Encryption, Information and Internet - Cyber Security Informer

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

Joseph Steinberg

JANUARY 19, 2022

At some point in the not-so-distant future, quantum computers are going to pose a major threat to today’s encryption mechanisms and encrypted data. To begin with, all of today’s encrypted communications could potentially be at risk of being leaked and abused.

Encryption

Encryption Backups Banking Artificial Intelligence

The Internet is Held Together With Spit & Baling Wire

Krebs on Security

NOVEMBER 26, 2021

A visualization of the Internet made using network routing data. Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. Image: Barrett Lyon, opte.org. Based in Monroe, La., Lumen Technologies Inc.

Internet

Internet Internet Authentication Telecommunications

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Joseph Steinberg

APRIL 21, 2022

It is no secret that cybersecurity professionals universally recommend that people, businesses, and governments employ strong encryption as one of several methods of protecting sensitive information.

Encryption

Encryption Cybersecurity Artificial Intelligence Backups

Germany Talking about Banning End-to-End Encryption

Schneier on Security

MAY 24, 2019

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. The article is in German, and I would appreciate additional information from those who can speak the language.

Encryption

Encryption Internet Internet

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Troy Hunt

SEPTEMBER 3, 2020

The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. Isn't the whole point of encryption that it protects data when exposed to unintended parties? They can't be unencrypted because they weren't encrypted in the first place. But you should change it anyway.

Passwords

Passwords Encryption Data breaches Risk

Everything Encrypted Will Soon Become Decryptable: We Must Prepare Now For The Era Of Quantum Computers

Joseph Steinberg

DECEMBER 20, 2021

Nearly every piece of data that is presently protected through the use of encryption may become vulnerable to exposure unless we take action soon. While quantum computers already exist, no devices are believed to yet exist that are anywhere near powerful enough to crack modern encryption in short order.

Encryption

Encryption Artificial Intelligence Technology Risk

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

The Last Watchdog

OCTOBER 18, 2023

Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time. Customized decryption ABE builds upon digital certificates and the Public Key Infrastructure ( PKI ) that underpins secure communications across the Internet. Here are my takeaways. I’ll keep watch and keep reporting.

Encryption

Encryption Surveillance Internet Internet

Oblivious DNS-over-HTTPS

Schneier on Security

DECEMBER 8, 2020

Here’s how it works: ODoH wraps a layer of encryption around the DNS query and passes it through a proxy server, which acts as a go-between the internet user and the website they want to visit. Traditional DNS is also unencrypted, and leaks user information to network operators.

DNS

DNS Encryption Internet Internet

China’s Olympics App Is Horribly Insecure

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.

Surveillance

Surveillance Encryption Wireless Government

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

MAY 3, 2021

Encryption agility is going to be essential as we move forward with digital transformation. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. Refer: The vital role of basic research.

Encryption

Encryption Retail Digital transformation Authentication

The Myth of Consumer-Grade Security

Schneier on Security

AUGUST 28, 2019

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes.

Computers and Electronics

Computers and Electronics Encryption Internet Internet

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Joseph Steinberg

JULY 20, 2022

There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption. Such an attitude is not alarmist – it is reality, whether we like it or not.

Risk

Risk Encryption Government Artificial Intelligence

Internet Archive suffers data breach and DDoS

Malwarebytes

OCTOBER 10, 2024

Internet Archive, most known for its Wayback Machine , is a digital library that allows users to look at website snapshots from the past. The stolen database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

Data breaches

Data breaches DDOS Internet Internet

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

CISO

CISO Encryption Telecommunications Financial Services

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords

Passwords Authentication Firmware Accountability

Oops! Black Basta ransomware flubs encryption

Malwarebytes

JANUARY 2, 2024

The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Basta Buster, exploits a flaw in the encryption algorithm used in older versions of the Black Basta group’s ransomware. ” Files can be recovered if the plaintext of 64 encrypted bytes is known.

Encryption

Encryption Ransomware Backups Malware

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Security Affairs

MAY 24, 2024

Introduction to TLS and Certificate Transparency Log Securing Internet communications is crucial for maintaining the confidentiality and integrity of information in transit. 509 [2] certificates) and encrypted, authenticated connections (TLS [3] and its precursor, SSL [4] ).

DNS

DNS Manufacturing Firewall Internet

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Troy Hunt

SEPTEMBER 17, 2020

I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them. Now let's try the mobile app: What's the encryption story there?

VPN

VPN Phishing DNS Encryption

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. Federal Bureau of Investigation (FBI). Image: Wikipedia.

