https://thehackernews.com/2017/10/crack-prng-encryption-keys.html?m=1

DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions.

DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack.

The vulnerability affects products from dozens of vendors, including Fortinet, Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG — an outdated pseudorandom number generation algorithm — 'in conjunction with a hard-coded seed key.'

Comments

Post a Comment

Popular posts from this blog

https://thehackernews.com/2017/10/coinhive-cryptocurrency-miner.html?m=1

Image
When yesterday I was reporting about the sudden outbreak of another global ransomware attack ' Bad Rabbit ,' I thought what could be worse than this? Then late last night I got my answer with a notification that Coinhive has been hacked — a popular browser-based service that offers website owners to embed a JavaScript to utilise their site visitors' CPUs power to mine the Monero cryptocurrency for monetisation. Reportedly an unknown hacker managed to hijack Coinhive's CloudFlare account that allowed him/her to modify its DNS servers and replace Coinhive's official JavaScript code embedded into thousands of websites with a malicious version. https://coin-hive[.]com/lib/coinhive.min.js
Read more

https://thehackernews.com/2017/10/kaspersky-antivirus-source-code.html?m=1

Image
Kaspersky Lab — We have nothing to hide! Russia-based Antivirus firm hits back with what it calls a " comprehensive transparency initiative ," to allow independent  third-party review  of its source code and internal processes to win back the trust of customers and infosec community. Kaspersky launches this initiative days after it was accused of helping, knowingly or unknowingly, Russian government hackers to steal classified material from a computer belonging to an NSA contractor. Earlier this month another story published by the New York Times claimed that  Israeli government hackers hacked into Kaspersky ’s network in 2015 and caught Russian hackers red-handed hacking US government with the help of Kaspersky.
Read more
Google has just lost its biggest regulatory battle! Google has been hit with a record-breaking $2.7 billion (€2.42 billion) fine by the European antitrust officials for unfairly manipulating search [...]
Read more