Security News

Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email - one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion. God isn't sending encrypted Zix messages: If hapless users click on the spoofed email's link, it will try to download a presumably unholy HTML file onto their system.

The Matrix.org Foundation, which oversees the Matrix decentralized communication protocol, said on Monday multiple Matrix clients and libraries contain a vulnerability that can potentially be abused to expose encrypted messages. The organization said a blunder in an implementation of the Matrix key sharing scheme - designed to allow a user's newly logged-in device to obtain the keys to decrypt old messages - led to the creation of client code that fails to adequately verify device identity.

Facebook's WhatsApp on Friday said users will soon be able to store end-to-end encrypted backups of their chat history on Google Drive in Android or Apple iCloud in iOS, with an option to self-manage the encryption key. "We're adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud," said Facebook supremo Mark Zuckerberg in a missive on his platform.

The ProPublica report says that WhatsApp contractors "Sift through streams of private messages, images and videos that have been reported by WhatsApp users as improper and then screened by the company's artificial intelligence systems." WhatsApp in a statement emailed to The Register pushed back against ProPublica's claims.

To accelerate the overall data flow of PCs, increase the storage throughput, and further enhance data security of the hard disks, disk arrays were invented. To meet the demand for SSD security and reliability, the FORESEE SSD R&D team launched the P709 PCIe SSD, which, empowered by the TCG-OPAL 2.0 and Pyrite 2.0 encryption functions, ensures data security and avoids data leakage.

AMD's Secure Encrypted Virtualization scheme is not as secure as its name suggests. In a paper titled "One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization," Robert Buhren, Hans Niklas Jacob, Thilo Krachenfels, and Jean-Pierre Seifert from TU Berlin's Security in Telecommunications group, describe how they succeeded in mounting a voltage fault injection attack.

Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user's credentials give attackers unfettered access to all of the user's photos.

Amazon's AWS subsidiary on Friday announced the acquisition of Wickr, a late-stage startup that sells end-to-end encrypted communications tools. According to VP and Chief Information Security Officer Stephen Schmidt, AWS will be offering Wickr services effective immediately and Wickr customers, channel, and business partners can continue to use Wickr's services as they do today.

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. This week, the world's police organizations announced 800 arrests based on text messages sent over the app.

In a huge sting operation, the U.S. Federal Bureau of Investigation and Australian Federal Police ran an "Encrypted chat" service called ANoM for almost 3 years to intercept 27 million messages between criminal gang members globally. "For almost three years, the AFP and the FBI have monitored criminals' encrypted communications over a Dedicated Encrypted Communications Platform," AFP said.