All articles tagged with #cryptographic keys
A comprehensive analysis of 141 million breached files from over 1,200 incidents reveals significant risks, including exposure of bank statements, personal information, and cryptographic keys, highlighting the growing threat of data breaches and ransomware attacks driven by stolen data and extortion tactics.
Hackers have been exploiting a critical zero-day vulnerability in Microsoft SharePoint since July 7, 2025, targeting government and corporate sectors across North America and Europe. The attack involves deploying web shells to extract cryptographic keys, allowing persistent access and remote code execution. Microsoft has issued patches, but sophisticated variants of the vulnerability continue to be exploited, emphasizing the need for immediate security updates.
A new side-channel attack called "GoFetch" targets Apple M1, M2, and M3 processors, allowing attackers to steal secret cryptographic keys from the CPU's cache. The attack exploits a hardware vulnerability in the data memory-dependent prefetchers (DMPs) found in these CPUs, making it difficult to fix with a hardware solution. While software fixes could mitigate the issue, they would impact the CPUs' cryptographic functions. Apple owners are advised to practice safe computing habits and await potential security updates from Apple.
Researchers have discovered a vulnerability in the cryptographic keys used to protect data in computer-to-server SSH traffic, which can be compromised when computational errors occur during connection establishment. The vulnerability affects RSA keys and has been found in approximately one-third of the SSH signatures examined, exposing the private key of the host in about one in a million cases. This finding is surprising because most SSH software has deployed countermeasures to prevent such attacks, and it was previously believed that signature faults only affected RSA keys used in TLS protocols.
Researchers have discovered that a significant number of cryptographic keys used to protect SSH connections are vulnerable to compromise due to computational errors during connection establishment. The vulnerability affects RSA keys used in approximately one-third of SSH signatures, potentially exposing the private key of the host. While most SSH software has countermeasures in place, the finding is surprising as previous research believed such attacks were limited to TLS protocol. The researchers suggest implementing additional protection in other protocols and emphasize the importance of defending against these failures.