'

A new path for Kyber on the web

Posted by David Adrian, David Benjamin, Bob Beck & Devon O’Brien, Chrome Team We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients. The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber. At the time, the NIST standardization … Read more

The ‘Sleeping Time Bomb’ of Third-Party Cybersecurity Risk

The ‘Sleeping Time Bomb’ of Third-Party Cybersecurity Risk

In the final part of this four-part video series, Decipher editor Lindsey O’Donnell-Welch talks to Merritt Baer, CISO at Reco, Neda Pitt, CISO at Belk, and Danielle Snyder, cyber and compliance lead at Raytheon, about third-party risk, why it’s a “sleeping time bomb” and how organizations can approach this complex issue. Go to Source Author:

Categories duo

Kali Linux 2024.3 Released With New Hacking Tools

Kali Linux 2024.3, the most recent iteration of Offensive Security’s highly regarded Debian-based distribution designed for ethical hacking and penetration testing, has been released. This new release is a major update that includes 11 new hacking tools and focuses on behind-the-scenes updates and optimizations. According to the Kali Linux team, there have been a few … Read more

Hacker Tricks ChatGPT to Get Details for Making Homemade Bombs

A hacker known as Amadon has reportedly managed to bypass the safety protocols of ChatGPT, a popular AI chatbot developed by OpenAI, to generate instructions for creating homemade explosives. This incident raises significant questions about generative AI technologies’ security and ethical implications. How It Happened Amadon employed a technique known as “jailbreaking” to manipulate ChatGPT … Read more

Citrix Workspace App Vulnerable to Privilege Escalation Attacks

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace app for Windows. These vulnerabilities, identified as CVE-2024-7889 and CVE-2024-7890, pose significant security risks. They allow local privilege escalation that could enable attackers to gain SYSTEM-level access. The severity of these vulnerabilities has been classified as high, prompting urgent attention from … Read more

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign Excel file that exploits CVE-2017-0199. By exploiting this vulnerability in Microsoft Office, attackers are able to embed malicious code within the file using OLE objects.  It utilizes encryption and obfuscation techniques to conceal the malicious payload. Upon opening the file, the … Read more

Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild

A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers. The flaw designated CVE-2024-45195, allows for unauthenticated remote code execution (RCE), posing a threat to organizations relying on OFBiz for their operations. CVE-2024-45195 – Vulnerability Details The CVE-2024-45195 vulnerability arises from missing view authorization checks in the web application. This enables … Read more

Docker Desktop Vulnerabilities Let Attackers Execute Remote Code

Docker has addressed critical vulnerabilities in Docker Desktop that could allow attackers to execute remote code. These vulnerabilities, identified as CVE-2024-8695 and CVE-2024-8696, highlight the ongoing risks associated with software extensions and the importance of timely updates. CVE-2024-8695: Crafted Extension Description Vulnerability The first vulnerability, CVE-2024-8695, involves a flaw in handling crafted extension descriptions or … Read more

Fortinet Confirms Data Breach Following Hacker’s Claim of 440GB Data Theft

Fortinet, a leading cybersecurity firm, has confirmed a data breach involving a third-party cloud service after a hacker, known by the alias “Fortibitch,” claimed to have stolen 440GB of data. The breach primarily affects a small number of Fortinet’s Asia-Pacific customers. The compromised data is reportedly stored on a cloud-based shared file drive. The hacker … Read more

SquareX, Awarded Rising Star Category in CybersecAsia Readers’ Choice Awards 2024

SquareX has been named a winner of the prestigious Rising Star category in CybersecAsia Readers’ Choice Awards 2024 Awards, due to its outstanding achievements in its innovative browser security solutions. For the past 5 years, this award has been honouring cybersecurity organizations that are making a significant impact and delivering ground breaking solutions to help … Read more

The New Age of Cloud Security and Multi-Cloud Defense

The New Age of Cloud Security and Multi-Cloud Defense

Longtime cloud security educator and researcher Rich Mogull, SVP of cloud security at FireMon, joins Decipher editor Dennis Fisher to dive into the challenges of securing multi-cloud environments, how cloud security has evolved, and how enterprises are learning to handle those changes. Go to Source Author:

Categories duo