Security News
Apple announced PQ3, its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. There's a lot of detail in the Apple blog post, and more in Douglas Stabila's security analysis.
Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks. Quantum computing threatens the existing encryption schemas with nearly instant cracking.
Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the...
Seemingly most critically, the [Russian] government told the ECHR that any intrusion on private lives resulting from decrypting messages was "Necessary" to combat terrorism in a democratic society. To back up this claim, the government pointed to a 2017 terrorist attack that was "Coordinated from abroad through secret chats via Telegram." The government claimed that a second terrorist attack that year was prevented after the government discovered it was being coordinated through Telegram chats.
The European Court of Human Rights has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights - a decision that may derail European data surveillance legislation known as Chat Control. The Court issued a decision on Tuesday stating that "The contested legislation providing for the retention of all internet communications of all users, the security services' direct access to the data stored without adequate safeguards against abuse and the requirement to decrypt encrypted communications, as applied to end-to-end encrypted communications, cannot be regarded as necessary in a democratic society."
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts,...
The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access control.
Some popular projects using implementations of Kyber are Mullvad VPN and Signal messenger. The KyberSlash flaws are timing-based attacks arising from how Kyber performs certain division operations in the decapsulation process, allowing attackers to analyze the execution time and derive secrets that could compromise the encryption.
Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their...
At its core, encryption involves the use of algorithms, mathematical functions that manipulate data into a seemingly random and indecipherable form. This encoded information, referred to as ciphertext, can only be converted back into its original, meaningful state by those possessing the appropriate cryptographic key.