Security News

Qrypt unveiled its Quantum Data at Rest application. QDAR provides one-time pad encryption as a data-at-rest solution for companies to secure important files, proprietary information and all mission-critical data.

Amazon-owned Ring has announced starting the worldwide roll out of video End-to-End Encryption to customers with compatible devices. "Today, we're proud to announce that we're moving it out of technical preview and expanding the feature's availability to customers around the world," Ring said.

Zettaset announced that XCrypt Kubernetes Encryption is available on the VMware Marketplace. VMware Marketplace enables customers to discover and deploy compatible, validated third-party solutions to VMware environments.

The use of virtual machines to run the malicious payload is getting more popular with ransomware attackers, Symantec's Threat Hunter Team claims. "During a recent investigation into an attempted ransomware attack, Symantec discovered that the attackers had installed a VirtualBox VM on some compromised computers. Unlike the previously documented RagnarLocker attacks, which involved Windows XP, the VM in this case appeared to be running Windows 7," they shared.

Remember just because you can see the crypto algorithm on paper and verify it's being used does not mean the algorithm or it's implementation is not "Backdoored" in some way. "Signature algorithms like ElGamal and DSA have parameters which must be set with random information. He shows how one can make use of these parameters to send a message subliminally. Because the algorithm's signature creation procedure is unchanged, the signature remains verifiable and indistinguishable from a normal signature. Therefore, it is hard to detect if the subliminal channel is used."

Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades. In a paper published Wednesday, researchers from Germany, France and Norway said the flaw affects the GPRS - or 2G - mobile data standard.

The GEA/1 encryption algorithm used by GPRS phones in the 1990s was seemingly designed to be weaker than it appears to allow eavesdropping, according to European researchers. A paper just out by academics at Germany's Ruhr-Universität Bochum, with help from Norwegian and French experts, has found [PDF] that GEA/1 only really offered 40-bit encryption, by design, and the way encryption keys were subdivided made the system relatively easy to break if you knew how at the time.

Google this week announced that it has released open source tools and libraries that can be used by developers to implement fully homomorphic encryption. FHE enables the processing of encrypted data without providing access to the actual data.

Google this week announced the introduction of client-side encryption in Google Workspace, which is meant to provide users with control over the encryption keys used to keep their data safe. Organizations that store sensitive or regulated data will benefit the most from the new feature, which helps them meet compliance requirements for CJIS, EAR, IRS 1075, ITAR, and TISAX. Client-side encryption works with key access service partners Flowcrypt, Futurex, Thales, and Virtru, which will be responsible for holding the key to decode Google Workspace data.

Google Workspace has been updated with client-side encryption and new Google Drive phishing and malware content protection. Enabling Client-side encryption for a document will only allow you and your partner who holds the key to access the contents of the encrypted Google Workspace files.