Recent Cyber Attacks & News

Bookmark this page

• RAND report finds that, like fusion power and Half Life 3, quantum computing is still 15 years away
  Has anyone told the Chinese? Quantum computers pose an "urgent but manageable" threat to the security of modern communications systems, according to a report published Thursday by influential US RAND Corporation.…
  Source: The RegisterPublished on 2020-04-09
• Senator calls on FTC to create guidelines for video teleconferencing software
  Senator says online conferencing software needs to be regulated and follow basic privacy and security rules.
  Source: ZDNet | security RSSPublished on 2020-04-09
• Cloudflare Axes Google reCAPTCHA Due to Privacy, Price
  Cloudflare's CEO said it is replacing Google's reCAPTCHA tool with hCaptcha due to pricing, privacy and availability concerns.
  Source: ThreatpostPublished on 2020-04-09
• Unique P2P Architecture Gives DDG Botnet ‘Unstoppable’ Status
  DDG might be the world's first P2P-based cryptomining botnet.
  Source: ThreatpostPublished on 2020-04-09
• Signal sends smoke, er, signal: If Congress cripples anonymous speech with EARN IT Act, we’ll leave the US
  Secure messaging app says it could not continue under proposed law Secure messaging app developer Signal says its US operation hangs in the balance due to a proposed law in America.…
  Source: The RegisterPublished on 2020-04-09
• Signal sends smoke, er, signal: If Congress cripples anonymous speech with EARN IT Act, we’ll leave the US
  Secure messaging app says it could not continue under proposed law Secure messaging app developer Signal says its US operation hangs in the balance due to a proposed law in America.…
  Source: The Register – SecurityPublished on 2020-04-09
• The Sandboxie Windows sandbox isolation tool is now open-source!
  Cybersecurity firm Sophos announced today that it has open-sourced the Sandboxie Windows sandbox-based isolation utility 15 years after it was released.
  Source: BleepingComputerPublished on 2020-04-09
• SAP slashes revenue, profit forecasts as virus outbreak bites into biz prospects
  First quarter started off so well... ERP giant SAP has cut its annual revenue estimates by as much as €1.9bn in the face of COVID-19 disruption which saw a "significant amount of new business" postponed in the first quarter.…
  Source: The RegisterPublished on 2020-04-09
• Promising Results for Post-Quantum Certificates in TLS 1.3
  The Challenge Quantum Computers could threaten the security of TLS key exchange and authentication. To assess the performance of post-quantum certificates TLS 1.3, we evaluated NIST Round 2 signature algorithms and concluded that two of them offer acceptable speeds. We also analyzed other implications of post-quantum certs in TLS. More details in https://ia.cr/2020/071 We all know by now that the potential development of large-scale quantum computers has raised concerns among IT and security research professionals due to their ability to break public key cryptography. All currently used public key algorithms would be deemed insecure in a post-quantum (PQ) setting. In response, the National Institute of Standards and Technology (NIST) has initiated a process to standardize quantum-resistant crypto algorithms, focusing primarily on their security guarantees. The Tests The industry has been evaluating some of these algorithms for use in encryption protocols like TLS and IKEv2/IPsec. Cloudflare, Google, and AWS have been looking into PQ TLS key exchange. At Cisco, we focused on PQ authentication/certificates in TLS 1.3. We briefly discussed some of our early results in a recent blog post and detailed them in our paper presented at ETSI/IQC Quantum Safe Cryptography Workshop 2019. A couple of months ago, we presented all of our results in our paper at NDSS 2020 in San Diego. The paper presented a detailed performance evaluation of the NIST signature algorithm candidates and investigated the imposed latency on TLS 1.3 connection establishment under realistic network conditions. In other words, we deployed servers all over the world. We proved that at least two candidate PQ signature algorithms perform similarly to RSA/ECDSA certificates, as shown in the figure below. We also investigated PQ signature impact on TLS session throughput and analyzed the trade-off between lengthy PQ signatures and computationally heavy PQ cryptographic operations. The Results Our results demonstrated that the adoption of at least two PQ signature algorithms would be viable with little additional overhead over current signature algorithms. Also, we argued that many NIST PQ candidates could effectively be used for less time-sensitive applications, and discussed in depth the integration of PQ authentication in encrypted tunneling protocols. Finally, we evaluated and proposed the combination of different PQ signature algorithms across the same certificate chain in TLS. The results showed a reduction of the TLS handshake time and a significant increase of a server’s TLS tunnel connection rate over using a single PQ signature scheme. For more details on the impact of PQ certificates on TLS, refer to our NDSS 2020 paper. For additional resources, visit trust.cisco.comadditional resources, visit trust.cisco.com The post Promising Results for Post-Quantum Certificates in TLS 1.3 appeared first on Cisco Blogs.
  Source: Security – Cisco BlogPublished on 2020-04-09
• Over 3.6M users installed iOS fleeceware from Apple’s App Store
  Developers of fleeceware apps are now using the Apple App Store as a distribution platform having already successfully delivered their iOS apps onto over 3.5 million iPhone and iPad devices according to a report from Sophos.
  Source: BleepingComputerPublished on 2020-04-09