Lucene search
K

125 matches found

The Hacker News
The Hacker News
added 2022/12/16 12:24 p.m.21 views

GitHub Announces Free Secret Scanning for All Public Repositories

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company said, adding it's expected to complete the rollout by the end of...

Exploits0
Schneier on Security
Schneier on Security
added 2022/11/09 12:18 p.m.7 views

Defeating Phishing-Resistant Multifactor Authentication

CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that "phishing-resistant" is not "phishing proof," and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful...

2.6AI score
Exploits0
CISA
CISA
added 2022/10/31 12:0 a.m.133 views

CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication 

CISA has released two fact sheets to highlight threats against accounts and systems using certain forms of multifactor authentication MFA. CISA strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber threats. If an organization using...

0.6AI score
Exploits0References3
The Hacker News
The Hacker News
added 2022/10/17 10:33 a.m.62 views

Researchers Say Microsoft Office 365 Uses Broken Email Encryption to Secure Messages

New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. "The Office 365 Message Encryption messages are encrypted in insecure Electronic Codebook ECB mode of...

7.5CVSS0.3AI score0.01305EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2022/08/08 11:20 a.m.24 views

NIST’s Post-Quantum Cryptography Standards

Quantum computing is a completely new paradigm for computers. A quantum computer uses quantum properties such as superposition, which allows a qubit a quantum bit to be neither 0 nor 1, but something much more complicated. In theory, such a computer can solve problems too complex for conventional...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/03 4:9 p.m.52 views

Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour

A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE — short for Supersingular Isogeny Key...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/06 5:19 p.m.41 views

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

The U.S. Department of Commerce's National Institute of Standards and Technology NIST has chosen the first set of quantum-resistant encryption algorithms that are designed to "withstand the assault of a future quantum computer." The post-quantum cryptography PQC technologies include the...

Exploits0
Schneier on Security
Schneier on Security
added 2022/07/06 4:49 p.m.18 views

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

NISTs post-quantum computing cryptography standard process is entering its final phases. It announced the first four algorithms: For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption key...

1.2AI score
Exploits0
CISA
CISA
added 2022/07/05 12:0 a.m.10 views

Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats

The National Institute of Standards and Technology NIST has announced that a new post-quantum cryptographic standard will replace current public-key cryptography, which is vulnerable to quantum-based attacks. Note: the term “post-quantum cryptography” is often referred to as “quantum-resistant...

7.1AI score
Exploits0References6
Schneier on Security
Schneier on Security
added 2022/05/16 11:34 a.m.12 views

The NSA Says that There are No Known Flaws in NIST’s Quantum-Resistant Algorithms

Rob Joyce, the director of cybersecurity at the NSA, said so in an interview: The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didnt enter any of its own in the contest. The agencys mathematicians, however, worked with NI...

0.6AI score
Exploits0
Code423n4
Code423n4
added 2021/12/21 12:0 a.m.6 views

LPs of VaderPoolV2 can manipulate pool reserves to extract funds from the reserve.

Handle TomFrenchBlockchain Vulnerability details Resubmission as the form crashed apologies if this is a duplicate Impact Impermanent loss protection can be exploited to drain the reserve. Proof of Concept In VaderPoolV2.burn we calculate the current losses that the LP has made to impermanent los...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/09/11 8:22 a.m.40 views

WhatsApp to Finally Let Users Encrypt Their Chat Backups in the Cloud

WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. The optional feature,...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/07/08 12:0 a.m.16 views

Cisco 7000 Series IP Camera Memory Leak Vulnerability

The Cisco 7000 Series IP cameras are 5 megapixel, high definition, outdoor fixed dome cameras in vandal resistant enclosures with pan/tilt/zoom functionality.The Cisco 7000 Series IP camera implementation of Link Layer Discovery Protocol LLDP in firmware versions prior to 2.12.4 is vulnerable to ...

6.5CVSS1.4AI score0.00381EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.23 views

SUSE SLES11 Security Update : openssl (SUSE-SU-2019:14174-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14174-1 advisory. - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases,...

4.7CVSS6.7AI score0.03838EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.46 views

SUSE SLES11 Security Update : openssl1 (SUSE-SU-2019:14171-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14171-1 advisory. - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases,...

4.7CVSS6.7AI score0.03838EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2020/12/03 10:59 a.m.7 views

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence...

5.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/07/24 11:36 a.m.21 views

Update on NIST's Post-Quantum Cryptography Program

NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology NIST has winnowed the 69...

7.1AI score
Exploits0
Amazon
Amazon
added 2020/03/23 12:0 a.m.70 views

Important: openssl

Issue Overview: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a grou...

4.7CVSS6.6AI score0.03838EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/03/20 12:0 a.m.44 views

EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1274)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

4.7CVSS6.7AI score0.03838EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2020/01/16 2:27 p.m.51 views

Use iPhone as Physical Security Key to Protect Your Google Accounts

Great news for iOS users! You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android users have had this feature on their smartphones since...

0.4AI score
Exploits0
Rows per page
Query Builder