14.6 C
Tuesday, September 26, 2017
Home Tags Cryptography

Tag: Cryptography

Who placed the JavaScript code on two primetime dot-coms? So far, it's a mystery The websites of US telly giant CBS's Showtime contained JavaScript that secretly commandeered viewers' web browsers over the weekend to mine cryptocurrency.…
Optionsbleed is especially threatening for people in shared hosting environments.
aIR-Jumper weaves passwords and crypto keys into infrared signals.
The coming era of quantum computing will require new technologies and approaches to keep cryptography secure.

Miners on the Rise

Over the last month alone, we have detected several large botnets designed to profit from concealed crypto mining. We have also observed growing numbers of attempts to install miners on servers owned by organizations. When these attempts are successful, the companiesrsquo; business processes suffer because data processing speeds fall substantially.
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.

For devices utilizing this environment encryption mode,U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data.
8-char password limits? HTTP-YES HSBC has been faulted for redirecting business customers to a website that is not obviously secure.…
Researchers reverse hashes in Troy Hunt's password release. PS, don't forget the salt The anonymous CynoSure Prime “cracktivistsrdquo; who two years ago reversed the hashes of 11 million leaked Ashley Madison passwords have done it again, this time untangling a stunning 320 million hashes dumped to Australian researcher Troy Hunt.…
UK watchdog echoes Home Sec in anti-crypto comments The UKrsquo;s “independent reviewer of terrorism legislationrdquo; appears to have gone rogue, saying that encryption should be withheld from people who donrsquo;t verify their identities on social media.…

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear.
It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure.
In one of our previous articles, we analyzed the NeutrinoPOS banker as an example of a constantly evolving malware family.

A week after publication, this Neutrino modification delivered up a new malicious program classified by Kaspersky Lab as Trojan-Banker.Win32.Jimmy.
Sure, theoretically it offers a lot of protection, but get it wrong...
Security researchers have endorsed industry guru Scott Helme's vote of no confidence in a next-generation web crypto technology.…