Experts Play Down Significance of Chinese Quantum “Hack” Security experts have urged caution after a stream of doom-laden reports in recent days claimed Chinese researchers have cracked military-grade encryption using quantum computing technology. “While the research shows quantum computing's potential threat to classical encryption, the attack was executed on a 22-bit key – far shorter than the 2048 or 4096-bit keys commonly used in practice today. The suggestion that this poses an imminent risk to widely used encryption standards is misleading,” DigiCert head of R&D Avesta Hojjati argued. “This research, while intriguing, does not equate to an immediate quantum apocalypse.” See more:
Infosecurity Magazine
Experts Play Down Significance of Chinese Quantum “Hack”
DigiCert says imminent crypto threat from quantum computing has been over-hyped
 #cybersecurity #security
How does #zcash work? Understanding zerocash and zcash from Zellic. See more:
How Does Zcash Work? | Zellic — Research
How does Zcash work? Understanding Zerocash and Zcash
LunarDao - DarkFiSquad is rising funds to support anon developers who research & build anonymity tech. See more:
LunarDAO
LunarDAO
 Twitter post:
X (formerly Twitter)
LunarDAO (@lunarpunksquad) on X
4 days left Join the @darkfisquad raise, fund R&D research, get proportional ownership of an NFT designed by @zkArmor Elliptic curves birthi...
 #privacy
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. Some of the new variants of the malware have also been equipped to harvest the device's unlock pattern or PIN by presenting to the victim a deceptive User Interface (UI) - a full screenn HTML page, that mimics the device's actual unlock screen. It collects and sends users unlock pattern/PIN, alongside a unique device identifier to an attacker-controlled server. See more:
The Hacker News
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns
TrickMo Android malware now steals unlock patterns, PINs, and more, posing a severe threat to mobile banking.
 #cybersecurity #security
GitHub Patches Critical Vulnerability in Enterprise Server Code hosting platform GitHub has released patches for a critical-severity vulnerability in GitHub Enterprise Server that could lead to unauthorized access to affected instances. Tracked as CVE-2024-9487 (CVSS score of 9.5), the bug was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server. The vulnerability was resolved in GitHub Enterprise Server versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2, which also address a medium-severity information disclosure bug that could be exploited through malicious SVG files. See more:
SecurityWeek
GitHub Patches Critical Vulnerability in Enterprise Server
A critical-severity flaw in GitHub Enterprise Server could lead to unauthorized access to the vulnerable instances.
 #cybersecurity #security
New FIDO proposal lets you securely move passkeys across platforms The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers. Passkeys are a method of authentication without a password that leverages public-key cryptography to authenticate users without requiring them to remember or manage long strings of characters. The new specification that FIDO proposes essentially addresses the lack of widely accepted secure standards for credential transfer, eliminating the complications or practical limitations when switching between providers. The drafts were developed with the contribution of specialists from FIDO associate members and stakeholders like Dashlane, Bitwarden, 1Password, NordPass, and Google. See more:
BleepingComputer
New FIDO proposal lets you securely move passkeys across platforms
The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys b...
 #cybersecurity #security
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. PPTP is vulnerable to offline brute force attacks of captured authentication hashes, and L2TP provides no encryption unless coupled with another protocol, like IPsec. However, if L2TP/IPsec is not configured correctly, it can introduce weaknesses that make it susceptible to attacks. "The move is part of Microsoft's strategy to enhance security and performance by transitioning users to more robust protocols like Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2)," Microsoft announced in a post this week. See more:
BleepingComputer
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Window...
 #cybersecurity #privacy #security
Pokémon Developer Game Freak Suffers Data Breach Game Freak, the company behind the Pokémon franchise, is dealing with a security breach that has compromised the data of more than 2,600 employees and partners. The data leak first came to light on a forum known as 4chan earlier this month before it began circulating on social media and other online forums. The data allegedly includes inside information of video games, source code for existing frames, and data on unreleased Pokémon games. See more:
Infosecurity Magazine
Pokémon Developer Game Freak Suffers Data Breach
Personal data of over 2600 employees has been exposed and insider information about the Switch 2 and future Pokémon games leaked
Dark Reading
Employee Info Leaked in Pokémon Gaming Company Hack
The gaming company reports that the server has been rebuilt after the leak, but has not confirmed if its insider video game data was leaked.
 #security #cybersecurity #privacy
Google warns uBlock Origin and other extensions may be disabled soon The warning includes a link to a Google support bulletin that states the browser extension may be disabled to protect users' privacy and security. "To better protect your privacy and security, Chrome and the Chrome Web Store require extensions to be up-to-date with new requirements," reads Google's support bulletin. "uBO is a Manifest v2 extension, hence the warning in your Google Chrome browser. There is no Manifest v3 version of uBO, hence the browser will suggest alternative extensions as a replacement for uBO," See more:
BleepingComputer
Google warns uBlock Origin and other extensions may be disabled soon
Google's Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the company&#03...
 #security #cybersecurity #privacy
Cisco investigates breach after stolen data for sale on hacking forum "Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!," reads the post to a hacking forum. IntelBroker also shared samples of the alleged stolen data, including a database, customer information, various customer documentation, and screenshots of customer management portals. However, the threat actor did not provide further details about how the data was obtained. See more:
BleepingComputer
Cisco investigates breach after stolen data for sale on hacking forum
Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling alleged...
 #security #cybersecurity #privacy