Search results for: side-channel attacks
Quantum computers will rapidly solve complex mathematical problems. This includes the ability to break both RSA and ECC encryption in seconds. In response, NIST has been leading an effort to define new cryptographic algorithms that will withstand attacks from quantum computers. NIST started this process in 2015. Beginning with almost 70 candidate algorithms, NIST narrowed the field down to a set of finalists over 3 selection rounds. We now have a well-defined set of algorithms … More →
When it comes to a subject as complex as cybersecurity, it’s easy to become a victim of decision paralysis. When company leaders and IT staff begin looking at their options around improving their security and discover hundreds of possible solutions, they can become overwhelmed. However, the best thing they can do is just start somewhere. IT and security specialists can get started by simply identifying the most critical risk areas in their business. Once they’ve … More →
Kudelski Security announced the launch of a new focus on quantum security, including expanded research and advisory services that enable security leaders and product and system developers to align their long-term approach to risk and data protection to the era of quantum computing. The global quantum practice for Kudelski Security is led by Dr. Tommaso Gagliardoni, who brings extensive expertise in academic and applied research in the fields of cryptography, quantum computing, and advanced mathematics. … More →
Here’s an overview of some of last week’s most interesting news and articles: Every employee has a cybersecurity blind spot 80% of companies say that an increased cybersecurity risk caused by human factors has posed a challenge during the COVID-19 pandemic, particularly in times of heightened stress. Microsoft advises users to stop using SMS- and voice-based MFA Multi-factor authentication (MFA) that depends on one of the authentication factors being delivered via SMS and voice calls … More →
On this November 2020 Patch Tuesday: Microsoft has plugged 112 security holes, including an actively exploited one Adobe has delivered security updates for Adobe Reader Mobile and Adobe Connect Intel has dropped a huge stack of security advisories and patches SAP has released 12 security notes and updated three previously released ones Mozilla has fixed a critical vulnerability affecting Firefox, Firefox ESR, and Thunderbird Microsoft’s updates Microsoft plugged 112 CVE-numbered flaws in a variety of … More →
An international team of security researchers is presenting new side-channel attacks (CVE-2020-8694 and CVE-2020-8695), which use fluctuations in software power consumption to access sensitive data on Intel CPUs. Intel and power side-channel attacks Power side-channel attacks are attacks that exploit fluctuations in power consumption to extract sensitive data such as cryptographic keys. Because power measurements by malware were previously very inaccurate, such attacks required physical access to the target device and special measurement tools such … More →
Manufacturing medical devices with cybersecurity firmly in mind is an endeavor that, according to Christopher Gates, an increasing number of manufacturers is trying to get right. Healthcare delivery organizations have started demanding better security from medical device manufacturers (MDMs), he says, and many have implemented secure procurement processes and contract language for MDMs that address the cybersecurity of the device itself, secure installation, cybersecurity support for the life of the product in the field, liability … More →
Army researchers have been awarded a patent for inventing a practical method for Army wireless devices to covertly authenticate and communicate. Photo by Jason Edwards Securing Army wireless devices Authentication is one of the core pillars of wireless communications security, along with secrecy and privacy. The value of authentication in a military setting is readily apparent and mandatory. Receivers verify that an incoming transmission did indeed come from an ally and not a malicious adversary, … More →
Researchers at Ben-Gurion University of the Negev (BGU) have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone. Drones (small commercial unmanned aerial systems) pose significant security risks due to their agility, accessibility and low cost. As a result, there is a growing need to develop methods for detection, localization and mitigation of malicious … More →
Purdue University innovators have unveiled technology that is 100 times more resilient to electromagnetic and power attacks, to stop side-channel attacks against IoT devices. Securing IoT devices against side-channel attacks Security of embedded devices is essential in today’s internet-connected world. Security is typically guaranteed mathematically using a small secret key to encrypt the private messages. When these computationally secure encryption algorithms are implemented on a physical hardware, they leak critical side-channel information in the form … More →
Intertrust announced the launch of whiteCryption Secure Key Box (SKB) for Web at the RSA Conference 2020. The first and only enterprise-ready white-box cryptography solution for web applications, it ensures that web apps can be used without fear of exposing the underlying keys and credentials to cyberattack. SKB for Web brings Intertrust’s proven whiteCryption white-box technology, which prevents hackers from extracting keys using either static or dynamic methods, to web applications. SKB for Web is … More →
Cybercriminals are leveraging more evasive methods to target businesses and consumers, a SonicWall report reveals. “Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner. “Now more than ever, it’s imperative that organizations detect and respond quickly, or run the risk of having to negotiate what’s being held at ransom from criminals so … More →