Security News

Google Workspace has expanded its client-side encryption to Gmail and Google Calendar for users of Workspace Enterprise Plus, Education Standard and Education Plus, Google announced on Tuesday. Google Calendar for web browser, and Calendar on Android and iOS mobile apps in beta.

Google has announced the general availability of client-side encryption for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "Even more organizations to become arbiters of their own data and the sole party deciding who has access to it," Google's Ganesh Chilakapati and Andy Wen said.

Gmail client-side encryption is now generally available for Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. The feature was first introduced in Gmail on the web as a beta test in December 2022, after being available in Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar since last year.

Windows 10 already has two flavours of encryption - BitLocker and Windows Device Encryption - and as of the 22H2 release, Windows 11 Enterprise and Education adds Personal Data Encryption. Personal Data Encryption doesn't replace either of them because it doesn't encrypt a whole drive; instead, it protects individual files and folders using 256-bit AES-CBC encryption keys that are protected by Windows Hello for Business, but only through applications that are built to use it.

ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology has chosen to secure the data generated by Internet of Things devices: implanted medical devices, keyless entry fobs, "Smart home" devices, etc. Why are the ASCON encryption algorithms a good choice for IoT devices?

The National Institute of Standards and Technology announced that ASCON is the winning bid for the "Lightweight cryptography" program to find the best algorithm to protect small IoT devices with limited hardware resources. The weak chips inside these devices call for an algorithm that can deliver robust encryption at very little computational power.

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom," SentinelOne researcher Antonis Terefos said in a report shared with The Hacker News.

Remote access outfit GoTo has admitted that a threat actor exfiltrated an encryption key that allowed access to "a portion" of encrypted backup files. A third-party cloud storage service GoTo uses for its own products and affiliate company LastPass was attacked in August 2022.

Research conducted by Fujitsu suggests there is no need to panic about quantum computers being able to decode encrypted data - this is unlikely to happen in the near future, it claims. Fujitsu said it ran trials using its 39-qubit quantum simulator hardware to assess how difficult it would be for quantum computers to crack data encrypted with the RSA cipher, using a Shor's algorithm approach.

GoTo is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an encryption key for a portion of that data. "Our investigation to date has determined that a threat actor exfiltrated encrypted backups related to Central and Pro from a third-party cloud storage facility," reads the notice to customers.