Cryptography

YubiKey FIPS devices recalled after security issue found

• Frank Crast
• June 17, 2019
• Cryptography / Identity & Access Management / Vulnerabilities & Exploits

Yubico has issued a recall of certain models of its YubiKey FIPS series devices after the company discovered security issues.

Continue Reading

WordPress 5.2 “Jaco” comes with new security features

• Frank Crast
• May 10, 2019
• Cryptography / Security Updates & Patches

WordPress version 5.2 dubbed "Jaco" is available for download and includes a number of new security features and improvements, such as digitally-signed updates, Site Health Check, and PHP error protection.

Continue Reading

Facebook says Millions of Instagram passwords stored in clear text

• Frank Crast
• April 19, 2019
• Application Security / Cryptography / Password Management

Facebook provided an update to a previously disclosed incident involving insecurely storing "tens of thousands" of Instagram users' passwords on internal servers in clear text. Facebook now says that "millions" of Instagram accounts are now impacted.

Continue Reading

VPN applications exposed to critical vulnerability

• Frank Crast
• April 15, 2019
• Application Security / Cryptography / Vulnerabilities & Exploits

Multiple VPN applications are vulnerable to not properly encrypting sensitive data and insecurely storing session cookies.

Continue Reading

Firefox Send – a new free encrypted file transfer service

• Frank Crast
• March 14, 2019
• Cryptography / Messaging Security

Mozilla just introduced Firefox Send, a free encrypted file transfer service that allow users to safely and simply share files via any browser.

Continue Reading

NIST SP 800-177 Revision 1: “Trustworthy Email”

• Frank Crast
• February 26, 2019
• Cryptography / Messaging Security / Standards & Guidelines

The National Institute of Standards and Technology (NIST) has releases its Security Publication (SP) 800-177 Revision 1, that include security guidelines and recommendations for achieving "trustworthy email".

Continue Reading

Google public DNS service now supports DNS-over-TLS

• Frank Crast
• January 10, 2019
• Cryptography / Data Privacy / Messaging Security / Network Security
• 0 Comments

Google announced a major security enhancement to its public Domain Name Service (DNS), the most widely used public DNS recursive resolver service used on the internet.

Continue Reading

DNSpionage campaign threat

• Frank Crast
• November 29, 2018
• Cryptography / Cybersecurity Attacks / Network Security
• 0 Comments

Cisco's Talos security group has discovered a new cyber campaign dubbed "DNSpionage" that targets organizations in the Middle East. The cyber attacks have impacted .gov domains in Lebanon and the United Arab Emirates (UAE),…

Continue Reading

Multiple vulnerabilities discovered in self-encrypting drives

• Frank Crast
• November 11, 2018
• Cryptography / Vulnerabilities & Exploits
• 0 Comments

There are multiple vulnerabilities in the implementations of self-encrypting Solid-state Drives (SSDs). Attackers can exploit vulnerabilities in ATA Security or TCG Opal Standards in Self-Encrypting Disks (SEDs) and decrypt contents of an encrypted drive.

Continue Reading

Cold boot attack can expose encryption keys, data on laptops

• Frank Crast
• September 17, 2018
• Cryptography / Cybersecurity Attacks / Endpoint Security
• 0 Comments

Security researchers at F-Secure have uncovered a decade-old attack that exploits firmware weaknesses in laptops to expose encryption keys and sensitive data.

Continue Reading