[SECURITY] Fedora 42 Update: openssl-3.2.6-4.fc42

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

[SECURITY] Fedora 43 Update: openssl-3.5.4-3.fc43

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Cryptographic Choreographies

We present CryptoChoreo, a choreography language for the specification of cryptographic protocols. Choreographies can be regarded as an extension of Alice-and-Bob notation, providing an intuitive high-level view of the protocol as a whole rather than specifying each protocol role in isolation. Th...

ModelForge: Using GenAI to Improve the Development of Security Protocols

Formal methods can be used for verifying security protocols, but their adoption can be hindered by the complexity of translating natural language protocol specifications into formal representations. In this paper, we introduce ModelForge, a novel tool that automates the translation of protocol...

A Survey on Secure Machine Learning

In this survey, we will explore the interaction between secure multiparty computation and the area of machine learning. Recent advances in secure multiparty computation MPC have significantly improved its applicability in the realm of machine learning ML, offering robust solutions for...

Cybersecurity for Autonomous Vehicles

The increasing adoption of autonomous vehicles is bringing a major shift in the automotive industry. However, as these vehicles become more connected, cybersecurity threats have emerged as a serious concern. Protecting the security and integrity of autonomous systems is essential to prevent...

Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2023-3409)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: openssl-3.0.9-1.fc38

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

Moderate: Red Hat Security Advisory: gnutls security and bug fix update

An update for gnutls is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Secretflow - A Unified Framework For Privacy-Preserving Data Analysis And Machine Learning

SecretFlow is a unified framework for privacy-preserving data intelligence and machine learning. To achieve this goal, it provides: An abstract device layer consists of plain devices and secret devices which encapsulate various cryptographic protocols. A device flow layer modeling higher algorith...

Samsung Encryption Flaw

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Androids Hardware-Backed Keystore in Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered an...

PYSEC-2020-143

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...

LocalTapiola: Possible sweet32 lahitapiola.fi

Hello Team. I run the nmap with ssl-enum script to look for new Vulnerability that is known as "SWEET32" Detail about sweet32 vuln: Cryptographic protocols like TLS, SSH, IPsec, and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES, and Blowfish, to encrypt data between client...

Cuvva: cuvva.com vulnerable to sweet32

To the Cuvva security team, i was going through your website and i thought to look for latest cryptographic issues as the website uses SSL/TLS i.e,HTTPS target: https:cuvva.com:443 so i quickly run the nmap with ssl-enum script to look for new Vulnerability that is known as "SWEET32" detail about...

Tools Used by Lamberts APT Found in Vault 7 Dumps

Links have emerged connecting targeted attacks going back a decade against high-profile government, industrial and financial targets around the world to hacking tools and documents leaked in the Vault 7 dump. Researchers at Kaspersky Lab today published a technical report on the activities of a...

Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

Security researchers have confirmed that the alleged CIA hacking tools recently exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries. Since March, as part of its "Vault 7" series, Wikileaks has published over 8,761 documents and other...

[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

SLOTH Collisions Attacks Against SHA-1, MD5 in TLS, IKE, SSH

If you’re hanging on to the theory that collision attacks against SHA-1 and MD5 aren’t yet practical, two researchers from INRIA, the French Institute for Research in Computer Science and Automation, have demonstrated new attacks that raise the urgency to move away from these broken cryptographic...

NIST Seeking Public Comment on SHA-3 Crypto Algorithm

The National Institute of Standards and Technology NIST is inviting the public to analyze and comment on its Secure Hash Algorithm-3 SHA-3, the latest iteration of cryptographic hash functions endorsed and published by the U.S. standards agency in order to protect the integrity of electronic...

Better Security, 'Progressive Encryption' in Silent Text 2.0

Silent Circle has released a new version of its private text messaging and secure file transfer service for Android and iOS mobile devices. Silent Text 2.0 includes a number of security and user-interface upgrades. The company claims this version eliminates a keying delay issue that existed in...