Tag: Encryption
You are here: Home \ Encryption \ Page 9
The BREACH attack hasn’t been top of mind since the summer of 2013, but two researchers have found new ways to exploit and persistently attack traffic, including Gmail and Facebook chat sessions. The research was shared late last week in Singapore at Black Hat Asia where Dimitris Karakostas of the National Technical University of Athens...
Ransomware clearly has people on many fronts worried, so much so that the United States and Canada took an unprecedented step last week to issue a joint advisory on the threat posed by crypto-ransomware. The U.S. Cyber Emergency Response Team together with the Canadian Cyber Incident Response Centre penned a comprehensive warning on the heels...
Hackers are escalating recent attacks against hospitals with new strains of server-side ransomware dubbed SamSam and Maktub. Unlike traditional ransomware samples that rely on gullible users to click on a malware-infected email attachment or visit a booby-trapped website, this new breed of ransomware is installed once attackers have exploited unpatched server vulnerabilities. To date, only...
A six-week public standoff between Apple and the FBI ended today when the Department of Justice said it had accessed encrypted data stored on the San Bernardino terrorist’s iPhone. The DOJ said in its motion that it no longer needed Apple’s help as mandated in a Feb. 16 court order and asked that the order...
First ransomware locked your desktop. Then it encrypted your files. Not long after, webservers, shared drives and backups were targeted. Now? Introducing Petya, ransomware that targets the Master Boot Record. Spotted in email campaigns sent to human resources offices in German companies, the malware encrypts the compromised computer’s master file table and demands .9 Bitcoin...
Threatpost Editor in Chief Mike Mimoso talks to crypto pioneer and security expert Bruce Schneier of Resilient Systems about the early days of the RSA Conference, the integration of privacy and security, and the current FBI-Apple debate over encryption and surveillance. [embedded content]
When Apple released its iOS Security Guide for public consumption, it was an unprecedented look inside the security architecture behind its products. For cryptographer and professor Matthew Green and a team of four Johns Hopkins University graduate students, it was a road map to understanding not only how secure Apple’s iMessage messaging application was, but...
Thousands of serial servers connected to the internet aren’t password protected and lack encryption, leaving data that transfers between them and devices they’re connected to open to snooping, experts warn. To make matters worse, the servers, manufactured by Taiwan-based networking device company Moxa, have had shoddy security for a while, according to researchers at Rapid7. Joakim...
Users who choose to enable X11Forwarding in OpenSSH, or those who use software products that re-enable it, should pay close attention to last Wednesday’s OpenSSH security update. The latest version of the open source implementation of the SSH protocol patches a flaw that exposes it to command injection attacks. The open source project cautions that OpenSSH...
The National Security Agency’s silence in the Apple-FBI story is probably not so surprising. But that hasn’t stopped people from dragging the NSA’s name into the conversation. The latest to do so is Richard Clarke, former counterterrorism chair under presidents George H.W. Bush and Bill Clinton. Clarke appeared on NPR with David Greene and said...