Search results for: side-channel attacks


When it comes to securing systems against quantum computers, there is no one-size-fits-all solution

Quantum computers will rapidly solve complex mathematical problems. This includes the ability to break both RSA and ECC encryption in seconds. In response, NIST has been leading an effort to define new cryptographic algorithms that will withstand attacks from quantum computers. NIST started this process in 2015. Beginning with almost 70 candidate algorithms, NIST narrowed the field down to a set of finalists over 3 selection rounds. We now have a well-defined set of algorithms … More


The first step to being cybersmart: Just start somewhere

When it comes to a subject as complex as cybersecurity, it’s easy to become a victim of decision paralysis. When company leaders and IT staff begin looking at their options around improving their security and discover hundreds of possible solutions, they can become overwhelmed. However, the best thing they can do is just start somewhere. IT and security specialists can get started by simply identifying the most critical risk areas in their business. Once they’ve … More

Kudelski Security expands research and advisory services focusing on quantum security

Kudelski Security announced the launch of a new focus on quantum security, including expanded research and advisory services that enable security leaders and product and system developers to align their long-term approach to risk and data protection to the era of quantum computing. The global quantum practice for Kudelski Security is led by Dr. Tommaso Gagliardoni, who brings extensive expertise in academic and applied research in the fields of cryptography, quantum computing, and advanced mathematics. … More

week in review

Week in review: Cybersecurity workforce gap decreases, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles: Every employee has a cybersecurity blind spot 80% of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the COVID-19 pandemic, particularly in times of heightened stress. Microsoft advises users to stop using SMS- and voice-based MFA Multi-factor authentication (MFA) that depends on one of the authentication factors being delivered via SMS and voice calls … More


November 2020 Patch Tuesday: Microsoft fixes actively exploited Windows Kernel flaw

On this November 2020 Patch Tuesday: Microsoft has plugged 112 security holes, including an actively exploited one Adobe has delivered security updates for Adobe Reader Mobile and Adobe Connect Intel has dropped a huge stack of security advisories and patches SAP has released 12 security notes and updated three previously released ones Mozilla has fixed a critical vulnerability affecting Firefox, Firefox ESR, and Thunderbird Microsoft’s updates Microsoft plugged 112 CVE-numbered flaws in a variety of … More


New side-channel attacks allow access to sensitive data on Intel CPUs

An international team of security researchers is presenting new side-channel attacks (CVE-2020-8694 and CVE-2020-8695), which use fluctuations in software power consumption to access sensitive data on Intel CPUs. Intel and power side-channel attacks Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys. Because power measurements by malware were previously very inaccurate, such attacks required physical access to the target device and special measurement tools such … More

medical devices

How to build up cybersecurity for medical devices

Manufacturing medical devices with cybersecurity firmly in mind is an endeavor that, according to Christopher Gates, an increasing number of manufacturers is trying to get right. Healthcare delivery organizations have started demanding better security from medical device manufacturers (MDMs), he says, and many have implemented secure procurement processes and contract language for MDMs that address the cybersecurity of the device itself, secure installation, cybersecurity support for the life of the product in the field, liability … More

US Army

Army researchers awarded patent for secure comms

Army researchers have been awarded a patent for inventing a practical method for Army wireless devices to covertly authenticate and communicate. Photo by Jason Edwards Securing Army wireless devices Authentication is one of the core pillars of wireless communications security, along with secrecy and privacy. The value of authentication in a military setting is readily apparent and mandatory. Receivers verify that an incoming transmission did indeed come from an ally and not a malicious adversary, … More

DJI drone

Researchers discover how to pinpoint the location of a malicious drone operator

Researchers at Ben-Gurion University of the Negev (BGU) have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone. Drones (small commercial unmanned aerial systems) pose significant security risks due to their agility, accessibility and low cost. As a result, there is a growing need to develop methods for detection, localization and mitigation of malicious … More


Mixed-signal circuits can stop side-channel attacks against IoT devices

Purdue University innovators have unveiled technology that is 100 times more resilient to electromagnetic and power attacks, to stop side-channel attacks against IoT devices. Securing IoT devices against side-channel attacks Security of embedded devices is essential in today’s internet-connected world. Security is typically guaranteed mathematically using a small secret key to encrypt the private messages. When these computationally secure encryption algorithms are implemented on a physical hardware, they leak critical side-channel information in the form … More

Intertrust whiteCryption Secure Key Box

Intertrust launches enterprise-ready white-box cryptography solution for web apps

Intertrust announced the launch of whiteCryption Secure Key Box (SKB) for Web at the RSA Conference 2020. The first and only enterprise-ready white-box cryptography solution for web applications, it ensures that web apps can be used without fear of exposing the underlying keys and credentials to cyberattack. SKB for Web brings Intertrust’s proven whiteCryption white-box technology, which prevents hackers from extracting keys using either static or dynamic methods, to web applications. SKB for Web is … More


Malware and ransomware attack volume down due to more targeted attacks

Cybercriminals are leveraging more evasive methods to target businesses and consumers, a SonicWall report reveals. “Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner. “Now more than ever, it’s imperative that organizations detect and respond quickly, or run the risk of having to negotiate what’s being held at ransom from criminals so … More