Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...
MIT Technology Review

AI is already making online crimes easier. It could get much worse.

Some cybersecurity researchers say it’s too early to worry about AI-orchestrated cyberattacks. Others say it could already be ...
Tech Xplore on MSN

Why 'zero-knowledge encryption' may not stop password theft if servers are hacked

People who regularly use online services have between 100 and 200 passwords. Very few can remember every single one. Password managers are therefore extremely helpful, allowing users to access all ...
SecurityWeek

Password Managers Vulnerable to Vault Compromise Under Malicious Server

Researchers at ETH Zurich have tested the security of Bitwarden, LastPass, Dashlane, and 1Password password managers.
The Hacker News

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Academic study finds 25 attack methods in major cloud password managers exposing vault, recovery, and encryption design risks.
eWeek

OpenAI Introduces New Safeguards in ChatGPT to Prevent AI Prompt Injection

OpenAI launches Lockdown Mode and Elevated Risk warnings to protect ChatGPT against prompt-injection attacks and reduce data-exfiltration risks.

Crypto is playing a growing role in human trafficking networks, report shows

A report from a blockchain analytics company has found that cryptocurrency is playing a growing role in suspected human trafficking activity.