article thumbnail

GoTo Encrypted Backups Stolen in LastPass Breach

Dark Reading

Encrypted backups for several GoTo remote work tools were exfiltrated from LastPass, along with encryption keys

article thumbnail

Russian Hackers Target Ukraine With Malicious Encryption

Data Breach Today

From Russia with Love Group Boasted of Removing Decryptor from Somnia Ransomware Russian hackers are on a campaign to maliciously encrypt the files of Ukrainian victims - but unlike other ransomware groups, doing so without the possibility of offering a decryptor.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Best Encryption Software for 2022

eSecurity Planet

It’s been a couple of decades since data tapes delivered by trucks made encryption a standard enterprise cybersecurity practice. Thus, data in transit, as well as data at rest, should be made indecipherable via strong encryption. What is Encryption? Data in Use Encryption.

article thumbnail

US Government Picks Quantum-Resistant Encryption Algorithms

Data Breach Today

Quantum Computers That Use Atom-Level States of Uncertainty Are a Matter of Time The National Institute of Standards and Technology today announced a first group of encryption algorithms designed to withstand the assault of a future quantum computer.

article thumbnail

The Modern Encryption Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

article thumbnail

Microsoft Email Encryption Vulnerable to Structural Leaks

Data Breach Today

Redmond Uses Protocol NIST Says Is a "Severe Security Vulnerability" Emails encrypted through Microsoft Office are vulnerable to attacks that can reveal the original content of messages due to shortcomings in the protocol, says WithSecure security researcher Harry Sintonen.

article thumbnail

Samsung Encryption Flaw

Schneier on Security

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. Here are the details: As we discussed in Section 3, the wrapping key used to encrypt the key blobs (HDK) is derived using a salt value computed by the Keymaster TA.

article thumbnail

Double-Encrypting Ransomware

Schneier on Security

In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything. Uncategorized encryption extortion malware ransomware

article thumbnail

LastPass Breach: Attacker Stole Encrypted Password Vaults

Data Breach Today

LastPass says the attacker downloaded from the cloud backups of multiple users' encrypted password vaults, as well as unencrypted URLs

article thumbnail

Google announced end-to-end encryption for Gmail web

Security Affairs

Google introduces end-to-end encryption for Gmail web to its Workspace and education customers to protect emails sent using the web client. Using end-to-end encryption for Gmail will make sensitive data in the email body and attachments from indecipherable to Google servers.

article thumbnail

Breaking the Zeppelin Ransomware Encryption Scheme

Schneier on Security

“If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files!” “The challenge was that they delete the [public key] once the files are fully encrypted.

article thumbnail

Hyundai Uses Example Keys for Encryption System

Schneier on Security

“Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]” […]. “ Uncategorized AES cars encryption keys

article thumbnail

2 Arrested for Operating Malware Encryption Service

Data Breach Today

Romanians Allegedly Ran 'CyberSeal,' 'Dataprotector' and 'Cyberscan' Services Europol has arrested two Romanians for allegedly selling services - including malware encryption - that helped cybercriminals circumvent antivirus tools

article thumbnail

Encrypted Communications Network 'Anom' Was Sting Operation

Data Breach Today

FBI Developed Smartphone-Based Platform as Honeypot for Criminals Thousands of suspected criminals have been relying on the "Anom" encrypted communications platform to coordinate their efforts.

article thumbnail

NSA Releases Guidance on Obsolete Encryption Tools

Data Breach Today

National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. Agency Recommends Replacement of Old TLS and SSL Protocols The U.S.

article thumbnail

ISMG Editors: Ransomware Gangs Are Using Partial Encryption

Data Breach Today

Also: Improving Private-Public Collaboration, ISMG'S Africa Summit Four editors at Information Security Media Group analyze private-public partnerships today, preview ISMG's upcoming cybersecurity summit in Africa and discuss the increasing use of intermittent or partial encryption by ransomware gangs as a means to extort money from victims faster.

article thumbnail

Encryption: How It Works, Types, and the Quantum Future

eSecurity Planet

Encryption and the development of cryptography have been a cornerstone of IT security for decades and remain critical for data protection against evolving threats. The race continues for cryptographers to keep encryption systems ahead of cryptanalysts and hackers. What is Encryption?

