Security News

Mozilla Thunderbird spent the last couple of months saving some users' OpenPGP keys in plain text - but that's now been patched, the author of both the bug and the patch fixing it has told The Register. The vulnerability, assessed as "Low" impact by Mozilla, existed in the free open source Thunderbird email client between version 78.8.1 and version 78.10.1 after a crestfallen maintainer realised carefully designed protections were in fact not protecting users' private OpenPGP keys.

Thales and Senetas have collaborated to launch the world's first quantum resistant network encryption solution, capable of protecting customer data against future quantum attacks. The United States National Institute of Standards and Technology is currently selecting finalists amongst the quantum safe encryption algorithms being developed.

Facebook has pledged to make end-to-end encryption the default across all of its messaging services - though has told users not to expect it on Facebook Messenger or Instagram Direct until 2022 "At the earliest". Gail Kent, Facebook's policy director for Messenger, shared a blog post on 30 April outlining the social media company's plans to improve the security of its messaging apps following the surge in private messaging during the COVID-19 pandemic.

A new message today from the operators of Babuk ransomware clarifies that the gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers. The gang seems to have chosen a road different from the ransomware-as-a-business model, where the hackers steal data before deploying the encryption stage, as leverage in negotiations for the ransom payment.

Anastasia Malashina, a doctoral student at HSE University, has proposed a new method to assess vulnerabilities in encryption systems, which is based on a brute-force search of possible options of symbol deciphering. To avoid hacks, it is necessary to reinforce the cipher protection from leaks and to test encryption systems for vulnerabilities.

Echoworx announced the introduction of biometric authentication to its Echoworx Email Encryption platform, enabling secure passwordless authentication options. By leveraging biometrics, along with their growing list of seven authentication options, Echoworx enables enterprises with the option to access encrypted communications in seconds, without the need for registration, questions or passwords.

UK Home Secretary Priti Patel will badmouth Facebook's use of end-to-end encryption on Monday evening as she links the security technology with paedophilia, terrorism, organised crime, and so on. The ever-popular politician will say at the National Society for the Prevention of Cruelty to Children event: "Sadly, at a time when we need to be taking more action, Facebook are pursuing end-to-end encryption plans that place the good work and progress achieved so far in jeopardy."

The hackers behind the REvil ransomware have released an updated version of the malware that allows them to change Windows passwords and automate file encryption through Safe Mode, according to a recent report from Bleeping Computer. "Brute force password attacks are typically used with RDP simply because people tend to use simple passwords that are easier to remember. Once in a network, REvil moves laterally to deploy ransomware on all resources for maximum effect," Embrey said.

The Belgian plod says it seized 27.64 tons of cocaine worth €1.4bn from shipments into Antwerp in the past six weeks after defeating the encryption in the Sky ECC chat app to read drug smugglers' messages. "During a judicial investigation into a potential service criminal organization suspected of knowingly providing encrypted telephones to the criminal environment, police specialists managed to crack the encrypted messages from Sky ECC," the Belgian police claimed, CNN reports.

At the end of last year, they released a five-page resolution that called for the EU to pass new rules to govern the use of end-to-end encryption in Europe. The most important takeaway here is that encryption is either secure or it is not.