cryptography

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections

by

November 27, 2023 at 08:30AM Passive network attackers can obtain private RSA host keys from a vulnerable SSH server by observing computational faults during connection establishment, according to a new study. These attackers can then intercept sensitive data and conduct adversary-in-the-middle attacks. The research highlights the importance of encrypting protocol handshakes, binding authentication to sessions, … Read more

Google Adds Passkey Support to New Titan Security Key 

by

November 16, 2023 at 01:15PM Google has released updated USB-A and USB-C models of its Titan security key, which now supports passkeys. These keys are secure authentication devices that can store over 250 unique passkeys and work with various applications. Google aims to replace passwords with passkeys and plans to distribute 100,000 free security keys … Read more

Top 10 API Security Threats for Q3 2023

by

November 14, 2023 at 08:09AM The Q3 ‘API Threatstats’ report reveals two main findings: API vulnerabilities are growing rapidly, necessitating a new compilation of the top ten API security threats. Wallarm’s report delves into different vulnerability categories with real-life examples, emphasizing their new approach to threat listing. They present the Top 10 API threats in … Read more

Making the Case for Cryptographic Agility and Orchestration

by

October 12, 2023 at 06:39PM In summary, the text highlights the quantum threat to cybersecurity and the need for post-quantum cryptography (PQC) to protect against it. It discusses the importance of cryptographic agility and orchestration in managing and adapting to changing cryptographic algorithms. The text also emphasizes the ongoing PQC standardization process and the need … Read more

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers

by

October 12, 2023 at 09:57AM The ShellBot threat actors are using hexadecimal IP addresses to attack Linux SSH servers and deploy DDoS malware. The malware, also known as PerlBot, breaches servers with weak SSH credentials and then stages DDoS attacks and delivers cryptocurrency miners. The use of hexadecimal IP addresses is an attempt to avoid … Read more

Pan-African Financial Apps Leak Encryption, Authentication Keys

by

October 12, 2023 at 06:26AM Researchers at Approov have discovered that encryption, authentication, and signing keys are frequently exposed in mobile fintech apps used in Africa. The study found that when the top 10 revenue and download-generating apps were reverse-engineered, passwords, API keys, and private keys for cryptography were exposed. The researchers also identified that … Read more