article thumbnail

Encrypted EncroChat Network: Police Arrest More Suspects

Data Breach Today

article thumbnail

NSA Offers Guidance on Adopting Encrypted DNS

Data Breach Today

Agency Describes How DoH Can Help Prevent Eavesdropping The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic.

article thumbnail

Garmin Confirms Hackers Encrypted Several Systems

Data Breach Today

Navigation and Smartwatch Company Stops Short of Using Term 'Ransomware' Garmin acknowledged Monday that a "cyberattack" that encrypted several of its systems led to outages that affected several of the company's fitness and aviation products along with knocking its homepage and customer service centers offline.

article thumbnail

Let's Encrypt Vulnerability

Schneier on Security

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website.

article thumbnail

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat.

article thumbnail

Microsoft Office 365 Message Encryption (OME) doesn’t ensure confidentiality

Security Affairs

A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. The experts pointed out that Microsoft Office 365 Message Encryption (OME) relies on Electronic Codebook (ECB) mode of operation.

article thumbnail

How to Use Signal Encrypted Messaging

WIRED Threat Level

The best end-to-end encrypted messaging app has a host of security features. Here are the ones you should care about. Security Security / Security Advice

article thumbnail

Storing Encrypted Photos in Google’s Cloud

Schneier on Security

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

article thumbnail

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

eSecurity Planet

To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

article thumbnail

Royal Ransomware Puts Novel Spin on Encryption Tactics

Dark Reading

An emerging cybercriminal group linked with Conti has expanded its partial encryption strategy and demonstrates other evasive maneuvers, as it takes aim at healthcare and other sectors

article thumbnail

Extracting Encrypted Credentials From Common Tools

Dark Reading

Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this

article thumbnail

Ransomware Group Zeppelin's Costly Encryption Mistake

Data Breach Today

The latest edition of the ISMG Security Report discusses how the profits of ransomware group Zeppelin have been smashed by security researchers, FTX again highlighting the risks of trading cryptocurrencies, and vendor Extrahop's newly appointed, high-profile president

article thumbnail

Facebook Is Now Encrypting Links to Prevent URL Stripping

Schneier on Security

Facebook has responded by encrypting the entire URL into a single ciphertext blob. Uncategorized browsers encryption Facebook trackingSome sites, including Facebook, add parameters to the web address for tracking purposes.

article thumbnail

Zoom Lied about End-to-End Encryption

Schneier on Security

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. Uncategorized courts encryption lies videoconferencing

article thumbnail

Apple to Enable End-to-End Encryption of iCloud Backups

Data Breach Today

Announcement Comes After Apple Reportedly Delayed the Backups at the FBI's Request Smartphone giant Apple says that starting later this year, users can enable end-to-end encryption of iPhone backups stored in the company's commercial cloud.

article thumbnail

European Police Hack Encrypted Communication System

Data Breach Today

Cracking of EncroChat's Network Leads to Hundreds of Arrests in Organized Crime Crackdown European police gained access to messages sent via an encrypted cellular network, leading to the arrest of hundreds of alleged organized crime members, according to Europol

article thumbnail

Take a Diversified Approach to Encryption

Dark Reading

Encryption will break, so it's important to mix and layer different encryption methods

article thumbnail

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Details are in the paper: “ Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2.”

article thumbnail

Microsoft 365 Message Encryption Can Leak Sensitive Info

Dark Reading

The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix

article thumbnail

Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings

Data Breach Today

Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls.

article thumbnail

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

article thumbnail

DoJ Blasts Apple on Lack of Encryption Backdoor - Again

Data Breach Today

Law Enforcement Leaders Say Encryption Delayed Terrorist Investigation; Apple Pushes Back Although FBI technicians were able to gain access to data in two iPhones belonging to a Saudi national who killed three U.S.

article thumbnail

Cryptanalysis of an Old Zip Encryption Algorithm

Schneier on Security

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. bitcoin cryptanalysis cryptocurrency cryptography encryptionDefCon talk here.