Security News

It's said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software. On Wednesday, Reuters reporter Joseph Menn published an account of US Senator Ron Wyden's efforts to determine whether the NSA is still in the business of placing backdoors in US technology products.

The team behind Lightning Network has released extensive details on the vulnerabilities that were discovered in the cryptocurrency protocol and its software implementations. Attackers could have exploited these vulnerabilities to cause DoS and to disrupt crypto transactions by intercepting "Smart contracts" made between two parties.

News of the trial comes after April 2020 awkwardness that followed the revelation that Zoom was fibbing about its service using end-to-end encryption. "When we use the phrase 'End-to-end' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point," the company said.

Previously I have written about the Swedish-owned Swiss-based cryptographic hardware company: Crypto AG. It was a CIA-owned Cold War operation for decades. Today it is called Crypto International, still based in Switzerland but owned by a Swedish company.

The Huawei Cyber Security Evaluation Centre - mostly run by GCHQ offshoot the National Cyber Security Centre, though it is also staffed by some Huawei personnel - sighed that the Chinese company has made "Limited" progress on last year's recommendations to toughen up its act. Code reviewers found "Evidence that Huawei continues to fail to follow its own internal secure coding guidelines. This is despite some minor improvements over previous years." In addition, "The Cell" said it had found more vulnerabilities during 2019 than it had in previous years - though Huawei was keen to paint this finding as "Proof the review system is working", something NCSC guardedly agreed with.

Singapore-based cryptocurrency exchange KuCoin over the weekend announced that hackers managed to steal large amounts of cryptocurrencies from multiple hot wallets. On Saturday, the exchange announced that it identified a number of large withdrawals in Bitcoin, ERC-20 and other tokens from its hot wallets, and that it launched an investigation into the matter, while suspending the deposit and withdrawal service.

"My warning to the public is that digital currency exchanges are not like banks. The security of digital currency exchanges is only as good as your own vigilance. While law enforcement will do everything within our power to protect you, you must also protect yourself." How could the North Korean Lazarus Group become any more of a threat to the rest of the internet? We're glad you asked.

Slovakian cryptocurrency exchange Eterbase this week announced that hackers breached its systems and stole roughly $5.4 million. Launched in 2019 and based in Bratislava, Slovakia, Eterbase is a centralized exchange that focuses on crypto to SEPA integration.

Seny Kamara gave an excellent keynote talk this year at the (online) CRYPTO Conference. He talked about solving real-world crypto problems for marginalized communities around the world, instead of...

Cado Security has identified a crypto-mining worm that attempts to steal Amazon Web Services credentials belonging to the organizations whose systems it has infected. The TeamTNT worm can also scan for open Docker APIs, execute Docker images and install itself.