all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Don’t overextend your Oblivious Transfer

Add to bookmarks
Sept. 20, 2023, 1:20 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

By Joop van de Pol


We found a vulnerability in a threshold signature scheme that allows an attacker to recover the signing key of threshold ECDSA implementations that are based on Oblivious Transfer (OT). A malicious participant of the threshold signing protocols could perform selective abort attacks during the OT extension subprotocol, recover the secret values of other parties, and eventually recover the signing key. Using this key, the attacker could assume the identities of users, gain control over critical …

attacker attacks don ecdsa extension found key malicious oblivious protocols recover secret signature signing signing key threshold transfer van vulnerability

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Security above all else—expanding Microsoft’s Secure Future Initiative an hour ago | malware.news
cyberattacks cybersecurity future high +11
FBI warns of email spoofing by North Korean threat actor Kimsuky 4 hours ago | malware.news
actor article dmarc domains +16
You get a passkey, you get a passkey, everyone should get a passkey 8 hours ago | malware.news
accounts can consumer cracked +10
Attackers evade detection by leveraging Microsoft Graph API 8 hours ago | malware.news
api article attackers cloud +15
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383 9 hours ago | malware.news
article cisco credit credit monitoring +8
Code faster with generative AI, but beware the risks when you do 9 hours ago | malware.news
article can code coding +13
Proposed Bill Focuses on Voluntary AI Security Incident Reporting 9 hours ago | malware.news
ai security bill companies cybersecurity +21
The impact of automating open source dependency management 10 hours ago | malware.news
article business consuming customer +12
Diffusione di malware Keylogger tramite falsa pagina di Agenzia delle Entrate – PuntoFisco 11 hours ago | malware.news
agenzia delle entrate article cert con +5

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Nestlé | St. Louis, MO, US, 63164
View on infosec-jobs.com

Cybersecurity Analyst

@ Dana Incorporated | Pune, MH, IN, 411057
View on infosec-jobs.com

Sr. Application Security Engineer

@ CyberCube | United States
View on infosec-jobs.com

Linux DevSecOps Administrator (Remote)

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com

Cyber Security Intern or Co-op

@ Langan | Parsippany, NJ, US, 07054-2172
View on infosec-jobs.com

Security Advocate - Application Security

@ Datadog | New York, USA, Remote
View on infosec-jobs.com
View more jobs