Experts Discover Security Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm

The Hacker News Daily Updates [Newsletter]( [cover]( [The Hacker News Webinar: A MythBusting Special -- 9 Myths about File-based Threats]( Say goodbye to the myths and hello to the facts - Register for our webinar on file-based threats now! [Download Now]( Sponsored LATEST NEWS Mar 6, 2023 [Core Members of DoppelPaymer Ransomware Gang Targeted in Germany and Ukraine]( Law enforcement authorities from Germany and Ukraine have targeted suspected core members of a cybercrime group that has been behind large-scale attacks using DoppelPaymer ransomware. The operation, which took place on February 28, 2023, was carried out with support from the Dutch National Police (Politie) and the U.S. Federal Bureau of Investigation (FBI), according to Europol. This ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Experts Reveal Google Cloud Platform's Blind Spot for Data Exfiltration Attacks]( Malicious actors can take advantage of "insufficient" forensic visibility into Google Cloud Platform (GCP) to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Still managing compliance on spreadsheets? Time for compliance automation]( Know your risk and compliance posture at all times. Automate your compliance journey here. >> [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm]( A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Security and IT Teams No Longer Need To Pay For SaaS-Shadow IT Discovery]( This past January, a SaaS Security Posture Management (SSPM) company named Wing Security (Wing) made waves with the launch of its free SaaS-Shadow IT discovery solution. Cloud-based companies were invited to gain insight into their employees' SaaS usage through a completely free, self-service product that operates on a "freemium" model. If a user is impressed with the solution and wants to ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [New FiXS ATM Malware Targeting Mexican Banks]( A new ATM malware strain dubbed FiXS has been observed targeting Mexican banks since the start of February 2023. "The ATM malware is hidden inside another not-malicious-looking program," Latin American cybersecurity firm Metabase Q said in a report shared with The Hacker News. Besides requiring interaction via an external keyboard, the Windows-based ATM malware is also vendor-agnostic and ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices]( A pair of serious security defects has been disclosed in the Trusted Platform Module (TPM) 2.0 reference library specification that could potentially lead to information disclosure or privilege escalation. One of the vulnerabilities, CVE-2023-1017, concerns an out-of-bounds write, while the other, CVE-2023-1018, is described as an out-of-bounds read. Credited with discovering and reporting ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Chinese Hackers Targeting European Entities with New MQsTTang Backdoor]( The China-aligned Mustang Panda actor has been observed using a hitherto unseen custom backdoor called MQsTTang as part of an ongoing social engineering campaign that commenced in January 2023. "Unlike most of the group's malware, MQsTTang doesn't seem to be based on existing families or publicly available projects," ESET researcher Alexandre Côté Cyr said in a new report. Attack ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [The Hacker News Webinar: A MythBusting Special -- 9 Myths about File-based Threats]( Say goodbye to the myths and hello to the facts - Register for our webinar on file-based threats now! [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India