Zoom to Offer End-to-End Encryption for All Users

Data Breach Today

Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform.

Zoom Promises Geo-Fencing, Encryption Overhaul for Meetings

Data Breach Today

Web Conferencing Provider Blames Routing of Keys via China on Scaling-Up Error Zoom, responding to research that identified encryption and infrastructure shortcomings in its audio and video conferencing software, has promised to further revamp its security controls.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Threatpost

The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption.

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Data Breach Today

After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole.

Zoom Restricts End-to-End Encryption to Paid Users

Threatpost

The end-to-end encryption feature will not be offered to free users, Zoom's CEO said, in case Zoom needed to comply with federal and local law enforcement. Privacy Web Security End to end encryption FBI law enforcement work from home zoom zoom privacy zoom security

Encryption Utility Firm Accused of Bundling Malware Functions in Product

Threatpost

The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board. Cloud Security Malware Check Point cloudeye crypter darkeye Encryption guloader italian company malware Malware analysis packer securitycode.eu

IBM releases open-source toolkits implementing FHE to process data while encrypted

Security Affairs

IBM has released open-source toolkits implementing fully homomorphic encryption (FHE) that allow researchers to process data while it’s still encrypted. This has revolutionized security and data privacy and how we outsource computation to untrusted clouds,” states IBM.

Encryption-Busting EARN IT Act Advances in Senate

WIRED Threat Level

Plus: A massive crime bust in Europe, a warning from US Cyber Command, and more of the week's top security news. Security Security / Security News

Attorney General William Barr on Encryption Policy

Schneier on Security

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files.

Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

DHS, Philips Issue Advisories for HealthSuite Android Health App The lack of strong encryption in Philips' HealthSuite Health Android app leaves the mobile health software vulnerable to hacking, according to a new advisory issued by the medical device manufacturer and an alert from the Department of Homeland Security.

Top Full Disk Encryption Software Products

eSecurity Planet

Full disk encryption is a critical part of IT security. Here are the top disk encryption tools to choose from

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. “Let’s Encrypt found a bug in our CAA code. ” reads the advisory published by Let’s Encrypt.

Zoom Beefs Up End-to-End Encryption to Thwart ‘Zoombombers’

Threatpost

As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. Cloud Security Cryptography Mobile Security Privacy acquisition cryptography Cyberattacks Cybersecurity End to end encryption Keybase video calls video platform zoom ZoomBombing

Is All Encryption Equal?

Thales eSecurity

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. The answer to these question changes your encryption strategy.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Hundreds Arrested After Cops Dismantle Encrypted Phone Network via Information Security Magazine

IG Guru

The post Hundreds Arrested After Cops Dismantle Encrypted Phone Network via Information Security Magazine appeared first on IG GURU. Breach Business information privacy information security Risk News SecurityCheck out this article here.

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt.

Ray Ozzie's Encryption Backdoor

Schneier on Security

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. Basically, each device has a unique public/private key pair and a secure processor. We know how to make backdoors, we just don't know how to secure them.

A Plan to Stop Breaches With Dead Simple Database Encryption

WIRED Threat Level

Database giant MongoDB has a new encryption scheme that should help slow the scourge of breaches. Security Security / Security News

The Key to Enterprisewide Encryption

Dark Reading

Security teams have been slow to embrace enterprisewide encryption, and for good reasons. But the truth is, it doesn't have to be an all-or-nothing endeavor

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

Threatpost

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

Let’s Encrypt to Revoke Millions of TLS Certs

Threatpost

On Wednesday millions of Transport Layer Security certificates will be revoked because of a Certificate Authority Authorization bug. Cryptography Web Security Bug caa Certificate Authority Authorization certificates Let's Encrypt revoke TLC Transport Layer Security vulnerability

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. So cyber criminals, too, have begun regularly using TLS to encrypt their attacks.

IEEE Statement on Strong Encryption vs. Backdoors

Schneier on Security

The IEEE came out in favor of strong encryption: IEEE supports the use of unfettered strong encryption to protect confidentiality and integrity of data and communications. Governments have legitimate law enforcement and national security interests.

Former FBI General Counsel Jim Baker Chooses Encryption Over Backdoors

Schneier on Security

This is true even though encryption will impose costs on society, especially victims of other types of crime. [.]. Basically, he argues that the security value of strong encryption greatly outweighs the security value of encryption that can be bypassed.

Signal App Tips: Get the Most Out of Your Encrypted Chat

WIRED Threat Level

The best end-to-end encrypted messaging app has a host of security features. Security Security / Security AdviceHere are the ones you should care about.

The EARN IT Act Is a Sneak Attack on Encryption

WIRED Threat Level

Security Security / Security NewsThe crypto wars are back in full swing. .

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

The Apple Mail app available on macOS stores leave s a portion of users encrypted emails in plaintext in a database called snippets. SecurityAffairs – encryption, hacking). The post Apple Mail stores parts of encrypted emails in plaintext DB appeared first on Security Affairs.

Zoom Upgrades Encryption Keys to What It Promised All Along

WIRED Threat Level

Plus: Facebook data on the dark web, Nintendo accounts keep getting hacked, and more of the week's top security news. Security Security / Security News

Android Ups the Mobile Security Ante with Default TLS Encryption

Threatpost

More than 90 percent of Android apps running on the latest OS encrypt their traffic by default. Cryptography Mobile Security Privacy Web Security Android by default certificates Encryption google HTTPS os version 9 pie required tls

Presidential Candidate Andrew Yang Has Quantum Encryption Policy

Schneier on Security

At least one presidential candidate has a policy about quantum computing and encryption. One: fund quantum-resistant encryption standards. Unlike many far more pressing computer security problems, the market seems to be doing this on its own quite nicely.).

Adiantum will bring encryption on Android devices without cryptographic acceleration

Security Affairs

Google announced Adiantum, a new encryption method devised to protect Android devices without cryptographic acceleration. Google announced Adiantum , a new encryption method devised to protect Android devices without cryptographic acceleration. SecurityAffairs – Android, encryption).

The Debate Over How to Encrypt the Internet of Things

WIRED Threat Level

So-called lightweight encryption has its place. Security Security / Security NewsBut some researchers argue that more manufacturers should stick with proven methods.

Is Payments Industry Ready for New Encryption Protocols?

Data Breach Today

PCI-DSS Requirement Looms on June 30 New PCI requirements that go into effect June 30 are pushing payment card acquirers, processors, gateways and service providers worldwide to implement more secure encryption protocols for transactions.