Security
Headlines
HeadlinesLatestCVEs

Tag

#dell

Senators Warn the Pentagon: Get a Handle on China’s Telecom Hacking

In a letter to the Department of Defense, senators Ron Wyden and Eric Schmitt are calling for an investigation into fallout from the Salt Typhoon espionage campaign.

Wired
#vulnerability#auth#dell
GHSA-7f6p-phw2-8253: Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

Coinbase researchers reported 2 security issues in our implementation of the oblivious transfer (OT) based protocol [DKLS](https://eprint.iacr.org/2018/499.pdf): ### 1. Secret share recovery attack If the base OT setup of the protocol is reused for another execution of the OT extension, then a malicious participant can extract a bit of the secret of another participant. By repeating the execution they can eventually recover the whole secret. Therefore, unlike our comments suggested, you **must not reuse an OT setup** for multiple protocol executions. We're adding a warning in the code: https://github.com/taurushq-io/multi-party-sig/blob/9e4400fccee89be6195d0a12dd0ed052288d5040/internal/ot/extended.go#L114 ### 2. Invalid security proof due to incorrect operator The original 2018 version of the DKLS had a typo in the OT extension protocol when computing the check value in the OT extension: the paper noted a XOR whereas it should be a field multiplication. This erroneous behavior ...

Linux Variant of Helldown Ransomware Targets VMware ESX Servers

Cybersecurity firm Sekoia has discovered a new variant of Helldown ransomware. The article details their tactics and how…

New Essay Competition Explores AI's Role in Cybersecurity

The essays are to focus on the impact that artificial intelligence will have on European policy.

Sophos-SecureWorks Deal Focuses on Building Advanced MDR, XDR Platform

Sophos CEO Joe Levy says the $859 million deal to acquire SecureWorks from majority owner Dell Technologies will put the Taegis platform — with network detection and response, vulnerability detection and response, and identity threat detection and response capabilities — at the core.

Mozilla: ChatGPT Can Be Manipulated Using Hex Code

LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.

Casio Hit by Major Cyberattack AGAIN

Casio experienced a major cyberattack on October 5, 2024, causing system disruptions and raising concerns about a potential…

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

Dell Hit by Third Data Leak in a Week Amid “grep” Cyberattacks

Dell faces its third data leak in a week as hacker “grep” continues targeting the tech giant. Sensitive…