Security News
A study of BlackCat ransomware using different file sizes revealed that intermittent encryption brings significant speed benefits to threat actors. Historically, LockFile ransomware has been the first malware family to make use of intermittent encryption, in mid-2021, yet several different ransomware families are now using it.
These groups actively promote the presence of intermittent encryption features in their ransomware family to entice affiliates to join the RaaS operation. Agenda ransomware offers intermittent encryption as an optional and configurable setting.
A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle's manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. "Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]".
Fully Homomorphic Encryption (FHE) is a cryptographic primitive that enables performing computations over encrypted data without having access to the secret key. In this Help Net Security video,...
Social media company Meta said it will begin testing end-to-end encryption on its Messenger platform this week for select users as the default option, as the company continues to slowly add security layers to its various chat services. "If you're in the test group, some of your most frequent chats may be automatically end-to-end encrypted, which means you won't have to opt in to the feature," Sara Su, product management director of Messenger Trust, said.
Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries-particularly healthcare-as well as critical infrastructure organizations, the feds are warning. Zeppelin also appears to have a new multi-encryption tactics, executing the malware more than once within a victim's network and creating different IDs and file extensions for multiple instances attack, according to the CISA. "This results in the victim needing several unique decryption keys," according to the advisory.
Pros and cons of asymmetric encryption Pros of asymmetric encryption Asymmetric encryption allows the recipient to verify and authenticate the origin of a message, making it easy to avoid encrypted messages from an unknown sender. Cons of asymmetric encryption Asymmetric encryption is slower than symmetric encryption.
A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE - short for Supersingular Isogeny Key Encapsulation - which made it to the fourth round of the Post-Quantum Cryptography standardization process by the U.S. Department of Commerce's National Institute of Standards and Technology.
Two notorious characters from the British security services have published a paper that once again suggests breaking end-to-end encryption would be a good thing for society. Nearly four years ago Ian Levy, technical director of the UK National Cyber Security Centre, along with technical director for cryptanalysis at the British spy agency GCHQ Crispin Robinson, published a paper arguing for "Virtual crocodile clips" on encrypted communications that could be used to keep us all safe from harm.
The U.S. Department of Commerce's National Institute of Standards and Technology has chosen the first group of quantum-resistant encryption tools, designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day - such as online banking and email software. This Help Net Security video covers the highlights of four encryption algorithms selected by NIST..