Informations about SSL certificates and networks security
Auto Added by WPeMatico
Someone is stealing millions of dollars worth of Ethereum by guessing users’ private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here. Powered by WPeMatico
From a G7 meeting of interior ministers in Paris this month, an “outcome document“: Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, … Read More “G7 Comes Out in Favor of Encryption Backdoors” »
The source code of a set of Iranian cyberespionage tools was leaked online. Powered by WPeMatico
DNS hijacking isn’t new, but this seems to be an attack of unprecedented scale: Researchers at Cisco’s Talos security division on Wednesday revealed that a hacker group it’s calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise … Read More “New DNS Hijacking Attacks” »
In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists. I don’t think the medical device industry has thought at all about data integrity and authentication issues. In a world where sensor data of all … Read More “Maliciously Tampering with Medical Imagery” »
A recent article overhyped the release of EverCrypt, a cryptography library created using formal methods to prove security against specific attacks. The Quantum magazine article sets off a series of “snake-oil” alarm bells. The author’s Github README is more measured and accurate, and illustrates what a cool project this really is. But it’s not “hacker-proof … Read More “Unhackable Cryptography?” »
Kaspersky Labs is reporting on a new supply chain attack they call “Shadowhammer.” In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility. The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users. […] The goal of the … Read More “Malware Installed in Asus Computers through Hacked Update Process” »
This will complicate things: To complicate matters, having cyber insurance might not cover everyone’s losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the “hostile … Read More “Cybersecurity Insurance Not Paying for NotPetya Losses” »
Recent articles about IoT vulnerabilities describe hacking of construction cranes, supermarket freezers, and electric scooters. Powered by WPeMatico
The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what’s insecure, and (2) help consumers secure them: The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, … Read More “Japanese Government Will Hack Citizens’ IoT Devices” »