Security News
HTTPS, short for secure HTTP, relies on the encryption protocol known as TLS, which is short for transport layer security. Many high-traffic sites were afraid of HTTPS because of the extra time taken by the "Cryptographic dance" demanded by the protocol every time a visitor arrived at the site, and because of the need to encrypt and decrypt every byte sent and received thereafter.
Issuing and installing SSL certificates doesn't have to be a challenge, especially when there are tools like acme. Installing SSL certificates isn't difficult, but it's a process every Linux administrator will have to take on at some point in their career.
The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. As a consequence of the attack, the Department of Justice and Constitutional Development said that child maintenance payments are now on hold until systems are back online.
WhatsApp on Friday announced it will roll out support for end-to-end encrypted chat backups on the cloud for Android and iOS users, paving the way for storing information such as chat messages and photos in Apple iCloud or Google Drive in a cryptographically secure manner. "With the introduction of end-to-end encrypted backups, WhatsApp has created an HSM based Backup Key Vault to securely store per-user encryption keys for user backups in tamper-resistant storage, thus ensuring stronger security of users' message history," the company said in a whitepaper.
A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies. After ransomware topics were banned on hacking forums [1, 2], LockBit began promoting the new LockBit 2.0 ransomware-as-a-service operation on their data leak site.
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives. The ransomware is called Qlocker and began targeting QNAP devices on April 19th, 2021.
The Linux Foundation, Red Hat, Google, and Purdue have unveiled the free 'sigstore' service that lets developers code-sign and verify open source software to prevent supply-chain attacks. To pull these attacks off, threat actors will create malicious open-source packages and upload them to public repositories using names similar to popular legitimate packages.
Let's Encrypt just announced an infrastructure makeover which means the open certificate authority is able to re-issue up to 200 million certificates in a 24-hour period, something the service said could be necessary in "Some of the worst scenarios." The upgrade comes a year after Let's Encrypt was compromised by a Certificate Authority Authorization bug and was forced to revoke 3 million Transport Layer Security certificates on a single day, March 4, potentially leaving the sites behind them insecure or unavailable.
Internet Security Research Group nonprofit Let's Encrypt has massively upgraded its certification hardware and software so that it can delete and reissue all its certs in less than 24 hours. Last April the certificate authority was forced to kill three million HTTPS certs after a bug was found in its automated certificate management environment, about 2.6 per cent of its 150 million live certificate base.
Jack Wallen shows you how easy it can be to encrypt text to be sent via email, using Apple Mail and the GPG Suite. With the right pieces in place in macOS, you can copy a block of text from any application, encrypt it, paste it into the body of an email, and send it to any user that has shared their public key with you.