Security News

Microsoft has said it will add end-to-end encryption for some one-to-one Teams calls later this year - and urged folks to move away from using passwords with Azure AD. The Teams improvements, announced at the tech giant's Ignite conference this week, will be available "To commercial customers in preview in the first half of this year." Video conferencing rival Zoom offers end-to-end encryption with a few caveats and additional steps, and that appears to be more or less the approach Microsoft will take, too.

CD Projekt Red, the Polish developer of Cyberpunk 2077 and The Witcher 3, has disclosed a major security incident in which several company systems were encrypted and confidential data stolen. "If we will not come to an agreement, then your source codes will be sold or leaked online and your documents will be sent to our contacts in gaming journalism," wrote the attackers, who added CD Projekt Red had a 48-hour deadline to respond to their demands.

European encrypted services providers ProtonMail, Threema, Tresorit and Tutanota on Thursday urged European Union policy makers to rethink plans that would require the implementation of encryption backdoors. The Council of the European Union in December adopted a resolution on "Security through encryption and security despite encryption." The council said it supports the development and use of strong encryption to protect citizens and organizations, but at the same time it believes law enforcement and judicial authorities need to be able to exercise their legal powers.

Element Matrix Services is adding a bridge between hipster chat platform Slack and the open-source world of Matrix messaging. To ease the journey from the centralised world of Slack, Element Matrix Services - a hosting platform for Matrix - is adding a managed bridge for connecting Slack to the Matrix ecosystem.

DataLocker announced the release of an entirely new breed of encrypted USB drive. The DL4 FE changes the game for security professionals by providing bulletproof security and simple remote management in a small-form-factor USB drive with capacities up to 15.3 TB. "The onslaught of attacks by state actors, hackers, and cyber cartels continues. Threat actors are trying to exfiltrate terabytes of data to hold for ransom. Some want access to essential IT systems for later exploitation."

The National Security Agency on Wednesday published guidance for businesses on the adoption of an encrypted domain name system protocol, specifically DNS over HTTPS. Designed to translate the domain names included in URLs into IP addresses, for an easier navigation of the Internet, DNS has become a popular attack vector, mainly because requests and responses are transmitted in plaintext. "Using DoH with external resolvers can be good for home or mobile users and networks that do not use DNS security controls. For enterprise networks NSA recommends using only designated enterprise DNS resolvers in order to properly leverage essential enterprise cybersecurity defenses, facilitate access to local network resources, and protect internal network information," the NSA notes.

Mozilla is strengthening the privacy protections in Firefox with the implementation of Encrypted Client Hello, an evolutionary step from Encrypted Server Name Indication. In 2018, just after Cloudflare turned on Encrypted SNI, Mozilla added support for encrypting the Transport Layer Security SNI extension to Firefox Nightly.

The American Civil Liberties Union announced on Tuesday that it has filed a lawsuit against the FBI in an effort to find out how the law enforcement agency can access information stored on encrypted devices. The FBI has often turned to third parties for help in accessing information stored on encrypted devices, but it has come to light in recent court documents that the agency's Electronic Device Analysis Unit has been acquiring solutions that can help it break into encrypted devices on its own.

Tutanota has been served with a court order to backdoor its encrypted email service - a situation founder Matthias Pfau described to The Register as "Absurd." Our friends at Heise reported auf Deutsch that a court in Germany last month ordered Tutanota to help investigators monitor the contents of a user's encrypted mailbox.

These include an updated secure DNS service that hides the identity of the client, a password protocol that means a password is never transmitted to the server, and an encrypted "Client hello" that does not leak server names. Peek, poke, now PAKE. Third up is OPAQUE password, the name being, it seems, some sort of pun on Oblivious Pseudo-Random Function combined with Password Authenticated Key Exchange.