NSA Releases Guidance on Obsolete Encryption Tools

Data Breach Today

National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. Agency Recommends Replacement of Old TLS and SSL Protocols The U.S.

NSA Offers Guidance on Adopting Encrypted DNS

Data Breach Today

Agency Describes How DoH Can Help Prevent Eavesdropping The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Let's Encrypt Vulnerability

Schneier on Security

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website.

Garmin Confirms Hackers Encrypted Several Systems

Data Breach Today

Navigation and Smartwatch Company Stops Short of Using Term 'Ransomware' Garmin acknowledged Monday that a "cyberattack" that encrypted several of its systems led to outages that affected several of the company's fitness and aviation products along with knocking its homepage and customer service centers offline.

2 Arrested for Operating Malware Encryption Service

Data Breach Today

Romanians Allegedly Ran 'CyberSeal,' 'Dataprotector' and 'Cyberscan' Services Europol has arrested two Romanians for allegedly selling services - including malware encryption - that helped cybercriminals circumvent antivirus tools

ZLoader Malware Hidden in Encrypted Excel File

Data Breach Today

Researchers Describe Sophisticated Phishing Campaign A new phishing campaign distributes ZLoader malware using advanced delivery techniques that demonstrate sophisticated understanding of Microsoft Office document formats and techniques, the security firm Forcepoint X-Labs reports

Top Enterprise Encryption Products

eSecurity Planet

Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions

Cryptanalysis of an Old Zip Encryption Algorithm

Schneier on Security

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. bitcoin cryptanalysis cryptocurrency cryptography encryptionDefCon talk here.

Homomorphic Encryption: The 'Golden Age' of Cryptography

Dark Reading

The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors.

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

European Police Hack Encrypted Communication System

Data Breach Today

Cracking of EncroChat's Network Leads to Hundreds of Arrests in Organized Crime Crackdown European police gained access to messages sent via an encrypted cellular network, leading to the arrest of hundreds of alleged organized crime members, according to Europol

Zoom to Offer End-to-End Encryption for All Users

Data Breach Today

Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform.

What Is the Signal Encryption Protocol?

WIRED Threat Level

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.

OnDemand Webinar | Protect Your Network From Encrypted Threats

Data Breach Today

Learn How To Run Deep SSL Inspection For Encrypted Traffic. View this webinar OnDemand and learn how you can run deep SSL inspection for encrypted traffic

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

DoJ Blasts Apple on Lack of Encryption Backdoor - Again

Data Breach Today

Law Enforcement Leaders Say Encryption Delayed Terrorist Investigation; Apple Pushes Back Although FBI technicians were able to gain access to data in two iPhones belonging to a Saudi national who killed three U.S.

CIA Secretly Owned Swiss Encryption Firm for Years: Reports

Data Breach Today

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Threatpost

The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security

The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption. Also featured: An analysis of Equifax's settlement with the FTC and a discussion of a new report on the cost of data breaches

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills

Threatpost

government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement. Government Newsmaker Interviews Videos apple backdoor EARN IT Encryption FBI government Lawful Access to Encrypted Data ActThe U.S.

Facebook Pressured Over Encrypted Messaging Plans

Data Breach Today

US, UK and Australia Push for Law Enforcement Access Facebook is falling under renewed pressure for its plans to make its messaging platforms fully encrypted. The U.S., and Australia are asking Facebook to ensure law enforcement can access messages

Intel, Microsoft Aim for Breakthrough in DARPA Encryption Project

Dark Reading

Together, the vendor giants aim to make "in use" encryption -- also known as "fully homomorphic encryption" -- economical and practical

Zoom Rolls Out End-to-End Encryption After Setbacks

Threatpost

After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week. Cloud Security Vulnerabilities Web Security coronavirus COVID-19 E2EE Encryption End to end encryption Pandemic remote work Security transport layer security encryption video conferencing security zoom zoom meeting Zoom-bombing

Zoom Will Be End-to-End Encrypted for All Users

Schneier on Security

Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. cybersecurity encryption securityengineering twofactorauthentication videoconferencing

Breach Report: Sometimes, Encryption Is Still Overlooked

Data Breach Today

Stolen Laptop Contained Patient Data on Thousands Just when you thought the days of big data breaches tied to stolen unencrypted laptops were over comes news of an incident in Oregon affecting hundreds of thousands. What happened this time

Google Releases Basic Homomorphic Encryption Tool

Schneier on Security

From a Wired article : Private Join and Compute uses a 1970s methodology known as "commutative encryption" to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data. cryptography encryption google

MongoDB Offers Field Level Encryption

Schneier on Security

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. authentication cryptography encryption hacking keys

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. The post Google discloses a severe flaw in widely used Libgcrypt encryption library appeared first on Security Affairs.

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. This challenges the view that hardware encryption is preferable over software encryption.

Why Encrypted Chat Apps Aren't Replacing Darknet Markets

Data Breach Today

Many Vendors of Illegal Drugs, Weapons, Hacking Tools Prefer Markets With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? But encrypted apps have their own downsides They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration.

Zoom Faces More Legal Challenges Over End-to-End Encryption

Threatpost

The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it. Government Mobile Security Privacy Web Security Consumer Protection Procedures Act damages End to end encryption false advertising Lawsuit legal challenges sued Washington D.C.

Encryption: Avoiding the Pitfalls That Can Lead to Breaches

Data Breach Today

Analysis of Common Mistakes Made When Encrypting Data The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps. Experts offer insights on making the right moves

Breaking Encryption Myths (EU Commission on Encryption)

Adam Shostack

I’ve signed onto a letter to the European Commission on end to end encrypted communications. Software Engineering

Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

Threatpost

Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. academicpapers databases encryptionIt describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it.

Report: Apple Scuttled Encryption Plans for iCloud Backups

Data Breach Today

Technology Giant Didn't Want to 'Poke the Bear,' Sources Tell Reuters Apple previously scuttled plans add end-to-end encryption to iCloud backups, Reuters reports, noting that such a move would have complicated law enforcement investigations.

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Data Breach Today

After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year

Let's Encrypt: We Won't Revoke All Certificates Right Now

Data Breach Today

Mass Revocation Will Bring Too Much Concern, Project Says Let's Encrypt is going to take a softer approach to resolving the impacts from a bug in its systems that issues free TLS certificates.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Zoom now supports end-to-end encrypted (E2EE) calls

Security Affairs

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. ” With E2EE, users will be able to generate individual encryption keys and use them to protect voice or video calls with encryption protecting them from eavesdropping.