Cryptography - Page 2
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
A new strain of Cylance Ransomware has been discovered, which has already claimed several victims. Researchers noticed it early Friday morning, and further probing revealed that it is targeting Linux and Windows devices.
GitHub has updated its SSH keys after accidentally publishing the private part to the world. Whoops.
NordVPN's Meshnet private tunnel feature for Windows, macOS, and Linux is now free for everyone, even users who do not have a subscription to NordVPN.
The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys.
[Kuba Tyszko] like many of us, has been hacking things from a young age. An early attempt at hacking around with grandpa’s tractor might have been swiftly quashed by his father, but likely this was not the last such incident.
Secure Sockets Layer (SSL) is an internet security protocol. It establishes encrypted connections between computers on a network, such as the internet. The OpenSSL Project dates back to 1998 to develop a free, versatile set of encryption tools for online use.
Last week, we wrote about a bunch of memory management bugs that were fixed in the latest security update of the popular OpenSSL encryption library. Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption.
The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process.
The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months.
Last week I wrote about Linux developers evaluating a new "DOITM" security mitigation for the latest Intel CPUs. While the cost for now of engaging the Data Operand Independent Timing Mode (DOITM) functionality is minimal, following internal Intel engineering discussions it looks like the Linux kernel patches will need to be re-worked with this functionality not intended to always be enabled.
Merged on Sunday prior to tagging Linux 6.2-rc6 is a late "fix" for the AMD Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) code to avoid possible situations of undefined behavior with difficult to debug issues where a modern Linux host with SEV-SNP may try booting a Linux virtual machine with an outdated kernel.
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware.
The primary goal of any VPN is to create a secure encrypted tunnel for all your internet traffic by helping to shield it from hackers and others that want to take a peak, which may even include your ISP.
If things go as planned, the TPM2 device found within Microsoft's Pluton security processor on the latest AMD Ryzen SoCs will be supported by Linux 6.3. The Microsoft Pluton security processor has been of concern to many Linux/open-source enthusiasts due to being a "black box" and plenty of unknowns around the provided root of trust, secure identity, secure attestation, and cryptographic services marketed by Pluton.
Sigstore community today announced the first stable release of sigstore-python, improving software supply chain security and paving the way for other client implementations of Sigstore that are in earlier stages.
IPFire developer Peter Müller announced today the general availability of IPFire 2.27 Core Update 172 as the latest stable release of this open-source hardened Linux firewall distribution for routers and firewalls bringing updates to VPN cryptography and updated components.
Thursday the Kudelski Group's cybersecurity division released "a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes."
The fall version of systemd is here, with support for increased boot security, including tightened full-disk encryption.
The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP.
Building your own initial RAMdisk? That's insecure!