Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications.

The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption.

Encryption: Avoiding the Pitfalls That Can Lead to Breaches

Data Breach Today

Analysis of Common Mistakes Made When Encrypting Data The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps.

Analysis: The Evolving Ransomware Threat

Data Breach Today

Other topics: filling the DevSecOps skills gap and the repercussions of Australia's encryption-busting law The latest edition of the ISMG Security Report offers an in-depth look at the ever-changing ransomware threat.

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data.

Cisco Adds Encrypted Traffic Analysis Function

Dark Reading

New Encrypted Traffic Analytics is designed to help enterprises inspect encrypted traffic for malicious activity without having to decrypt it first

Cracking Down on Criminals' Use of Encrypted Communications

Data Breach Today

An analysis of a crackdown on criminals' use of encrypted communications leads the latest edition of the ISMG Security Report. Also: a preview of ISMG's Healthcare Security and Legal & Compliance summits, including expert insights on vendor risk management

How Encryption Became the Board’s New Best Friend

Thales eSecurity

For many years, encryption has been viewed as a burden on businesses – expensive, complex and of questionable value. While 97% of IT experts indicated they are going through some type of digital transformation, only 30% have adopted an encryption strategy. Enter encryption.

FBI Director's Encryption Comments Prove Controversial

Data Breach Today

An analysis of FBI Director Christopher Wray's comments about how encryption poses complications for law enforcement officials leads the latest edition of the ISMG Security Report. Also featured: The former CISO of the state of Michigan sizes up cybersecurity forecasts

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data. “We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

Traffic Analysis of the LTE Mobile Standard

Schneier on Security

Interesting research in using traffic analysis to learn things about encrypted traffic. academicpapers cellphones encryption phones trafficanalysis vulnerabilitiesIt's hard to know how critical these vulnerabilities are.

IT 75

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. The post GCHQ implements World War II cipher machines in encryption app CyberChef appeared first on Security Affairs.

Always Encrypted: Database Security Product Overview and Analysis

eSecurity Planet

We review Always Encrypted, a free database security tool included with Microsoft SQL Server

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. Still, I like seeing this kind of analysis about security infrastructure.

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. Technical Analysis. Encrypted payload, stored in Resource section. Check against malware analysis tools.

Security Analysis of the LIFX Smart Light Bulb

Schneier on Security

The device is completely open (no secure boot, no debug interface disabled, no flash encryption).

Detecting Drone Surveillance with Traffic Analysis

Schneier on Security

In other words, they can see what the drone sees, pulling out their recognizable pattern from the radio signal, even without breaking the drone's encrypted video.

Retefe Banking Trojan Resurfaces, Says Goodbye to Tor

Threatpost

The malware has new tricks, like using the stunnel encrypted tunneling mechanism and abusing a legitimate shareware app. Malware abused shareware app banking trojan changes encrypted tunnels Malware analysis new campaigns reemergence Retefe stunnel

National Academy of Sciences Encryption Study

Data Matters

After supporters and opponents of mandated government access to encrypted communications publicly feuded for much of 2016, reprising arguments they’ve had since at least the days of the “Clipper Chip,” these “encryption debates” seemed to quiet down for much of last year. Wray further argued that, while the FBI “supports information security measures, including strong encryption[,]. Few would describe 2017 as a quiet year.

Aporeto: Container Security Product Overview and Analysis

eSecurity Planet

Aporeto's container security platform uses application context to enforce authentication, authorization, and encryption policies

How situational analysis helps your school become #BreachReady

IT Governance

In this blog, we’ll consider situational analysis, how to assess what’s happening in the school and how to support staff to protect the data in their care. Situational analysis – understand what’s happening now. Introduce device encryption.

PCI DSS compliance: a range of encryption approaches available to secure your data

Thales eSecurity

Not all types of encryption give you the coverage and flexibility you need. One of the most common and most effective approaches to protecting data is encryption. Encryption is typically employed on four layers of the technology stack: Disk (or media).

