Security News

A study from computer scientists at Columbia Engineering reveals what may be the first way to encrypt personal images on popular cloud photo services, such as those from Google, Apple, Flickr and others, all without requiring any changes to - or trust in - those services. Cloud photo services currently not compatible with image encryption.

These two threats already combine to make common encryption less secure than we like to believe and with the power of quantum computing, it will only get worse. Shor's algorithm can use quantum computing to factor large RSA numbers exponentially faster than any other method and it doesn't require a full-scale general purpose quantum computer.

Ubiq Security announced that it was awarded a SBIR contract with the U.S. Army DEVCOM. Ubiq's platform will be utilized to help deliver highly efficient, more scalable, and innovative encryption capabilities. Ubiq's API-based encryption platform uses a cloud-based model to deliver encryption and centralized key management capabilities, addressing challenges the Department of Defense commands are currently facing.

Qrypt unveiled its Quantum Data at Rest application. QDAR provides one-time pad encryption as a data-at-rest solution for companies to secure important files, proprietary information and all mission-critical data.

Amazon-owned Ring has announced starting the worldwide roll out of video End-to-End Encryption to customers with compatible devices. "Today, we're proud to announce that we're moving it out of technical preview and expanding the feature's availability to customers around the world," Ring said.

Zettaset announced that XCrypt Kubernetes Encryption is available on the VMware Marketplace. VMware Marketplace enables customers to discover and deploy compatible, validated third-party solutions to VMware environments.

The use of virtual machines to run the malicious payload is getting more popular with ransomware attackers, Symantec's Threat Hunter Team claims. "During a recent investigation into an attempted ransomware attack, Symantec discovered that the attackers had installed a VirtualBox VM on some compromised computers. Unlike the previously documented RagnarLocker attacks, which involved Windows XP, the VM in this case appeared to be running Windows 7," they shared.

Remember just because you can see the crypto algorithm on paper and verify it's being used does not mean the algorithm or it's implementation is not "Backdoored" in some way. "Signature algorithms like ElGamal and DSA have parameters which must be set with random information. He shows how one can make use of these parameters to send a message subliminally. Because the algorithm's signature creation procedure is unchanged, the signature remains verifiable and indistinguishable from a normal signature. Therefore, it is hard to detect if the subliminal channel is used."

Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades. In a paper published Wednesday, researchers from Germany, France and Norway said the flaw affects the GPRS - or 2G - mobile data standard.

The GEA/1 encryption algorithm used by GPRS phones in the 1990s was seemingly designed to be weaker than it appears to allow eavesdropping, according to European researchers. A paper just out by academics at Germany's Ruhr-Universität Bochum, with help from Norwegian and French experts, has found [PDF] that GEA/1 only really offered 40-bit encryption, by design, and the way encryption keys were subdivided made the system relatively easy to break if you knew how at the time.