NSA Releases Guidance on Obsolete Encryption Tools

Data Breach Today

National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. Agency Recommends Replacement of Old TLS and SSL Protocols The U.S.

ZLoader Malware Hidden in Encrypted Excel File

Data Breach Today

Researchers Describe Sophisticated Phishing Campaign A new phishing campaign distributes ZLoader malware using advanced delivery techniques that demonstrate sophisticated understanding of Microsoft Office document formats and techniques, the security firm Forcepoint X-Labs reports

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings

Data Breach Today

Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls.

Top Enterprise Encryption Products

eSecurity Planet

Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions

Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

Threatpost

Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.

What Is the Signal Encryption Protocol?

WIRED Threat Level

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging. Security Security / Privacy

Zoom to Offer End-to-End Encryption for All Users

Data Breach Today

Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform.

A Security Practitioner's Guide to Encrypted DNS

Dark Reading

Best practices for a shifting visibility landscape

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. This challenges the view that hardware encryption is preferable over software encryption.

Zoom Rolls Out End-to-End Encryption After Setbacks

Threatpost

After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week. Cloud Security Vulnerabilities Web Security coronavirus COVID-19 E2EE Encryption End to end encryption Pandemic remote work Security transport layer security encryption video conferencing security zoom zoom meeting Zoom-bombing

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Threatpost

The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security

NEW TECH: Will ‘Secure Access Service Edge’ — SASE — Be the Answer to Secure Connectivity?

The Last Watchdog

Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security. Related: The shared burden of securing the Internet of Things. Security, meanwhile, has morphed into a glut of point solutions that mostly serve to highlight the myriad gaps in an ever-expanding attack surface. It’s called Secure Access Service Edge, or SASE , as coined by research firm Gartner.

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. This version fixes a critical security bug in the recently released version 1.9.0.

The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption. Also featured: An analysis of Equifax's settlement with the FTC and a discussion of a new report on the cost of data breaches

Zoom Faces More Legal Challenges Over End-to-End Encryption

Threatpost

The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it. Government Mobile Security Privacy Web Security Consumer Protection Procedures Act damages End to end encryption false advertising Lawsuit legal challenges sued Washington D.C.

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network

Threatpost

Cryptography Government Mobile Security Privacy Android criminal communications Criminals EncroChat encrypted chat Encryption European Union France law enforcement mobile murder network secure mobile messaging The Netherlands U.K.

Zoom now supports end-to-end encrypted (E2EE) calls

Security Affairs

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. “Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your sessions.”

Zoom Restricts End-to-End Encryption to Paid Users

Threatpost

The end-to-end encryption feature will not be offered to free users, Zoom's CEO said, in case Zoom needed to comply with federal and local law enforcement. Privacy Web Security End to end encryption FBI law enforcement work from home zoom zoom privacy zoom security

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Data Breach Today

After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year

Encryption Utility Firm Accused of Bundling Malware Functions in Product

Threatpost

The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board. Cloud Security Malware Check Point cloudeye crypter darkeye Encryption guloader italian company malware Malware analysis packer securitycode.eu

How Law Enforcement Gets Around Your Smartphone's Encryption

WIRED Threat Level

New research has dug into the openings that iOS and Android security provide for anyone with the right tools. Security Security / Privacy

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. “Let’s Encrypt found a bug in our CAA code. ” reads the advisory published by Let’s Encrypt.

Five Eyes nations plus India and Japan call for encryption backdoor once again

Security Affairs

Members of the Five Eyes intelligence alliance once again call for tech firms to engineer backdoors into end-to-end and device encryption. The Statement ends with the call to protect public safety, even sacrificing privacy or cyber security. “We SecurityAffairs – hacking, encryption).

Multiparty Encryption Allows Companies to Solve Security-Data Conundrum

Dark Reading

An interdisciplinary research team constructs a way for companies to share breach data without revealing specific details that could exposes businesses to legal risk

This Encrypted Gun Registry Might Bridge a Partisan Divide

WIRED Threat Level

Security Security / Security NewsResearchers from Brown University have developed a system that could keep track of firearms while preserving privacy.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

IBM releases open-source toolkits implementing FHE to process data while encrypted

Security Affairs

IBM has released open-source toolkits implementing fully homomorphic encryption (FHE) that allow researchers to process data while it’s still encrypted. This has revolutionized security and data privacy and how we outsource computation to untrusted clouds,” states IBM.

Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness

Dark Reading

A Black Hat presentation will discuss how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages

Ring Adds End-to-End Encryption to Quell Security Uproar

Threatpost

The optional feature was released free to users in a technical preview this week, adding a new layer of security to service, which has been plagued by privacy concerns.

Zoom Beefs Up End-to-End Encryption to Thwart ‘Zoombombers’

Threatpost

As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. Cloud Security Cryptography Mobile Security Privacy acquisition cryptography Cyberattacks Cybersecurity End to end encryption Keybase video calls video platform zoom ZoomBombing

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

Threatpost

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.

Top Full Disk Encryption Software Products

eSecurity Planet

Full disk encryption is a critical part of IT security. Here are the top disk encryption tools to choose from

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security. Slack announced today to launch encryption keys that will help businesses to protect their data.

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt.

Signal App Tips: Get the Most Out of Your Encrypted Chat

WIRED Threat Level

The best end-to-end encrypted messaging app has a host of security features. Security Security / Security AdviceHere are the ones you should care about.

Crypto-Primer: Encryption Basics Every Security Pro Should Know

Dark Reading

With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques

BLURtooth flaw allows attacking Bluetooth encryption process

Security Affairs

versions are affected by the vulnerability dubbed BLURtooth which allows hackers to defeat Bluetooth encryption. The vulnerability could be exploited by attackers to overwrite or lower the strength of the pairing key, defeating the protocol encryption. Bluetooth 4.0 through 5.0