#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

VeraCrypt | Breaking Cybersecurity News | The Hacker News

VeraCrypt Audit Reveals Critical Security Flaws — Update Now

VeraCrypt Audit Reveals Critical Security Flaws — Update Now

Oct 18, 2016
After TrueCrypt mysteriously discontinued its service, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, as well as privacy conscious people. First of all, there is no such thing as a perfect, bug-free software. Even the most rigorously tested software, like the ones that operate SCADA Systems, medical devices, and aviation software, have flaws. Vulnerabilities are an unfortunate reality for every software product, but there is always space for improvements. Due to the enormous popularity of VeraCrypt, security researchers from the OSTIF (The Open Source Technology Improvement Fund) agreed to audit VeraCrypt independently and hired researchers from QuarksLab in August to lead the audit. And it seems like VeraCrypt is not exactly flawless either. Now after one month of the audit, researchers have discovered a number of security issues, including 8 critical, 3 medium, and 15 low-severity vulnerabilities in the popular
Someone is Spying on Researchers Behind VeraCrypt Security Audit

Someone is Spying on Researchers Behind VeraCrypt Security Audit

Aug 16, 2016
After TrueCrypt mysteriously discontinued itself, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, and privacy conscious people. Due to the huge popularity of VeraCrypt, security researchers from the OSTIF ( The Open Source Technology Improvement Fund ) announced at the beginning of this month that it had agreed to audit VeraCrypt independently. Using funds donated by DuckDuckGo and VikingVPN, the OSTIC hired vulnerability researchers from QuarksLab to lead the audit, which would look for zero-day vulnerabilities and other security holes in VeraCrypt's code. Now, the most troubling part comes here: The OSTIF announced Saturday that its confidential PGP-encrypted communications with QuarkLabs about the security audit of VeraCrypt were mysteriously intercepted. "We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders." the OSTIF said . "Not
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
TrueCrypt Encryption Software Has Two Critical Flaws: It's time to Move On

TrueCrypt Encryption Software Has Two Critical Flaws: It's time to Move On

Oct 01, 2015
If you are among thousands of privacy-conscious people who are still using ' no longer available ' TrueCrypt Encryption Software , then you need to pay attention. Two critical security vulnerabilities have been discovered in the most famous encryption tool, TrueCrypt, that could expose the user's data to hackers if exploited. TrueCrypt was audited earlier this by a team of Security researchers and found to be backdoor-free . James Forshaw , Security researcher with Google's Project Zero — which looks for zero-day exploits — has found a pair of privilege elevation flaws in TrueCrypt package. Last year, TrueCrypt project was dropped after its mysterious developers had claimed the Windows disk-encryption software had ' unfixed security issues '. TrueCrypt is a widely-used ' On-the-Fly ' Open source Hard disk encryption program. Reportedly, TrueCrypt vulnerabilities would not directly allow an attacker to decrypt drive data. Instead, successful exploitation
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Encryption Software VeraCrypt 1.12 Adds New PIM Feature To Boost Password Security

Encryption Software VeraCrypt 1.12 Adds New PIM Feature To Boost Password Security

Aug 11, 2015
Encrypting your sensitive data is important. As you may know, CIA... C onfidentiality I ntegrity A vailability ...are the essential elements of Information Security. There are a number of tools and methods available out there, but not all encryption tools are same. We are now living in an era where everyone is watching everyone else, and now you need to pay extra attention before choosing any tool. VeraCrypt , a TrueCrypt alternative, is an open source file encryption software designed to protect your online privacy. VeraCrypt enters the market within months after TrueCrypt died , almost similar to it, but with enhancements to further secure your data. A week ago, latest version VeraCrypt 1.12 released with a new feature called PIM, which stands for " Personal Iterations Multiplier ". PIM (Personal Iterations Multiplier) is a new parameter introduced in VeraCrypt 1.12 to secure your data. PIM is basically a secret numerical value that
Cybersecurity Resources