NSA Releases Guidance on Obsolete Encryption Tools

Data Breach Today

National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. Agency Recommends Replacement of Old TLS and SSL Protocols The U.S.

Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips

Threatpost

Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. ETSI was — and maybe still is — under the auspices of SOGIS : the Senior Officials Group, Information Systems Security.

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat.

What Is the Signal Encryption Protocol?

WIRED Threat Level

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging. Security Security / Privacy

ZLoader Malware Hidden in Encrypted Excel File

Data Breach Today

Researchers Describe Sophisticated Phishing Campaign A new phishing campaign distributes ZLoader malware using advanced delivery techniques that demonstrate sophisticated understanding of Microsoft Office document formats and techniques, the security firm Forcepoint X-Labs reports

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The secure devices don’t use phone number to communicate because the encrypted traffic it relayed via An0m’s central platform.

New Bill Targeting ‘Warrant-Proof’ Encryption Draws Ire

Threatpost

The Lawful Access to Encrypted Data Act is being decried as "an awful idea" by security experts. Government Privacy apple Data Privacy Encryption End to end encryption Facebook FBI Lawful Access to Encrypted Data Act Security

Top Enterprise Encryption Products

eSecurity Planet

Encryption remains a mainstay of IT security technology, a critical tool for protecting sensitive data. We evaluate the top encryption solutions

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. This challenges the view that hardware encryption is preferable over software encryption.

Zoom Rolls Out End-to-End Encryption After Setbacks

Threatpost

After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week. Cloud Security Vulnerabilities Web Security coronavirus COVID-19 E2EE Encryption End to end encryption Pandemic remote work Security transport layer security encryption video conferencing security zoom zoom meeting Zoom-bombing

Homomorphic Encryption: The 'Golden Age' of Cryptography

Dark Reading

The ability to perform complex calculations on encrypted data promises a new level of privacy and data security for companies in the public and private sectors.

A Security Practitioner's Guide to Encrypted DNS

Dark Reading

Best practices for a shifting visibility landscape

Australia Passes Encryption-Busting Law

Data Breach Today

Government Can Force Technology Companies to Break Encryption Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software

Zoom to Offer End-to-End Encryption for All Users

Data Breach Today

Teleconference Company Describes Series of Security Measures Zoom will begin beta testing an end-to-end encryption feature in July that it plans to make available at no charge to all who use the paid or free version of its teleconference platform.

The FBI's Anom Stunt Rattles the Encryption Debate

WIRED Threat Level

The agency spent years running a secure phone network for criminals. Security Security / Security NewsSo much for “going dark.”.

Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

Homomorphic Encryption Makes Real-World Gains, Pushed by Google, IBM, Microsoft

eSecurity Planet

The increasing mobility of data, as it ping-pongs between clouds, data centers and the edge, has made it an easier target of cybercrime groups, which has put a premium on the encryption of that data in recent years. Further reading : Best Encryption Software & Tools for 2021.

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network

Threatpost

Cryptography Government Mobile Security Privacy Android criminal communications Criminals EncroChat encrypted chat Encryption European Union France law enforcement mobile murder network secure mobile messaging The Netherlands U.K.

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. This version fixes a critical security bug in the recently released version 1.9.0.

Zoom now supports end-to-end encrypted (E2EE) calls

Security Affairs

The Video conferencing platform Zoom announced the implementation of end-to-end encryption (E2EE) and its availability starting next week. The popular Video conferencing platform Zoom announced the availability of the end-to-end encryption (E2EE) starting next week. “Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your sessions.”

NEW TECH: Will ‘Secure Access Service Edge’ — SASE — Be the Answer to Secure Connectivity?

The Last Watchdog

Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security. Related: The shared burden of securing the Internet of Things. Security, meanwhile, has morphed into a glut of point solutions that mostly serve to highlight the myriad gaps in an ever-expanding attack surface. It’s called Secure Access Service Edge, or SASE , as coined by research firm Gartner.

