Tag
# CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. A sufficient private key is one in which it's components `p` and `q` are safe primes, such that: - `p` and `q` are both prime numbers - `p` and `q` are not equal - `p` and `q` have the same, sufficiently large, size - For example, using two values both 1024 bits long is sufficient, whereas using one value 2040 bits long and the other 8 bits long is not. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys su...
Gentoo Linux Security Advisory 202401-20 - A vulnerability has been found in QPDF which can lead to a heap-based buffer overflow. Versions greater than or equal to 10.1.0 are affected.
By Deeba Ahmed Attackers Leveraging Windows Vulnerability in Phemedrone Malware Campaign for Enhanced Stealth. This is a post from HackRead.com Read the original post: Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer
By Deeba Ahmed The attacks, potentially linked to Russian APT Sandworm, exploited vulnerabilities in Zyxel firewalls. This is a post from HackRead.com Read the original post: Forescout Report Uncovers New Details in Danish Energy Hack
By Deeba Ahmed From Background Checks to Bedroom Layouts: Data Leak Strips Bare School Security System. This is a post from HackRead.com Read the original post: Texas School Safety Software Data Leak Endangers Student Safety
**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 120.0.2336.0 120.0.6099.216/217 1/11/2024
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution.
In 2020, the United States brought charges against four men accused of building a bulletproof hosting empire that once dominated the Russian cybercrime industry and supported multiple organized cybercrime groups. All four pleaded guilty to conspiracy and racketeering charges. But there is a fascinating and untold backstory behind the two Russian men involved, who co-ran Russia's most popular spam forum for years.
By Deeba Ahmed Undetected for Over 11 Months, AsyncRAT Lurked on Systems of Sensitive US Agencies with Critical Infrastructures, reports the… This is a post from HackRead.com Read the original post: AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs
By Waqas NIST Unveils Insights on AI Vulnerabilities and Potential Threats.w This is a post from HackRead.com Read the original post: Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities