Security News

IBM Security launched a new service that allows companies to experiment with fully homomorphic encryption - an emerging technology designed to allow data to remain encrypted even while being processed or analyzed in cloud or third-party environments. The new IBM Security Homomorphic Encryption Services provide companies with education, expert support, and a testing environment for clients to develop prototype applications that can take advantage of FHE. With the growth of hybrid cloud, sensitive data will be even more broadly stored, shared and analyzed across platforms and parties, exposing it to varying security controls and risks.

Swiss politicians have voiced outrage and demanded an investigation after revelations that a second Swiss encryption company was allegedly used by the CIA and its German counterpart to spy on governments worldwide. He called for a parliamentary inquiry after an SRF investigation broadcast on Wednesday found that a second Swiss encryption firm had been part of a spectacular espionage scheme orchestrated by US and German intelligence services.

A UK infosec bod has launched a petition asking the government if it would please drop its plans to install backdoors in end-to-end encryption. Application security specialist Sean Wright's Parliamentary petition comes as an expression of uneasiness at long-signalled plans for British state agencies to sidestep encryption and enable snooping on private citizens' online conversations at will.

Two Romanians suspected of running services for encrypting malware and testing it against antivirus engines were arrested last week. The services, Europol says, were used for crypting a variety of malware types, including information stealers, Remote Access Trojans, and ransomware families.

Google is rolling out end-to-end encryption in the unloved and unwanted Android Rich Communication Services, as part of a renewed hope people might use messaging services controlled by the Chocolate Factory. The rollout seems to be a last roll of the dice for RCS, which began life as the telco industries' SMS killer - or, more prosaically, their belated response to the growth of over-the-top messaging services such as Blackberry Messenger and WhatsApp.

Google said Thursday it will be rolling out end-to-end encryption for Android users, making it harder for anyone - including law enforcement - to read the content of messages. "End-to-end encryption ensures that no one, including Google and third parties, can read the content of your messages as they travel between your phone and the phone of the person you're messaging," said Google product lead Drew Rowny in announcing the rollout.

Switzerland benefitted from a spectacular espionage scheme orchestrated by the CIA and its German counterpart who used a Swiss encryption company to spy on governments worldwide, a parliamentary probe showed Tuesday. A large media investigation revealed back in February an elaborate, decades-long set-up, in which US and German intelligence services creamed off the top-secret communications of governments through their hidden control of the Crypto encryption company in Switzerland.

Schneider Electric this week released advisories for vulnerabilities impacting various products, including flaws that can be exploited to take control of Modicon M221 programmable logic controllers. "By bypassing authentication protections and having direct access to manipulate the PLC, an attacker could take over complete control of the PLC actions, which could be catastrophic depending what type of OT environment the PLC is deployed," Sigler explained.

New Zscaler threat research reveals the emerging techniques and impacted industries behind a 260-percent spike in attacks using encrypted channels to bypass legacy security controls. Researchers witnessed a 5x increase in ransomware attacks over encrypted traffic beginning in March, when the World Health Organization declared the virus a pandemic.

Zoom has been forced to agree to a range of security improvements in a settlement with America's consumer watchdog, the Federal Trade Commission, as a result of earlier wrongly claiming it offered true 256-bit end-to-end encryption. The pact [PDF], announced Monday, obliges the video-conferencing giant to carry out an annual security assessment of its software and have its internal security program assessed by a third-party every two years.