Security News
The National Institute of Standards and Technology today released the long-awaited post-quantum encryption standards, designed to protect electronic information long into the future - when quantum computers are expected to break existing cryptographic algorithms. The finalized standards include three post-quantum cryptographic algorithms.
Google has announced that it's adding a new layer of protection to its Chrome browser through what's called app-bound encryption to prevent information-stealing malware from grabbing cookies on Windows systems. "On Windows, Chrome uses the Data Protection API which protects the data at rest from other users on the system or cold boot attacks," Will Harris from the Chrome security team said.
Google says it's enhancing the security of sensitive data managed by Chrome for Windows users to fight the scourge of infostealer malware targeting cookies. Starting in Chrome 127, the stable version of which was released last week, the browser now uses app-bound encryption primitives that encrypt data in a way that links it to a specific app.
Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. As Chrome software engineer Will Harris explained in a blog post published today, Chrome currently uses the most robust techniques provided by each operating system to safeguard sensitive data such as cookies and passwords: Keychain services on macOS, kwallet or gnome-libsecret on Linux, and the Data Protection API on Windows.
Just looking at traditional encryption of data at rest, these encryption solutions commonly involve a complete "Lift and shift" of the database to the encryption at rest solution. A modern, more complete database encryption strategy must account for encryption of critical database data in three states: at rest, in motion, and now IN USE. Searchable Encryption, also called Encryption-in-Use, keeps that data fully encrypted while it's still usable.
Encryption is vital for securing data, whether in transit or stored on devices. This policy from TechRepublic Premium provides guidelines for adopting encryption technologies for organizational use that have undergone extensive technical review, are not encumbered by patents or copyright and have been proven to work reliably.
Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. "The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide," responded the Signal employee.
Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement's ability to intercept communications during criminal investigations. Home Routing is a system in telecommunication services that allows customers to route traffic through their home network even when traveling abroad. When privacy-enhancing technologies are enabled in Home Routing, data is encrypted at the service level and subscribers' devices exchange session-based keys with the provider in the home network.
Brain Cipher, the group responsible for hacking into Indonesia's Temporary National Data Center and disrupting the country's services, has seemingly apologized for its actions and released an encryption key to the government. The cyber criminals had demanded a ransom of 131 billion Rupiah to release data it ransomwared June 20, but the Indonesian government refused to pay up.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.