The EMERALDWHALE breach exposed more than 15,000 credentials and cloned 10,000 private repositories by exploiting exposed Git configuration files, allowing attackers to siphon away sensitive information, including cloud and email credentials. Researchers have now found that the attackers made use of private tools to locate vulnerable hosts within broad IP ranges using search engines and scanners to identify targets. The pilfered data, originally in an Amazon S3 bucket with a previous victim, has been taken down but points to an underground market where Git config files and credentials are sold—mostly of cloud services. This breach is most interesting since it reveals a thriving black market for misconfigured repositories and points out the critical need for strong secret management practices to secure environments from such far-reaching credential theft.
WISeKey PKI and SEALSQ Post-Quantum Technologies Enhance E-Voting Security through Advanced Cybersecurity and AI Integration | Markets Insider | November 1, 2024
WiSeKey unveiled a new phase in e-voting technology, which integrates post-quantum cryptography and artificial intelligence (AI) to address the increasing complexity of cybersecurity threats in digital voting. This advancement positions WISeKey and its subsidiary, SEALSQ Corp (Nasdaq: LAES), as pioneers in secure e-voting, providing a robust solution for governments and institutions committed to a secure, transparent, and efficient electoral process.
WISeKey first entered the e-voting space with a proof of concept in the early 2000s, collaborating with local authorities in Geneva to design an e-voting system that maintained the security, integrity, and accessibility of traditional voting methods while leveraging digital innovation. Since then, WISeKey has continuously evolved its e-voting platform, incorporating blockchain, Web 3.0, post-quantum technologies, and now AI.
Key technologies in this enhanced e-voting system include:
1. Post-Quantum Cryptography for Long-Term Security
2. Blockchain-Enabled Transparency and Decentralized Verification
3. Artificial Intelligence for Real-Time Threat Detection and Anomaly Response
4. Advanced Biometric Voter Authentication
5. Adaptive Encryption for Data Privacy and Access Control
6. Predictive Analytics for Anticipating Cybersecurity Threats
7. Automated Vote Integrity Verification with AI Algorithms
8. Social Engineering Threat Detection Using Natural Language Processing (NLP)
9. Continuous Security Enhancement through Machine Learning
10. Transparent AI for Accountability and Public Trust
11. Advancing Democracy with Technology
LottieFiles hacked in supply chain attack to steal users’ crypto
A supply chain attack targeted the LottieFiles “lottie-player” JavaScript library, injecting a crypto wallet drainer into versions 2.0.5 to 2.0.7. When users connected their crypto wallets on websites using the compromised code, the malicious script stole funds, reportedly leading to a significant loss for one user. LottieFiles quickly issued a safe version (2.0.8) and advised immediate updates. This attack highlights the risks in third-party dependencies, as affected websites were served the compromised code directly from content delivery networks.
A former Walt Disney World employee, recently dismissed, is accused of hacking the company’s systems to modify menu pricing, add profanities, and fraudulently identify goods as allergy-safe—posing a danger to tourists. The FBI detained him when Disney recognized these unlawful alterations and blocked their dissemination. The ex-employee, who denies involvement, awaits a bail hearing and wants to plead not guilty. His counsel indicated he suffers from long-standing mental health difficulties and is not getting therapy in prison. Disney’s internal investigation identified him as a suspect, given his past employment as a menu production manager, with the requisite access and expertise to conduct such assaults. The firm spent over $150,000 in fees and had their menu program down for more than a week owing to the hack.
Russian state-sponsored hacking group Cozy Bear (APT29) is targeting over 100 organizations in sectors like government, defense, and academia with a new phishing campaign. Using emails disguised as legitimate communications from Microsoft and AWS, the attackers send signed RDP configuration files that grant remote access to victims’ systems upon opening. This allows Cozy Bear to steal sensitive data and maintain persistent access. Cybersecurity experts recommend using AI-based phishing detection, multi-factor authentication, and continuous user education to protect against this sophisticated threat.
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging.
The GSM Association (GSMA) is working on implementing end-to-end encryption (E2EE) to secure messages sent between Android and iOS ecosystems. The RCS Universal Profile will add user protections such as interoperable end-to-end encryption, addressing technical challenges such as key federation and cryptographically enforced group membership. This development comes after Apple officially rolled out iOS 18 with support for RCS in its Messages app. Google is implementing the Signal protocol to secure RCS conversations on Android, while Apple plans to work with GSMA members to integrate encryption. Google also plans to develop the Message Layer Security (MLS) protocol for its Messages app for Android to facilitate interoperability across messaging services and platforms. Meta aims to enable interoperability with third-party messaging services in WhatsApp and Facebook Messenger as part of its efforts to comply with the E.U. Digital Markets Act while maintaining E2EE guarantees.
In the News – Chinese scientists claim they broke RSA encryption with a quantum computer — but there’s a catch.
Brief Summary: RSA, named after its three inventors, is a method of asymmetric encryption that employs two distinct yet interrelated keys to address a complex mathematical challenge. The mathematical operations involved are so intricate that they cannot be solved by even the most advanced supercomputers currently available unless the corresponding cryptographic key is known.
Recent claims by researchers in China indicate that they have successfully utilized a quantum computer to decrypt RSA encryption. This finding suggests that quantum computers possess the potential to process the substantial amounts of information required to undermine RSA encryption.
In May 2024, a study published in the Chinese Journal of Computers revealed that a quantum computer known as the D-Wave Advantage, developed by the California-based D-Wave Quantum Systems, was able to successfully decrypt RSA encryption presented to it. However, it is noteworthy that the encryption involved only a 50-bit integer, whereas contemporary systems typically employ 1024-2048-bit integers.
Key considerations include the fact that quantum computers function in accordance with the principles of quantum mechanics. They utilize qubits, which enable parallel processing of calculations, contrasting with conventional computers that perform calculations sequentially. This results in quantum computers being able to solve problems in seconds that would require conventional computers for millions of years.
The D-Wave Advantage machine executed a process known as quantum annealing. Quantum annealing leverages quantum fluctuations—random changes in energy levels within quantum systems—to optimize a problem, allowing it to be resolved in the most efficient manner. This can be compared to the approach used by engineers who heat metal to reshape it, subsequently cooling, reheating, and reshaping it until the desired form is achieved.
This research implies that modern encryption technologies may eventually be unable to withstand the decryption capabilities of quantum computers. Researchers are currently exploring encryption models that utilize larger integers, such as 128 or 256 bits. Should 128 and 256-bit keys become susceptible to decryption, it is likely that attention will turn to investigating larger-bit keys.
Chinese hackers collected audio from unnamed Trump campaign adviser, Washington Post reports.
The FBI was investigating unauthorized access of telecomms. That is when they found that chinese affiliate hackers. The hackers were also able to gain access to text messages of the individual. The hackers were able to infiltrate verizon phone systems. The attempts were on both political parties and their teams.
Saint Xavier University experienced a data breach in July 2023 that impacted over 210,000 individuals.
The breach occurred between June 29 and July 18, 2023, and involved the unauthorized download of files containing personal information. The affected information varied by individual but may have included names, financial details, and Social Security numbers. The university confirmed that an unauthorized party accessed portions of its IT network during this time. The Alphv/BlackCat ransomware group claimed responsibility for the incident.
US DoD Tightens Cybersecurity Standards for Defense Contractors
The Cybersecurity Maturity Model Certification (CMMC) program allows the US Department of Defense to better assess defense contractors’ cybersecurity protections. The CMMC will verify that contractors used by the Department are compliant. If it is found that these individuals are not compliant then CMMC provides tools to hold entities or individuals accountable for putting US information or systems at risk by knowingly misrepresenting their cybersecurity practices or protocols. The first version of the CMMC was released in January 2020, shortly after the SolarWinds supply chain attack which impacted almost 40 federal defense contractors. The CMMC underwent many revisions. One of the revisions that was introduced to the CMMC program was a Plans of Action and Milestones(POA&Ms). The POA&Ms will be granted for specific requirements and it allows organizations to obtain conditional certification for 180 days while working to meet the NIST standards. The CMMC provides increased assurance to the Department that defense contractors can protect FCI and CUI at a level that matches the level of risk involved.
Google on Monday announced patches for more than 40 vulnerabilities as part of Android’s November 2024 set of security updates, including two flaws that have been exploited in attacks.
Qualcomm released patches for the issue last month, warning that it affects dozens of chipsets and describing it as a high-severity use-after-free bug in the Digital Signal Processor (DSP) service.
Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm said last month.
CVE-2024-43047 (relating to memory corruption while maintain memory maps) was addressed with the first part of Android’s November 2024 security updates, which arrive on devices as a 2024-11-01 security patch level, addressing a total of 17 high-severity vulnerabilities in the Framework and System components.
The second part of the update, which arrives on devices as the 2024-11-05 security patch level, contains fixes for 23 vulnerabilities, including CVE-2024-43093. It also includes updated kernel versions.
Google also announced that the November 2024 security update for Wear OS contains patches for two bugs in addition to fixes for the flaws described in Android’s November 2024 bulletin.
Google Cloud to make MFA mandatory by the end of 2025
Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security. The mandatory MFA rollout will affect both admins and any users with access to Google Cloud services but not general consumer Google accounts.
Google says the mandatory MFA requirement for Google Cloud users is being done for increased security, seeing this as a critical step for safeguarding accounts from increasingly sophisticated threats that can compromise sensitive data and cause significant damage.
Booking.com Phishers May Leave You With Reservations
Scammers stole a Californian hotel’s Booking.com credentials and sent targeted phishing messages to customers via the mobile app requesting additional information while citing reservation details. Booking.com confirmed a security breach with a partner but states its internal systems remain secure. In an email to KrebsOnSecurity, booking.com confirmed one of its partners had suffered a security incident that allowed unauthorized access to customer booking information.
“Our security teams are currently investigating the incident you mentioned and can confirm that it was indeed a phishing attack targeting one of our accommodation partners, which unfortunately is not a new situation and quite common across industries,” booking.com replied. “Importantly, we want to clarify that there has been no compromise of Booking.com’s internal systems.”
Cybercriminals are increasingly impersonating law enforcement officials, such as FBI agents, to deceive individuals into providing sensitive information or making payments. These scammers often use aggressive tactics, claiming the victim’s identity has been linked to criminal activities like money laundering or drug trafficking. They then demand personal details, including Social Security numbers and dates of birth, under the threat of arrest. In some cases, victims are instructed to make payments via prepaid cards, wire transfers, or cryptocurrency ATMs. To avoid detection, the fraudsters insist that victims do not contact anyone else about the issue. The FBI advises the public to be cautious of unsolicited communications from individuals claiming to be government officials and to verify such claims through official channels https://cybernews.com/security/cybercriminals-requesting-sensitive-data-as-officials-fbi/
A team led by Emmanuel Thomé at the National Institute for Research in Computer Science in France has broken the record for factoring the largest RSA encryption key, RSA-240, which is 795 bits (240 decimal digits). The previous record was set in 2010 with a 768-bit key. The team completed the task faster than expected, using computer clusters across France, Germany, and the US, requiring the equivalent of nearly 4000 years of a single computer’s work.
However, RSA keys used for everyday online security, like those in HTTPS connections, are much larger (2048 bits), so this achievement doesn’t threaten current encryption. The record helps predict how key sizes might need to grow as computing power increases in the future.
“Patch now! New Chrome update for two critical vulnerabilities”
Google has released an update for its Chrome Browser for two newly discovered vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. One of the vulnerabilities was reported by Apple in late October. Apple reported the discovered vulnerability could allow attackers to write data beyond the allocated memory, potentially leading to code execution or system crashes. The other vulnerability was reported by researcher Cassidy Kim. The vulnerability could lead to the execution of arbitrary code or cause a crash, this could be used for potential data theft or system crashes. You can manually install the update by going into the settings in Chrome, users should install the update as soon as possible. https://www.malwarebytes.com/blog/news/2024/10/patch-now-new-chrome-update-for-two-critical-vulnerabilities
Steven Lin says
Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned
The EMERALDWHALE breach exposed more than 15,000 credentials and cloned 10,000 private repositories by exploiting exposed Git configuration files, allowing attackers to siphon away sensitive information, including cloud and email credentials. Researchers have now found that the attackers made use of private tools to locate vulnerable hosts within broad IP ranges using search engines and scanners to identify targets. The pilfered data, originally in an Amazon S3 bucket with a previous victim, has been taken down but points to an underground market where Git config files and credentials are sold—mostly of cloud services. This breach is most interesting since it reveals a thriving black market for misconfigured repositories and points out the critical need for strong secret management practices to secure environments from such far-reaching credential theft.
https://thehackernews.com/2024/11/massive-git-config-breach-exposes-15000.html
Clement Tetteh Kpakpah says
WISeKey PKI and SEALSQ Post-Quantum Technologies Enhance E-Voting Security through Advanced Cybersecurity and AI Integration | Markets Insider | November 1, 2024
WiSeKey unveiled a new phase in e-voting technology, which integrates post-quantum cryptography and artificial intelligence (AI) to address the increasing complexity of cybersecurity threats in digital voting. This advancement positions WISeKey and its subsidiary, SEALSQ Corp (Nasdaq: LAES), as pioneers in secure e-voting, providing a robust solution for governments and institutions committed to a secure, transparent, and efficient electoral process.
WISeKey first entered the e-voting space with a proof of concept in the early 2000s, collaborating with local authorities in Geneva to design an e-voting system that maintained the security, integrity, and accessibility of traditional voting methods while leveraging digital innovation. Since then, WISeKey has continuously evolved its e-voting platform, incorporating blockchain, Web 3.0, post-quantum technologies, and now AI.
Key technologies in this enhanced e-voting system include:
1. Post-Quantum Cryptography for Long-Term Security
2. Blockchain-Enabled Transparency and Decentralized Verification
3. Artificial Intelligence for Real-Time Threat Detection and Anomaly Response
4. Advanced Biometric Voter Authentication
5. Adaptive Encryption for Data Privacy and Access Control
6. Predictive Analytics for Anticipating Cybersecurity Threats
7. Automated Vote Integrity Verification with AI Algorithms
8. Social Engineering Threat Detection Using Natural Language Processing (NLP)
9. Continuous Security Enhancement through Machine Learning
10. Transparent AI for Accountability and Public Trust
11. Advancing Democracy with Technology
https://markets.businessinsider.com/news/stocks/wisekey-pki-and-sealsq-post-quantum-technologies-enhance-e-voting-security-through-advanced-cybersecurity-and-ai-integration-1033936185
Sara Sawant says
LottieFiles hacked in supply chain attack to steal users’ crypto
A supply chain attack targeted the LottieFiles “lottie-player” JavaScript library, injecting a crypto wallet drainer into versions 2.0.5 to 2.0.7. When users connected their crypto wallets on websites using the compromised code, the malicious script stole funds, reportedly leading to a significant loss for one user. LottieFiles quickly issued a safe version (2.0.8) and advised immediate updates. This attack highlights the risks in third-party dependencies, as affected websites were served the compromised code directly from content delivery networks.
https://www.bleepingcomputer.com/news/security/lottiefiles-hacked-in-supply-chain-attack-to-steal-users-crypto/
Yash Mane says
A former Walt Disney World employee, recently dismissed, is accused of hacking the company’s systems to modify menu pricing, add profanities, and fraudulently identify goods as allergy-safe—posing a danger to tourists. The FBI detained him when Disney recognized these unlawful alterations and blocked their dissemination. The ex-employee, who denies involvement, awaits a bail hearing and wants to plead not guilty. His counsel indicated he suffers from long-standing mental health difficulties and is not getting therapy in prison. Disney’s internal investigation identified him as a suspect, given his past employment as a menu production manager, with the requisite access and expertise to conduct such assaults. The firm spent over $150,000 in fees and had their menu program down for more than a week owing to the hack.
https://securityaffairs.com/170489/cyber-crime/former-disney-world-employee-arrested.html
Lili Zhang says
Russian state-sponsored hacking group Cozy Bear (APT29) is targeting over 100 organizations in sectors like government, defense, and academia with a new phishing campaign. Using emails disguised as legitimate communications from Microsoft and AWS, the attackers send signed RDP configuration files that grant remote access to victims’ systems upon opening. This allows Cozy Bear to steal sensitive data and maintain persistent access. Cybersecurity experts recommend using AI-based phishing detection, multi-factor authentication, and continuous user education to protect against this sophisticated threat.
https://hackread.com/scary-fakecall-malware-captures-photos-otps-android/
Daniel Akoto-Bamfo says
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging.
The GSM Association (GSMA) is working on implementing end-to-end encryption (E2EE) to secure messages sent between Android and iOS ecosystems. The RCS Universal Profile will add user protections such as interoperable end-to-end encryption, addressing technical challenges such as key federation and cryptographically enforced group membership. This development comes after Apple officially rolled out iOS 18 with support for RCS in its Messages app. Google is implementing the Signal protocol to secure RCS conversations on Android, while Apple plans to work with GSMA members to integrate encryption. Google also plans to develop the Message Layer Security (MLS) protocol for its Messages app for Android to facilitate interoperability across messaging services and platforms. Meta aims to enable interoperability with third-party messaging services in WhatsApp and Facebook Messenger as part of its efforts to comply with the E.U. Digital Markets Act while maintaining E2EE guarantees.
https://thehackernews.com/2024/09/gsma-plans-end-to-end-encryption-for.html
Jocque Sims says
In the News – Chinese scientists claim they broke RSA encryption with a quantum computer — but there’s a catch.
Brief Summary: RSA, named after its three inventors, is a method of asymmetric encryption that employs two distinct yet interrelated keys to address a complex mathematical challenge. The mathematical operations involved are so intricate that they cannot be solved by even the most advanced supercomputers currently available unless the corresponding cryptographic key is known.
Recent claims by researchers in China indicate that they have successfully utilized a quantum computer to decrypt RSA encryption. This finding suggests that quantum computers possess the potential to process the substantial amounts of information required to undermine RSA encryption.
In May 2024, a study published in the Chinese Journal of Computers revealed that a quantum computer known as the D-Wave Advantage, developed by the California-based D-Wave Quantum Systems, was able to successfully decrypt RSA encryption presented to it. However, it is noteworthy that the encryption involved only a 50-bit integer, whereas contemporary systems typically employ 1024-2048-bit integers.
Key considerations include the fact that quantum computers function in accordance with the principles of quantum mechanics. They utilize qubits, which enable parallel processing of calculations, contrasting with conventional computers that perform calculations sequentially. This results in quantum computers being able to solve problems in seconds that would require conventional computers for millions of years.
The D-Wave Advantage machine executed a process known as quantum annealing. Quantum annealing leverages quantum fluctuations—random changes in energy levels within quantum systems—to optimize a problem, allowing it to be resolved in the most efficient manner. This can be compared to the approach used by engineers who heat metal to reshape it, subsequently cooling, reheating, and reshaping it until the desired form is achieved.
This research implies that modern encryption technologies may eventually be unable to withstand the decryption capabilities of quantum computers. Researchers are currently exploring encryption models that utilize larger integers, such as 128 or 256 bits. Should 128 and 256-bit keys become susceptible to decryption, it is likely that attention will turn to investigating larger-bit keys.
Works Cited
Allison, P. R. (2024, October 22). Chinese scientists claim they broke RSA encryption with a
quantum computer — but there’s a catch. Retrieved from Live Science: https://www.livescience.com/technology/computing/chinese-scientists-claim-they-broke-rsa-encryption-with-a-quantum-computer-but-theres-a-catch
Sarah Maher says
Chinese hackers collected audio from unnamed Trump campaign adviser, Washington Post reports.
The FBI was investigating unauthorized access of telecomms. That is when they found that chinese affiliate hackers. The hackers were also able to gain access to text messages of the individual. The hackers were able to infiltrate verizon phone systems. The attempts were on both political parties and their teams.
https://www.reuters.com/world/us/chinese-hackers-collected-audio-unnamed-trump-campaign-adviser-washington-post-2024-10-27/
Rohith says
Saint Xavier University experienced a data breach in July 2023 that impacted over 210,000 individuals.
The breach occurred between June 29 and July 18, 2023, and involved the unauthorized download of files containing personal information. The affected information varied by individual but may have included names, financial details, and Social Security numbers. The university confirmed that an unauthorized party accessed portions of its IT network during this time. The Alphv/BlackCat ransomware group claimed responsibility for the incident.
https://www.securityweek.com/210000-impacted-by-year-old-saint-xavier-university-data-breach/
Lily Li says
US DoD Tightens Cybersecurity Standards for Defense Contractors
The Cybersecurity Maturity Model Certification (CMMC) program allows the US Department of Defense to better assess defense contractors’ cybersecurity protections. The CMMC will verify that contractors used by the Department are compliant. If it is found that these individuals are not compliant then CMMC provides tools to hold entities or individuals accountable for putting US information or systems at risk by knowingly misrepresenting their cybersecurity practices or protocols. The first version of the CMMC was released in January 2020, shortly after the SolarWinds supply chain attack which impacted almost 40 federal defense contractors. The CMMC underwent many revisions. One of the revisions that was introduced to the CMMC program was a Plans of Action and Milestones(POA&Ms). The POA&Ms will be granted for specific requirements and it allows organizations to obtain conditional certification for 180 days while working to meet the NIST standards. The CMMC provides increased assurance to the Department that defense contractors can protect FCI and CUI at a level that matches the level of risk involved.
https://www.infosecurity-magazine.com/news/dod-cybersecurity-standards/
Parth Tyagi says
Google on Monday announced patches for more than 40 vulnerabilities as part of Android’s November 2024 set of security updates, including two flaws that have been exploited in attacks.
