Cryptography - Securezoo Blog

NSA issues new guidance on encrypted DNS

Post author:Frank Crast
Post published:January 18, 2021
Post category:Configuration Management Cryptography Cybersecurity Articles Network Security

The National Security Agency (NSA) has issued new guidance for adopting encrypted DNS over HTTPS dubbed "DoH."

NSA: New guidance to eliminate obsolete TLS protocols

Post author:Frank Crast
Post published:January 9, 2021
Post category:Authentication Configuration Management Cryptography Cybersecurity Articles Vulnerabilities & Exploits

The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).

NIST SP 800-208: Recommendation for Stateful Hash-Based Signature Schemes

Post author:Frank Crast
Post published:October 29, 2020
Post category:Cryptography Standards & Guidelines

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-208 Recommendation for Stateful Hash-Based Signature Schemes.

GnuTLS patches TLS vulnerability that could cause MITM attack

Post author:Frank Crast
Post published:June 11, 2020
Post category:Cryptography

The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.

Kr00k: Wi-Fi encryption vulnerability impacts billion+ devices

Post author:Frank Crast
Post published:February 27, 2020
Post category:Cryptography Network Security Vulnerabilities & Exploits

Security researchers have discovered a new vulnerability dubbed Kr00k (or "KrØØk") that impacts devices with Broadcom and Cypress Wi-Fi chips.

NIST SP 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

Post author:Frank Crast
Post published:August 29, 2019
Post category:Authentication Cryptography Standards & Guidelines

The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.

YubiKey FIPS devices recalled after security issue found

Post author:Frank Crast
Post published:June 17, 2019
Post category:Cryptography Identity & Access Management Vulnerabilities & Exploits

Yubico has issued a recall of certain models of its YubiKey FIPS series devices after the company discovered security issues.

WordPress 5.2 “Jaco” comes with new security features

Post author:Frank Crast
Post published:May 10, 2019
Post category:Cryptography Security Updates & Patches

WordPress version 5.2 dubbed "Jaco" is available for download and includes a number of new security features and improvements, such as digitally-signed updates, Site Health Check, and PHP error protection.

Facebook says Millions of Instagram passwords stored in clear text

Post author:Frank Crast
Post published:April 19, 2019
Post category:Application Security Cryptography Password Management

Facebook provided an update to a previously disclosed incident involving insecurely storing "tens of thousands" of Instagram users' passwords on internal servers in clear text. Facebook now says that "millions" of Instagram accounts are now impacted.

VPN applications exposed to critical vulnerability

Post author:Frank Crast
Post published:April 15, 2019
Post category:Application Security Cryptography Vulnerabilities & Exploits

Multiple VPN applications are vulnerable to not properly encrypting sensitive data and insecurely storing session cookies.