Gemalto SafeNet: Database Security Product Overview and Analysis

eSecurity Planet

We review Gemalto SafeNet Database, a database security tool that provides transparent encryption of structured, sensitive data residing in databases

FRANCE: CNIL publishes initial analysis on Blockchain and GDPR

DLA Piper Privacy Matters

Encrypted data. This is why the CNIL strongly recommends the use of encryption in order to come as close as possible to ensuring an effective exercise of the data subjects’ rights. Although this is a preliminary analysis of the CNIL, it is certainly interesting to know its position on this topic, and to see that its approach is rather pragmatic and takes into account the constraints imposed by the Blockchain technology. By Denise Lebeau-Marianna and Caroline Chancé.

Hacking the GCHQ Backdoor

Schneier on Security

Further, crash log analysis could lead unrelated third parties to find evidence of the ghost in use, and it's even possible that binary reverse engineering could lead researchers to find ways to disable the ghost capability on the client side.

New National Academies Report on Crypto Policy

Schneier on Security

The National Academies has just published " Decrypting the Encryption Debate: A Framework for Decision Makers." Not much news or analysis yet. cryptography encryption nationalsecuritypolicy

IT 65

Hacker broke into super secure French Government’s Messaging App Tchap hours after release

Security Affairs

The popular French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to break into Tchap , a new secure messaging app launched by the French government for encrypted communications between officials and politicians.

I Was Cited in a Court Decision

Schneier on Security

See generally, Kerr & Schneier, Encryption Workarounds, 106 Geo. And here's the second, in footnote 5: We recognize that ordinary cell phone users are likely unfamiliar with the complexities of encryption technology. academicpapers courts encryption passwords schneiernews

GAO Report on Equifax

Adam Shostack

The use of encryption allowed the attackers to blend in their malicious actions with regular activity on the Equifax network and, thus, secretly maintain a presence on that network as they launched further attacks without being detected by Equifax’s scanning software. Encryption provides content confidentiality, not meta-data confidentiality. breach analysis Data Analysis disclosure

Key Reuse opens to attacks on IPsec IKE, Cisco, Huawei, ZyXEL products are affected

Security Affairs

Security researchers from the University of Opole in Poland and the Ruhr-University Bochum in Germany have devised a new attack technique that allows cracking encrypted communications. We exploit a Bleichenbacher oracle in an IKEv1 mode, where RSA encrypted nonces are used for authentication.”

Expert found a flaw that affects all OpenSSH versions since 1999

Security Affairs

Researchers from Qualys have published a detailed analysis of the vulnerability once discovered that the bug was fixed. The security researchers Didier Stevens of NVISO Labs also published a detailed analysis of the flaw that includes instructions to test servers against it.

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs

Researchers published a technical analysis of the privilege escalation process that allows the threat to gain SYSTEM privileges. The body of each Sodin sample includes an encrypted configuration block that stores the settings and data used by the malware. ” continues the analysis.

A new NAS Ransomware targets QNAP Devices

Security Affairs

The ransomware , tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali , is written in the Go programming language and uses AES encryption to encrypt files. encrypt extension to filenames of encrypted files. base64 encoded encrypted data].

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

Technical Analysis. JSWorm encrypts all the user files appending a new extension to their name. During the encryption phase, the ransomware creates an HTML Application “JSWRM-DECRYPT.hta” in each folder it encounters. Figure 3: Extensions excluded from encryption.

A new Mac malware dubbed Tarmac has been distributed via malvertising campaigns

Security Affairs

“Malicious ads redirect victims to sites showing popups peddling software updates, mainly Adobe Flash Player updates, that once executed will install first install the OSX/ Shlayer MacOS malware , which then execute the final payload, the OSX/Tarmac” reads the analysis.

Russians Hack FBI Comms System

Schneier on Security

It's unclear whether the Russians were able to recover encrypted data or just perform traffic analysis. Its poor design just encourages users to turn off the encryption.

Reasons Why We Need I.T. Management Professionals in Cybersecurity

Cyber Info Veritas

Bo Yuan, a Computing professor, did an analysis of threats faced by organization and businesses. His analysis revealed that most businesses are vulnerable to cyberattacks because of the human error and interaction. CATEGORIES Professional Analysis cybersecurity-management