-
YubiKey Side-Channel Attack
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment. Still, nice piece of security analysis. Read More
-
Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found Read More
-
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally Read More
-
PyPI Revival Hijack Puts Thousands of Applications at Risk
Revival Hijack Python Package Index supply chain attack threatens 22,000 packages through malicious downloads Read More
-
Security Budgets Come Under Pressure as “Hypergrowth” Ends
Despite rising threats researchers find a third of firms see flat or falling security budgets and hiring slows Read More
-
Cicada ransomware – what you need to know
Cicada (also known as Cicada3301) is a sophisticated ransomware, written in Rust, that has claimed more than 20 victims since its discovery in June 2024. Read more in my article on the Tripwire State of Security blog. Read More
-
UK Signs Council of Europe AI Convention
The first legally binding international treaty on AI was adopted by all 46 Council of Europe member states in May 2024 Read More
-
Cisco Warns of Critical Vulnerabilities in Smart Licensing Utility
Cisco has urged customers to apply software updates to fix the critical vulnerabilities, which could allow attackers to collect sensitive data or administer services Read More
-
Researcher Finds Unfixable Yet Tricky to Exploit Flaw in Yubikeys
A security flaw exploiting side channel attacks means some Yubikeys can be cloned Read More
-
Long Analysis of the M-209
Really interesting analysis of the American M-209 encryption device and its security. Read More