Schneier on Security

MARCH 24, 2025

Last month I wrote about the UK forcing Apple to break its Advanced Data Protection encryption in iCloud. Also: “ A Feminist Argument Against Weakening Encryption.” More recently, both Sweden and France are contemplating mandating back doors.

Encryption 301

Encryption 301

Schneier on Security

FEBRUARY 19, 2024

The European Court of Human Rights has ruled that breaking end-to-end encryption by adding backdoors violates human rights : Seemingly most critically, the [Russian] government told the ECHR that any intrusion on private lives resulting from decrypting messages was “necessary” to combat terrorism in a democratic society.

Encryption 355

Encryption Surveillance Government Software 355

Schneier on Security

FEBRUARY 26, 2024

Apple announced PQ3 , its post-quantum encryption standard based on the Kyber secure key-encapsulation protocol, one of the post-quantum algorithms selected by NIST in 2022. There’s a lot of detail in the Apple blog post , and more in Douglas Stabila’s security analysis. I am of two minds about this.

Encryption 337

Encryption 337

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption 117

Encryption Password Management Cryptocurrency Social Engineering 117

Malwarebytes

DECEMBER 9, 2024

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. de Vries in 2021.

Encryption 117

Encryption VPN Media Marketing 117

Security Affairs

JANUARY 15, 2025

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The ransomware group Codefinger utilizes an AES-256 encryption key they generate and store locally.

Encryption 118

Encryption Ransomware Authentication Accountability 118

Malwarebytes

FEBRUARY 11, 2025

The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service. The main goal for the Home Office is an optional feature that turns on end-to-end encryption for backups and other data stored in iCloud. Since then, privacy focused groups have uttered their objections.

Encryption 116

Encryption Backups Government Accountability 116

Schneier on Security

FEBRUARY 11, 2025

Really good—and detailed— survey of Trusted Encryption Environments (TEEs.)

Encryption 220

Encryption 220

Krebs on Security

FEBRUARY 6, 2025

But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks. Image: NowSecure.

Risk 290

Risk Artificial Intelligence Mobile Encryption 290

eSecurity Planet

FEBRUARY 26, 2025

Explore the risks of popular apps and why switching to encrypted alternatives is crucial. The post US Officials Recommend Using Encrypted Apps for Messaging appeared first on eSecurity Planet. Take control of your data and protect your privacy before its too late!

Encryption 104

Encryption Surveillance Hacking Risk 104

Adam Shostack

JANUARY 2, 2025

Ransomware works by going through files, one by one, and replacing their content with an encrypted version. Because you can't encrypt a file until you can open it, this would have a dramatic impact on ransomware. Sometimes it also sends copies elsewhere, but that turns out to be slow, and sometimes sets off alarms.)

Ransomware 246

Ransomware Encryption Software 246

NetSpi Technical

MARCH 10, 2025

This led to an analysis of the software and how it stored encrypted passwords, giving the red team the ability to recover the stored passwords and use them to access other systems. TL;DR an attacker with access to a Web Help Desk backup file may be able to recover some of the encrypted passwords stored within it.

Encryption 99

Encryption Backups Passwords Software 99

Security Boulevard

APRIL 3, 2025

Google is making it easier for Gmail users to send end-to-end encrypted (E2EE) emails to anyone by adopting a process that does away with complex options like S/MIME and instead uses encrypted keys that are controlled by the sender.

Encryption 71

Encryption Data privacy Mobile Risk 71

Malwarebytes

JANUARY 13, 2025

Messages is what is called an end-to-end encrypted messaging app. Thats one of the questions that Mallory Knodel and her team at New York University and Cornell University tried to answer with a new paper on the compatibility between AI tools and end-to-end encrypted messaging apps.

Encryption 92

Encryption Artificial Intelligence Media Technology 92

Schneier on Security

DECEMBER 11, 2023

It’s happened. Details here , and tech details here (for messages in transit) and here (for messages in storage) Rollout to everyone will take months, but it’s a good day for both privacy and security. Slashdot thread.

Encryption 320

Encryption Cybersecurity 320

Schneier on Security

APRIL 1, 2025

That is, does the reset erase the old encryption key, or just sever the password that access that key? Are there easy ways to delete data—files, photos, etc.—on —on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable?

Computers and Electronics 255

Computers and Electronics Encryption Passwords 255

Schneier on Security

JANUARY 27, 2025

The challenge comes in the form of a string of text that’s encrypted using the public portion of an RSA key. After receiving a magic packet hidden in the normal flow of TCP traffic, it relays a challenge to the device that sent it.

VPN 329

VPN Encryption Malware Technology 329

SecureWorld News

DECEMBER 8, 2024

Recent progress has sparked discussions, but current capabilities are still far from threatening encryption standards like 2048-bit RSA. It is essential to understand the risks posed by quantum computing, as future advancements could compromise today's encrypted data, opening new opportunities for threat actors.

