#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

encryption | Breaking Cybersecurity News | The Hacker News

Google Introduces First Quantum Resilient FIDO2 Security Key Implementation

Google Introduces First Quantum Resilient FIDO2 Security Key Implementation

Aug 16, 2023 Password Security / Encryption
Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative. "This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium's resilience against quantum attacks," Elie Bursztein and Fabian Kaczmarczyck  said . OpenSK  is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards. The development comes less than a week after the tech giant  said  it plans to add support for quantum-resistant encryption algorithms in Chrome 116 to set up symmetric keys in TLS connections. It's also part of broader efforts to switch to cryptographic algorithms that can withstand quantum attacks in the future, necessitating the need to incorporate such technologies early on to facilitate a gradual rollout. "Fortunately, with the rece
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Aug 11, 2023 Encryption / Browser Security
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting  X25519Kyber768  for establishing symmetric secrets in  TLS , starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien  said  in a post published Thursday. Kyber was  chosen  by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) as the candidate for general encryption in a bid to tackle future cyber attacks posed by the advent of quantum computing.  Kyber-768  is roughly the security equivalent of  AES-192 . The encryption algorithm has already been adopted by  Cloudflare ,  Amazon Web Services , and IBM. X25519Kyber768 is a hybrid algorithm that combines the output of  X25519 , an elliptic curve algorithm widely used for key agreement in TLS, and Kyber-768 to create a strong session key to encrypt TLS connections. "Hybrid mechanism
Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk

Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk

Aug 10, 2023 Privacy / Encryption
A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input Method , an app that has over 455 million monthly active users across Windows, Android, and iOS. The vulnerabilities are rooted in EncryptWall, the service's custom encryption system, allowing network eavesdroppers to extract the textual content and access sensitive data. "The Windows and Android versions of Sogou Input Method contain vulnerabilities in this encryption system, including a vulnerability to a CBC  padding oracle attack , which allow network eavesdroppers to recover the plaintext of encrypted network transmissions, revealing sensitive information including what users have typed," the researchers  said . CBC, s
cyber security

Webinar: How to streamline security reviews with Trust Center

websiteVantaCompliance / Security Audit
Learn how Vanta Trust Center can help provide real-time evidence for passing controls and automate responses to security questionnaires.
Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks

May 20, 2024Software Security / Vulnerability
All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make up between  70% and 90% of any given piece of modern software . Unfortunately for our security-minded developers, most modern vulnerabilities come from those software components.  As new vulnerabilities emerge and are publicly reported as  Common Vulnerabilities and Exposures  (CVEs), security teams have little choice but to ask the developer to refactor the code to include different versions of the dependencies. Nobody is happy in this situation, as it blocks new features and can be maddening to roll back component versions and hope that nothing breaks. Developers need a way to  quickly  determine if
Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk

Jul 25, 2023 Hardware Security / Encryption
A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed  Zenbleed  and tracked as  CVE-2023-20593  (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second. The issue is part of a broader category of weaknesses called  speculative execution attacks , in which the optimization technique widely used in modern CPUs is abused to access cryptographic keys from CPU registers. "Under specific microarchitectural circumstances, a register in 'Zen 2' CPUs may not be written to 0 correctly," AMD  explained  in an advisory. "This may cause data from another process and/or thread to be stored in the YMM register , which may allow an attacker to potentially access sensitive information." Web infrastructure company Cloudflare note
Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

Jul 24, 2023 Mobile Security / Privacy
Google has announced that it intends to add support for Message Layer Security ( MLS ) to its Messages service for Android and open source an implementation of the specification. "Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform," Giles Hogben, privacy engineering director at Google,  said . "This is why Google is strongly supportive of regulatory efforts that require interoperability for large end-to-end messaging platforms." The development comes as the Internet Engineering Task Force (IETF)  released  the core specification of the Messaging Layer Security (MLS) protocol as a Request for Comments ( RFC 9420 ). Some of the other major companies that have thrown their weight behind the protocol are Amazon Web Services (AWS) Wickr, Cisco, Cloudflare, The Matrix.org Foundation, Mozilla, Phoenix R&D, and Wire. Notably missing f
Cybersecurity
Expert Insights
Cybersecurity Resources