Security News

The latest report from the WatchGuard shows an astonishing 91.5% of malware arriving over encrypted connections during Q2 2021. This is a dramatic increase over the previous quarter and means that any organization that isn't examining encrypted HTTPS traffic at the perimeter is missing 9/10 of all malware.

A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That's according to WatchGuard Technologies' latest report on findings within its telemetry, which also found that these detections come primarily from two malware families: AMSI.Disable.

Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email - one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion. God isn't sending encrypted Zix messages: If hapless users click on the spoofed email's link, it will try to download a presumably unholy HTML file onto their system.

The Matrix.org Foundation, which oversees the Matrix decentralized communication protocol, said on Monday multiple Matrix clients and libraries contain a vulnerability that can potentially be abused to expose encrypted messages. The organization said a blunder in an implementation of the Matrix key sharing scheme - designed to allow a user's newly logged-in device to obtain the keys to decrypt old messages - led to the creation of client code that fails to adequately verify device identity.

Facebook's WhatsApp on Friday said users will soon be able to store end-to-end encrypted backups of their chat history on Google Drive in Android or Apple iCloud in iOS, with an option to self-manage the encryption key. "We're adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the backups people choose to store in Google Drive or iCloud," said Facebook supremo Mark Zuckerberg in a missive on his platform.

The ProPublica report says that WhatsApp contractors "Sift through streams of private messages, images and videos that have been reported by WhatsApp users as improper and then screened by the company's artificial intelligence systems." WhatsApp in a statement emailed to The Register pushed back against ProPublica's claims.

To accelerate the overall data flow of PCs, increase the storage throughput, and further enhance data security of the hard disks, disk arrays were invented. To meet the demand for SSD security and reliability, the FORESEE SSD R&D team launched the P709 PCIe SSD, which, empowered by the TCG-OPAL 2.0 and Pyrite 2.0 encryption functions, ensures data security and avoids data leakage.

AMD's Secure Encrypted Virtualization scheme is not as secure as its name suggests. In a paper titled "One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization," Robert Buhren, Hans Niklas Jacob, Thilo Krachenfels, and Jean-Pierre Seifert from TU Berlin's Security in Telecommunications group, describe how they succeeded in mounting a voltage fault injection attack.

Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user's credentials give attackers unfettered access to all of the user's photos.

Amazon's AWS subsidiary on Friday announced the acquisition of Wickr, a late-stage startup that sells end-to-end encrypted communications tools. According to VP and Chief Information Security Officer Stephen Schmidt, AWS will be offering Wickr services effective immediately and Wickr customers, channel, and business partners can continue to use Wickr's services as they do today.