Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings

Data Breach Today

Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls.

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

Zoom to Offer End-to-End Encryption for All Users

Data Breach Today

Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform. It's also rolling out other new security features

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network

Threatpost

Cryptography Government Mobile Security Privacy Android criminal communications Criminals EncroChat encrypted chat Encryption European Union France law enforcement mobile murder network secure mobile messaging The Netherlands U.K.

Multiparty Encryption Allows Companies to Solve Security-Data Conundrum

Dark Reading

An interdisciplinary research team constructs a way for companies to share breach data without revealing specific details that could exposes businesses to legal risk

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Threatpost

The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers.

Zoom Faces More Legal Challenges Over End-to-End Encryption

Threatpost

The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it. Government Mobile Security Privacy Web Security Consumer Protection Procedures Act damages End to end encryption false advertising Lawsuit legal challenges sued Washington D.C.

BLURtooth flaw allows attacking Bluetooth encryption process

Security Affairs

versions are affected by the vulnerability dubbed BLURtooth which allows hackers to defeat Bluetooth encryption. The vulnerability could be exploited by attackers to overwrite or lower the strength of the pairing key, defeating the protocol encryption. Bluetooth 4.0 through 5.0

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Data Breach Today

After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year

Top Full Disk Encryption Software Products

eSecurity Planet

Full disk encryption is a critical part of IT security. Here are the top disk encryption tools to choose from

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. Governments have legitimate law enforcement and national security interests.

Zoom Restricts End-to-End Encryption to Paid Users

Threatpost

The end-to-end encryption feature will not be offered to free users, Zoom's CEO said, in case Zoom needed to comply with federal and local law enforcement. Privacy Web Security End to end encryption FBI law enforcement work from home zoom zoom privacy zoom security

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

Threatpost

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

Encryption-Busting EARN IT Act Advances in Senate

WIRED Threat Level

Plus: A massive crime bust in Europe, a warning from US Cyber Command, and more of the week's top security news. Security Security / Security News

Crypto-Primer: Encryption Basics Every Security Pro Should Know

Dark Reading

With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.

Encryption Utility Firm Accused of Bundling Malware Functions in Product

Threatpost

The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board. Cloud Security Malware Check Point cloudeye crypter darkeye Encryption guloader italian company malware Malware analysis packer securitycode.eu

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt.

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

DHS, Philips Issue Advisories for HealthSuite Android Health App The lack of strong encryption in Philips' HealthSuite Health Android app leaves the mobile health software vulnerable to hacking, according to a new advisory issued by the medical device manufacturer and an alert from the Department of Homeland Security

Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. In Linux, for instance, it takes four openSSL commands to generate an encryption key and encrypt data. However, simply encrypting data is not a sufficient control when storing data in the cloud. The answer to these question changes your encryption strategy.

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. So cyber criminals, too, have begun regularly using TLS to encrypt their attacks.

GDPR Compliance – Encryption

Perficient Data & Analytics

This data undergoes various actions and it is termed as ‘processed data’ Effective data protection techniques when applied to personal data, makes it secure. GDPR Compliant Encryption Methods. Standard Encryption. Standard Encryption. Symmetric Encryption.

Android Ups the Mobile Security Ante with Default TLS Encryption

Threatpost

More than 90 percent of Android apps running on the latest OS encrypt their traffic by default. Cryptography Mobile Security Privacy Web Security Android by default certificates Encryption google HTTPS os version 9 pie required tls

IBM releases open-source toolkits implementing FHE to process data while encrypted

Security Affairs

IBM has released open-source toolkits implementing fully homomorphic encryption (FHE) that allow researchers to process data while it’s still encrypted. IBM has released open-source toolkits implementing fully homomorphic encryption (FHE), which allows researchers to process encrypted data without having access to the actual data. This has revolutionized security and data privacy and how we outsource computation to untrusted clouds,” states IBM.

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files.

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. Basically, each device has a unique public/private key pair and a secure processor. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data. The private key is stored in a secure database, available to law enforcement on demand.

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. Let’s Encrypt certificate authority (CA) is going to revoke over 3 million certificates today due to a vulnerability in software used to verify users and their domains before issuing a certificate. “Let’s Encrypt found a bug in our CAA code. ” reads the advisory published by Let’s Encrypt.

Facebook Says Encrypting Messenger by Default Will Take Years

WIRED Threat Level

Mark Zuckerberg promised default end-to-end encryption throughout Facebook's platforms. Security Security / Security NewsNearly a year later, Messenger's not even close.

Zoom Beefs Up End-to-End Encryption to Thwart ‘Zoombombers’

Threatpost

As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. Cloud Security Cryptography Mobile Security Privacy acquisition cryptography Cyberattacks Cybersecurity End to end encryption Keybase video calls video platform zoom ZoomBombingA full cryptographic draft architecture will be available on May 22.

Vulnerable Invisible Salamanders and You: A Tale of Encryption Weakness

Dark Reading

A Black Hat presentation will discuss how vulnerabilities found in Facebook Messenger encryption could mean trouble for your secure messages

A Plan to Stop Breaches With Dead Simple Database Encryption

WIRED Threat Level

Database giant MongoDB has a new encryption scheme that should help slow the scourge of breaches. Security Security / Security News

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security. Slack announced today to launch encryption keys that will help businesses to protect their data.

Hundreds Arrested After Cops Dismantle Encrypted Phone Network via Information Security Magazine

IG Guru

The post Hundreds Arrested After Cops Dismantle Encrypted Phone Network via Information Security Magazine appeared first on IG GURU. Breach Business information privacy information security Risk News SecurityCheck out this article here.

The Key to Enterprisewide Encryption

Dark Reading

Security teams have been slow to embrace enterprisewide encryption, and for good reasons. But the truth is, it doesn't have to be an all-or-nothing endeavor