Authentication, Encryption and Government

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. trillion in annual federal payments.

Government

Government Artificial Intelligence Banking Software

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. If you plan to follow that advice, but are new to encrypted messaging, make sure to use an app that offers E2EE (End-to-end encryption). You don’t need an expensive app to achieve this.

Encryption

Encryption Identity Theft Media Telecommunications

Why SMS two-factor authentication codes aren't safe and what to use instead

Zero Day

JUNE 17, 2025

Those codes are supposed to serve as two-factor authentication to confirm our identity and prevent scammers from accessing our accounts through a password alone. The packets contained SMS messages with two-factor authentication codes that were received by individual users. Here's how it happened and why it's a problem.

Authentication

Authentication Password Management Small Business Passwords

Security Analysis of Threema

Schneier on Security

JANUARY 19, 2023

We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. As one example, we present a cross-protocol attack which breaks authentication in Threema and which exploits the lack of proper key separation between different sub-protocols.

Encryption

Encryption Authentication Advertising Government

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

MARCH 17, 2020

Encryption is a cornerstone of digital commerce. Related: A ‘homomorphic-like’ encryption solution We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. PKI is the authentication and encryption framework on which the Internet is built.

Encryption

Encryption Authentication IoT Internet

Tracking the Cost of Quantum Factoring

Google Security

MAY 23, 2025

National Institute of Standards and Technology (NIST) and others in government, industry, and academia to develop and transition to post-quantum cryptography (PQC), which is expected to be resistant to quantum computing attacks. Google has long worked with the U.S. For signatures, things are more complex.

Encryption

Encryption Technology Engineering Authentication

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

Quantum computings ability to break todays encryption may still be years awaybut security leaders cant afford to wait. Related: Quantum standards come of age The real threat isnt just the eventual arrival of quantum decryptionits that nation-state actors are already stockpiling encrypted data in harvest now, decrypt later attacks.

Encryption

Encryption Financial Services Technology Risk

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

This attack underscores a critical lesson for businesses: even the most vital institutions, such as a city government, are vulnerable to cyberthreats. With cyberthreats getting more advanced , businesses and local governments alike must work together to share resources, insights, and best practices to improve cybersecurity across the board.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Quantum computing advances are making traditional encryption obsolete, and adversaries are stockpiling data for future decryption. FIPS-203 enables legal PQC deployment, prompting CISOs to overhaul encryption strategies.

Risk

Risk Threat Detection Technology Phishing

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

The Last Watchdog

APRIL 24, 2025

It underpins everything from e-commerce transactions to secure app logins and device authentication. Sinha pointed out that the arrival of scalable quantum computing will eventually render current encryption methods obsolete, ushering in what security professionals are calling ‘ Q Day. Thats where the X9 PKI comes in.

Banking

Banking Internet Internet IoT

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

Part three of a four-part series In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in encryption and software transparency raising the bar. state privacy laws, the EUs governance of ethical AI deployment, and updated regulations in India and Japan.

Cybersecurity

Cybersecurity CISO Risk Government

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement and other government agencies to illicitly forward Emergency Data Requests (EDRs) to major online platforms. Payments are mostly made in Bitcoin or Monero, to ensure confidentiality and irreversibility.

Cybercrime

Cybercrime Social Engineering Accountability Government

Protecting Yourself from Identity Theft

Schneier on Security

MAY 6, 2019

Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections, and a host of other things -- but most of that doesn't matter anymore. Enable two-factor authentication for all important accounts whenever possible.

Identity Theft

Identity Theft Passwords Password Management Authentication

News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’

The Last Watchdog

SEPTEMBER 10, 2024

Instead of traditional methods that rely on storing and matching biometrics, SenseCrypt eID utilizes acts of encryption and decryption for registration and authentication, with no public/private keys stored anywhere. The company’s stakeholders include government organizations and bodies from both Singapore and Australia.

Computers and Electronics

Computers and Electronics Encryption Government Authentication

Best Encryption Software for 2022

eSecurity Planet

AUGUST 4, 2022

It’s been a couple of decades since data tapes delivered by trucks made encryption a standard enterprise cybersecurity practice. Yet even as technology has changed, sending and receiving data remains a major vulnerability, ensuring encryption’s place as a foundational security practice. What is Encryption?

Encryption

Encryption Software Computers and Electronics Technology

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide.

Ransomware

Ransomware IoT Encryption Social Engineering

Encryption: How It Works, Types, and the Quantum Future

eSecurity Planet

MAY 25, 2022

Encryption and the development of cryptography have been a cornerstone of IT security for decades and remain critical for data protection against evolving threats. While cryptology is thousands of years old, modern cryptography took off in the 1970s with the help of the Diffie-Hellman-Merkle and RSA encryption algorithms.

