Schneier on Security

AUGUST 15, 2024

EDITED TO ADD: Good article : One – ML-KEM [PDF] (based on CRYSTALS-Kyber) – is intended for general encryption, which protects data as it moves across public networks. My recent writings on post-quantum cryptographic standards. NIST plans to select one or two of these algorithms by the end of 2024.

Encryption 339

Encryption Backups Authentication Technology 339

Schneier on Security

FEBRUARY 26, 2024

Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. I am of two minds about this.

Encryption 345

Encryption 345

Schneier on Security

FEBRUARY 19, 2024

The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights : Seemingly most critically, the [Russian] government told the ECHR that any intrusion on private lives resulting from decrypting messages was “necessary” to combat terrorism in a democratic society.

Encryption 358

Encryption Surveillance Government Software 358

Malwarebytes

DECEMBER 9, 2024

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. de Vries in 2021.

Encryption 122

Encryption VPN Media Marketing 122

Malwarebytes

FEBRUARY 11, 2025

The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service. The main goal for the Home Office is an optional feature that turns on end-to-end encryption for backups and other data stored in iCloud. Since then, privacy focused groups have uttered their objections.

Encryption 126

Encryption Backups Government Accountability 126

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

Security Affairs

JANUARY 15, 2025

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The ransomware group Codefinger utilizes an AES-256 encryption key they generate and store locally.

Encryption 116

Encryption Ransomware Authentication Accountability 116

Schneier on Security

FEBRUARY 11, 2025

Really good—and detailed— survey of Trusted Encryption Environments (TEEs.)

Encryption 229

Encryption 229

eSecurity Planet

FEBRUARY 26, 2025

Explore the risks of popular apps and why switching to encrypted alternatives is crucial. The post US Officials Recommend Using Encrypted Apps for Messaging appeared first on eSecurity Planet. Take control of your data and protect your privacy before its too late!

Encryption 104

Encryption Surveillance Hacking Risk 104

Krebs on Security

FEBRUARY 6, 2025

But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks. Image: NowSecure.

Risk 283

Risk Artificial Intelligence Mobile Encryption 283

Adam Shostack

JANUARY 2, 2025

Ransomware works by going through files, one by one, and replacing their content with an encrypted version. Because you can't encrypt a file until you can open it, this would have a dramatic impact on ransomware. Sometimes it also sends copies elsewhere, but that turns out to be slow, and sometimes sets off alarms.)

Ransomware 246

Ransomware Encryption Software 246

Malwarebytes

JANUARY 13, 2025

Messages is what is called an end-to-end encrypted messaging app. Thats one of the questions that Mallory Knodel and her team at New York University and Cornell University tried to answer with a new paper on the compatibility between AI tools and end-to-end encrypted messaging apps.

Encryption 98

Encryption Artificial Intelligence Media Technology 98

NetSpi Technical

MARCH 10, 2025

This led to an analysis of the software and how it stored encrypted passwords, giving the red team the ability to recover the stored passwords and use them to access other systems. TL;DR an attacker with access to a Web Help Desk backup file may be able to recover some of the encrypted passwords stored within it.

Encryption 99

Encryption Backups Passwords Software 99

Security Boulevard

APRIL 3, 2025

Google is making it easier for Gmail users to send end-to-end encrypted (E2EE) emails to anyone by adopting a process that does away with complex options like S/MIME and instead uses encrypted keys that are controlled by the sender.

Encryption 71

Encryption Data privacy Mobile Risk 71

Schneier on Security

DECEMBER 11, 2023

It’s happened. Details here , and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread.

Encryption 330

Encryption Cybersecurity 330

Schneier on Security

APRIL 1, 2025

That is, does the reset erase the old encryption key, or just sever the password that access that key? Are there easy ways to delete data—files, photos, etc.—on —on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable?

Computers and Electronics 264

Computers and Electronics Encryption Passwords 264

Schneier on Security

JANUARY 27, 2025

The challenge comes in the form of a string of text that’s encrypted using the public portion of an RSA key. After receiving a magic packet hidden in the normal flow of TCP traffic, it relays a challenge to the device that sent it.

VPN 337

VPN Encryption Malware Technology 337

SecureWorld News

DECEMBER 8, 2024

Recent progress has sparked discussions, but current capabilities are still far from threatening encryption standards like 2048-bit RSA. It is essential to understand the risks posed by quantum computing, as future advancements could compromise today's encrypted data, opening new opportunities for threat actors.

Encryption 120

Encryption Firewall Education Firmware 120

Centraleyes

APRIL 10, 2025

The most commonly used methods for securing cardholder data are tokenization and encryption. This blog will explore the differences between PCI DSS tokenization vs. encryption, how each method fits into PCI compliance, and the associated PCI DSS encryption requirements and tokenization practices. What Is Encryption?

Encryption 52

Encryption Data breaches Risk Retail 52

Heimadal Security

APRIL 2, 2025

In some cases, that might mean […] The post Top 8 Sophos Intercept X Alternatives for Ransomware Encryption Protection appeared first on Heimdal Security Blog. So, using it often requires a full commitment to the Sophos ecosystem.

Encryption 66

Encryption Ransomware 66

Graham Cluley

OCTOBER 17, 2024

No-one would be bold enough to say that the ransomware problem is receding, but a newly-published report by Microsoft does deliver a slither of encouraging news amongst the gloom. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day.

Ransomware 114

Ransomware Encryption Healthcare Data breaches 114

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and modifies BitLocker configurations to encrypt a system’s drives.

Ransomware 122

Ransomware Encryption Passwords Backups 122

Schneier on Security

SEPTEMBER 26, 2023

if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. or any jurisdiction if it came down to the choice between backdooring our encryption and betraying the people who count on us for privacy, or leaving,” Whittaker said. ”

Encryption 359

Encryption 359

Schneier on Security

OCTOBER 23, 2023

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation (CSAE). She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isn’t the solution.

Encryption 332

Encryption Government Surveillance 332

Schneier on Security

FEBRUARY 21, 2025

to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the output). .” Abstract: The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g,

Encryption 238

Encryption 238

Schneier on Security

APRIL 30, 2024

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.

Encryption 301

Encryption 301

Schneier on Security

MAY 7, 2024

This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.

VPN 344

VPN Encryption Internet Internet 344

Schneier on Security

SEPTEMBER 5, 2024

Really interesting analysis of the American M-209 encryption device and its security.

Encryption 288

Encryption 288

Security Boulevard

OCTOBER 11, 2024

Organizations say generative AI is fueling a surge of more sophisticated cyberattacks and that they feel unprepared for the onslaught, but a Keeper Security survey found they are investing more in such foundational protections as data encryption and employee awareness training.

Encryption 128

Encryption Data privacy Security Awareness Risk 128

Schneier on Security

JULY 26, 2024

The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text.

Firmware 343

Firmware Encryption Manufacturing Passwords 343

Security Boulevard

DECEMBER 4, 2024

Hell froze over: FBI and NSA recommend you use strong encryption. The post China is Still Inside US Networks — It’s Been SIX Months appeared first on Security Boulevard.

Encryption 129

Encryption Cyber Attacks Data privacy IoT 129

The Last Watchdog

MARCH 24, 2025

Quantum computings ability to break todays encryption may still be years awaybut security leaders cant afford to wait. Related: Quantum standards come of age The real threat isnt just the eventual arrival of quantum decryptionits that nation-state actors are already stockpiling encrypted data in harvest now, decrypt later attacks.

Encryption 130

Encryption Financial Services Technology Risk 130

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. The ransomware group used an unsecured webcam to encrypt systems within atarget’s network, bypassing Endpoint Detection and Response (EDR). Akira successfully encrypted files across the network.

Ransomware 128

Ransomware IoT Encryption Passwords 128

Security Boulevard

JANUARY 24, 2025

Palo Alto Networks this week released an open application programming interface (API) framework that organizations can use to more easily deploy encryption keys that are not likely to be broken by a quantum computer. The post Palo Alto Networks Makes Post Quantum Cryptography API Available appeared first on Security Boulevard.

Encryption 119

Encryption Cybersecurity 119

Schneier on Security

NOVEMBER 22, 2023

Once you’ve validated the conversation, your devices maintain a chain of trust in which neither you nor the other person has given any private encryption information to each other or Apple. If anything changes in the encryption keys each of you verified, the Messages app will notice and provide an alert or warning.

Authentication 336

Authentication Encryption Accountability 336

Schneier on Security

MARCH 5, 2024

First, these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals. […] Anyone who can physically access one of the doorbells can take over the device—no tools or fancy hacking skills needed. Their security is terrible.

Internet 349

Internet Internet Encryption Hacking 349

SecureWorld News

MARCH 31, 2025

Backup hygiene: encryption, automation, and testing A backup that can't be restored is no backup at all. To add more security, they should also be automated and encrypted to provide data privacy." Encryption and automation reduce the risk of human error and ensure consistency.

Backups 98

Backups Mobile Encryption CISO 98