article thumbnail

Criminals Exploiting FBI Emergency Data Requests

Schneier on Security

I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too.

article thumbnail

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

According to NBC news , two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at CISA– both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Apple Is Finally Encrypting iCloud Backups

Schneier on Security

After way too many years, Apple is finally encrypting iCloud backups : Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes.

Backups 349
article thumbnail

Apple ordered to grant access to users’ encrypted data

Malwarebytes

The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service. However, Apple itself doesn’t have access to it at the moment, only the holder of the Apple account can access data stored in this way. Since then, privacy focused groups have uttered their objections.

article thumbnail

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The ransomware group Codefinger utilizes an AES-256 encryption key they generate and store locally.

article thumbnail

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S.

article thumbnail

CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk

NetSpi Technical

This led to an analysis of the software and how it stored encrypted passwords, giving the red team the ability to recover the stored passwords and use them to access other systems. TL;DR an attacker with access to a Web Help Desk backup file may be able to recover some of the encrypted passwords stored within it.