Security News

Zoom on Wednesday announced a series of security improvements designed to address many of the concerns raised in recent weeks. Zoom has now announced that account administrators will be able to choose which data center regions they want to use for real-time meeting traffic.

The Dutch intelligence service has been able to read encrypted communications from dozens of countries since the late 1970s thanks to a microchip, according to research by de Volkskrant on Thursday. Philips, together with Siemens, built an encryption machine in the late 1970s.

The first published example of a double extortion attack, according to Check Point Research, came with the attack against Allied Universal in November 2019. In a later post on a Russian underground forum, they posted a link to "10% of data we have exfiltrated." They added, "We give them 2 weeks until we send other 90% of data to wikileaks. Other 90% is a quite interesting part... Time is ticking."

Understandably, the end-to-end encrypted messaging app Signal has been signing up new users at "Unprecedented" rates and flipping the switch on servers "Faster than we ever anticipated," Signal's Joshua Lund said last week. At a high level, what the bill proposes is a system where companies have to earn Section 230 protection by following a set of designed-by-committee 'best practices' that are extraordinarily unlikely to allow end-to-end encryption.

Traditionally compliance with regulations was the top driver for deploying encryption, but has dropped in priority since 2017, indicating that encryption is transitioning from a requirement to a proactive choice to safeguard critical information. With the proliferation of data from digital initiatives, cloud use, mobility, IoT devices and the advent of 5G networks, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy, with 67% of respondents citing this as their top concern.

Futurist Isaac Arthur explains how to stay safe from quantum encryption hacking.

Futurist Isaac Arthur explains how to stay safe from quantum encryption hacking. Dan Patterson, a Senior Producer for CBS News and CNET, interviewed futurist Isaac Arthur about quantum encryption.

That's why, despite TLS 1.3 being around since 2018 and offering greater security that TLS 1.2, the latter that remains the de facto standard. The TLS 1.2 protocol took multiple round trips between client and server, while TLS 1.3 is a much smoother process that requires only one trip.

Zoom in its documentation, and in an in-app display message, has claimed its conferencing service is "End-to-end encrypted," meaning that an intermediary, include Zoom itself, cannot intercept and decrypt users' communications as it moves between the sender and receiver. When reports emerged that Zoom Meetings are not actually end-to-end encrypted encrypted, Zoom responded that it wasn't using the commonly accepted definition of the term.

That's a good thing because miscreants hijacking unprotected Zoom calls is a thing. When we say end-to-end.... Despite Zoom offering a meeting host the option to "Enable an end-to-end encrypted meeting," and providing a green padlock that claims "Zoom is using an end to end encrypted connection," it appears that the company is able to access data in transit along that connection, and can also be compelled to provide it to governments.