Google Releases Basic Homomorphic Encryption Tool

Schneier on Security

Google has released an open-source cryptographic tool: Private Join and Compute. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data.

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. So cyber criminals, too, have begun regularly using TLS to encrypt their attacks.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Zoom Will Be End-to-End Encrypted for All Users

Schneier on Security

Zoom is doing the right thing : it's making end-to-end encryption available to all users, paid and unpaid. cybersecurity encryption securityengineering twofactorauthentication videoconferencing

Top Full Disk Encryption Software Products

eSecurity Planet

Full disk encryption is a critical part of IT security. Here are the top disk encryption tools to choose from

Snake Ransomware isolates infected Systems before encrypting files

Security Affairs

Experts spotted recent samples of the Snake ransomware that were isolating the infected systems while encrypting files to avoid interference. The Snake ransomware kills processes from a predefined list, including ICS-related processes, to encrypt associated files.

Let’s Encrypt CA is revoking over 3 Million TLS certificates due to a bug

Security Affairs

Let’s Encrypt is going to revoke over 3 million certificates today due to a flaw in the software used to verify users and their domains before issuing a certificate. “Let’s Encrypt found a bug in our CAA code. ” reads the advisory published by Let’s Encrypt.

How to get back files encrypted by the Hacked Ransomware for free

Security Affairs

The Hacked Ransomware was first spotted in 2017, it appends.hacked extension to the encrypted files and includes ransom notes in Italian, English, Spanish, and Turkish. Well, experts an Emsisoft also released a free decryptor tool for this threat.

Encryption is Necessary, Tools and Tips Make It Easier

Dark Reading

In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise

Ragnar Ransomware encrypts files from virtual machines to evade detection

Security Affairs

Ransomware encrypts from virtual machines to evade antivirus. Ragnar Locker deploys Windows XP virtual machines to encrypt victim’s files, the trick allows to evaded detection from security software. Mounting all the shared drives to encrypt.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Microsoft 365 Updated with New Security, Risk, Compliance Tools

Dark Reading

Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption

Uninstall or Disable PGP Tools, Security Researchers Warn

Data Breach Today

Exploitable Vulnerabilities Could Reveal Plaintext of Encrypted Emails European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME.

Slack Launched Encryption Key Addon For Businesses

Security Affairs

Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. Slack announced today to launch encryption keys that will help businesses to protect their data. What is the purpose of Enterprise Key Management if Slack really encrypts the data? Slack currently encrypts your data in transit and at rest.

Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls

Dark Reading

New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy

IoT Inspector Tool from Princeton

Schneier on Security

Researchers at Princeton University have released IoT Inspector , a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices.

IoT 83

Experts released a free Decryption Tool for GandCrab ransomware

Security Affairs

Good news for the victims of the infamous GandCrab ransomware, security experts have created a decryption tool that allows them to decrypts files without paying the ransom. “This tool recovers files encrypted by GandCrab ransomware versions 1, 4 and 5.”

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

The Last Watchdog

Once inside a network, they move laterally to locate and encrypt mission-critical systems; a ransom demand for a decryption key follows. Ransomware continues to endure as a highly lucrative criminal enterprise. Ransomware hacking groups extorted at least $144.35 million from U.S.

A free Decryptor tool for GandCrab Ransomware released

Security Affairs

Good news for the victims of the latest variants of the GandCrab ransomware , NoMoreRansomware released a free decryption tool. Victims of the latest variants of the GandCrab ransomware can now decrypt their files for free using a free decryptor tool released on the the NoMoreRansom website.

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. The GCHQ released the source code of the tool on GitHub in November 2016, alongside with a demo.

NEW TECH: Breakthrough ‘homomorphic-like’ encryption protects data in-use, without penalties

The Last Watchdog

Homomorphic encryption has long been something of a Holy Grail in cryptography. Related: Post-quantum cryptography on the horizon For decades, some of our smartest mathematicians and computer scientists have struggled to derive a third way to keep data encrypted — not just the two classical ways, at rest and in transit. The truly astounding feat, aka homomorphic encryption, would be to keep data encrypted while it is being actively used by an application to run computations.

Why Enterprises Should Control Their Encryption Keys

Thales eSecurity

Cloud providers have done a good job of integrating default encryption services within their core infrastructure. However, as discussed in previous blogs , the encryption service is only as secure as the keys that are used to encrypt the data.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Imagine that you work on different engagements or projects in which Kali Linux is one of your primary tools. Create a BitLocker-protected virtual drive to provide “encryption at rest” data protection for your project files and data portability for archival purposes.

Encryption – A Feasible Savior against Prevalent Privacy Issues in Business Communication

Security Affairs

Even though encryption should be taken seriously by businesses of all sizes, only a small fraction of the corporate sector puts their back on it. Why is Encryption a Feasible Option against Digital Threats? Popular email providers, although, offer end-to-end encryption.

BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups — in the field

The Last Watchdog

Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. And yet today there is a resurgence in demand for encrypted flash drives. Highly secure portable drives make perfect sense in numerous work scenarios; encrypted flash drives, specifically, are part of a global hardware encryption market on track to climb to $296.4 As soon as it hits that drive to letter, it’s encrypted.

