Collaborate Disseminate
Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin atta… Continue reading SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)
Cryptography is largely taken for granted – rarely evaluated or checked – a practice that could have devastating consequences for businesses as attack surfaces continue to expand, the cost of a data breach rises year-over-year, and the age of quantum c… Continue reading Outdated cryptographic protocols put vast amounts of network traffic at risk
Columbia University researchers have released Crylogger, an open source dynamic analysis tool that shows which Android apps feature cryptographic vulnerabilities. They also used it to test 1780 popular Android apps from the Google Play Store, and the r… Continue reading Popular Android apps are rife with cryptographic vulnerabilities
A team of researchers has found vulnerabilities in implementations of the Internet Key Exchange version 1 (IKEv1) protocol in firewalls and other networking gear that support IPsec VPN tunnels. If exploited, the flaw can allow attackers to bypass auth… Continue reading IKEv1 Vulnerabilities Break IPsec VPN Security in Cisco, Huawei, ZyXEL Gear
Vulnerable IPSec IKE implementations used in Cisco, Huawei, ZyXel and Clavister networking devices can allow attackers to retrieve session keys and decrypt connections, researchers have found. The attack Dennis Felsch, Martin Grothe and Jörg Schwenk fr… Continue reading Networking vendors patch against new cryptographic attack