Encryption

Encryption Computers and Electronics Password Management Passwords

Internet Archive suffers data breach and DDoS

Malwarebytes

OCTOBER 10, 2024

Cybercriminals managed to breach the site and steal a user authentication database containing 31 million records. The stolen database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

Data breaches

Data breaches DDOS Internet Internet

Decoupling for Security

Schneier on Security

NOVEMBER 8, 2023

Our data at rest, while sometimes on individual devices, is usually stored or backed up in the cloud, governed by cloud provider services and policies. Identifiers used to authenticate users, for example, should be kept separate from identifiers used to connect their devices to the network.

Encryption

Encryption Authentication Government Software

Q&A: Cybersecurity in ‘The Intelligent Era’

IT Security Guru

MARCH 26, 2025

At an individual level, this will change how we interact with each other as citizens, with our governments, perform our jobs and consume goods and services. Verified Identity, access permission controls, data encryption are all challenges for the cybersecurity industry in a world of autonomous machines!

Cybersecurity

Cybersecurity Encryption Threat Detection Authentication

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

The Last Watchdog

MAY 24, 2023

federal government or not. The 4th Annual Multi-Cloud Conference and Workshop on ZTNA is an upcoming event for anyone interested in how the federal government is advancing standards in ZTNA. Encryption in transit provides eavesdropping protection and payload authenticity. Let’s look at each of those five.

Authentication

Authentication Banking Architecture Encryption

Evaluating the GCHQ Exceptional Access Proposal

Schneier on Security

JANUARY 18, 2019

Australia, and elsewhere -- argue that the pervasive use of civilian encryption is hampering their ability to solve crimes and that they need the tech companies to make their systems susceptible to government eavesdropping. It doesn't affect the encryption that protects the communications. Sometimes it's about end-user devices.

Encryption

Encryption Government Surveillance Hacking

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

JULY 21, 2021

And PKI , of course, is the behind-the-scenes authentication and encryption framework on which the Internet is built. PKI is the framework by which digital certificates get issued to authenticate the identity of users; and it is also the plumbing for encrypting data moving across the Internet. Achieving high assurance.

Computers and Electronics

Computers and Electronics Authentication Digital transformation Internet

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

Not coincidentally, industry standards groups and government regulators have stepped forward to embrace a vital supporting role. Every device, every connection, every interaction must be verified, authenticated, and monitored. Governments and standards bodies are taking note. Securing IoT is a collaborative effort.

Internet

Internet Internet IoT Manufacturing

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SecureWorld News

JANUARY 16, 2025

Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels. Hackers used compromised credentials to gain access to Colonial Pipeline's network, deploying ransomware that encrypted critical systems.

Energy and Utilities

Energy and Utilities IoT Artificial Intelligence Backups

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption

Encryption Passwords IoT Firewall

Types of Encryption, Methods & Use Cases

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Encryption algorithm types will provide an overview of the mathematical algorithms used to encrypt data (AES, RSA, etc.),

Encryption

Encryption Authentication Passwords Password Management

Vulnerabilities That Allow Hijacking of Most Ransomware to Prevent File Encryption

Hacker Combat

MAY 10, 2022

Individuals, corporations, governments, and critical infrastructure are potential cyber-attack targets. A researcher has demonstrated how a vulnerability common to several ransomware families can help take control of the malware and stop it from encrypting files on infected devices. Phishing emails are one way to do it.

Encryption

Encryption Ransomware Malware Cyber Attacks

Identity Verification vs Authentication: Key Similarities And Differences

CyberSecurity Insiders

AUGUST 1, 2022

While verification and authentication are terms that are often used interchangeably, they are in fact two separate operations. Digital verification and authentication play a critical role in preventing fraud and cyberattacks. Government organizations, on the other hand, will employ much more extensive verification methods.

Authentication

Authentication Passwords Insurance Technology

Zanubis in motion: Tracing the active evolution of the Android banking malware

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. It copied both the name and icon of the legitimate app, making it appear authentic to unsuspecting users.

Banking

Banking Malware Energy and Utilities Encryption

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

VPN Infrastructures Allure for Threat Actors PNs have become a fundamental part of network security for organizations worldwide, enabling secure remote access to systems, encrypting sensitive data during transmission, and protecting internal networks from unauthorized access. This threat hunt identifies accounts at risk of this attack vector.

VPN

VPN Authentication Ransomware Risk

Top 10 Cybersecurity Trends to Expect in 2025

Hacker's King

DECEMBER 24, 2024

As the digital landscape evolves, cybersecurity remains a critical concern for businesses, governments, and individuals alike. Companies will adopt stricter identity verification and access controls, ensuring that even internal users face rigorous authentication processes.