Encryption 119

Encryption Firewall Education Firmware 119

Centraleyes

APRIL 10, 2025

The most commonly used methods for securing cardholder data are tokenization and encryption. This blog will explore the differences between PCI DSS tokenization vs. encryption, how each method fits into PCI compliance, and the associated PCI DSS encryption requirements and tokenization practices. What Is Encryption?

Encryption 52

Encryption Data breaches Risk Retail 52

Heimadal Security

APRIL 2, 2025

In some cases, that might mean […] The post Top 8 Sophos Intercept X Alternatives for Ransomware Encryption Protection appeared first on Heimdal Security Blog. So, using it often requires a full commitment to the Sophos ecosystem.

Encryption 65

Encryption Ransomware 65

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and modifies BitLocker configurations to encrypt a system’s drives.

Ransomware 123

Ransomware Encryption Passwords Backups 123

Graham Cluley

OCTOBER 17, 2024

No-one would be bold enough to say that the ransomware problem is receding, but a newly-published report by Microsoft does deliver a slither of encouraging news amongst the gloom. And boy do we need some good news - amid reports that 389 US-based healthcare institutions were hit by ransomware last year - more than one every single day.

Ransomware 114

Ransomware Encryption Healthcare Data breaches 114

Schneier on Security

SEPTEMBER 26, 2023

if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. or any jurisdiction if it came down to the choice between backdooring our encryption and betraying the people who count on us for privacy, or leaving,” Whittaker said. ”

Encryption 358

Encryption 358

Schneier on Security

FEBRUARY 21, 2025

to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the output). .” Abstract: The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g,

Encryption 229

Encryption 229

Security Boulevard

OCTOBER 11, 2024

Organizations say generative AI is fueling a surge of more sophisticated cyberattacks and that they feel unprepared for the onslaught, but a Keeper Security survey found they are investing more in such foundational protections as data encryption and employee awareness training.

Encryption 128

Encryption Data privacy Security Awareness Risk 128

Schneier on Security

APRIL 30, 2024

Meta has threatened to pull WhatsApp out of India if the courts try to force it to break its end-to-end encryption.

Encryption 291

Encryption 291

Schneier on Security

MAY 7, 2024

This attack has been feasible for over two decades: Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.

VPN 336

VPN Encryption Internet Internet 336

Security Boulevard

DECEMBER 4, 2024

Hell froze over: FBI and NSA recommend you use strong encryption. The post China is Still Inside US Networks — It’s Been SIX Months appeared first on Security Boulevard.

Encryption 129

Encryption Cyber Attacks Data privacy IoT 129

The Last Watchdog

MARCH 24, 2025

Quantum computings ability to break todays encryption may still be years awaybut security leaders cant afford to wait. Related: Quantum standards come of age The real threat isnt just the eventual arrival of quantum decryptionits that nation-state actors are already stockpiling encrypted data in harvest now, decrypt later attacks.

Encryption 130

Encryption Financial Services Technology Risk 130

Schneier on Security

SEPTEMBER 5, 2024

Really interesting analysis of the American M-209 encryption device and its security.

Encryption 278

Encryption 278

Schneier on Security

JULY 26, 2024

The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text.

Firmware 334

Firmware Encryption Manufacturing Passwords 334

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. The ransomware group used an unsecured webcam to encrypt systems within atarget’s network, bypassing Endpoint Detection and Response (EDR). Akira successfully encrypted files across the network.

Ransomware 130

Ransomware IoT Encryption Passwords 130

Security Boulevard

JANUARY 24, 2025

Palo Alto Networks this week released an open application programming interface (API) framework that organizations can use to more easily deploy encryption keys that are not likely to be broken by a quantum computer. The post Palo Alto Networks Makes Post Quantum Cryptography API Available appeared first on Security Boulevard.

Encryption 119

Encryption Cybersecurity 119

Security Affairs

MARCH 15, 2025

The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques. It uses a configuration file with regex patterns to detect cryptocurrency wallet addresses and C2 addresses for downloading encrypted wallet lists (recovery.dat and recoverysol.dat).

Software 115

Software Cryptocurrency Malware Encryption 115

Schneier on Security

NOVEMBER 22, 2023

Once you’ve validated the conversation, your devices maintain a chain of trust in which neither you nor the other person has given any private encryption information to each other or Apple. If anything changes in the encryption keys each of you verified, the Messages app will notice and provide an alert or warning.

Authentication 327

Authentication Encryption Accountability 327

Joseph Steinberg

APRIL 7, 2025

Topics covered in the book include: The who and why of cybersecurity threats Basic cybersecurity concepts What to do to be cyber-secure What to do if you have been breached Cybersecurity careers What to think about if you want to stay cybersecure in the future CyberSecurity For Dummies: Third Edition also offers: Updated directions on how to (..)

Cybersecurity 187

Cybersecurity Artificial Intelligence Backups Encryption 187

Schneier on Security

MARCH 5, 2024

First, these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals. […] Anyone who can physically access one of the doorbells can take over the device—no tools or fancy hacking skills needed. Their security is terrible.

Internet 341

Internet Internet Encryption Hacking 341