Encryption News, Articles and Updates

FBI director calls for 'hard conversation' on encryption and policing

Law enforcement is being blocked by encryption from accessing data they have every right to examine - it's time to build trust between police and the tech sector, says FBI director James Comey.

Doxing threats lead AlphaBay marketplace to pay extortionist £37,000

It appears that AlphaBay, the largest dark web marketplace, has paid an extortionist several payments since August 2016 to protect the identity of its founder.

Challenging encryption complexity: deploy according to use cases

Peter Galvin discusses how IT system downtime can sometimes be due to implementing processes around data security such as encryption with data-at-rest encryptionset to rise in prominence

French and German MPs ask for encryption backdoors, industry says 'no'

French and German ministers ask for greater security measures, including encryption backdoors - to fight terrorism in Europe, but tech industry says it isn't possible.

Confide in me! Encryption app leaks sensitive info from Washington DC

An encrypted messaging app called Confide is being used in Washington DC by White House staffers to leak embarrassing or sensitive information.

Securing optical fibre - you need to prioritise in-flight encryption

Joe Marsella covers how many firms' cyber-security strategies are incomplete and discusses why they should prioritise in-flight encryption as much as they do protecting at-rest data.

HTTPS abusers hide malware in encrypted tunnels to avoid security

While the number of users and sites that are using encryption is on the rise, this is not all good news for cyber-security as the criminals are following suit.

Encryption "critical" for GDPR but many deterred by complexity

Three quarters of organisations plan to expand their data protection capabilities with encryption as GDPR deadline looms.

UPDATE 2: WhatsApp has 'critical encryption backdoor', researcher claims

By triggering devices to reset keys, WhatsApp could hack its own end-to-end encryption, reading users' messages, a researcher claims, while others cry "FUD".

You lose, Grinch: DeriaLock ransomware discovered on Christmas Eve, but researchers devise decryptors

A rapidly evolving ransomware family called DeriaLock made its ignominious debut over the 2016 holidays, but researchers quickly created decryptor software to rescue the files of those unlucky enough to receive this unwanted "gift."

Stampado ransomare: Cheap, but easily decrypted

Stampado ransomware was first spotted in the wild in July, but has spawned new variants capable of self propagating and re-encrypting files previously locked up by other ransomware, and all for a rock bottom price on the dark web.

Cerber ransomware: Now with database encryption

The widespread and ever-evolving Cerber ransomware has upped its game as it targets enterprises with a new capability to encrypt database files.

TeleCrypt ransomware rapidly defanged thanks to weak encryption

Security researchers at Malwarebytes have worked out how to extract the encryption key from TeleCrypt ransomware and build a tool for recovering scrambled files.

Native Android SMS app not the best for security, report

A new analysis of SMS clients used on the Android OS determined that native text clients are less secure than third-party solutions.

Artificial intelligence creates its own encryption

Researchers from Google's Brain division have released an academic paper which details how they were able to get neural networks to create their own encryption standard, and communicate between each other.

Cardiff resident charged with encrypting for IS

A 33-year-old man from Cardiff has been charged for allegedly teaching members of ISIS how to encrypt

Russian special services to decrypt Internet traffic

Following on from the Yarovaya Law, Russia's special security service, FSB (successor to the KGB), is to implement plans to achieve access to all internet traffic in the country, decrypted.

Ponemon: Financial institutions not prepared to address cyber-attacks in encrypted traffic

Duncan Hughes explains how SSL decryption will increasingl be needed to ensure encrypted traffic does not become a facilitator for attackers.

UK schools must invest in online strategy and encrypt sensitive data

New research from Web Foundry that polled 1,000 parents of children of school age suggests that UK schools need to invest in their online strategy.

Google reverses Allo policy, raising ire of privacy groups

The version of Allo that Google released on Wednesday will indefinitely store messages until they are manually deleted by the user.

Cloudflare looks to TLS 1.3 to secure internet

Amongst various security features, cloud-provider Cloudflare looks to TLS 1.3 to secure internet.

Vendors leave crypto key in the door when it comes to security

The problem of certificates baked into firmware continues to jeopardise the security of consumer internet devices despite warnings to vendors, according to a researcher.

Survey: Hackers believe strongly in privacy... unless they're paid to crack passwords

Four out of five surveyed hackers agreed that Apple was right to refuse the FBI's request for a backdoor into the San Bernardino shooter's iPhone. Yet 52 percent said they would help the FBI crack an iPhone's password for a fee.

ICYMI: Dropbox, Minecraft fans, malicious SSL attacks, voter databases breached

This Week: Dropbox data dump, Minecraft fansite data dump, one click iOS exploitation, more encryption means more cyber-attacks and two the voter databases of two separate US states get breached by hackers

Increasing use of encryption technology causes more cyber-attacks

An outcome of the growing use of encryption technology to keep network data safe is an increase in cyber-attacks.

Google says 'Allo, we're now encrypted too!'

Google's upcoming chat app is to feature opt-in encrypted chat options, which will use the same technology that forms the basis of Whatsapp and Signal.

Are we ignoring the collateral damage of encryption?

As the encryption debate rages on, and governments around the world press to get greater surveillance power, SC's Roi Perez asks if the industry is ignoring the collateral damage of the encryption debate.

Video explainer: What's wrong with encryption back doors?

SC caught up with BeyondTrust's Brian Chappell to find out why weakened encryption for one means weakened encryption for all