Security News

DataLocker announced the release of an entirely new breed of encrypted USB drive. The DL4 FE changes the game for security professionals by providing bulletproof security and simple remote management in a small-form-factor USB drive with capacities up to 15.3 TB. "The onslaught of attacks by state actors, hackers, and cyber cartels continues. Threat actors are trying to exfiltrate terabytes of data to hold for ransom. Some want access to essential IT systems for later exploitation."

The National Security Agency on Wednesday published guidance for businesses on the adoption of an encrypted domain name system protocol, specifically DNS over HTTPS. Designed to translate the domain names included in URLs into IP addresses, for an easier navigation of the Internet, DNS has become a popular attack vector, mainly because requests and responses are transmitted in plaintext. "Using DoH with external resolvers can be good for home or mobile users and networks that do not use DNS security controls. For enterprise networks NSA recommends using only designated enterprise DNS resolvers in order to properly leverage essential enterprise cybersecurity defenses, facilitate access to local network resources, and protect internal network information," the NSA notes.

Mozilla is strengthening the privacy protections in Firefox with the implementation of Encrypted Client Hello, an evolutionary step from Encrypted Server Name Indication. In 2018, just after Cloudflare turned on Encrypted SNI, Mozilla added support for encrypting the Transport Layer Security SNI extension to Firefox Nightly.

The American Civil Liberties Union announced on Tuesday that it has filed a lawsuit against the FBI in an effort to find out how the law enforcement agency can access information stored on encrypted devices. The FBI has often turned to third parties for help in accessing information stored on encrypted devices, but it has come to light in recent court documents that the agency's Electronic Device Analysis Unit has been acquiring solutions that can help it break into encrypted devices on its own.

Tutanota has been served with a court order to backdoor its encrypted email service - a situation founder Matthias Pfau described to The Register as "Absurd." Our friends at Heise reported auf Deutsch that a court in Germany last month ordered Tutanota to help investigators monitor the contents of a user's encrypted mailbox.

These include an updated secure DNS service that hides the identity of the client, a password protocol that means a password is never transmitted to the server, and an encrypted "Client hello" that does not leak server names. Peek, poke, now PAKE. Third up is OPAQUE password, the name being, it seems, some sort of pun on Oblivious Pseudo-Random Function combined with Password Authenticated Key Exchange.

Digital rights campaigners on Monday criticized a proposal by European Union governments that calls for communications companies to provide authorities with access to encrypted messages. The plan, first reported by Austrian public broadcaster FM4, reflects concern among European countries that police and intelligence services can't easily monitor online chats that use end-to-end encryption, such as Signal or WhatsApp.

Most Fortune 1000 compliance and security teams have the ability to access employee accounts on their enterprise communications platform to monitor activity and investigate bad actors. Unfortunately for enterprise security and compliance teams in most companies, unsanctioned communications platforms like WhatsApp are being used outside to conduct sensitive business in contravention of corporate policies.

iStorage has launched the diskAshur M2. The diskAshur M2 is iStorage's smallest, lightest, fastest and most rugged FIPS compliant encrypted portable SSD and includes connectivity for both USB type A and C ports. The new diskAshur M2 SSD encrypts data using FIPS PUB 197 validated, AES-XTS 256-bit hardware encryption and uniquely incorporates a Common Criteria EAL4+ ready secure microprocessor, which employs built-in physical protection mechanisms designed to defend against external tamper, bypass physical attacks and more.

The German government Wednesday agreed to allow secret services to listen in on conversations via encrypted messaging services such as Messenger or Whatsapp as a means of tackling terrorism. Cabinet adopted a bill to that effect, drawn up after a series of far right attacks in the country, and the proposed legislation now goes forward for parliamentary assent.