🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

CVE-2024-31497: PuTTY: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces openwall.com/lists/oss-secu… Affected Products - PuTTY 0.68 - 0.80 - FileZilla 3.24.1 - 3.66.5 - WinSCP 5.9.5 - 6.3.2 - TortoiseGit 2.4.0.2 - 2.15.0 - TortoiseSVN 1.10.0 - 1.14.6

- WinSCP 6.3.3 has been released winscp.net/eng/download.p…

Researchers found #vulnerabilities in #PuTTY SSH libraries (v0.68-0.80). Stairwell's research goes further, revealing more potentially at-risk software not in the #NIST advisory. See our report for a full list and a YARA rule to help these vulns: stairwell.com/resources/stai…

Citrix warns admins to manually mitigate PuTTY SSH client bug - Sergiu Gatlan bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

When registering for IACR Crypto'24, please consider signing up for the Workshop on Attacks in Cryptography 7 (WAC7) on Sunday. Our program is online: wac7.cryptanalysis.fun (modulo some attacks that are too new to be out of their embargo yet).

So, Google Chrome gives all *.google.com sites full access to system / tab CPU usage, GPU usage, and memory usage. It also gives access to detailed processor information, and provides a logging backchannel. This API is not exposed to other sites - only to *.google.com.

[1/4] If you've ever tried finding timing side channels by actually measuring, you probably know that this can be incredibly frustrating. But it does not have to! While major side-channels are easy to detect, more subtle ones, especially when the measurements are noisy, are not!

At 4:30 pm (GMT-4) today, CASA PI Yuval Yarom presents his paper “SledgeHammer: Amplifying Rowhammer via Bank-level Parallelism” at #USENIX 24.👉Check out the full paper here: usenix.org/conference/use… #cybersecurity #usesec24

Fabian Bäumer @TrueSkrillor,Marcus Brinkmann - + Jörg Schwenk Jörg Schwenk received a Distinguished Paper Award + Distinguished Artifact Award for“Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation"at #usesec24🔎usenix.org/conference/use… (2/3)

The call for presentations of #RuhrSec 2025 is now open! ✅ Bring your expertise to the stage—submit your proposal today! 🎯 👉 ruhrsec.de/2025/cfp.html #cfp #conference #ITSecurityConference #NRW #Bochum #itsecurity #itsicherheit #cybersicherheit

We want to introduce you to our next #WomeninITS role model Anna Piscitelli! Anna is a PhD student here at CASA and her research focuses on the analysis and detection of vulnerabilities within smart contracts. Learn more about #WomeninITS: casa.rub.de/en/equal-oppor…

The deadline for getting talk proposals in for Real World Crypto 2025 is about two weeks away... rwc.iacr.org/2025/contribut… Talk proposals are short, so there is no excuse in not putting in a bid to talk about your fave applied crypto thing from the last year.

Reminder, you must register your Real World Crypto 2025 submission by Friday AoE to have it considered, but you can finalise it until Monday (not AoE!), see submit.iacr.org/rwc2025/deadli… We hear there's a competing S&P deadline and we're nice like that. Real World Crypto Nick Sullivan

CVE-2025-32433: Unauthenticated Remote Code Execution in Erlang/OTP SSH openwall.com/lists/oss-secu… Allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. Estimated CVSSv3 of 10.0.

FOLLOW US ON BLUESKY! We found a new vulnerability in TLS. It's a variant of the ALPACA attack that bypasses current countermeasures. Relatively low impact - but great insight! Check it out: opossum-attack.com // via bsky.app/profile/ic0nz1…