July 18, 2024 at 11:03AM CISA and Adobe issued warnings about an actively exploited vulnerability in Adobe Commerce, allowing attackers to execute arbitrary code. Adobe released patches for affected versions and an isolated patch for the vulnerability. CISA included the vulnerability in its Known Exploited Vulnerabilities catalog, and federal agencies have until August 7 to … Read more
May 14, 2024 at 04:09PM In today’s digital landscape, companies grapple with encryption challenges and find that a one-size-fits-all approach doesn’t suffice. While encryption is crucial for data security, managing decryption keys is equally essential. Additionally, the rising adoption of cloud services necessitates a thorough evaluation of key management practices. Finally, organizations should proactively prepare … Read more
March 22, 2024 at 07:54AM A team of US researchers revealed a new side-channel attack named GoFetch, targeting Apple CPUs to extract secret encryption keys. By exploiting a hardware optimization, they inferred keys through specially crafted inputs and demonstrated successful attacks on various cryptographic implementations. The findings were reported to Apple and other developers for … Read more
February 12, 2024 at 08:39AM Cybersecurity researchers at Kookmin University and Korea Internet and Security Agency have discovered an “implementation vulnerability” in Rhysida ransomware, enabling the first successful decryption of its data. The findings led to the development of a recovery tool distributed by KISA, achieving data decryption by exploiting implementation vulnerabilities in ransomware. The … Read more
November 29, 2023 at 05:50PM Fortanix Inc. introduces Key Insight for its DSM platform, a unique tool to discover, assess, and remediate risks in encryption key management across multicloud environments, providing a data-centric security solution with improved compliance and risk posture. To be showcased at AWS re:Invent 2023. Takeaways from Meeting Notes: 1. Fortanix Inc. … Read more