Security News

"In 2015, Juniper revealed a security breach in which hackers modified the software the company delivered to its customers," a Wyden statement read. "Researchers subsequently discovered that Juniper had been using an NSA-designed encryption algorithm, which experts had long argued contained a backdoor, and that the hackers modified the key to this backdoor." "The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the company's software updates," the members wrote.

A "Severe" vulnerability in GNU Privacy Guard's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs in hardware and software systems.

European encrypted services providers ProtonMail, Threema, Tresorit and Tutanota on Thursday urged European Union policy makers to rethink plans that would require the implementation of encryption backdoors. The Council of the European Union in December adopted a resolution on "Security through encryption and security despite encryption." The council said it supports the development and use of strong encryption to protect citizens and organizations, but at the same time it believes law enforcement and judicial authorities need to be able to exercise their legal powers.

To select a suitable data encryption solution for your business, you need to think about a variety of factors. Selecting a data encryption solution for your business should follow the same principles used for assessing any technology before deploying it within your organization: usability, scalability, cross-platform, adaptability and compliance.

The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker. On Sunday, CHwapi suffered an attack that caused the hospital to redirect patients to other hospitals and delay surgical procedures.

Baffle announced that its Data Protection Services on AWS dramatically simplifies tokenization and encryption of data stored in Amazon Relational Database Service environments without any application code modifications while supporting a Bring Your Own Key or Hold Your Own Key model. As an AWS Select Technology Partner, Baffle DPS gives enterprises the ability to instantly apply data-centric security for data stored in AWS without any application changes.

Ring announced the launch of video End-to-End Encryption for compatible Ring Doorbells and Cams, providing an advanced, opt-in security feature for customers who want to add an additional layer of security to their videos. With video End-to-End Encryption, customer videos are further secured with an additional lock, which can only be unlocked by a key that is stored on the customer's enrolled mobile device, designed so that only the customer can decrypt and view recordings on their enrolled device.

After a much anticipated response to critics, Ring this week rolled out end-to-end encryption for many of its home security camera products. Last October, Ring raised privacy hackles again when it unveiled the new Always Home Cam, a smart home security camera drone that flies around homes taking security footage of people inside their own homes.

By acquiring HyTrust, Entrust adds a critical management layer for encryption, cryptographic keys, and cloud security policy to its digital security solutions, serving the data protection and compliance needs of organizations accelerating their digital transformations. "HyTrust solutions help enterprises manage, automate and scale security controls across computing environments. Now, customers can turn to Entrust as a single source for high-assurance data protection, identity and compliance solutions that allow enterprises to encrypt data and enforce security policy across virtualized, public and hybrid cloud environments."

Implementing the measures in NSA's guidance eliminates the false sense of security provided by obsolete encryption protocols by helping block insecure TLS versions, cipher suites, and key exchange methods to properly encrypt network traffic. Updating TLS configurations will provide government and enterprise organizations with stronger encryption and authentication to help them build a better defense against malicious actors' attacks and protect important information.