New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.” Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit keys are recommended, there are manyRead More »Improvements in Brute Force Attacks
Threat actors are abusing Microsoft 365 infrastructure in a BEC campaign, and target its users in two brand impersonation campaigns. The post Microsoft 365 Targeted in New Phishing, Account Takeover Attacks appeared first on SecurityWeek.
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise. The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek.
A case study discusses an intrusion into the United States electric grid associated with Volt Typhoon, a Chinese threat actor.
Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation AI services that are typically expensive. The post Nvidia Patches Vulnerabilities That Could Let Hackers Exploit AI Services appeared first on SecurityWeek.
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix,” the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealingRead More »ClickFix: How to Infect Your PC in Three Easy Steps
A bagpipe and drum band: SQUID transforms traditional Bagpipe and Drum Band entertainment into a multi-sensory rush of excitement, featuring high energy bagpipes, pop music influences and visually stunning percussion! As usual, you can also use this squid post to talk about the security stories in the news that IRead More »Friday Squid Blogging: SQUID Band
This is a current list of where and when I am scheduled to speak: I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. I’m speaking at the University of Toronto’s Rotman School of Management in Toronto, Ontario, Canada, on April 3, 2025. The list is maintainedRead More »Upcoming Speaking Engagements
CISA has announced five known exploited vulnerabilities now in its catalogue, three of which are Ivanti Endpoint Manager flaws.
Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware. The post In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker appeared first on SecurityWeek.
