PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To b… Continue reading PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

How Google plans to make stolen session cookies worthless for attackers

Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by brows… Continue reading How Google plans to make stolen session cookies worthless for attackers

Nitrokey releases NetHSM, a fully open-source hardware security module

German company Nitrokey has released NetHSM 1.0, an open-source hardware security module (HSM). Nitrokey NetHSM 1.0 features The module can be used for storing and managing a variety of cryptographic keys (e.g., keys to enable HTTPS, DNSSEC, secure blo… Continue reading Nitrokey releases NetHSM, a fully open-source hardware security module

Security in the impending age of quantum computers

Quantum computing is poised to be one of the most important technologies of the 21st century. With global governments having collectively pledged more than $38 billion in public funds for quantum technologies and $2.1 billion of new private capital flo… Continue reading Security in the impending age of quantum computers

MSI’s firmware, Intel Boot Guard private keys leaked

The cybercriminals who breached Taiwanese multinational MSI last month have apparently leaked the company’s private code signing keys on their dark web site. The breach MSI (Micro-Star International) is a corporation that develops and sells compu… Continue reading MSI’s firmware, Intel Boot Guard private keys leaked

Chinese researchers: RSA is breakable. Others: Do not panic!

Quantum computing poses a great opportunity but also a great threat to internet security; certain mathematical problems that form the basis of today’s most popular cryptographic algorithms will be much easier to solve with quantum than with “classical”… Continue reading Chinese researchers: RSA is breakable. Others: Do not panic!

Tips to mitigate public-key cryptography risk in a quantum computing world

Quantum computing is poised to transform the industry over the next decade. With its promise of breakthrough speed and power, it’s easy to understand why there is so much hype around this new technology. But we must also consider the new cybersecurity … Continue reading Tips to mitigate public-key cryptography risk in a quantum computing world

The paradox of post-quantum crypto preparedness

Preparing for post-quantum cryptography (PQC) is a paradox: on the one hand, we don’t know for sure when, or perhaps even if, a large quantum computer will become available that can break all current public-key cryptography. On the other hand, the cons… Continue reading The paradox of post-quantum crypto preparedness

Detecting GnuTLS CVE-2020-13777 using Zeek

By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their session resumption code, which lets… Continue reading Detecting GnuTLS CVE-2020-13777 using Zeek

5 Actionable Takeaways from Ponemon and KeyFactor’s 2020 PKI Study

Looking for the latest stats and info about public key infrastructure? Look no further 74%. That’s how many organizations report not knowing how many keys and certificates they have. This…
The post 5 Actionable Takeaways from Ponemon and KeyFa… Continue reading 5 Actionable Takeaways from Ponemon and KeyFactor’s 2020 PKI Study