The Encryption 'Backdoor' Debate Continues

Data Breach Today

The latest edition of the ISMG Security Report offers a deep dive on the debate about whether law enforcement officials should have a "backdoor" to circumvent encryption. Also featured: An analysis of Equifax's settlement with the FTC and a discussion of a new report on the cost of data breaches

Zoom Faces More Legal Challenges Over End-to-End Encryption

Threatpost

The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it. Government Mobile Security Privacy Web Security Consumer Protection Procedures Act damages End to end encryption false advertising Lawsuit legal challenges sued Washington D.C.

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

Encryption agility is going to be essential as we move forward with digital transformation. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. Now comes something called attribute-based encryption, or ABE, a new approach to encrypting data that holds the potential to infuse agility into how encryption gets done online.

Encryption Utility Firm Accused of Bundling Malware Functions in Product

Threatpost

The increasingly prevalent GuLoader malware has been traced back to a far-reaching encryption service that attempts to pass as above-board. Cloud Security Malware Check Point cloudeye crypter darkeye Encryption guloader italian company malware Malware analysis packer securitycode.eu

Zoom Restricts End-to-End Encryption to Paid Users

Threatpost

The end-to-end encryption feature will not be offered to free users, Zoom's CEO said, in case Zoom needed to comply with federal and local law enforcement. Privacy Web Security End to end encryption FBI law enforcement work from home zoom zoom privacy zoom security

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. “Let’s Encrypt found a bug in our CAA code. ” reads the advisory published by Let’s Encrypt.

IBM releases open-source toolkits implementing FHE to process data while encrypted

Security Affairs

IBM has released open-source toolkits implementing fully homomorphic encryption (FHE) that allow researchers to process data while it’s still encrypted. This has revolutionized security and data privacy and how we outsource computation to untrusted clouds,” states IBM.

Android Ups the Mobile Security Ante with Default TLS Encryption

Threatpost

More than 90 percent of Android apps running on the latest OS encrypt their traffic by default. Cryptography Mobile Security Privacy Web Security Android by default certificates Encryption google HTTPS os version 9 pie required tls

Five Eyes nations plus India and Japan call for encryption backdoor once again

Security Affairs

Members of the Five Eyes intelligence alliance once again call for tech firms to engineer backdoors into end-to-end and device encryption. The Statement ends with the call to protect public safety, even sacrificing privacy or cyber security. “We SecurityAffairs – hacking, encryption).

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

Threatpost

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

Apple Abandoned Plans for Encrypted iCloud Backup after FBI Complained

Schneier on Security

This is new from Reuters: More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee.

Ransomware’s Dangerous New Trick: Double-Encrypting Your Data

WIRED Threat Level

Security Security / Security NewsEven when you pay for a decryption key, your files may still be locked up by another strain of malware.

Zoom Beefs Up End-to-End Encryption to Thwart ‘Zoombombers’

Threatpost

As the company continues to battle security woes, it has acquired Keybase to boost security and privacy. Cloud Security Cryptography Mobile Security Privacy acquisition cryptography Cyberattacks Cybersecurity End to end encryption Keybase video calls video platform zoom ZoomBombing

Let’s Encrypt to Revoke Millions of TLS Certs

Threatpost

On Wednesday millions of Transport Layer Security certificates will be revoked because of a Certificate Authority Authorization bug. Cryptography Web Security Bug caa Certificate Authority Authorization certificates Let's Encrypt revoke TLC Transport Layer Security vulnerability

Report: Encrypted Smartphone Takedown Outed Canadian Mole

Data Breach Today

After Arresting Phantom Secure CEO, Authorities Reportedly Saw Secrets for Sale The Canadian government has arrested a senior intelligence official on charges of working as a mole. He was reportedly unmasked after investigators found someone had pitched stolen secrets to the CEO of Phantom Secure, a secure smartphone service marketed to criminals that authorities shuttered last year

How Law Enforcement Gets Around Your Smartphone's Encryption

WIRED Threat Level

New research has dug into the openings that iOS and Android security provide for anyone with the right tools. Security Security / Privacy

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security. Slack announced today to launch encryption keys that will help businesses to protect their data.

Multiparty Encryption Allows Companies to Solve Security-Data Conundrum

Dark Reading

An interdisciplinary research team constructs a way for companies to share breach data without revealing specific details that could exposes businesses to legal risk