Google Releases Basic Homomorphic Encryption Tool

Schneier on Security

Google has released an open-source cryptographic tool: Private Join and Compute. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. What is the purpose of Enterprise Key Management if Slack really encrypts the data? Slack currently encrypts your data in transit and at rest.

NEW TECH: Breakthrough ‘homomorphic-like’ encryption protects data in-use, without penalties

The Last Watchdog

Homomorphic encryption has long been something of a Holy Grail in cryptography. Related: Post-quantum cryptography on the horizon For decades, some of our smartest mathematicians and computer scientists have struggled to derive a third way to keep data encrypted — not just the two classical ways, at rest and in transit. The truly astounding feat, aka homomorphic encryption, would be to keep data encrypted while it is being actively used by an application to run computations.

How to get back files encrypted by the Hacked Ransomware for free

Security Affairs

The Hacked Ransomware was first spotted in 2017, it appends.hacked extension to the encrypted files and includes ransom notes in Italian, English, Spanish, and Turkish. Well, experts an Emsisoft also released a free decryptor tool for this threat.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Imagine that you work on different engagements or projects in which Kali Linux is one of your primary tools. Create a BitLocker-protected virtual drive to provide “encryption at rest” data protection for your project files and data portability for archival purposes.

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. The GCHQ released the source code of the tool on GitHub in November 2016, alongside with a demo.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Encryption is Necessary, Tools and Tips Make It Easier

Dark Reading

In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise

Uninstall or Disable PGP Tools, Security Researchers Warn

Data Breach Today

Exploitable Vulnerabilities Could Reveal Plaintext of Encrypted Emails European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME.

New Free Decryption Tool for GandCrab

Dark Reading

Tool rescues GandCrab victims from malicious encryption

Experts released a free Decryption Tool for GandCrab ransomware

Security Affairs

Good news for the victims of the infamous GandCrab ransomware, security experts have created a decryption tool that allows them to decrypts files without paying the ransom. “This tool recovers files encrypted by GandCrab ransomware versions 1, 4 and 5.”

Why Enterprises Should Control Their Encryption Keys

Thales eSecurity

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data.

Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls

Dark Reading

New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy

IoT Inspector Tool from Princeton

Schneier on Security

Researchers at Princeton University have released IoT Inspector , a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices.

IoT 81

Emsisoft released a new free decryption tool for the Avest ransomware

Security Affairs

Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days after the release of WannaCryFake decryptor. The Avest ransomware encrypts victim’s files and appends the extension “ ckey().email().pack14”

Always Encrypted: Database Security Product Overview and Analysis

eSecurity Planet

We review Always Encrypted, a free database security tool included with Microsoft SQL Server

The Multi-Cloud Era Creates New Encryption Challenges

Thales eSecurity

Key Findings from the 2018 Global Encryption Trends Study. No core technologies are more fundamental to data protection than encryption and key management. 39% encrypt extensively in public cloud services, a number which has grown significantly just in the past year.

U.S. Healthcare Industry Needs a Shot in the Arm When it Comes to Data Protection: 70% experienced a breach; Less than 38% are encrypting even as threats increase

Thales eSecurity

They’re counting on the fact that only 38% or less of healthcare organizations encrypt data. Unfortunately, healthcare organizations fail to encrypt everything even as they face this ever-expanding threat surface due to the sheer volume of personally identifiable information they process.

Emsisoft released a free decryption tool for the STOP (Djvu) ransomware

Security Affairs

Emsisoft firm has released a new free decryption tool the STOP (Djvu) ransomware, in the last months the research team helped victims of many other threats. “We’ll be breaking STOP’s encryption via a side-channel attack on the ransomware’s keystream.

Encryption keeps us safe. It must not be compromised with ‘backdoors’ | Robby Mook

The Guardian Data Protection

I worry the current rhetoric around encryption is ignoring that lesson. The deputy attorney general, Rod Rosenstein, has called for “responsible encryption” that would allow officials to unlock encrypted data with a warrant. Christopher Wray, the director of the FBI, recently said that lack of access to encrypted smartphones was a “major public safety issue”. In the UK, the home secretary, Amber Rudd, has repeatedly said that encryption is a “problem”.

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Security Affairs

New tools and techniques uncovered. New tools in the gang’s arsenal. Interestingly, Silence started using fileless tools much later than other APTs. Silence has also changed its encryption alphabets, string encryption, and commands for the bot and the main module.

