Remove 2020 Remove Blog Remove Encryption Remove Passwords
article thumbnail

Enhancing Pwned Passwords Privacy with Padding

Troy Hunt

Since launching version 2 of Pwned Passwords with the k-anonymity model just over 2 years ago now, the thing has really gone nuts (read that blog post for background otherwise nothing from here on will make much sense). They could be searching for any password whose SHA-1 hash begins with those characters. Very slick!

Passwords 272
article thumbnail

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” concludes the report.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Analysis of Xloader’s C2 Network Encryption

Security Boulevard

In October 2020, Formbook was rebranded as Xloader and some significant improvements were introduced, especially related to the command and control (C2) network encryption. Steal stored passwords. Previous blog posts have analyzed various aspects of Formbook and Xloader’s obfuscation. Xloader PUSHEBP encrypted block.

article thumbnail

Password Storage Using Java

Veracode Security

This is the eighth entry in the blog series on using Java Cryptography securely. The first few entries talked about architectural details , Cryptographically Secure Random Number Generators , encryption/decryption , and message digests. It becomes exceedingly important to make sure these stored passwords can???t There are two??broad

Passwords 123
article thumbnail

Spam and phishing in 2020

SecureList

In 2020: The share of spam in email traffic amounted to 50.37%, down by 6.14 We assume that those who called the numbers were asked to provide the login and password for the service that the scammers were imitating, or to pay for some diagnostics and troubleshooting services. Figures of the year. Agentb malware family.

Phishing 143
article thumbnail

Password Storage Using Java

Security Boulevard

This is the eighth entry in the blog series on using Java Cryptography securely. The first few entries talked about architectural details , Cryptographically Secure Random Number Generators , encryption/decryption , and message digests. It becomes exceedingly important to make sure these stored passwords can???t There are two??broad

article thumbnail

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Among those was the encrypted messaging app Signal , which said the breach could have let attackers re-register the phone number on another device for about 1,900 users. On July 28 and again on Aug.