DoppelPaymer ransomware supsects arrested in Germany and Ukraine
Devices seized, suspects interrogated and arrested, allegedly connected to devastating cyberattack on University Hospital in Düsseldorf.
Cryptography
S3 Ep124: When so-called security apps go rogue [Audio + Text]
Rogue software packages. Rogue “sysadmins”. Rogue keyloggers. Rogue authenticators. Rogue ROGUES!
Side-Channel Attack against CRYSTALS-Kyber
CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process.
Researchers have just published a side-channel attack—using power consumption—against an implementation of the algorithm that was supposed to be resistant against that sort of attack.
The algorithm is not “broken” or “cracked”—despite headlines to the contrary—this is just a side-channel attack. What makes this work really interesting is that the researchers used a machine-learning model to train the system to exploit the side channel…
Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!
Even in Apple’s and Google’s “walled gardens”, there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.)
Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug
Conditional code considered cryptographically counterproductive.
Mary Queen of Scots Letters Decrypted
This is a neat piece of historical research.
The team of computer scientist George Lasry, pianist Norbert Biermann and astrophysicist Satoshi Tomokiyo—all keen cryptographers—initially thought the batch of encoded documents related to Italy, because that was how they were filed at the Bibliothèque Nationale de France.
However, they quickly realised the letters were in French. Many verb and adjectival forms being feminine, regular mention of captivity, and recurring names—such as Walsingham—all put them on the trail of Mary. Sir Francis Walsingham was Queen Elizabeth’s spymaster…
OpenSSL fixes High Severity data-stealing bug – patch now!
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English…
Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto
Hear renowned cybersecurity author Andy Greenberg’s thoughtful commentary about the “war on crypto” as we talk to him about his new book…
Attacking Machine Learning Systems
The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many opportunities for new researchers to publish in this field. In many ways, this circumstance reminds me of the cryptanalysis field in the 1990. And there is a lesson in that similarity: the complex mathematical attacks make for good academic papers, but we mustn’t lose sight of the fact that insecure software will be the likely attack vector for most ML systems…
S3 Ep120: When dud crypto simply won’t let go [Audio + Text]
Latest episode – listen now!