26 matches found
RobPI: Robust Private Inference against Malicious Client
The increased deployment of machine learning inference in various applications has sparked privacy concerns. In response, private inference PI protocols have been created to allow parties to perform inference without revealing their sensitive data. Despite recent advances in the efficiency of PI,...
EUVD-2016-1290
Malware in sbrugna...
Social-Sensor Identity Cloning Detection Using Weakly Supervised Deep Forest and Cryptographic Authentication
Recent years have witnessed a rising trend in social-sensor cloud identity cloning incidents. However, existing approaches suffer from unsatisfactory performance, a lack of solutions for detecting duplicated accounts, and a lack of large-scale evaluations on real-world datasets. We introduce a...
ROS-20250417-11
Vulnerability of the phpseclib cryptographic protocol library is related to insufficient verification of user input data user input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
TTLock 安全漏洞
TTLock is a smart lock application from TTLock, Inc. A security vulnerability exists in TTLock that stems from a cryptographic protocol that can be used to compromise a lock by compromising the unlockKey field to degrade the cryptographic protocol used for communication...
Criminal secure messaging system takedown: 6500+ arrests and €900 million+ seized
In 2020, we reported on how law enforcement managed to compromise a secure communications system set up by and for criminals. Now, Europol has published a progress report showing the enormous impact the infiltration of the encrypted communications tool EncroChat made. EncroChat, a company based i...
Private Set Membership (PSM) - Cryptographic Protocol That Allows Clients To Privately Query
Private Set Membership PSM is a cryptographic protocol that allows clients to privately query whether the client's identifier is a member of a set of identifiers held by a server in a privacy-preserving manner. At a high level, PSM provides the following privacy guarantees: The server does not...
The Most Backdoor-Looking Bug I’ve Ever Seen
This is the story of a bug that was discovered and fixed in Telegrams self-rolled cryptographic protocol about seven years ago. The bug didnt get any press, and no one seems to know about it, probably because it was only published in Russian. To this day, its the most backdoor-looking bug Ive eve...
New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
A group of researchers has detailed a new timing vulnerability in Transport Layer Security TLS protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a...
Explained: How New 'Delegated Credentials' Boosts TLS Protocol Security
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates withou...
CB TAU Threat Intelligence Notification: HopLight Campaign (Linked to North Korea) is Reusing Substantial Amount of Code
On April 10, 2019 the US Department of Homeland Security DHS released a Malware Analysis Report MAR-10135536-8 which detailed the trojan HopLight. HopLight has been linked to different North Korean DPRK campaigns also known as the Lazarus Group. The CB Threat Analysis Unit TAU has continued to...
TLS 1.3 is nearly here
TLS stands for "Transport Layer Security" and it's rather important. Why's that? Oh, I'm glad you asked. Here's me, yelling my password across the office to you: "PASSWORD!!!" You heard me loud and clear, right? But so did basically anyone else nearby. Now let's work in a little TLS love and...
A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000
Are you a programmer? If yes, then you would know the actual pain of... "forgetting a semicolon," the hide and seek champion since 1958. Typos annoy everyone. Remember how a hacker's typo stopped the biggest bank heist in the history, saved $1 billion of Bangladesh bank from getting stolen. But...
CVE-2016-10099
Borg aka BorgBackup before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest list of archives, potentially allowing an attacker to spoof the list of archives...
Information disclosure
Borg aka BorgBackup before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest list of archives, potentially allowing an attacker to spoof the list of archives...
CVE-2016-10099
CVE-2016-10099 affects BorgBackup before 1.0.9, where a flaw in the cryptographic protocol used to authenticate the manifest could allow an attacker to spoof the archive list, compromising integrity of the manifest. Exploitation details are not provided in the documents; several entries indicate ...
CVE-2016-10099
Borg aka BorgBackup before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest list of archives, potentially allowing an attacker to spoof the list of archives...
CVE-2016-10099
Borg aka BorgBackup before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest list of archives, potentially allowing an attacker to spoof the list of archives...
Mozilla Turning TLS 1.3 On By Default With Firefox 52
When Mozilla ships Firefox 52, on or around March 7, 2017, the browser will come with the cryptographic protocol TLS 1.3 on by default. Martin Thomson, a principle engineer at Mozilla broke the news Wednesday in an email to Mozilla Development Platform members. “TLS 1.3 removes old and unsafe...
Transport Layer Security (TLS) Version 1.1
Transport Layer Security TLS is a cryptographic protocol meant to provide security and data integrity for communications over TCP/IP networks. TLSv1.1 is considered obsolete and insecure, and is deprecated in favor of a more advanced TLS protocol. This protection will detect and block any use of...