Security News

Twitter has launched its 'Encrypted Direct Messages' feature allowing paid Twitter Blue subscribers to send end-to-end encrypted messages to other users on the platform. End-to-end encrypted DMs on Twitter have been a sought-after and massively requested feature that was teased and retracted in 2018.

Twitter is officially beginning to roll out support for encrypted direct messages on the platform, more than six months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existing direct messages on users' inboxes.

A new 'White Phoenix' ransomware decryptor allows victims to partially recover files encrypted by ransomware strains that use intermittent encryption. After successfully recovering PDF files using the White Phoenix tool, CyberArk found similar restoration possibilities for other file formats, including files based on ZIP archives.

The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. Instead, an unknown attacker used the account of a legitimate but inactive member of the forum admin team to access the MyBB admin console on two occasions: February 16 and 21, 2023.

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. "The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack," the password management service said.

A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has cracked yet another encrypted messaging application named Exclu used by organized crime groups. "Exclu makes it possible to exchange messages, photos, notes, voice memos, chat conversations, and videos with other users," the Politie said.

An encrypted messaging service that has been on law enforcement's radar since a 2019 raid on an old NATO bunker has been shut down after a sweeping series of raids across Europe last week. In a search of 79 properties in German, The Netherlands, Belgium and Poland last Friday, Authorities in those four countries arrested 48 people who were users, operators and administrators of the Exclu crypto communications service.

Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption in Messenger chats by default. The social media behemoth said it intends to notify users in select individual chat threads as the security feature is enabled, while emphasizing that the process of choosing and upgrading the conversations to support E2EE is random.

The August 2022 security breach of LastPass may have been more severe than previously disclosed by the company. The popular password management service on Thursday revealed that malicious actors obtained a trove of personal information belonging to its customers that include their encrypted password vaults using data siphoned from the break-in.

Encrypted attacks remain a significant problem for countries around the globe, with the U.S., India and Japan seeing the biggest increases in attacks over the last 12 months. "Potential threats continue to hide in encrypted traffic, empowered by as-a-service models that dramatically reduce the technical barriers to doing so. It is critical for organizations to adopt a cloud-native zero trust architecture that allows consistent inspection of all internet bound traffic and effectively mitigate these attacks," Desai continued.