Security News > 2017 > October > DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions
2017-10-24 11:08
DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack. The vulnerability affects products from dozens of vendors,
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/g3gfn3M8wQI/crack-prng-encryption-keys.html
Related news
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Fortinet VPN design flaw hides successful brute-force attacks (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)