Security News

Social media company Meta said it will begin testing end-to-end encryption on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature," Sara Su, product management director of Messenger Trust, said.

Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack's precision and the speed of moving from initial access to the final stage of encrypting devices. The Conti ransomware operation launched in 2020 to replace Ryuk and quickly grew to infamy after attacking victims in both the private and the public sector, including local governments in the U.S., schools, and national healthcare systems.

Tech companies could be fined $25 million - or ten percent of their global annual revenue - if they don't build suitable mechanisms to scan for child sex abuse material in end-to-end encrypted messages and an amended UK law is passed. The proposed update to the Online Safety bill [PDF], currently working its way through Parliament, states that British and foreign providers of a "Regulated user-to-user service" must report child sexual exploitation and abuse content to the country's National Crime Agency.

Speek! is a new encrypted chat service that uses Tor to offer secure communication. Speek! isn't quite like the chat apps and services you are used to.

Network traffic continues to increase, and global internet bandwidth grew by 29% in 2021, reaching 786 Tbps. In addition to record traffic volumes, 95% of traffic is now encrypted according to Google. To help address these problems, many network security and operations teams are relying more heavily on machine learning technologies to identify faults, anomalies, and threats in network traffic.

Elon Musk, CEO of SpaceX and Tesla and Twitter's new owner, on Thursday called on adding support for end-to-end encryption to the platform's direct messages feature. "Twitter DMs should have end to end encryption like Signal, so no one can spy on or hack your messages," Musk said in a tweet.

A threat brief published by the US Department of Health and Human Services on Thursday paints a grim picture of how Ireland's health service, the HSE, was overwhelmed and had 80% of its systems encrypted during last year's Conti ransomware attack. "The HSE did not have a single responsible owner for cybersecurity, at senior executive or management level at the time of the incident. There was no dedicated committee that provided direction and oversight of cybersecurity and the activities required to reduce the HSE's cyber risk exposure," the HHS Cybersecurity Program said.

A group of hackers claim they breached and encrypted servers belonging to the Belarusian Railway, Belarus's national state-owned railway company. "At the command of the terrorist Lukashenka, Belarusian Railway allows the occupying troops to enter our land," the group said today on Twitter.

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Although mainly fashioned as an information-stealing malware, Qakbot has since shifted its goals and acquired new functionality to deliver post-compromise attack platforms such as Cobalt Strike Beacon, with the final objective of loading ransomware on infected machines.

Here's the irony of ransomware data breach stories that gets surprisingly little attention: cybercriminals enthusiastically encrypt and steal sensitive data to extort money and yet their victims rarely bother to defend themselves using the same obviously highly effective concept. If sensitive data such as IP are competently encrypted, that not only means that attackers can't access or threaten to leak it, in many cases they won't even be able to see it in the first place - all encrypted data looks alike.