Cryptography

Discover Cryptography News

New Cylance Ransomware Targets Linux and Windows, Warn Researchers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

A new strain of Cylance Ransomware has been discovered, which has already claimed several victims. Researchers noticed it early Friday morning, and further probing revealed that it is targeting Linux and Windows devices.

LinuxSecurity.com Team
Apr 05, 2023

GitHub Publishes RSA SSH Host Keys by Mistake, Issues Update

GitHub has updated its SSH keys after accidentally publishing the private part to the world. Whoops.

LinuxSecurity.com Team
Mar 28, 2023

NordVPN Makes its Meshnet Private Tunnel Free for Everyone

NordVPN's Meshnet private tunnel feature for Windows, macOS, and Linux is now free for everyone, even users who do not have a subscription to NordVPN.

LinuxSecurity.com Team
Mar 23, 2023

New TPM 2.0 Flaws Could Let Hackers Steal Cryptographic Keys

The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys.

LinuxSecurity.com Team
Mar 06, 2023

SUPERCON 2022: Kuba Tyszko Cracks Encrypted Software

[Kuba Tyszko] like many of us, has been hacking things from a young age. An early attempt at hacking around with grandpa’s tractor might have been swiftly quashed by his father, but likely this was not the last such incident.

LinuxSecurity.com Team
Feb 22, 2023

What Is OpenSSL?

Secure Sockets Layer (SSL) is an internet security protocol. It establishes encrypted connections between computers on a network, such as the internet. The OpenSSL Project dates back to 1998 to develop a free, versatile set of encryption tools for online use.

LinuxSecurity.com Team
Feb 21, 2023

Serious Security: GnuTLS Follows OpenSSL, Fixes Timing Attack Bug

Last week, we wrote about a bunch of memory management bugs that were fixed in the latest security update of the popular OpenSSL encryption library. Along with those memory bugs, we also reported on a bug dubbed CVE-2022-4304: Timing Oracle in RSA Decryption.

LinuxSecurity.com Team
Feb 15, 2023

Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process.

LinuxSecurity.com Team
Feb 13, 2023

Clop Ransomware Flaw Allowed Linux Victims to Recover Files for Months

The Clop ransomware gang is now also using a malware variant that explicitly targets Linux servers, but a flaw in the encryption scheme has allowed victims to quietly recover their files for free for months.

LinuxSecurity.com Team
Feb 07, 2023

Intel's "DOITM" Security Feature Not Intended For Always-On Use, Linux Patches To Be Revised

Last week I wrote about Linux developers evaluating a new "DOITM" security mitigation for the latest Intel CPUs. While the cost for now of engaging the Data Operand Independent Timing Mode (DOITM) functionality is minimal, following internal Intel engineering discussions it looks like the Linux kernel patches will need to be re-worked with this functionality not intended to always be enabled.

LinuxSecurity.com Team
Feb 06, 2023

Linux Will Now Better Handle AMD SEV-SNP To Avoid Undefined Behavior For Old VMs

Merged on Sunday prior to tagging Linux 6.2-rc6 is a late "fix" for the AMD Secure Encrypted Virtualization Secure Nested Paging (SEV-SNP) code to avoid possible situations of undefined behavior with difficult to debug issues where a modern Linux host with SEV-SNP may try booting a Linux virtual machine with an outdated kernel.

LinuxSecurity.com Team
Jan 30, 2023

20.Lock AbstractDigital Circular Esm H200

New Boldmove Linux Malware Used to Backdoor Fortinet Devices

Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware.

LinuxSecurity.com Team
Jan 24, 2023

What is WireGuard?

The primary goal of any VPN is to create a secure encrypted tunnel for all your internet traffic by helping to shield it from hackers and others that want to take a peak, which may even include your ISP.

LinuxSecurity.com Team
Jan 19, 2023

Linux 6.3 To Support Pluton's CRB TPM2 On AMD Ryzen CPUs

If things go as planned, the TPM2 device found within Microsoft's Pluton security processor on the latest AMD Ryzen SoCs will be supported by Linux 6.3. The Microsoft Pluton security processor has been of concern to many Linux/open-source enthusiasts due to being a "black box" and plenty of unknowns around the provided root of trust, secure identity, secure attestation, and cryptographic services marketed by Pluton.

LinuxSecurity.com Team
Jan 17, 2023

Sigstore Announces the First Stable Release of Code and Certificate Signing Tool for Python

Sigstore community today announced the first stable release of sigstore-python, improving software supply chain security and paving the way for other client implementations of Sigstore that are in earlier stages.

LinuxSecurity.com Team
Jan 16, 2023

Latest IPFire Hardened Linux Firewall Distro Release Future-Proofs VPN Cryptography

IPFire developer Peter Müller announced today the general availability of IPFire 2.27 Core Update 172 as the latest stable release of this open-source hardened Linux firewall distribution for routers and firewalls bringing updates to VPN cryptography and updated components.

LinuxSecurity.com Team
Jan 02, 2023

Introducing Shufflecake: Plausible Deniability For Multiple Hidden Filesystems on Linux

Thursday the Kudelski Group's cybersecurity division released "a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes."