LimeRAT malware is being spread through VelvetSweatshop Excel encryption technique

A new campaign is spreading the LimeRAT Remote Access Trojan by harnessing an old encryption technique in Excel files. LimeRAT is a simple Trojan designed for Windows machines. The malware is able to install backdoors on infected machines and encrypt Read More …

An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)

The first Microsoft patch Tuesday of 2020 contained fixes for CVE-2020-0601, a vulnerability discovered by the United States’ National Security Agency (NSA) that affects how cryptographic certificates are verified by one of the core cryptography libraries in Windows that make up part of Read More …

Swiss encryption company secretly owned by U.S. and German intelligence agencies

The U.S. intelligence community actively monitored for decades the diplomatic and military communications of numerous Latin American nations through encryption machines supplied by a Swiss company that was secretly owned by the CIA and the German intelligence agency, BND, according Read More …

Blocking A CurveBall: PoCs Out for Critical Microsoft-NSA Bug CVE-2020-0601

Security researchers have released proof-of-concept (PoC) codes for exploiting CurveBall (CVE-2020-0601), the first bug that the National Security Agency (NSA) reported. Included in this year’s first cycle of Patch Tuesday updates, the vulnerability affects Windows operating systems’ CryptoAPI’s validation of Elliptic Curve Cryptography (ECC) Read More …

Exploit Fully Breaks SHA-1, Lowers the Attack Bar

A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. The exploit was developed by Gaëtan Leurent Read More …

NSA Publishes Advisory Addressing Encrypted Traffic Inspection TLCRisks

The National Security Agency (NSA) published an advisory that addresses the risks behind Transport Layer Security Inspection (TLSI) and provides mitigation measures for weakened security in organizations that use TLSI products. TLSI (aka TLS break and inspect) is the process through which Read More …

Interpol to support the breaking of end-to-end encryption

International police body Interpol has joined the growing list of law enforcement agencies that back the idea of breaking encrypted communications, echoing concerns that the technology protects criminals. Interpol is expected to argue later today that encryption frustrates criminal investigations Read More …

US, UK, and Australia jointly request for Facebook to stop end-to-end encryption plans

The United States, the United Kingdom, and Australia have joined to request that Facebook delay its plans to implement end-to-end encryption across its messaging services. First reported by BuzzFeed News, the governments on Thursday jointly published an open letter to Facebook Read More …

Firefox And Chrome Fight Back Against Kazakhstan’s Spying

Against the backdrop of China, Russia, and Iran working to sequester their own private, national internets, other countries like Kazakhstan have experimented with similar balkanization and internet-control initiatives. Kazakhstan first piloted a monitoring system in 2015 that would offer access to all web traffic Read More …