Cybersecurity

Cybersecurity Cyber Insurance IoT Insurance

IRS Will Soon Require Selfies for Online Access

Krebs on Security

JANUARY 19, 2022

The service requires applicants to supply a great deal more information than typically requested for online verification schemes, such as scans of their driver’s license or other government-issued ID, copies of utility or insurance bills, and details about their mobile phone service. After confirmation, ID.me ” Signing up at ID.me

Mobile

Mobile Accountability Insurance Government

Secure Communications: Relevant or a Nice to Have?

Jane Frankland

FEBRUARY 7, 2025

Why Free Tools Don’t Cut It While consumer grade and free communication tools like WhatsApp, Telegram, and Signal offer end-to-end encryption, and can help in crises, they do fall short when it comes to enterprise level security and compliance. For industries tied directly to national security, the stakes rise even higher.

Cyber Risk

Cyber Risk CISO Risk Encryption

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

Security Affairs

MAY 26, 2025

Below is the description of the flaws: CVE-2025-4427 (CVSS score: 5.3) An authentication bypass in Endpoint Manager Mobileallowingattackers to access protected resources without proper credentials. Ivanti confirmed that threat actors could chain the two vulnerabilities to achieve remote code execution without authentication.

Mobile

Mobile Telecommunications Authentication Internet

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. This year, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) coordinate the collaboration between the government and industry, running a human-centric campaign themed “See Yourself in Cyber”.

Authentication

Authentication Passwords Cybersecurity Data breaches

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Protocols and policies setting new parameters for trusted connections are being hammered out and advanced encryption, authentication and data protection solutions are being ramped up. Related: Leveraging PKI to advance electronic signatures.

Cybersecurity

Cybersecurity Computers and Electronics Digital transformation Encryption

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

Korab filed a vulnerability report with Lumen demonstrating how a simple spoofed email could be used to disrupt Internet service for banks, telecommunications firms and even government entities. While it’s nice that Lumen is no longer the weakest link in the IRR chain, the remaining authentication mechanisms aren’t great.

Internet

Internet Internet Authentication Telecommunications

Signed, Secured, Delivered: Authenticating Digital Agreements in the Time of Web3

CyberSecurity Insiders

MAY 10, 2023

This is especially alarming for industries that conduct high-value transactions online, such as banking, healthcare, government, etc., To safeguard users’ identities and critical information, the government stepped in to enforce strict security measures. Authentication also reduces the overall likelihood of compromising information.

Authentication

Authentication Insurance Identity Theft Digital transformation

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. A booking photo of Noah Michael Urban released by the Volusia County Sheriff.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

The attacker also obtained free encryption certificates for escrow.com from Let’s Encrypt. For maximum security on your domains, consider adopting some or all of the following best practices: -Use 2-factor authentication, and require it to be used by all relevant users and subcontractors. -In

Phishing

Phishing DNS Social Engineering Accountability

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. Experts warn that biometric authentication alone is not foolproof.

Social Engineering

Social Engineering Mobile Authentication Engineering

5G Security

Schneier on Security

JANUARY 14, 2020

Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Both criminal attacks and government cyber-operations will become more common and more damaging. But the enhancements aren't enough.

Data collection

Data collection Software Marketing Government

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

DECEMBER 17, 2024

government is sounding the alarm on a growing cybersecurity risk for critical infrastructureinternet-exposed Human-Machine Interfaces (HMIs). Without strong authentication, authorization, and encryption, APIs can become additional entry points for attackers."

Internet

Internet Internet Risk Passwords

DOGE as a National Cyberattack

Americans urged to use encrypted messaging after large, ongoing cyberattack

Trending Sources

Why SMS two-factor authentication codes aren't safe and what to use instead

Security Analysis of Threema

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

Tracking the Cost of Quantum Factoring

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

RSAC Fireside Chat: X9 PKI emerges to help financial sector interoperate, get ready for ‘Q-Day’

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

EDR-as-a-Service makes the headlines in the cybercrime landscape

Protecting Yourself from Identity Theft

News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’

Best Encryption Software for 2022

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Encryption: How It Works, Types, and the Quantum Future

Internet Archive suffers data breach and DDoS

Decoupling for Security

Q&A: Cybersecurity in ‘The Intelligent Era’

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

Evaluating the GCHQ Exceptional Access Proposal

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

What Is Encryption? Definition, How it Works, & Examples

Types of Encryption, Methods & Use Cases

Vulnerabilities That Allow Hijacking of Most Ransomware to Prevent File Encryption

Identity Verification vs Authentication: Key Similarities And Differences

Zanubis in motion: Tracing the active evolution of the Android banking malware

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Top 10 Cybersecurity Trends to Expect in 2025

IRS Will Soon Require Selfies for Online Access

Secure Communications: Relevant or a Nice to Have?

China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Internet is Held Together With Spit & Baling Wire

Signed, Secured, Delivered: Authenticating Digital Agreements in the Time of Web3

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication

5G Security

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

Stay Connected