Security News

End-to-end encryption isn't designed to secure messages against the intended recipients. New revelations about WhatsApp's moderator access to messages last week might seem like they run counter to the company's privacy-forward brand, but a closer look shows the messaging service's privacy protections remain in place and are operating as intended.

A recent study of enterprise IT security decision makers conducted by Tresorit shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology. Hybrid work era driving the need for external file sharing security.

The British government is preparing to launch a full-scale policy assault against Facebook as the company gears up to introduce end-to-end encryption across all of its services. The backlash has already begun, showing that officials face a tooth-and-nail fight to derail the rollout of end-to-end encryption on the anti-social networking site and others in the Facebook estate.

America's National Security Agency has published an FAQ about quantum cryptography, saying it does not know "When or even if" a quantum computer will ever exist to "Exploit" public-key cryptography. In the document, titled Quantum Computing and Post-Quantum Cryptography FAQ, the NSA said it "Has to produce requirements today for systems that will be used for many decades in the future." With that in mind, the agency came up with some predictions [PDF] for the near future of quantum computing and their impact on encryption.

The threat, dubbed LockFile, uses a unique "Intermittent encryption" method as a way to evade detection as well as adopting tactics from previous ransomware gangs. Discovered by researchers at Sophos, LockFile ransomware encrypts every 16 bytes of a file, which means some ransomware protection solutions don't notice it because "An encrypted document looks statistically very similar to the unencrypted original," Mark Loman, director, engineering, for next-gen technologies at Sophos, wrote in a report on LockFile published last week.

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "Intermittent encryption." Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only every alternate 16 bytes of a file, thereby giving it the ability to evade ransomware defences.

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "Intermittent encryption." Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only every alternate 16 bytes of a file, thereby giving it the ability to evade ransomware defences.

This form of encryption essentially creates a virtual safe for your data that can only be unlocked with a passcode. If encryption is so easy, why don't people do it?

Facebook has updated the end-to-end encryption features in Messenger to provide users with more secure voice and video calling capabilities. Messenger has been offering support for end-to-end encrypted text chats for roughly five years, and Facebook has decided to expand the security feature to voice and video calling as well, after observing an increase in the use of these capabilities over the past year.

Facebook on Friday said it's extending end-to-end encryption for voice and video calls in Messenger, along with testing a new opt-in setting that will turn on end-to-end encryption for Instagram DMs. "The content of your messages and calls in an end-to-end encrypted conversation is protected from the moment it leaves your device to the moment it reaches the receiver's device," Messenger's Ruth Kricheli said in a post. It's worth noting that the company's flagship messaging service gained support for E2EE in text chats in 2016, when it added a "Secret conversation" option to its app, while communications on its sister platform WhatsApp became fully encrypted the same year following the integration of Signal Protocol into the application.