Antivirus

Antivirus VPN Encryption Malware

FujiFilm printer credentials encryption issue fixed

Pen Test Partners

OCTOBER 31, 2023

With the default configuration of these printers, it’s possible to retrieve these credentials in an encrypted format without authenticating to the printer. A vulnerability in the encryption process of these credentials means that you can decrypt them with responses from the web interface. This is the IV for the encryption algorithm.

Encryption

Encryption Passwords Firmware Engineering

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

APRIL 7, 2024

An attacker can exploit the flaw to achieve command execution on the affected D-Link NAS devices, gain access to potential access to sensitive information, system configuration alteration, or denial of service. Netsecfish reported that over 92,000 Internet-facing devices are vulnerable. ” wrote Netsecfish.

Internet

Internet Internet DNS Hacking

US Journalist Detained When Returning to US

Schneier on Security

JULY 4, 2019

After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. He browsed my emails and my internet history. Pomeroy, meanwhile, searched my laptop.

Passwords

Passwords Media Encryption Internet

Inside the Massive Alleged AT&T Data Breach

Troy Hunt

MARCH 18, 2024

It is undoubtedly in the hands of thousands of internet randos. Per the linked story, social security numbers and dates of birth exist on most rows of the data in encrypted format, but two supplemental files expose these in plain text. The above example simply didn't have plain text entries for the encrypted data.

Data breaches

Data breaches Encryption Identity Theft InfoSec

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption

Encryption Passwords IoT Firewall

Does Your Organization Have a Security.txt File?

Krebs on Security

SEPTEMBER 20, 2021

In a bid to minimize these scenarios, a growing number of major companies are adopting “ Security.txt ,” a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences. An example of a security.txt file. Image: Securitytxt.org. well-known/security.txt.

Retail

Retail Healthcare Internet Internet

Internet Safety Month: Keep Your Online Experience Safe and Secure

Webroot

MAY 31, 2024

What is Internet Safety Month? Each June, the online safety community observes Internet Safety Month as a time to reflect on our digital habits and ensure we’re taking the best precautions to stay safe online. Research the company or website before pursuing an offer or providing any personal information.

Internet

Internet Internet Identity Theft Passwords

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Krebs on Security

JANUARY 13, 2020

military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. Sources tell KrebsOnSecurity that Microsoft Corp. 14, the first Patch Tuesday of 2020. .”

Internet

Internet Internet Software Media

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

Ueland said after hearing about the escrow.com hack Monday evening he pulled the domain name system (DNS) records for escrow.com and saw they were pointing to an Internet address in Malaysia — 111.90.149[.]49 The attacker also obtained free encryption certificates for escrow.com from Let’s Encrypt.

Phishing

Phishing DNS Social Engineering Accountability

Microsoft Patch Tuesday, May 2021 Edition

Krebs on Security

MAY 11, 2021

On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser. ” Another curious bug fixed this month is CVE-2020-24587 , described as a “Windows Wireless Networking Information Disclosure Vulnerability.”

Wireless

Wireless Internet Internet Backups

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. The HaveIBeenPwned project, which collects and analyzes hundreds of database dumps containing information about billions of leaked accounts, has incorporated the data into his service.

Mobile

Mobile Accountability Passwords Authentication

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

MARCH 4, 2021

In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. At the top of a 35-page PDF leaked online is a private encryption key allegedly used by Maza administrators. Pass this information to people you know. ” On Feb.

Cybercrime

Cybercrime Hacking Passwords Accountability

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults, as well as other personal information.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Quantum Computing and Cryptography

Schneier on Security

SEPTEMBER 14, 2018

It allows for very fast searching, something that would break some of the encryption algorithms we use today. And if some inconceivable alien technology can break all of cryptography, we still can have secrecy based on information theory -- albeit with significant loss of capability.

Encryption

Encryption Technology Engineering Authentication

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

JULY 21, 2021

Related: Why PKI will endure as the Internet’s secure core. And PKI , of course, is the behind-the-scenes authentication and encryption framework on which the Internet is built. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

Computers and Electronics

Computers and Electronics Digital transformation Authentication Internet

RSAC Fireside Chat: Cybersixgill crawls the Dark Web to uncover earliest signs of companies at risk

The Last Watchdog

APRIL 21, 2023

Related: In pursuit of a security culture It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories. This boots in the underground approach, of course, has its limitations.

Risk

Risk Engineering Encryption Internet

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” First spotted in mid-August 2022 , Venus is known for hacking into victims’ publicly-exposed Remote Desktop services to encrypt Windows devices.

