10 matches found
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
[SECURITY] [DLA 4040-1] pam-u2f security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4040-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 03, 2025 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 5853-1] pam-u2f security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5853-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2025 https://www.debian.org/security/faq -...
GitHub Prepares to Move Beyond Passwords
GitHub, the ubiquitous host for software development and version control and unfortunate target of a steady pitter-patter of attacks targeting the same, is now supporting security keys when using Git over SSH. In a post on Monday, GitHub security engineer Kevin Jones said that this is the next st...
Design/Logic Flaw
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access and consequently produce a...
CVE-2021-3011
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access and consequently produce a...
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
Design/Logic Flaw
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
Enable Google's New "Advanced Protection" If You Don't Want to Get Hacked
It is good to be paranoid when it comes to cybersecurity. Google already provides various advanced features such as login alerts and two-factor authentication to keep your Google account secure. However, if you are extra paranoid, Google has just introduced its strongest ever security feature,...