-
A New Paradigm for Server-Aided MPC
ePrint Report: A New Paradigm for Server-Aided MPC Alessandra Scafuro, Tanner Verber The server-aided model for multiparty computation (MPC) was introduced to capture a real-world scenario where clients wish to off-load the heavy computation of MPC protocols to dedicated servers. A rich body of work has studied various trade-offs between security guarantees (e.g., semi-honest vs…
-
Round-Optimal Compiler for Semi-Honest to Malicious Oblivious Transfer via CIH
ePrint Report: Round-Optimal Compiler for Semi-Honest to Malicious Oblivious Transfer via CIH Varun Madathil, Alessandra Scafuro, Tanner Verber A central question in the theory of cryptography is whether we can build protocols that achieve stronger security guarantees, e.g., security against malicious adversaries, by combining building blocks that achieve much weaker security guarantees, e.g., security only…
-
CISA Adds One Vulnerability to the KEV Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282 Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA urges organizations to apply mitigations as set forth in the CISA instructions linked…
-
Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways
Ivanti released security updates to address vulnerabilities (CVE-2025-0282, CVE-2025-0283) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. A cyber threat actor could exploit CVE-2025-0282 to take control of an affected system. CISA has added CVE-2025-0282 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CISA urges organizations to hunt for any malicious…
-
Research that builds detections
Note: You can view the full content of the blog here. Introduction Detection engineering is becoming increasingly important in surfacing new malicious activity. Threat actors might take advantage of previously unknown malware families – but a successful detection of certain methodologies or artifacts can help expose the entire infection chain. In previous blog posts, we…
-
Hidden Weaknesses in Secure Elements and Enclaves
Secure elements (SE) on Android and secure enclaves on iOS have emerged as trusted hardware-backed solutions for storing and protecting sensitive information, such as cryptographic keys. They are often touted as tamper-resistant, isolated, and secure environments with the highest certifications (e.g., AVA_VAN.5 under Common Criteria). However, while the hardware is robust, the software layers above it introduce significant…
-
Zero-Day Vulnerability in Ivanti VPN
It’s being actively exploited. It’s being actively exploited. Go to Source
-
Seven Trends to Watch for in 2025
*No generative AI was used by the author Rapid Rate of Change Still Powering Technology Here we are a quarter of the way through the 21st century and the rate of change in technology shows no signs of slowing. And, while we are not quite the jet-setting hipsters that cartoons of the 1960’s predicted, we…
-
Tuta for Open Source Projects
We at Tuta love open source. Lots of open source projects are developed and maintained by open source enthusiasts like ourselves, and we want to give back and help open source teams to be more productive and more secure.
-
How DevOps and devops can be implemented together?
DevOps is a set of practices that unifies software development (Dev) and IT operations (Ops), aiming to shorten the system development lifecycle and deliver high-quality software continuously. Implementing DevOps effectively within an organization can lead to faster delivery, more reliable products, and more efficient collaboration between teams. This article will provide a detailed guide on…