Security News
Using standard hardware, the researchers demonstrated that executing the Marvin Attack within just a couple of hours is possible, proving its practicality. The Marvin Attack does not have a corresponding CVE despite highlighting a fundamental flaw in RSA decryption, mainly how padding errors are managed, due to the variety and complexity of individual implementations.
In a paper titled, "Everlasting ROBOT: the Marvin Attack," Hubert Kario, senior quality engineer on the QE BaseOS Security team at Red Hat, shows that many software implementations of the PKCS#1 v1.5 padding scheme for RSA key exchange that were previously deemed immune to Daniel Bleichenbacher's widely known attack are vulnerable. "For TLS hosts that use forward secure ciphersuites, the attacker would have to perform a massively parallel attack to forge a server signature before a client would time out during the connection attempt. That makes the attack hard, but not impossible."
Content delivery network and cloud services provider Akamai, which recently acquired API security firm Neosec in a deal expected to close in the next two weeks, is joining the API security ecosystem. Akamai noted companies use an average of 1,061 apps and, to give a sense of the scope of attacks, noted that there were 161 million API attacks on Oct. 8, 2022 and peaked on Oct. 9.
Overcoming industry obstacles for decentralized digital identitiesIn this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliatesClop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers.
RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news.
RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news.
RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news.
RSA Conference 2023 is taking place in San Francisco this week, and this video provides a closer look at this year’s event. The post RSA Conference 2023 video walkthrough appeared first on Help...
Find out why extended detection and response was at the center of Cisco's launch activities at RSA, including the company's announcement about its cloud-based XDR service. XDR is not SIEM. Gillis explained that XDR serves a different purpose than traditional security information and event management.
Github has updated its SSH keys after accidentally publishing the private part to the world. A post on Github's security blog reveals that the company has changed its RSA SSH host keys.