RSAC 2020: Trust in the Cloud. What Should You Do with Your Encryption Keys?

Thales eSecurity

When it comes to data security, more organizations are tempted to use cloud native encryption and key management services because it’s simple and easily available. One issue is that cloud native encryption and key management services provide just basic data security.

Always Encrypted: Database Security Product Overview and Analysis

eSecurity Planet

We review Always Encrypted, a free database security tool included with Microsoft SQL Server

Emsisoft released a free decryption tool for Paradise ransomware

Security Affairs

Researchers at Emsisoft firm has released a new free tool to decrypt files encrypted by the Paradise ransomware. Security experts at Emsisoft have developed a tool to decrypt files encrypted by the Paradise ransomware. Do not rename encrypted files.

Emsisoft released a new free decryption tool for the Avest ransomware

Security Affairs

Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days after the release of WannaCryFake decryptor. The Avest ransomware encrypts victim’s files and appends the extension “ ckey().email().pack14”

The Multi-Cloud Era Creates New Encryption Challenges

Thales eSecurity

Key Findings from the 2018 Global Encryption Trends Study. No core technologies are more fundamental to data protection than encryption and key management. 39% encrypt extensively in public cloud services, a number which has grown significantly just in the past year.

Attacking encrypted USB keys the hard(ware) way

Elie

Ever wondered if your new shiny AES hardware-encrypted USB device really encrypts your data - or is just a fluke? If you have, come to our talk to find out if those products live up to the hype and hear about the results of the audit we conducted on multiples USB keys and hard drives that claim to securely encrypt data. Armed with this knowledge and our tools, you will be able to evaluate the security of the USB device of your choice

U.S. Healthcare Industry Needs a Shot in the Arm When it Comes to Data Protection: 70% experienced a breach; Less than 38% are encrypting even as threats increase

Thales eSecurity

They’re counting on the fact that only 38% or less of healthcare organizations encrypt data. Unfortunately, healthcare organizations fail to encrypt everything even as they face this ever-expanding threat surface due to the sheer volume of personally identifiable information they process.

National Academy of Sciences Encryption Study

Data Matters

After supporters and opponents of mandated government access to encrypted communications publicly feuded for much of 2016, reprising arguments they’ve had since at least the days of the “Clipper Chip,” these “encryption debates” seemed to quiet down for much of last year. Wray further argued that, while the FBI “supports information security measures, including strong encryption[,]. Few would describe 2017 as a quiet year.

Encryption keeps us safe. It must not be compromised with ‘backdoors’ | Robby Mook

The Guardian Data Protection

I worry the current rhetoric around encryption is ignoring that lesson. The deputy attorney general, Rod Rosenstein, has called for “responsible encryption” that would allow officials to unlock encrypted data with a warrant. Christopher Wray, the director of the FBI, recently said that lack of access to encrypted smartphones was a “major public safety issue”. In the UK, the home secretary, Amber Rudd, has repeatedly said that encryption is a “problem”.

Making the Case for Encryption in the Era of Digital Transformation – Highlights from our Annual Data Threat Report

Thales eSecurity

A great way to mitigate some of the risks associated with cloud or multi-cloud environments is to deploy encryption solutions. In fact, 38% of organizations’ security concerns with cloud environments would be alleviated with data encryption at the service provider level. Beyond alleviating cloud concerns, encryption was identified as the top tool to drive the use of other digitally transformative technologies like, big data, IoT and containers, according to this year’s DTR.

Emsisoft released a free decryption tool for the STOP (Djvu) ransomware

Security Affairs

Emsisoft firm has released a new free decryption tool the STOP (Djvu) ransomware, in the last months the research team helped victims of many other threats. “We’ll be breaking STOP’s encryption via a side-channel attack on the ransomware’s keystream.

Adapting to the new normal: Remote work and the IBM Z

Rocket Software

The connection will be a secure encrypted connection back to the hosting server. You also want to ensure that all network connections are encrypted. The Z Encryption Readiness Tool (ZERT) is a free function within the Communication Server of z/OS.

Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks

Security Affairs

Cisco Talos experts uncovered a new wave of attacks tracked as Frankenstein campaign, attackers used tools built by combining four open-source techniques. Then the data is sent back to the C&C server via an encrypted channel. “A

AUSTRALIA: Assistance and Access Act, December 2018 – Holy grail of uncertainty created by new rushed-in data encryption laws

DLA Piper Privacy Matters

According to its Explanatory Memorandum, the Act is intended to ‘introduce measures to better deal with the challenges posed by ubiquitous encryption ‘ It amends primarily the existing Telecommunications Act 1997 to establish frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies in relation to encryption technologies, via the issuing of technical assistance requests, technical assistance notices and technical capability notices.

Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks

Security Affairs

Cisco Talos experts uncovered a new wave of attacks tracked as Frankenstein campaign, attackers used tools built by combining four open-source techniques. Then the data is sent back to the C&C server via an encrypted channel. “A

Damage from Silence APT operations increases fivefold. The gang deploys new tools on its “worldwide tour”

Security Affairs

New tools and techniques uncovered. New tools in the gang’s arsenal. Interestingly, Silence started using fileless tools much later than other APTs. Silence has also changed its encryption alphabets, string encryption, and commands for the bot and the main module.