Qualcomm released patches for the issue last month, warning that it affects dozens of chipsets and describing it as a high-severity use-after-free bug in the Digital Signal Processor (DSP) service.
Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm said last month.
CVE-2024-43047 (relating to memory corruption while maintain memory maps) was addressed with the first part of Android’s November 2024 security updates, which arrive on devices as a 2024-11-01 security patch level, addressing a total of 17 high-severity vulnerabilities in the Framework and System components.
The second part of the update, which arrives on devices as the 2024-11-05 security patch level, contains fixes for 23 vulnerabilities, including CVE-2024-43093. It also includes updated kernel versions.
Google also announced that the November 2024 security update for Wear OS contains patches for two bugs in addition to fixes for the flaws described in Android’s November 2024 bulletin.
https://www.securityweek.com/google-patches-two-android-vulnerabilities-exploited-in-targeted-attacks/
Justin Chen says
Google Cloud to make MFA mandatory by the end of 2025
Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security. The mandatory MFA rollout will affect both admins and any users with access to Google Cloud services but not general consumer Google accounts.
Google says the mandatory MFA requirement for Google Cloud users is being done for increased security, seeing this as a critical step for safeguarding accounts from increasingly sophisticated threats that can compromise sensitive data and cause significant damage.
https://www.bleepingcomputer.com/news/security/google-cloud-to-make-mfa-mandatory-by-the-end-of-2025/
Aaroush Bhanot says
Booking.com Phishers May Leave You With Reservations
Scammers stole a Californian hotel’s Booking.com credentials and sent targeted phishing messages to customers via the mobile app requesting additional information while citing reservation details. Booking.com confirmed a security breach with a partner but states its internal systems remain secure. In an email to KrebsOnSecurity, booking.com confirmed one of its partners had suffered a security incident that allowed unauthorized access to customer booking information.
“Our security teams are currently investigating the incident you mentioned and can confirm that it was indeed a phishing attack targeting one of our accommodation partners, which unfortunately is not a new situation and quite common across industries,” booking.com replied. “Importantly, we want to clarify that there has been no compromise of Booking.com’s internal systems.”
https://krebsonsecurity.com/2024/11/booking-com-phishers-may-leave-you-with-reservations/?utm_source=tldrinfosec
Haozhe Zhang says
Cybercriminals are increasingly impersonating law enforcement officials, such as FBI agents, to deceive individuals into providing sensitive information or making payments. These scammers often use aggressive tactics, claiming the victim’s identity has been linked to criminal activities like money laundering or drug trafficking. They then demand personal details, including Social Security numbers and dates of birth, under the threat of arrest. In some cases, victims are instructed to make payments via prepaid cards, wire transfers, or cryptocurrency ATMs. To avoid detection, the fraudsters insist that victims do not contact anyone else about the issue. The FBI advises the public to be cautious of unsolicited communications from individuals claiming to be government officials and to verify such claims through official channels
https://cybernews.com/security/cybercriminals-requesting-sensitive-data-as-officials-fbi/
Elias Johnston says
A team led by Emmanuel Thomé at the National Institute for Research in Computer Science in France has broken the record for factoring the largest RSA encryption key, RSA-240, which is 795 bits (240 decimal digits). The previous record was set in 2010 with a 768-bit key. The team completed the task faster than expected, using computer clusters across France, Germany, and the US, requiring the equivalent of nearly 4000 years of a single computer’s work.
However, RSA keys used for everyday online security, like those in HTTPS connections, are much larger (2048 bits), so this achievement doesn’t threaten current encryption. The record helps predict how key sizes might need to grow as computing power increases in the future.
https://www.newscientist.com/article/2226458-number-crunchers-set-new-record-for-cracking-online-encryption-keys/
Charles Lemon says
“Patch now! New Chrome update for two critical vulnerabilities”
Google has released an update for its Chrome Browser for two newly discovered vulnerabilities. The update brings the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux. One of the vulnerabilities was reported by Apple in late October. Apple reported the discovered vulnerability could allow attackers to write data beyond the allocated memory, potentially leading to code execution or system crashes. The other vulnerability was reported by researcher Cassidy Kim. The vulnerability could lead to the execution of arbitrary code or cause a crash, this could be used for potential data theft or system crashes. You can manually install the update by going into the settings in Chrome, users should install the update as soon as possible.
https://www.malwarebytes.com/blog/news/2024/10/patch-now-new-chrome-update-for-two-critical-vulnerabilities