Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: encryption – Page 18

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that’s both sophisticated and fast.

“What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware,” Check Point Research said in a new report. “In fact, Rorschach is one of the fastest ransomware strains ever observed, in terms of the speed of its encryption.”

The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors.

Read more | >

As more private data is stored and shared digitally, researchers are exploring new ways to protect data against attacks from bad actors. Current silicon technology exploits microscopic differences between computing components to create secure keys, but artificial intelligence (AI) techniques can be used to predict these keys and gain access to data. Now, Penn State researchers have designed a way to make the encrypted keys harder to crack.

Led by Saptarshi Das, assistant professor of engineering science and mechanics, the researchers used graphene — a layer of carbon one atom thick — to develop a novel low-power, scalable, reconfigurable hardware security device with significant resilience to AI attacks. They published their findings in Nature Electronics today (May 10).

“There has been more and more breaching of private data recently,” Das said. “We developed a new hardware security device that could eventually be implemented to protect these data across industries and sectors.”

Read more | >

Threat actors used a well-liked piece of corporate communication software from 3CX, according to security experts. In particular, reports state that a desktop client for the 3CX VoIP (Voice over Internet Protocol) service was used to specifically target 3CX’s clients.

It is believed that the attack is a multi-part process, with the first stage using a hacked version of the 3CX desktop application. Although the.exe file and the MSI package have the same name, preliminary research indicates that the MSI package is the one that may include DLLs that have been maliciously modified.

The beginning of the infection process occurs when 3CXDesktopApp.exe loads the ffmpeg.dll file. After that, ffmpeg.dll will read the encrypted code from d3dcompiler_47.dll and then decode it. It seems that the decrypted code is the backdoor payload that attempts to visit the IconStorage GiHub page in order to access an ICO file that contains the encrypted C&C server that the backdoor connects to in order to acquire the probable ultimate payload.

Read more | >

A quantum computer in the next decade could crack the encryption our society relies on using Shor’s Algorithm. Head to https://brilliant.org/veritasium to start your free 30-day trial, and the first 200 people get 20% off an annual premium subscription.

▀▀▀
A huge thank you to those who helped us understand this complex field and ensure we told this story accurately — Dr. Lorenz Panny, Prof. Serge Fehr, Dr. Dustin Moody, Prof. Benne de Weger, Prof. Tanja Lange, PhD candidate Jelle Vos, Gorjan Alagic, and Jack Hidary.

A huge thanks to those who helped us with the math behind Shor’s algorithm — Prof. David Elkouss, Javier Pagan Lacambra, Marc Serra Peralta, and Daniel Bedialauneta Rodriguez.

▀▀▀
References:
Joseph, D., et al. (2022). Transitioning organizations to post-quantum cryptography. Nature, 605(7909), 237–243. — https://ve42.co/Joseph2022

Bernstein, D. J., & Lange, T. (2017). Post-quantum cryptography. Nature, 549(7671), 188–194. — https://ve42.co/Bernstein2017

An Insight, An Idea with Sundar Pichai — Quantum Computing, Wold Economic Forum via YouTube — https://ve42.co/QCWEFyt.

Continue reading “How Quantum Computers Break The Internet… Starting Now” | >

Computer scientist Amit Sahai, PhD, is asked to explain the concept of zero-knowledge proofs to 5 different people; a child, a teen, a college student, a grad student, and an expert. Using a variety of techniques, Amit breaks down what zero-knowledge proofs are and why it’s so exciting in the world of cryptography.

Amit Sahai, PhD, is a professor of computer science at UCLA Samueli School of Engineering.

Still haven’t subscribed to WIRED on YouTube? ►► http://wrd.cm/15fP7B7
Listen to the Get WIRED podcast ►► https://link.chtbl.com/wired-ytc-desc.
Want more WIRED? Get the magazine ►► https://subscribe.wired.com/subscribe/splits/wired/WIR_YouTu…ription_ZZ

Follow WIRED:

Instagram ►►https://instagram.com/wired.
Twitter ►►http://www.twitter.com/wired.
Facebook ►►https://www.facebook.com/wired.

