Security News
Mike Stay broke an old zipfile encryption algorithm to recover $300,000 in bitcoin. DefCon talk here....
Transport layer security and DNS, two of the foundational protocols of the internet, have recently undergone radical changes to protect browser user privacy. At the same time, they will reduce security on-premises in the short term, and security professionals must put tools in place in the next couple of years, a new report from Forrester Research states.
Roughly one month after United States senators introduced a "Balanced" bill that would require tech companies to provide law enforcement with access to encrypted user data, a companion bill was introduced in the House of Representatives this week. Referred to as the Lawful Access to Encrypted Data Act, the bill aims to put a stop to criminals using "Warrant-proof encryption and other technological advances" to hide their activity from authorities, Congresswoman Ann Wagner, who introduced the bill, said.
PQShield, a spin-out from the UK's Oxford University, is developing advanced cryptographic solutions for hardware, software and communications to protect businesses' data from the quantum threat. All stored data currently deemed secure by modern standards - whether that's health records, financial data, customer databases and even critical government infrastructure - could, in theory, be cracked by quantum computers, which are capable of effectively short circuiting the encryption we've used to protect that data until now.
We have not yet seen any as overt bills as this that directly go to saying encryption out loud. One of these more recent related bills that we're seeing is the EARN IT act.
Microsoft has released several new enterprise security offerings to help companies meet the challenges of remote work. "Double Key Encryption uses two keys to protect your data-one key in your control, and a second key is stored securely in Microsoft Azure. Viewing data protected with Double Key Encryption requires access to both keys. Since Microsoft can access only one of these keys, your protected data remains inaccessible to Microsoft, ensuring that you have full control over its privacy and security," the company explained.
Zettaset announced the availability of its encryption solutions on VMware Cloud Marketplace. Zettaset XCrypt Kubernetes & Container Encryption and XCrypt Virtual Key Manager and Data Encryption Solutions are now accessible for VMware customers deploying Kubernetes and container environments running on vSphere.
Two months ago investigators in France and the Netherlands cracked the network's encryption, allowing law enforcement to listen in to criminal communications about selling and trafficking drugs, laundering money and murdering rivals, authorities said. The service's owners apparently became aware of the criminal investigation last month, informing an estimated 60,000 users with a message warning them to get rid of their EncroChat devices because their servers-operating out of France - had been "Seized illegally by government entities," according to the NCA. The service relied on EncroChat devices, which came with pre-loaded apps for instant messaging as well as the ability to make secure internet calls, with no other "Conventional smartphone" functionality, U.K. officials said.
Recent samples of the Snake ransomware were observed isolating the infected systems to ensure that nothing interferes with the file encryption process, security researchers warn. Initially detailed in January this year, Snake has emerged as a prevalent threat to industrial control systems, due to the targeting of processes specific to these environments.
Most businesses tell us that they think email encryption is a priority that's part of their digital transformation and cloud migration. Deploying encryption isn't just about flicking an on switch for some technology and you're done.