Recent Security News
-
Researchers extract RSA keys from SSH server signing errors
November 20, 2023 at 09:42AM Academic researchers have discovered that passive network attackers can retrieve secret RSA keys from errors in SSH connection attempts. These attacks exploit faults during signature computation, allowing attackers to compute the private key. The researchers recommend implementing validation of signatures before sending them to prevent secret key retrieval. Cisco and…
-
Morgan Stanley Ordered to Pay $6.5 Million for Exposing Customer Information
November 20, 2023 at 09:33AM Morgan Stanley has reached a $6.5 million settlement for mishandling and disposing of hardware containing unencrypted personal information. The investigation revealed that the company did not properly erase the data when decommissioning old devices and failed to monitor the actions of a moving company it hired. The company was also…
-
Microsoft Hires Sam Altman and OpenAI’s New CEO Vows to Investigate His Firing
November 20, 2023 at 09:33AM Microsoft has hired Sam Altman and Greg Brockman, two key figures from OpenAI, to lead its new advanced AI research team. Altman’s firing from OpenAI caused tension within the company, leading new CEO Emmett Shear to promise an investigation. Despite the rift, both Shear and Microsoft CEO Satya Nadella remain…
-
Johnson Controls Patches Critical Vulnerability in Industrial Refrigeration Products
November 20, 2023 at 09:33AM Johnson Controls has released patches for a critical vulnerability found in some of its industrial refrigeration products. The flaw, known as CVE-2023-4804, could allow unauthorized access to debug features. Impacted products include control panels used in the food and beverage industry worldwide. The patches fix the vulnerability that could potentially…
-
5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms
November 20, 2023 at 07:45AM Shifting to a converged Secure Services Edge (SSE) model with a clear path to SASE improves cybersecurity, but it’s important to assess risk profiles before adopting SSE platforms. Factors to consider include certifications and compliance, reputation and history, data security measures, service-level agreements, and commitment to continuous improvement. By evaluating…