encryption
60+ million Dropbox login credentials have been stolen
A breach disclosed by Dropbox in 2012 has resulted in the theft of usernames and hashed and salted passwords of over 60 million users. At the time, the company did not give …
DNSSEC: Don’t throw the baby out with the bath water
A recent report raiseed concerns about the abuse of DNSSEC to conduct DDoS attacks. The article reported that DNSSEC-signed domains can be used to conduct reflected DDoS …
Review: iStorage datAshur Pro
Whenever I travel, I take data I might need with me on a secure USB flash drive. Ages ago, I would encrypt these files with GPG and move them to a generic USB drive. After …
Display the cryptographic signing information about any file on your Mac
Verifying a file’s cryptographic signature can help the user deduce its trustability. If you’re using OS X, there is no simple way to view a file’s signature from …
18-year-old random number generator flaw fixed in Libgcrypt, GnuPG
Researchers have discovered a “critical security problem” that affects all versions of the Libgcrypt cryptographic library and, therefore, all versions of the …
Attackers can hijack unencrypted web traffic of 80% of Android users
The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM …
Google Duo: Simple, encrypted, video calling app
Google Duo is a simple 1-to-1 video calling app available for Android and iOS. In order to use Google Duo all you need is your phone number, no separate account is necessary. …
CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS
The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously …
There’s a way to use encrypted data without knowing what it holds
Microsoft researchers have devised a way for third parties to make use the vast amount of encrypted data stored in the cloud by companies and individuals, without them …
Breathing new life into SSL VPNs: Making the most of the security benefits
Network security has been in an accelerated arms race for over a decade, with IT managers constantly adding new technologies to secure various network resources in an attempt …
Cerber2 ransomware released, no decryption tool available
The author of the widely distributed Cerber ransomware has released a newer version, and files encrypted with Cerber2, unfortunately, can’t be decrypted without paying …
To stop ransomware, opt for app graylisting and admin rights removal
CyberArk Labs tested over 23,000 ransomware samples from more than 30 prevalent malware families, including Cryptolocker, Petya and Locky, in order to better understand common …
Featured news
Resources
Don't miss
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
- Account takeover detection: There’s no single tell
- Man vs. machine: Striking the perfect balance in threat intelligence
- Misconfig Mapper: Open-source tool to uncover security misconfigurations
- Why AI deployment requires a new level of governance