Misuse of X.509 Certificates & Keys Involved in SolarWinds Attack

This article discusses the misuse of X.509 certificates and keys in the SolarWinds attack and how Cryptomathic CKMS and CSG could help protect against such attacks.

Read more

Bring Your Own Key (BYOK) to AWS Enlarges Scope of Manoeuvre for Financial Institutions

This article discusses how Cryptomathic CKMS addresses concerns that financial institutions may have regarding key management in the cloud - by bringing banking-grade lifecycle key management and BYOK to Amazon Web Services (AWS) as a hybrid-cloud banking architecture.

Read more

RSA is not destroyed, but do remain vigilant and be crypto-agile!

During the last couple of weeks, a little shake went through parts of the security community. This was caused by a preprint by Professor Dr. Claus Peter Schnorr titled “Fast Factoring Integers by SVP Algorithms”, published on the IACR’s E-print Server.

Read more

The SolarWinds attack and best practices for code-signing

Since the announcement of the SolarWinds supply chain attack, intensive analysis has been done by Crowdstrike, FireEye (with additional details), Microsoft, Symantec, SolarWinds, and many others, to understand the attack’s workings both within SolarWinds and in the targeted networks. Here we focus on the code signing procedures, which seemingly failed at SolarWinds but likely could have mitigated the risk of the attack if they had been implemented and enforced to a higher standard.

Read more

Bring Your Own Key (BYOK) to the Google Cloud Brings New Opportunities to Financial Institutions

This article discusses the concerns surrounding key management for cloud environments and how Cryptomathic addresses them by bringing banking-grade cryptographic key management to the Google Cloud - in the context of a hybrid-cloud banking architecture.

Read more

Plugging the Security Gaps in Mobile Banking Apps

An investigation conducted by "Which?", a consumer watchdog group based in the UK, found serious vulnerabilities in the security of banking security systems, including mobile banking apps.

Read more

Key Management: New Digital Models for Banks and New Security Models, Too

In rethinking their strategies, traditional banks have eight digital business model options to consider in order to remain competitive against untraditional newcomers to the industry.

Read more

Cryptomathic’s Signer’s QSCD is Certified Based on the Common Criteria Recognition Arrangement

Cryptomathic’s Signer is the only qualified (electronic) signature creation device (QSCD) that is certified under the SO-GIS agreement using the Common Criteria Recognition Arrangement (CCRA). Its security target is written to strictly conform to the certified protection profile EN 419 241-2.

Read more

ANSI X9.24-1-2017:  Key Compromise

In a retail financial services environment, the compromise of a symmetric cryptographic key is a critical security breach. Such a situation is described by the ANSI X9.24-1-2017 standard. Here, we summarize the ANSI guidance on how to respond if a potential compromise has been identified.

Read more