Healthcare

Healthcare Backups Ransomware Insurance

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

Remote workers face having both their personal and work-related information compromised. A VPN encrypts all internet traffic so that it is unreadable to anyone who intercepts it. This keeps your information away from prying eyes, such as internet service providers and hackers. Set up firewalls. Secure home router.

VPN

VPN Passwords Firewall Risk

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

The Last Watchdog

MARCH 17, 2021

Brent Waters, a rock star computer scientist at the University of Texas, enthusiastically accepted a distinguished scientist post to continue his award-winning studies on a couple of breakthrough areas of cryptography: attribute-based encryption and functional encryption. More about these paradigm shifters below. Need to know basis.

Digital transformation

Digital transformation Encryption Technology Mobile

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS

DNS VPN Encryption Passwords

Bomb Threat, DDoS Purveyor Gets Eight Years

Krebs on Security

DECEMBER 1, 2020

Dalton, whose online aliases included “WantedbyFeds” and “Hacker_R_US,” pleaded guilty last year to one count of conspiracy to convey threats to injure, convey false information concerning use of explosive device, and intentionally damage a computer; one count of computer hacking; and one count of possession of child pornography.

DDOS

DDOS Hacking Mobile Encryption

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Krebs on Security

NOVEMBER 22, 2019

VCPI) provides IT consulting, Internet access, data storage and security services to some 110 nursing homes and acute-care facilities in 45 states. Milwaukee, Wisc. based Virtual Care Provider Inc. All told, VCPI is responsible for maintaining approximately 80,000 computers and servers that assist those facilities. At around 1:30 a.m.

Ransomware

Ransomware Computers and Electronics Healthcare Data breaches

Quantum Threats and How to Protect Your Data

SecureWorld News

DECEMBER 8, 2024

Recent progress has sparked discussions, but current capabilities are still far from threatening encryption standards like 2048-bit RSA. It is essential to understand the risks posed by quantum computing, as future advancements could compromise today's encrypted data, opening new opportunities for threat actors.

Encryption

Encryption Firewall Education Firmware

Are Western Sanctions Undermining Russian Civilians’ Efforts To Obtain Accurate News Via VPNs?

Joseph Steinberg

MAY 9, 2022

Other parties familiar with Russian Internet usage patterns have also estimated that as many as a third of all Russian Internet users now regularly use VPNs. times as high as it was prior to the war! VPN technologies deliver two major benefits to Russian citizens.

VPN

VPN Government Artificial Intelligence Technology

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

What about public information? As every computer security professional knows, if anything is on the Internet, it’s subject to increasingly sophisticated attacks. or higher) encryption protocol, because systems using an older version of TLS are a security risk. A big concern on Wikipedia is vandalism. What can you do about it?

Data breaches

Data breaches Encryption Mobile Technology

What Damage Can Happen If Data Leaks When Quantum Computing Breaks Today’s Encryption

The Internet is Held Together With Spit & Baling Wire

Trending Sources

Don’t Let Encryption Become A Double-Edged Sword That Undermines Zero Trust CyberSecurity

Germany Talking about Banning End-to-End Encryption

We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:

Everything Encrypted Will Soon Become Decryptable: We Must Prepare Now For The Era Of Quantum Computers

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

Oblivious DNS-over-HTTPS

China’s Olympics App Is Horribly Insecure

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Myth of Consumer-Grade Security

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Internet Archive suffers data breach and DDoS

Why CISA is Warning CISOs About a Breach at Sisense

Ubiquiti: Change Your Password, Enable 2FA

Oops! Black Basta ransomware flubs encryption

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Adventures in Contacting the Russian FSB

FujiFilm printer credentials encryption issue fixed

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

US Journalist Detained When Returning to US

Inside the Massive Alleged AT&T Data Breach

What Is Encryption? Definition, How it Works, & Examples

Does Your Organization Have a Security.txt File?

Internet Safety Month: Keep Your Online Experience Safe and Secure

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Microsoft Patch Tuesday, May 2021 Edition

Are You One of the 533M People Who Got Facebooked?

Three Top Russian Cybercrime Forums Hacked

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Quantum Computing and Cryptography

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

RSAC Fireside Chat: Cybersixgill crawls the Dark Web to uncover earliest signs of companies at risk

New Ransom Payment Schemes Target Executives, Telemedicine

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

MY TAKE: Why ‘basic research’ is so vital to bringing digital transformation to full fruition

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Bomb Threat, DDoS Purveyor Gets Eight Years

110 Nursing Homes Cut Off from Health Records in Ransomware Attack

Quantum Threats and How to Protect Your Data

Are Western Sanctions Undermining Russian Civilians’ Efforts To Obtain Accurate News Via VPNs?

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

Stay Connected