Cryptography Archives

OpenSSL patches High risk RSA private key operation vulnerability (CVE-2022-2274)

Cryptography, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 6, 2022 July 6, 2022 / CVE-2022-2274, Cybersecurity Threat Center, OpenSSL, RSA

OpenSSL has patched one High risk heap memory corruption with RSA private key operation (CVE-2022-2274) in certain OpenSSL versions.

Mozilla patches Critical memory corruption vulnerability in NSS

Cryptography, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / December 3, 2021 December 3, 2021 / CRL, Crypto, DER, DSA, Mozilla, NSS, OCSP, PKCS, RSA-PSS, TLS

The Mozilla Foundation has patched a memory corruption vulnerability CVE-2021-43527 in network security services (NSS) via DER-encoded DSA and RSA-PSS signatures.

NSA issues new guidance on encrypted DNS

Configuration Management, Cryptography, Cybersecurity Articles, Network Security / By Frank Crast / January 18, 2021 January 18, 2021 / DNS, DoH, NSA

The National Security Agency (NSA) has issued new guidance for adopting encrypted DNS over HTTPS dubbed “DoH.”

NSA: New guidance to eliminate obsolete TLS protocols

Authentication, Configuration Management, Cryptography, Cybersecurity Articles, Vulnerabilities & Exploits / By Frank Crast / January 9, 2021 January 11, 2021 / CNSA, DES, DHE, ECDH, ECDH/ECDHE, encryption, IDEA, NIST SP 800-52, NSA, NULL, RC2, RC4, SSL, TDES/3DES, TLS, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3

The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).

NIST SP 800-208: Recommendation for Stateful Hash-Based Signature Schemes

Cryptography, Standards & Guidelines / By Frank Crast / October 29, 2020 December 21, 2021 / NIST

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-208 Recommendation for Stateful Hash-Based Signature Schemes.

GnuTLS patches TLS vulnerability that could cause MITM attack

Cryptography / By Frank Crast / June 11, 2020 June 11, 2020 / CVE-2020-13777, Debian, DTLS, Fedora, Gentoo, GitLab, GnuTLS, OpenSUSE, SSL, TLS, TLS 1.3, Ubuntu

The GNU Transport Layer Security Library (GnuTLS) patched a vulnerability hidden in code for nearly two years. The issue applies to a flaw in how TLS 1.3 session resumption works without a master key. As a result, an attacker could exploit and launch man-in-the-middle (MITM) attacks.

Kr00k: Wi-Fi encryption vulnerability impacts billion+ devices

Cryptography, Network Security, Vulnerabilities & Exploits / By Frank Crast / February 27, 2020 February 28, 2020 / CVE-2019-15126, encryption, ESET, Kr00k, KRACK, KrØØk, RSA, WiFi, WPA2

Security researchers have discovered a new vulnerability dubbed Kr00k (or “KrØØk”) that impacts devices with Broadcom and Cypress Wi-Fi chips.

NIST SP 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

Authentication, Cryptography, Standards & Guidelines / By Frank Crast / August 29, 2019 September 18, 2021 / NIST

The National Institute of Standards and Technology (NIST) has released its Security Publication (SP) 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.

YubiKey FIPS devices recalled after security issue found

Cryptography, Identity & Access Management, Vulnerabilities & Exploits / By Frank Crast / June 17, 2019 June 18, 2019 / FIPS, Yubico, YubiKey

Yubico has issued a recall of certain models of its YubiKey FIPS series devices after the company discovered security issues.

WordPress 5.2 “Jaco” comes with new security features

Cryptography, Security Updates & Patches / By Frank Crast / May 10, 2019 June 2, 2019 / Cryptography, ED25519, encryption, Jaco, WordPress

WordPress version 5.2 dubbed “Jaco” is available for download and includes a number of new security features and improvements, such as digitally-signed updates, Site Health Check, and PHP error protection.