Security News

AT&T's public safety network picks up new features, including full tower-to-core encryption and a custom 5G setup. FirstNet, the dedicated public safety cell carrier, is adding 5G support and new encryption for user data.

Entrust announces the integration of its nShield hardware security modules with Microsoft Double Key Encryption. Double Key Encryption for Microsoft 365 protects a company's highly sensitive data using two component keys - one key that is in the customer's control and a Microsoft key stored securely in Microsoft Azure.

Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations, according to F-Secure. One of the most notable trends highlighted is the evolution of ransomware - attacks that extort organizations by preventing them from accessing their data.

The Federal Bureau of Investigation this week published an alert to warn of the fact that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives, including the operating system. The Mamba ransomware is abusing the open source application for malicious purposes, and has been doing so in a multitude of attacks.

As Google security engineers pointed out, these mechanisms do not prevent the Spectre exploit, but rather "Protect sensitive data from being present in parts of the memory from which they can be read by the attacker." To further reduce the risk of data leakage, website owners should add an extra line of defense to protect the actual data in memory in the event that all other security controls.

The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files. Windows Safe Mode is a special startup mode that allows users to run administrative and diagnostic tasks on the operating system.

The Defense Advanced Research Projects Agency, or DARPA, has signed an agreement with Intel to add it to its Data Protection in Virtual Environments project, which aims to create a practically useful form of fully homomorphic encryption. Fully homomorphic encryption has been described as the "Holy grail" of encryption because it allows encrypted data to be used without ever having to decrypt it.

Doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU ring interconnects work, and found they can be abused for side-channel attacks. "It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," Paccagnella told The Register.

Microsoft adds new security, privacy, and compliance features to the Microsoft Teams chat and collaboration solution, including end-to-end encryption support for one-on-one voice calls. Microsoft Teams is a cloud collaboration platform designed to allow an organization's team to stay organized and communicate via text, audio, and video, all in one place.

After a three-year review process, India has announced strict regulations for instant chat services, social network operators, and video-streaming companies. India's Internet Freedom Foundation has slammed this traceability requirement, claiming it will be impossible to implement strong end-to-end encryption as a result, and thus could harm privacy.