Security News > 2017 > October > DUHK Attack Lets Hackers Recover Encryption Key Used in VPNs & Web Sessions
2017-10-24 11:08
DUHK — Don't Use Hard-coded Keys — is a new 'non-trivial' cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions. DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack. The vulnerability affects products from dozens of vendors,
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/g3gfn3M8wQI/crack-prng-encryption-keys.html
Related news
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers leak configs and VPN credentials for 15,000 FortiGate devices (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- How hackers target your Active Directory with breached VPN passwords (source)
- Massive brute force attack uses 2.8 million IPs to target VPN devices (source)