talk to him about his new book...

☐ β˜† βœ‡ Naked Security

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

By Paul Ducklin β€” February 2nd 2023 at 17:50
Latest episode - listen now!

☐ β˜† βœ‡ Naked Security

Password-stealing β€œvulnerability” reported in KeePass – bug or feature?

By Paul Ducklin β€” February 1st 2023 at 19:58
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

☐ β˜† βœ‡ Naked Security

Serious Security: The Samba logon bug caused by outdated crypto

By Paul Ducklin β€” January 30th 2023 at 19:59
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

☐ β˜† βœ‡ Naked Security

GoTo admits: Customer cloud backups stolen together with decryption key

By Paul Ducklin β€” January 25th 2023 at 01:37
We were going to write, "Once more unto the breach, dear friends, once more"... but it seems to go without saying these days.

❌