Get more incredible stories on science and tech with our daily newsletter: https://wrd.cm/DailyYT

Continue reading “Computer Scientist Explains One Concept in 5 Levels of Difficulty” | >

Founder of Intellisystem Technologies. Scientific researcher and professor at eCampus University. NASA Genelab AWG AI/ML member.

Quantum computing is a new approach founded on quantum mechanics principles to perform calculations. Unlike classical computers, which store information in bits (either 0 or 1), quantum computers use quantum bits or “qubits” that can exist in multiple states simultaneously. This physics property allows quantum computers to perform specific calculations much faster than classical computers.

The potential applications of quantum computing are vast and include fields such as cryptography, finance and drug discovery. It promises to transform multiple industries and tackle challenges that classical computers cannot solve.

Read more | >

Already smarting from a breach that put partially encrypted login data into a threat actor’s hands, LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers.

Although an initial intrusion into LastPass ended on August 12, officials with the leading password manager said the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” from August 12 to August 26. In the process, the unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

Read more | >

The buzz in the wireless industry is all about space, or what is referred to as non-terrestrial networks (NTNs). The wireless 3GPP Release 17 specification includes two new standards for satellite communications from smartphones, mobile electronics, and IoT devices directly to satellites. While satellites have always been part of the wireless communications infrastructure, they have traditionally provided backhaul network communications, not direct communications to mobile devices other than clunky satellite phones and emergency equipment. Direct satellite communications with individual mobile devices will help overcome gaps in terrestrial cellular networks, providing a truly global infrastructure that can be leveraged by a variety of industries, and bridge the digital divide by bringing wireless communications to rural areas that often lack the infrastructure even with the rollout of 5G cellular networks.

The 3rd Generation Partnership Project or 3GPP is a global standards body consisting of a wide variety of wireless ecosystem members, such as intellectual property (IP) providers, semiconductor companies, networking companies, device OEMs, and wireless operators. Since 1998 and 2G cellular technology, members of the 3GPP have worked together to develop standards for new wireless technologies continuously. While the industry is now well past 3G and new generations of cellular technology are still introduced approximately every 10 years, new releases of the 3GPP standards are released approximately every two years within a generation in an on-going effort to increase the efficient use of a limited natural resource – radio spectrum. The standards also encourage the freeing up of additional spectrum, the development of new radio access networks (RANs), new encryption technology, higher network performance, aggregation of spectrum from different carriers and wireless technologies, support for additional use cases, and new network configurations. In other words, the 3GPP group is tasked with improving wireless technology with each generation and providing a global network that can be accessed from anywhere and by any device. With the inclusion of satellite networks, or non-terrestrial networks (NTNs), a global network will finally be possible.

The latest 3GPP standard that was finalized in 2023 is Release 17, the 3rd Release within the 5G cellular generation. Among other enhancements and additions, Release 17 includes two new standards for satellite networks, IoT-NTN and New Radio NTN or NR-NTN. The IoT-NTN standard defines narrow band using a 200KHz channel for two-way messaging and other low-bandwidth consumer and embedded/IoT applications, such as location tracking, asset tracking, and sensor monitoring. The data rates for IoT-NTN are similar to the data rates that were experienced in 2G. It will provide basic data connectivity.

Read more | >

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST in July 2022 for post-quantum cryptography has been broken. Researchers from the KTH Royal Institute of Technology, Stockholm, Sweden, used recursive training AI combined with side channel attacks.

A side-channel attack exploits measurable information obtained from a device running the target implementation via channels such as timing or power consumption. The revolutionary aspect of the research (PDF) was to apply deep learning analysis to side-channel differential analysis.

“Deep learning-based side-channel attacks,” say the researchers, “can overcome conventional countermeasures such as masking, shuffling, random delays insertion, constant-weight encoding, code polymorphism, and randomized clock.”

Read more | >