Experts Say Attack on Crypto Tokens is Serious, But Not Catastrophic

A group of international academic researchers has made a major advance in the efficiency of a known cryptographic attack on some kinds of crypto hardware, enabling them to extract sensitive keys from tokens such as RSA SecurID and Aladdin eToken devices within 20 minutes. However, experts say that the attack does not represent a catastrophic failure for the tokens.

The Hidden Security Risks of P2P Traffic

By Wade WilliamsonFor years enterprises have been trying to control peer-to-peer (P2P) technologies inside their networks, and for good reason. The efficiency with which P2P technology move large files have made P2P networks key enablers of the Internet grey market by acting as the distribution mechanism of choice for pirated movies, music or applications. Aside from P2P being a source for pirated content, they are also a significant enabler of malware as both an infection vector and a command-and-control (C2) channel. These security risks have made controlling P2P traffic a priority for many security teams.

Researcher Warns Of Security Hole In KeePass Password Manager

Users of the free, open source KeePass password manager got unwelcome news on Tuesday, after a private security researcher claimed to have discovered a remotely exploitable security hole that could give an attacker access to unencrypted user passwords. However, KeePass’s creator calls the hole minor, and unlikely to be used in an attack.

A two-year undercover operation today netted two dozen arrests in eight countries in what federal authorities say is the largest coordinated international takedown  in history directed at those who traffic stolen financial data through online forums. The investigation uncovered 411,000 compromised credit and debit cards and saved an estimated $205 million in economic losses. Additionally, 47 companies, government entitites and educational institutions were notified their networks had been breached.

It’s become more important than ever to protect your privacy online. Dennis Fisher and his guest, Andrew Lewman, The Tor Project, Executive Director discuss what end-users need to know and do to keep online anonymity, reduce their risk factor and ultimately put the control back in the users hands.  

A recent fraud ring through which attackers raided high-value bank accounts, nicknamed Operation High Roller (.PDF), employed attacks that were quick, required no human interaction and have already affected several tiers of credit unions, regional banks and large global banks, over the last several months.

Two members of the hacker group Lulz Security (LulzSec) pleaded guilty today to taking part in a cyber crime spree that launched attacks against Web sites belonging to law enforcement, corporations and media companies.

Ryan Cleary, 20, of Wickford, Essex and Jake Davis, 19, of Lerwick, Shetland admitted in a London courtroom to two counts of conspiracy to do an unauthorized act or acts with intent to impair, or with recklessness as to impairing, the operation of a computer or computers, according to numerous published reports.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.