Security News

The time has come for me to find a new home for my cryptography library. It's about 150 linear feet of books, conference proceedings, journals, and monographs - mostly from the 1980s, 1990s, and 2000s.

Cisco Talos researchers note in a new analysis that "Unauthorized software on end systems is never a good sign. Today it's a crypto miner, tomorrow it could be the initial payload in an eventual ransomware attack." Crypto mining has increased from 3% of all mining alerts in January 2020 to 6% in March 2021, according to analysis from Talos.

Researchers at mobile security firm Lookout have identified more than 170 Android apps that target and scam users interested in cryptocurrencies. These apps cannot even be classified as 'malware' since they do nothing typified as malicious and don't contain a payload. This is the height of their sophistication.

ISARA launched ISARA Advance Crypto Agility Suite, an enterprise solution that allows organizations to discover their cryptographic blind spots and equip them to take action against the looming threat of encryption-breaking quantum computers. Revealing what lurks within organizations' information security infrastructures forms the foundation of cryptographic agility and risk management.

The UK's financial watchdog has fired a warning shot across the bow of Binance, and ordered it to place a notice on binance.com scaring off Brit crypto fans. This seems to have come about because Binance, which is ultimately based in the Cayman Islands, wanted to launch an exchange in the UK using its London-based affiliate Binance Markets Ltd. Since the start of the year, cryptocurrency firms in Britain have had to register with the nation's Financial Conduct Authority and meet its anti-money-laundering and anti-terrorism-funding requirements.

Up to $3.6bn in Bitcoin has disappeared from a South African cryptocurrency investment outfit as well as the two brothers who ran it. Africrypt, led by founder and CEO Raees Cajee and his sibling and COO Ameer, claimed two months ago it had been hacked and had to halt its operations.

Preparing for post-quantum cryptography is a paradox: on the one hand, we don't know for sure when, or perhaps even if, a large quantum computer will become available that can break all current public-key cryptography. The NIST report, Getting Ready For Post Quantum Cryptography, covers the development of an inventory and a migration playbook.

Will quantum cryptography mean the end of encryption? How was the FBI able to get bitcoins back in the Colonial Pipeline ransomware case? What is the ALPACA attack, and does it make your browsing less secure? Oh! No! of the week. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

While the first quantum revolution used principles of quantum mechanics to develop new applications, the second revolution will enable engineers to manage the quantum mechanics themselves, controlling quantum systems at an individual level. The anticipated breakthroughs in quantum computing could define the next hundred years in the same way that the first quantum revolution shaped the 20th century.

A newly observed malicious campaign is targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for crypto-currency, according to a warning from security researchers at Microsoft. According to Microsoft, the recent campaign popped up on their radar at the end of May, when TensorFlow pods started being deployed at scale on multiple Kubernetes clusters.