encryption
NIST chooses encryption algorithms for lightweight IoT devices
ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology (NIST) has chosen to …
Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)
Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker …
Chinese researchers: RSA is breakable. Others: Do not panic!
Quantum computing poses a great opportunity but also a great threat to internet security; certain mathematical problems that form the basis of today’s most popular …
Apple delivers belated zero-day patch for iOS v12 (CVE-2022-42856)
Apple has released security updates for macOS, iOS, iPadOS and watchOS, patching – among other things – a type confusion flaw in the WebKit component …
Why encrypting emails isn’t as simple as it sounds
The quality of protected communications matters – a lot. If the sent material is highly sensitive and the legislation and/or policy demands high security, opportunistic …
Crypto audit of Threema revealed many vulnerabilities
Researchers have discovered cryptographic vulnerabilities in Swiss-based secure messaging application Threema that may have allowed attackers to do things like break …
Apple unveils end-to-end encryption for iCloud backup, Photos, etc.
Apple is expanding end-to-end encryption options for users and finally offering E2EE for their iCloud backup. Advanced Data Protection for iCloud “iCloud already …
Why companies can no longer hide keys under the doormat
For good reason, companies trust in encryption, blockchain, zero trust access, distributed or multi-party strategies, and other core technologies. At the same time, companies …
Breaking down data encryption techniques aimed at improving data privacy
In this Help Net Security video, Dana Morris, SVP Product and Engineering at Virtru, talks about privacy-preserving cryptography. He provides an introduction to data …
High-severity OpenSSL vulnerabilities fixed (CVE-2022-3602, CVE-2022-3786)
Version 3.0.7 of the popular OpenSSL cryptographic library is out, with fixes for CVE-2022-3602 and CVE-2022-3786, two high-severity buffer overflow vulnerabilities in the …
Incoming OpenSSL critical fix: Organizations, users, get ready!
UPDATE (November 1, 2022, 01:55 p.m. ET): OpenSSL version 3.0.7 is out, and the severity of the vulnerability has been downgraded. Check out what you should be doing next. The …
Weakness in Microsoft Office 365 Message Encryption could expose email contents
WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption (OME) that could be exploited by attackers to obtain …
Featured news
Resources
Don't miss
- Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms
- New framework aims to outsmart malware evasion tricks
- Finding connection and resilience as a CISO
- AI isn’t taking over the world, but here’s what you should worry about
- Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations