Sophisticated attack breaks security assurances of the most popular FIDO key.
The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains temporary physical access to it, researchers said Tuesday.
The cryptographic flaw, known as a side channel, resides in a small microcontroller used in a large number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, such as the SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.
Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges.
An investigation has been launched after a data breach led to the details of current and former Police Ombudsman staff members being accidently released.
The Police Ombudsman (PONI) has apologised for the data leak incident involving 160 current and former staff.
On September 3, 2024, the White House published a report on Internet routing security. We’ll talk about what that means and how you can help.
The Internet can feel like magic. When you load a webpage in your browser, many simultaneous requests for data fly back and forth to remote servers. Then, often in less than one second, a website appears. Many people know that DNS is used to look up a hostname, and resolve it to an IP address, but fewer understand how data flows from your home network to the network that controls the IP address of the web server.
In this blog post, BGP experts Doug Madory of Kentik and Job Snijders of Fastly review the latest RPKI ROV deployment metrics in light of a major milestone.
The Dutch Data Protection Authority imposed the largest fine yet against facial recognition company Clearview AI under the GDPR.
Transport for London's (TfL) computer systems have been targeted in an ongoing cyber attack.
It said there was no evidence customer data had been compromised and there was currently no impact on TfL services.
Insiders have told BBC London they have been asked to work at home if possible, and that it is the transport provider's backroom systems at the corporate headquarters that are mainly affected.
Microsoft observed North Korean threat actor Citrine Sleet exploiting the CVE-2024-7971 zero-day vulnerability in Chromium. Citrine Sleet targets the cryptocurrency sector for financial gain.
We have examined the Windows TCP/IP network stack flaw that could grant adversaries remote access with maximum privileges. Exploiting CVE-2024–38063 does not imply any action on the part of the user…
Three men in the United Kingdom have pleaded guilty to operating otp[.]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords. Launched in…
Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K.
We provide a technical analysis on how CVE-2023-22527 can be exploited by malicious actors for cryptojacking attacks that can spread across the victim’s system.
Key findings Proofpoint researchers identified an unusual campaign delivering malware that the threat actor named “Voldemort”. Proofpoint assesses with moderate confidence the goal of the activi...
The notorious hacker USDoD, who is best known for high-profile data leaks, appears to be a man from Brazil, according to investigations conducted by CrowdStrike and others.
Over the past few years, USDoD, aka EquationCorp, has leaked vast amounts of information stolen from major organizations. His targets include the FBI’s InfraGard portal, Airbus, credit reporting firm TransUnion, background checking service National Public Data (NPD), and many others.
The investigation into Telegram boss Pavel Durov that has fired a warning shot to global tech titans was started by a small cybercrime unit within the Paris prosecutor's office, led by 38-year-old Johanna Brousse.
The arrest of Durov, 39, last Saturday marks a significant shift in how some global authorities may seek to deal with tech chiefs reluctant to police illegal content on their platforms.
The arrest signalled the mettle of the J3 cybercrime unit, but the true test of its ambitions will be whether Brousse can secure a conviction based on a largely untested legal argument, lawyers said.
Comme d’autres services publics avant elle, l’université Paris-Saclay a subi une cyberattaque par le biais d’un ransomware sur ses serveurs. L’attaque qui a eu lieu le 11 août a affecté les services centraux de l’établissement, ainsi que ses composantes (facultés, IUT, Polytech Paris-Saclay, Observatoire des sciences de l’univers). Sont notamment indisponibles un certain nombre de services comme la messagerie électronique, l’intranet, les espaces partagés et certaines applications métier. Un site provisoire a été mis en ligne afin d’assurer, durant les prochaines semaines, la communication auprès des personnels et des étudiants. Une foire aux questions, relative à la cyberattaque, régulièrement complétée et actualisée y est affichée.
Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies. Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies.
See how adversaries are impersonating Google Authenticator in Google Ads to deliver the DeerStealer information-stealing malware.
Discover the latest insights on the emerging ransomware group Cicada3301, first detected in June 2024. Truesec's investigation reveals key findings about this group, named after a famous cryptography game, now targeting multiple victims.
