Security News

The DHS's Cybersecurity & Infrastructure Security Agency published a memorandum on April 21 warning agency CIOs that they're legally bound to use its internal EINSTEIN network security system when resolving DNS queries. The first is DNS over TLS. This uses Transport Layer Security - the successor to SSL - to encrypt the queries directly and verify the server's identity using digital certificates.

A newly disclosed vulnerability in older Xilinx FPGAs can be exploited to simplify the process of extracting and decrypting the encrypted bitstreams used to configure the chips. There's a solution: you can encrypt your bitstream with AES-CBC and an encryption key, and burn that secret key into the FPGAs you bought as they are placed into your product at your factory.

MobileIron, the company that introduced the industry's first mobile-centric, zero trust enterprise security platform, announced a new partnership with Adeya, the secure collaboration leader, to empower today's global workforce with private, end-to-end encrypted real-time voice and video calls, conference calls, SMS, instant messages, group chats and file exchanges on any device. Leveraging the combined solution, customers can now rapidly manage and deploy Adeya's end-to-end encrypted communication, collaboration and file-sharing solution through MobileIron's unified endpoint management platform.

Enveil, the pioneering data security company protecting Data in Use, announced the release of its encrypted machine learning product, ZeroReveal Machine Learning, the first adaptable, market-ready solution allowing organizations to process data against an encrypted machine learning model. Building on the success of its ZeroReveal Search solution, Enveil ZeroReveal ML fundamentally changes the paradigm of secure data usage by allowing organizations to enable advanced decisioning through collaborative and federated machine learning in a secure and private capacity.

"Organizations need to implement advanced data classification, data anonymization, data masking, encryption, security, and access controls in order to set themselves up for successful compliance. ESG believes that many organizations are only ready on the surface - with marketing opt-in/out processes, for example." Protecting customer data privacy a strategic imperative for businesses.

Last week, Politico reported that earlier this month, the EC took to internal messaging boards to recommend moving to the alternative end-to-end encrypted messaging app, which it said "Has been selected as the recommended application for public instant messaging." Unlike WhatsApp, Signal is operated by a non-profit foundation - one that WhatsApp co-founder Brian Acton put $50 million into after he ditched Facebook - and is applauded for putting security above all else.

We urge you to recognize and accept that an increased risk of child abuse being facilitated on or by Facebook is not a reasonable trade-off to make. The NSPCC said in December 2019 that police in the UK recorded over 4,000 instances - an average of 11 per day - where Facebook apps were used in child abuse image and online child sexual offenses during the prior year.

Kanguru Remote Management Console offers a robust solution for IT Security Admins looking to meet high-end security demands by allowing administrators to easily manage and monitor their encrypted USB devices containing sensitive data around the world. KRMC is ideal for protecting data, enabling administrators to set policies, disable or delete lost/stolen drives, track and monitor secure USB drives worldwide, generate reports, and much more.

More than two years ago, Apple told the FBI that it planned to offer users end-to-end encryption when storing their phone data on iCloud, according to one current and three former FBI officials and one current and one former Apple employee. Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order.

Two years ago, Apple abandoned its plan to encrypt iPhone backups in the iCloud in such a way that makes it impossible for it to decrypt the contents, a Reuters report claimed on Tuesday. Based on information received by multiple unnamed FBI and Apple sources, the report says that the decision was made after Apple shared its plan for end-to-end encrypted iCloud backups with the FBI and the FBI objected to it.