Samsung Encryption Flaw

Schneier on Security

Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. Here are the details: As we discussed in Section 3, the wrapping key used to encrypt the key blobs (HDK) is derived using a salt value computed by the Keymaster TA.

Double-Encrypting Ransomware

Schneier on Security

In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. In that case, data is only encrypted once, but a victim would need both decryption keys to unlock everything. Uncategorized encryption extortion malware ransomware

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Take a Diversified Approach to Encryption

Dark Reading

Encryption will break, so it's important to mix and layer different encryption methods

2 Arrested for Operating Malware Encryption Service

Data Breach Today

Romanians Allegedly Ran 'CyberSeal,' 'Dataprotector' and 'Cyberscan' Services Europol has arrested two Romanians for allegedly selling services - including malware encryption - that helped cybercriminals circumvent antivirus tools

The Modern Encryption Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. This checklist will help you evaluate the scope of services offered by various encryption solutions on the market.

Encrypted Communications Network 'Anom' Was Sting Operation

Data Breach Today

FBI Developed Smartphone-Based Platform as Honeypot for Criminals Thousands of suspected criminals have been relying on the "Anom" encrypted communications platform to coordinate their efforts.

NSA Releases Guidance on Obsolete Encryption Tools

Data Breach Today

National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. Agency Recommends Replacement of Old TLS and SSL Protocols The U.S.

NSA Offers Guidance on Adopting Encrypted DNS

Data Breach Today

Agency Describes How DoH Can Help Prevent Eavesdropping The NSA has released guidance on how organizations can adopt encrypted domain name system protocols to prevent eavesdropping and manipulation of DNS traffic.

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat.

Garmin Confirms Hackers Encrypted Several Systems

Data Breach Today

Navigation and Smartwatch Company Stops Short of Using Term 'Ransomware' Garmin acknowledged Monday that a "cyberattack" that encrypted several of its systems led to outages that affected several of the company's fitness and aviation products along with knocking its homepage and customer service centers offline.

Storing Encrypted Photos in Google’s Cloud

Schneier on Security

New paper: “ Encrypted Cloud Photo Storage Using Google Photos “: Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices.

NSA Cyber Chief Vows 'No Backdoors' in Quantum Encryption Standards

Dark Reading

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said

Let's Encrypt Vulnerability

Schneier on Security

The BBC is reporting a vulnerability in the Let's Encrypt certificate service: In a notification email to its clients, the organisation said: "We recently discovered a bug in the Let's Encrypt certificate authority code. I am seeing nothing on the Let's Encrypt website.

Zoom Lied about End-to-End Encryption

Schneier on Security

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. Uncategorized courts encryption lies videoconferencing

Flaws in DataVault encryption software impact multiple storage devices

Security Affairs

Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. “It turned out that the key derivation function was PBKDF2 using 1000 iteration of MD5 to derive the encryption key.

European Police Hack Encrypted Communication System

Data Breach Today

Cracking of EncroChat's Network Leads to Hundreds of Arrests in Organized Crime Crackdown European police gained access to messages sent via an encrypted cellular network, leading to the arrest of hundreds of alleged organized crime members, according to Europol

Here's How Fast Ransomware Encrypts Files

Dark Reading

New analysis shows how long it takes for each of the top 10 ransomware families to encrypt 100,000 files

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Details are in the paper: “ Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2.”

New German Government is Pro-Encryption and Anti-Backdoors

Schneier on Security

Such regulations, which are already enshrined in the interim solution of the ePrivacy Regulation, for example, “diametrically contradict the character of the coalition agreement” because secure end-to-end encryption is guaranteed there, Zimmermann said.

Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings

Data Breach Today

Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls.

Top Enterprise Encryption Products

eSecurity Planet

Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions

DoJ Blasts Apple on Lack of Encryption Backdoor - Again

Data Breach Today

Law Enforcement Leaders Say Encryption Delayed Terrorist Investigation; Apple Pushes Back Although FBI technicians were able to gain access to data in two iPhones belonging to a Saudi national who killed three U.S.

Vaultree Raises $3.3M for Encryption Solution

Dark Reading

The company's platform uses Enhanced Searchable Symmetric Encryption (ESSE) and Fully Homomorphic Encryption (FHE) technologies

WhatsApp made available end-to-end encrypted chat backups

Security Affairs

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. Currently, WhatsApp allows users to backup their chats on cloud storage services, but these backups are not end-to-end encrypted.

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

ZLoader Malware Hidden in Encrypted Excel File

Data Breach Today

Researchers Describe Sophisticated Phishing Campaign A new phishing campaign distributes ZLoader malware using advanced delivery techniques that demonstrate sophisticated understanding of Microsoft Office document formats and techniques, the security firm Forcepoint X-Labs reports

Cryptanalysis of an Old Zip Encryption Algorithm

Schneier on Security

Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. bitcoin cryptanalysis cryptocurrency cryptography encryptionDefCon talk here.

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The secure devices don’t use phone number to communicate because the encrypted traffic it relayed via An0m’s central platform.

FBI training document shows lawful access to multiple encrypted messaging apps

Security Affairs

Which are the most secure encrypted messaging apps? The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps.

Top 10 Full Disk Encryption Software Products of 2021

eSecurity Planet

In cases, full disk encryption is a necessary feature. Encrypted data provides an obstacle and a layer of risk mitigation against loss since the data is not easily readable without the right encryption key. Encrypted data involves both data in transit and data at rest.

Samsung Shattered Encryption on 100M Phones

Threatpost

One cryptography expert said that 'serious flaws' in the way Samsung phones encrypt sensitive material, as revealed by academics, are 'embarrassingly bad.'.

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Threatpost

The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security

UK Government to Launch PR Campaign Undermining End-to-End Encryption

Schneier on Security

Rolling Stone is reporting that the UK government has hired the M&C Saatchi advertising agency to launch an anti-encryption advertising campaign. Uncategorized child pornography children crypto wars cybersecurity encryption marketing privacy propaganda

Zoom to Offer End-to-End Encryption for All Users

Data Breach Today

Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform.

OnDemand Webinar | Protect Your Network From Encrypted Threats

Data Breach Today

Learn How To Run Deep SSL Inspection For Encrypted Traffic. View this webinar OnDemand and learn how you can run deep SSL inspection for encrypted traffic

A flaw in the encryption algorithm of Hive Ransomware allows retrieving encrypted files

Security Affairs

Researchers discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data. “Hive ransomware uses a hybrid encryption scheme, but uses its own symmetric cipher to encrypt files.

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Security Affairs

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud.

Breaking 256-bit Elliptic Curve Encryption with a Quantum Computer

Schneier on Security

It would require 317 × 10 6 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μ s, a reaction time of 10 μ s, and a physical gate error of 10 -3.

The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption. Also featured: An analysis of Equifax's settlement with the FTC and a discussion of a new report on the cost of data breaches