Security News

Webinar Email provides us with an infinite number of possible exchanges. We send approximately 332 billion messages a day but having so much convenience and flexibility at our fingertips also brings security risks.

The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of them: An ephemeral RSA-512 public key that is randomly generated on each machine it infects. "If we can recover the RSA-512 Public Key from the registry, we can crack it and get the 256-bit AES Key that encrypts the files!" they wrote.

Reader Survey Results Data protection is a top priority for organisations tasked with protecting the integrity of not just their own data, but also the personally identifiable information they store and process on behalf of their business partners and customers. Having established the type of organisations most of you commonly deal with, we asked Which technologies would your organization consider in beefing up protection for sensitive data it processes in data centres? This was a question that allowed multiple responses, reflecting the inevitability that it's not an either/or approach to cyber security, and could include the simultaneous use of multiple different tools for protecting the information that customers trust to a company for secure hosting and processing.

In this Help Net Security video, Dana Morris, SVP Product and Engineering at Virtru, talks about privacy-preserving cryptography. He provides an introduction to data encryption techniques, the key exchange problem, discusses the need for crypto-agility, and much more.

With data breaches on the rise, encryption has never been more important for protecting companies against hackers and cyberattacks. The post Data encryption as a crucial step to manage data access...

New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. Office 365 Message Encryption is a security mechanism used to send and receive encrypted email messages between users inside and outside an organization without revealing anything about the communications themselves.

Microsoft Office 365 Message Encryption claims to offer a way "To send and receive encrypted email messages between people inside and outside your organization." Office 365 Message Encryption relies on a strong cipher, AES, but WithSecure says that's irrelevant because ECB is weak and vulnerable to cryptanalysis regardless of the cipher used.

We're not quite sure what to call it right now, so we referred to it in the headline by the hybrid name Microsoft Office 365. The web-based versions of the Office tools don't have the same feature set as the full apps, so any results we might obtain are unlikely to align with how most business users of Office, ah, 365 have configured Word, Excel, Outlook and friends on their Windows laptops.

WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption that could be exploited by attackers to obtain sensitive information. OME, which is used by organizations to send encrypted emails internally and externally, utilizes the Electronic Codebook implementation - a mode of operation known to leak certain structural information about messages.

Security researchers at WithSecure, previously F-Secure Business, found that it is possible to partially or fully infer the contents of encrypted messages sent through Microsoft Office 365 due to the use of a weak block cipher mode of operation. Organizations use Office 365 Message Encryption to send or receive emails, both external and internal, to ensure confidentiality of the content from destination to source.