A group of international academic researchers has made a major advance in the efficiency of a known cryptographic attack on some kinds of crypto hardware, enabling them to extract sensitive keys from tokens such as RSA SecurID and Aladdin eToken devices within 20 minutes. However, experts say that the attack does not represent a catastrophic failure for the tokens.
By Wade WilliamsonFor years enterprises have been trying to control peer-to-peer (P2P) technologies inside their networks, and for good reason. The efficiency with which P2P technology move large files have made P2P networks key enablers of the Internet grey market by acting as the distribution mechanism of choice for pirated movies, music or applications. Aside from P2P being a source for pirated content, they are also a significant enabler of malware as both an infection vector and a command-and-control (C2) channel. These security risks have made controlling P2P traffic a priority for many security teams.
Users of the free, open source KeePass password manager got unwelcome news on Tuesday, after a private security researcher claimed to have discovered a remotely exploitable security hole that could give an attacker access to unencrypted user passwords. However, KeePass’s creator calls the hole minor, and unlikely to be used in an attack.
A two-year undercover operation today netted two dozen arrests in eight countries in what federal authorities say is the largest coordinated international takedown in history directed at those who traffic stolen financial data through online forums. The investigation uncovered 411,000 compromised credit and debit cards and saved an estimated $205 million in economic losses. Additionally, 47 companies, government entitites and educational institutions were notified their networks had been breached.
It’s become more important than ever to protect your privacy online. Dennis Fisher and his guest, Andrew Lewman, The Tor Project, Executive Director discuss what end-users need to know and do to keep online anonymity, reduce their risk factor and ultimately put the control back in the users hands.
A recent fraud ring through which attackers raided high-value bank accounts, nicknamed Operation High Roller (.PDF), employed attacks that were quick, required no human interaction and have already affected several tiers of credit unions, regional banks and large global banks, over the last several months.
UPDATE: The U.S. Federal Trade Commission has fined Wyndham Hotels for a string of data breaches that resulted in information on hundreds of thousands of customers being lost to cyber criminals.
Two members of the hacker group Lulz Security (LulzSec) pleaded guilty today to taking part in a cyber crime spree that launched attacks against Web sites belonging to law enforcement, corporations and media companies.
Ryan Cleary, 20, of Wickford, Essex and Jake Davis, 19, of Lerwick, Shetland admitted in a London courtroom to two counts of conspiracy to do an unauthorized act or acts with intent to impair, or with recklessness as to impairing, the operation of a computer or computers, according to numerous published reports.
The Government Accountability Office (GAO) is warning that the U.S. government hasn’t lived up to promises to protect the privacy of Medicare patients who use the federal government’s Prescription Drug Benefit and not following through on promises to audit organizations that store patient health information.
The U.S. Commodity Futures Trading Commission (CFTC), an independent federal agency that helps regulate futures and option markets, was hit with a data breach last month according to an e-mail statement from the Commission that circulated online late last week.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