Attacking encrypted USB keys the hard(ware) way

Elie

Ever wondered if your new shiny AES hardware-encrypted USB device really encrypts your data - or is just a fluke? If you have, come to our talk to find out if those products live up to the hype and hear about the results of the audit we conducted on multiples USB keys and hard drives that claim to securely encrypt data. Armed with this knowledge and our tools, you will be able to evaluate the security of the USB device of your choice

Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks

Security Affairs

Cisco Talos experts uncovered a new wave of attacks tracked as Frankenstein campaign, attackers used tools built by combining four open-source techniques. Then the data is sent back to the C&C server via an encrypted channel. “A

National Academy of Sciences Encryption Study

Data Matters

After supporters and opponents of mandated government access to encrypted communications publicly feuded for much of 2016, reprising arguments they’ve had since at least the days of the “Clipper Chip,” these “encryption debates” seemed to quiet down for much of last year. Wray further argued that, while the FBI “supports information security measures, including strong encryption[,]. Few would describe 2017 as a quiet year.

Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks

Security Affairs

Cisco Talos experts uncovered a new wave of attacks tracked as Frankenstein campaign, attackers used tools built by combining four open-source techniques. Then the data is sent back to the C&C server via an encrypted channel. “A

Making the Case for Encryption in the Era of Digital Transformation – Highlights from our Annual Data Threat Report

Thales eSecurity

A great way to mitigate some of the risks associated with cloud or multi-cloud environments is to deploy encryption solutions. In fact, 38% of organizations’ security concerns with cloud environments would be alleviated with data encryption at the service provider level. Beyond alleviating cloud concerns, encryption was identified as the top tool to drive the use of other digitally transformative technologies like, big data, IoT and containers, according to this year’s DTR.

AUSTRALIA: Assistance and Access Act, December 2018 – Holy grail of uncertainty created by new rushed-in data encryption laws

DLA Piper Privacy Matters

According to its Explanatory Memorandum, the Act is intended to ‘introduce measures to better deal with the challenges posed by ubiquitous encryption ‘ It amends primarily the existing Telecommunications Act 1997 to establish frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies in relation to encryption technologies, via the issuing of technical assistance requests, technical assistance notices and technical capability notices.

ASUS fixes supply chain of Live Update tool hit in Operation ShadowHammer

Security Affairs

Discovered by Kaspersky in January 2019, Operation ShadowHammer took place between June and November 2018 and leveraged the proprietary tool that comes pre-installed on ASUS notebooks. It also implemented an enhanced end-to-end encryption mechanism and improved security of server-to-end-user communication. The vendor also developed an online security diagnostic tool that allows users to check whether their computers have been impacted.

How to Shop Online Like a Security Pro

Krebs on Security

The [link] part of the address merely signifies that the data being transmitted back and forth between your browser and the site is encrypted and can’t be read by third parties. Latest Warnings Security Tools Web Fraud 2.0

Patch Tuesday, November 2018 Edition

Krebs on Security

The other is a publicly disclosed bug in Microsoft’s Bitlocker encryption technology ( CVE-2018-8566 ) that could allow an attacker to get access to encrypted data. Security Tools Time to Patch CVE-2018-8566 CVE-2018-8589 Flash Player Microsoft Patch Tuesday November 2018 Qualys

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs

Victims of the PyLocky Ransomware can use a tool released by security researcher Mike Bautista at Cisco Talos group to decrypt their files for free. PyLocky Ransomware Decryption Tool Released — Unlock Files For Free. SecurityAffairs – PyLocky, decryptor tool).

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

I found this frustrating because as far as I can tell there is no integrated solution in Gmail for PGP/OpenGPG email message encryption, and some readers prefer to share news tips this way.

ICO Stresses Importance of Encryption for Data Security

Hunton Privacy

On August 28, 2013, on the UK Information Commissioner’s Office’s (“ICO’s”) blog, Simon Rice, Technology Group Manager for the ICO, discussed the importance of encryption as a data security measure. He stated that storing any personal information is “inherently risky” but encryption can be a “simple and effective means” to safeguard personal information and reduce the risk of security breaches. Selecting the Correct Encryption Method. Safeguarding the Encryption Key.

Newsmaker Interview: Scott Helme on Securing the Web

Threatpost

Scott Helme, the well-known security researcher, international speaker and the founder of the securityheaders.com and report-uri.com free tools for web security, has devoted himself to improving the security environment of the internet for the past decade. Threatpost sat down with Helme to discuss the state of web security, particularly on the encryption front — including certificate […].

Security Vulnerabilities in US Weapons Systems

Schneier on Security

Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications.

OCR Provides Insight into Enforcement Priorities and Breach Trends

HL Chronicle of Data Protection

Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and Accountability (HIPAA) regulatory framework.

Strong, streamlined and secure: How to get the most out of centralized key management

Thales eSecurity

With organizations around the world now deploying ever-increasing amounts of encryption solutions in an effort to ward off cybercrime, businesses are facing a combination of challenges. Protecting data through encryption.