Security News

Increasingly cybercrime rings still tracked as ransomware operators are turning toward primarily data theft and extortion - and skipping the encryption step altogether. The Conti internal communications leaked earlier in the year highlighted how these ransomware gangs operate akin to software-as-a-service startups.

The paper [PDF], titled "Mega: Malleable Encryption Goes Awry," by ETH cryptography researchers Matilda Backendal and Miro Haller, and computer science professor Kenneth Paterson, identifies "Significant shortcomings in Mega's cryptographic architecture" that allow Mega, or those able to mount a TLS MITM attack on Mega's client software, to access user files. "The first two attacks exploit the lack of integrity protection of ciphertexts containing keys, and allow full compromise of all user keys encrypted with the master key, leading to a complete break of data confidentiality in the MEGA system," the paper explains.

A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled "MEGA: Malleable Encryption Goes Awry," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files.

Researchers at security product recommendation service Safety Detectives claim they've found almost a million customer records wide open on an Elasticsearch server run by Malaysian point-of-sale software vendor StoreHub. Safety Detectives' report states it found a StoreHub sever that stored unencrypted data and was not password protected.

Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands. Unit 42 said the HelloXD ransomware family is in its initial stages but it's working to track down the author.

ENCSecurity markets a file encryption system, and it's used by SanDisk, Sony, Lexar, and probably others. Despite it using AES as its algorithm, it's implementation is flawed in multiple ways-and breakable.

Stop significant B2B or B2C information sharing problems with a tailored approach to encryption. The security of our data is, without question, at the top of any enterprise's priority list.

Proposed Europe regulations that purport to curb child abuse by imposing mass surveillance would be a "Disaster" for digital privacy and strong encryption, say cybersecurity experts. A number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps tackle the "Detection, removal, and reporting of previously-known and new child sexual abuse material and grooming."

US president Joe Biden issued two directives on Wednesday aimed at ensuring the nation - and like-minded friends - remain ahead of other countries in the field of quantum computing. The committee is an enhancement to the National Quantum Initiative Act - a 2018 law that provides $1.2 billion and a plan for advancing quantum tech.

Echoworx's release of a commissioned study conducted on their behalf by Forrester Consulting reveals the evolution of email security strategies and the importance of user experience. Echoworx provides email encryption solutions that are smarter and more adaptive.