Security News
The Data Encryption Policy's purpose is to define for employees, computer users and IT department staff the encryption requirements to be used on all computer, device, desktop, laptop, server, network storage and storage area network disks, and drives that access or store organization information to prevent unauthorized access to organization communications, email, records, files, databases, application data and other material. This policy from TechRepublic Premium can be customized as needed to fit the needs of your organization.
A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw - codenamed Zenbleed and tracked as CVE-2023-20593 - allows data exfiltration at the rate of 30 kb per core, per second.
Google has announced that it intends to add support for Message Layer Security to its Messages service for Android and open source implementation of the specification. "Like the widely used Double Ratchet protocol, MLS allows for asynchronous operation and provides advanced security features such as post-compromise security. And, like TLS 1.3, MLS provides robust authentication."
Cisco warned customers today of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic.Tracked as CVE-2023-20185, the flaw was found during internal security testing in the ACI Multi-Site CloudSec encryption feature of data center Cisco Nexus 9000 Series Fabric Switches.
The threat actors behind the DDoSia attack tool have come up with a new version that incorporates a new mechanism to retrieve the list of targets to be bombarded with junk HTTP requests in an attempt to bring them down. Launched in 2022 and a successor of the Bobik botnet, the attack tool is designed for staging distributed denial-of-service attacks against targets primarily located in Europe as well as Australia, Canada, and Japan.
Apple has joined the rapidly growing chorus of tech organizations calling on British lawmakers to revise the nation's Online Safety Bill - which for now is in the hands of the House of Lords - so that it safeguards strong end-to-end encryption. "It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches. The Online Safety Bill poses a serious threat to this protection, and could put UK citizens at greater risk."
It won't be until Slack offers E2EE as well as blocking, muting and reporting features to help protect users from harassment, they claim. "Millions of people use Slack every day to do their work, volunteer, and connect with communities online - including abortion funds and reproductive rights groups that are being targeted by anti-abortion efforts," Caitlin Seeley George, Fight for the Future's campaigns and managing director, told The Register.
A new-ish messaging service that claims to put users' privacy first has changed its tune - and the end-to-end encryption claims on its website - as well as pulling its app from both the Apple and Google app stores after being called out online. Converso - a comms app launched in September 2022 - billed itself as a "Next-generation messaging app that keeps your conversations completely private." This, according to the developer's website, included "Proprietary state-of-the-art end-to-end encryption technology," no storage of messages on servers, and "Absolutely no use of user data." It claimed it could stand up to the likes of Signal and WhatsApp in the security stakes.
Twitter has rolled out some quality of life updates for direct messages on the platform, and CEO Elon Musk reckons the site is to start encrypting DMs, beginning today, without providing proof that's the case. In a tweet last night, Twitter Support announced that a couple of well-trodden DM features from other platforms were being added to Twitter.
On April 25, security researchers Tommy Mysk and Talal Haj Bakry, who are known collectively on Twitter as Mysk, warned users of Google's Authenticator 2FA app to not turn on a new syncing feature. The change came about when Google enabled its 2FA Authenticator app to sync credentials across different devices.