Double-Encrypting Ransomware

Schneier on Security

In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything. Uncategorized encryption extortion malware ransomware

Encrypted EncroChat Network: Police Arrest More Suspects

Data Breach Today

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Storing Encrypted Photos in Google’s Cloud

Schneier on Security

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

Zoom Lied about End-to-End Encryption

Schneier on Security

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. Uncategorized courts encryption lies videoconferencing

The Modern Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

Encrypted Communications Network 'Anom' Was Sting Operation

Data Breach Today

FBI Developed Smartphone-Based Platform as Honeypot for Criminals Thousands of suspected criminals have been relying on the "Anom" encrypted communications platform to coordinate their efforts.

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat.

Let's Encrypt Vulnerability

Schneier on Security

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website.

Garmin Confirms Hackers Encrypted Several Systems

Data Breach Today

Navigation and Smartwatch Company Stops Short of Using Term 'Ransomware' Garmin acknowledged Monday that a "cyberattack" that encrypted several of its systems led to outages that affected several of the company's fitness and aviation products along with knocking its homepage and customer service centers offline.

NSA Releases Guidance on Obsolete Encryption Tools

Data Breach Today

National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. Agency Recommends Replacement of Old TLS and SSL Protocols The U.S.

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Details are in the paper: “ Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2.”

NSA Offers Guidance on Adopting Encrypted DNS

Data Breach Today

Agency Describes How DoH Can Help Prevent Eavesdropping The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic.

Top 10 Full Disk Encryption Software Products of 2021

eSecurity Planet

In cases, full disk encryption is a necessary feature. Encrypted data provides an obstacle and a layer of risk mitigation against loss since the data is not easily readable without the right encryption key. Encrypted data involves both data in transit and data at rest.

WhatsApp made available end-to-end encrypted chat backups

Security Affairs

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. Currently, WhatsApp allows users to backup their chats on cloud storage services, but these backups are not end-to-end encrypted.

Vaultree Raises $3.3M for Encryption Solution

Dark Reading

The company's platform uses Enhanced Searchable Symmetric Encryption (ESSE) and Fully Homomorphic Encryption (FHE) technologies

How encryption can help address Cloud misconfiguration

Thales Cloud Protection & Licensing

How encryption can help address Cloud misconfiguration. So, whichever way you go, there is, across time, a very high likelihood that a CSP's encryption, tokenization, or key management scheme will be misconfigured either by the CSP itself or by the CSP user.

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Security Affairs

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud.

Top Enterprise Encryption Products

eSecurity Planet

Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The secure devices don’t use phone number to communicate because the encrypted traffic it relayed via An0m’s central platform.

European Police Hack Encrypted Communication System

Data Breach Today

Cracking of EncroChat's Network Leads to Hundreds of Arrests in Organized Crime Crackdown European police gained access to messages sent via an encrypted cellular network, leading to the arrest of hundreds of alleged organized crime members, according to Europol

Quantum Resistant Encryption – Are You Ready?

Thales Cloud Protection & Licensing

Quantum Resistant Encryption – Are You Ready? When functional quantum computing becomes available it is anticipated to make many current asymmetric encryption ciphers (RSA, Diffie-Hellman, ECC etc.) Learn more about Thales solutions for quantum resistant encryption. Encryption.

DoJ Blasts Apple on Lack of Encryption Backdoor - Again

Data Breach Today

Law Enforcement Leaders Say Encryption Delayed Terrorist Investigation; Apple Pushes Back Although FBI technicians were able to gain access to data in two iPhones belonging to a Saudi national who killed three U.S.

Cryptanalysis of an Old Zip Encryption Algorithm

Schneier on Security

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. bitcoin cryptanalysis cryptocurrency cryptography encryptionDefCon talk here.

High-Severity Intel Processor Bug Exposes Encryption Keys

Threatpost

CVE-2021-0146, arising from a debugging functionality with excessive privileges, allows attackers to read encrypted files. Vulnerabilities

Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings

Data Breach Today

Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls.

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

ZLoader Malware Hidden in Encrypted Excel File

Data Breach Today

Researchers Describe Sophisticated Phishing Campaign A new phishing campaign distributes ZLoader malware using advanced delivery techniques that demonstrate sophisticated understanding of Microsoft Office document formats and techniques, the security firm Forcepoint X-Labs reports

New Vaultree Encryption-as-a-Service Keeps Cloud Data Fully Encrypted

Dark Reading

Encryption startup Vaultree aims to give companies the ability to work with fully encrypted data in the cloud

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. The operators behind LockFile ransomware encrypt alternate blocks of 16 bytes in a document to evade detection.

Homomorphic Encryption: The 'Golden Age' of Cryptography

Dark Reading

The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors.

Companies Face Issues as Let's Encrypt Root Certificate Expires

Dark Reading

Experts warn devices will be affected after major HTTPS certificate provider Let's Encrypt saw its root certificate expire this week

OnDemand Webinar | Protect Your Network From Encrypted Threats

Data Breach Today

Learn How To Run Deep SSL Inspection For Encrypted Traffic. View this webinar OnDemand and learn how you can run deep SSL inspection for encrypted traffic

Don't Encrypt Everything; Protect Intelligently

Thales Cloud Protection & Licensing

Don't Encrypt Everything; Protect Intelligently. And though you likely cannot calculate exactly how much data your organization holds; you know it is going to be a big and costly problem to “Encrypt Everything.”. Encrypting everything is time intensive because of explosive data growth.

Zoom to Offer End-to-End Encryption for All Users

Data Breach Today

Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform.

What Is the Signal Encryption Protocol?

WIRED Threat Level

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.

WhatsApp Fixes Its Biggest Encryption Loophole

WIRED Threat Level

The ubiquitous messaging service will add end-to-end encryption to backups, keeping your chats safe no matter whose cloud they're stored in. Security Security / Privacy

How Ransomware Uses Encryption – And Evolves

eSecurity Planet

The malware encrypts files and spreads to the entire system to maximize damage, which forces companies to lock down the whole network to stop the propagation. Encryption is the Key. Encryption is used everywhere. Encrypting is neither hashing nor obfuscating files.

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Threatpost

The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security

Zoom Rolls Out End-to-End Encryption After Setbacks

Threatpost

After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week. Cloud Security Vulnerabilities Web Security coronavirus COVID-19 E2EE Encryption End to end encryption Pandemic remote work Security transport layer security encryption video conferencing security zoom zoom meeting Zoom-bombing