#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security Posture Management

cryptographic hash | Breaking Cybersecurity News | The Hacker News

Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm

Goodbye SHA-1: NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm
Dec 16, 2022 Encryption / Data Security
The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce,  announced  Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1 , short for Secure Hash Algorithm 1, is a 27-year-old  hash function  used in cryptography and has since been  deemed   broken  owing to the risk of  collision attacks . While hashes are designed to be irreversible – meaning it should be impossible to reconstruct the original message from the fixed-length enciphered text – the lack of collision resistance in SHA-1 made it possible to generate the same hash value for two different inputs. In February 2017, a group of researchers from CWI Amsterdam and Google  disclosed  the first practical technique for producing collisions on SHA-1, effectively undermining the security of the algorithm. "For example, by crafting the two colliding PDF files as two rental agreements with different rent, it is possible to trick someone to create

Google Achieves First-Ever Successful SHA-1 Collision Attack

Google Achieves First-Ever Successful SHA-1 Collision Attack
Feb 23, 2017
SHA-1, Secure Hash Algorithm 1, a very popular cryptographic hashing function designed in 1995 by the NSA, is officially dead after a team of researchers from Google and the CWI Institute in Amsterdam announced today submitted the first ever successful SHA-1 collision attack. SHA-1 was designed in 1995 by the National Security Agency (NSA) as a part of the Digital Signature Algorithm. Like other hashes, SHA-1 also converts any input message to a long string of numbers and letters that serve as a cryptographic fingerprint for that particular message. Collision attacks appear when the same hash value (fingerprint) is produced for two different messages, which then can be exploited to forge digital signatures, allowing attackers to break communications encoded with SHA-1. The explanation is technologically tricky, but you can think of it as attackers who surgically alters their fingerprints in order to match yours, and then uses that to unlock your smartphone. The researchers h

Cracking the Code to Vulnerability Management

SaaS
websitewiz.ioVulnerability Management / Cloud Security
Vulnerability management in the cloud is no longer just about patches and fixes. In this latest report, the Wiz Security Research team put vulnerability management theory into practice using recently identified vulnerabilities as examples. Get the FREE report.

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk

Make a Fresh Start for 2024: Clean Out Your User Inventory to Reduce SaaS Risk
Dec 04, 2023SaaS Security / Data Security
As work ebbs with the typical end-of-year slowdown, now is a good time to review user roles and privileges and remove anyone who shouldn't have access as well as trim unnecessary permissions. In addition to saving some unnecessary license fees, a clean user inventory significantly enhances the security of your SaaS applications. From reducing risk to protecting against data leakage, here is how you can start the new year with a clean user list.  How Offboarded Users  Still  Have Access to Your Apps When employees leave a company, they trigger a series of changes to backend systems in their wake. First, they are removed from the company's identity provider (IdP), which kicks off an automated workflow that deactivates their email and removes access to all internal systems. When enterprises use an SSO (single sign-on), these former employees lose access to any online properties – including SaaS applications – that require SSO for login.  However, that doesn't mean that former employee

Global Internet Authority ICANN Has Been Hacked

Global Internet Authority ICANN Has Been Hacked
Dec 18, 2014
The Internet Corporation for Assigned Names and Numbers (ICANN) has been hacked by unknown attackers that allowed them to gain administrative access to some of the organization's systems, the organization confirmed. The attackers used " spear phishing " campaign to target sensitive systems operated by ICANN and sent spoofed emails disguised as internal ICANN communications to its staff members. The link in the emails took the staff to bogus login page, where they provided their usernames and passwords with the keys to their work email accounts. The data breach began in late November 2014 and was discovered a week later, ICANN, which oversees the Internet's address system, said in a release published Tuesday. ICANN is the organization that manages the global top-level domain system. " We believe a 'spear phishing' attack was initiated in late November 2014 ," Tuesday's press release stated. " It involved email messages that we
Cybersecurity Resources