Security News
Unbound Security announced its partnership with HashiCorp to deliver a fully integrated encryption key management solution for enterprises. "This integration streamlines guarding secrets and key management and offers customers a seamless solution to meet their secrets management needs, that is underpinned by centralized key management which delivers the highest levels of security," said Asvin Ramesh, senior director, technology alliances at HashiCorp. HashiCorp Vault protects secrets and sensitive data across multiple clouds, systems, and endpoints.
A study from computer scientists at Columbia Engineering reveals what may be the first way to encrypt personal images on popular cloud photo services, such as those from Google, Apple, Flickr and others, all without requiring any changes to - or trust in - those services. Cloud photo services currently not compatible with image encryption.
These two threats already combine to make common encryption less secure than we like to believe and with the power of quantum computing, it will only get worse. Shor's algorithm can use quantum computing to factor large RSA numbers exponentially faster than any other method and it doesn't require a full-scale general purpose quantum computer.
Ubiq Security announced that it was awarded a SBIR contract with the U.S. Army DEVCOM. Ubiq's platform will be utilized to help deliver highly efficient, more scalable, and innovative encryption capabilities. Ubiq's API-based encryption platform uses a cloud-based model to deliver encryption and centralized key management capabilities, addressing challenges the Department of Defense commands are currently facing.
Qrypt unveiled its Quantum Data at Rest application. QDAR provides one-time pad encryption as a data-at-rest solution for companies to secure important files, proprietary information and all mission-critical data.
Amazon-owned Ring has announced starting the worldwide roll out of video End-to-End Encryption to customers with compatible devices. "Today, we're proud to announce that we're moving it out of technical preview and expanding the feature's availability to customers around the world," Ring said.
Zettaset announced that XCrypt Kubernetes Encryption is available on the VMware Marketplace. VMware Marketplace enables customers to discover and deploy compatible, validated third-party solutions to VMware environments.
The use of virtual machines to run the malicious payload is getting more popular with ransomware attackers, Symantec's Threat Hunter Team claims. "During a recent investigation into an attempted ransomware attack, Symantec discovered that the attackers had installed a VirtualBox VM on some compromised computers. Unlike the previously documented RagnarLocker attacks, which involved Windows XP, the VM in this case appeared to be running Windows 7," they shared.
Remember just because you can see the crypto algorithm on paper and verify it's being used does not mean the algorithm or it's implementation is not "Backdoored" in some way. "Signature algorithms like ElGamal and DSA have parameters which must be set with random information. He shows how one can make use of these parameters to send a message subliminally. Because the algorithm's signature creation procedure is unchanged, the signature remains verifiable and indistinguishable from a normal signature. Therefore, it is hard to detect if the subliminal channel is used."
Cybersecurity researchers in Europe say they have discovered a flaw in an encryption algorithm used by cellphones that may have allowed attackers to eavesdrop on some data traffic for more than two decades. In a paper published Wednesday, researchers from Germany, France and Norway said the flaw affects the GPRS - or 2G - mobile data standard.