Encryption and InfoSec - Cyber Security Informer

Thinking About the Future of InfoSec (v2022)

Daniel Miessler

MARCH 20, 2022

The ideas will cover multiple aspects of InfoSec, from organizational structure to technology. At the highest level, I think the big change to InfoSec will be a loss of magic compared to now. HT to Jeremiah Grossman to also being very early to seeing the role of insurance in InfoSec. Org Structure. Technology. Regulation.

InfoSec

InfoSec Insurance Technology Engineering

Inside the DemandScience by Pure Incubation Data Breach

Troy Hunt

NOVEMBER 13, 2024

For example, mine was just one of many tens of thousands of Pfizer email addresses, and that sort of thing is going to raise the ire of some folks in corporate infosec capacities.

Data breaches

Data breaches Passwords B2B Technology

Inside the Massive Alleged AT&T Data Breach

Troy Hunt

MARCH 18, 2024

The linked article talks about the author verifying the data with various people he knows, as well as other well-known infosec identities verifying its accuracy. Per the linked story, social security numbers and dates of birth exist on most rows of the data in encrypted format, but two supplemental files expose these in plain text.

Data breaches

Data breaches Encryption Identity Theft InfoSec

Let’s Encrypt to revoke “mis-issued” certificates

Malwarebytes

JANUARY 27, 2022

If you use a Let’s Encrypt SSL/TLS certificate, you may wish to check your account over the coming days. The onset of mass free HTTPS certificates has, interestingly, meant a few tweaks being applied to infosec advice realms. What’s happened with Let’s Encrypt? What’s the deal with free certificates?

Encryption

Encryption InfoSec Phishing Accountability

CTO of Center for Internet Security Expounds on Transforming InfoSec

SecureWorld News

NOVEMBER 9, 2022

At the same time, we also have changes at every layer of the protocol stack and this is driven by an increased push for encryption—not just encryption, strong encryption.". We're responsible for the CIS benchmarks and the CIS controls.

InfoSec

InfoSec Internet Internet Encryption

USENIX Enigma 2023 – Kenn White, MongoDB – ‘The Edge Of Developed Practice In Searching Encrypted Data’

Security Boulevard

APRIL 29, 2023

Permalink The post USENIX Enigma 2023 – Kenn White, MongoDB – ‘The Edge Of Developed Practice In Searching Encrypted Data’ appeared first on Security Boulevard. Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.

Encryption

Encryption Education InfoSec Cybersecurity

The Clock To Q-Day Is Ticking: InfoSec Global and Thales Provide Collaborative Path to Quantum Readiness

Thales Cloud Protection & Licensing

FEBRUARY 19, 2024

To counter HNDL, migrating critical systems to Post-Quantum Cryptography (PQC) provides encryption and authentication methods resistant to an attack from a cryptographically relevant quantum computer (CRQC). Encryption Thales | Cloud Protection & Licensing Solutions More About This Author > Schema In the U.S.,

InfoSec

InfoSec Encryption Risk Marketing

SentinelOne released free decryptor for ThiefQuest ransomware

Security Affairs

JULY 8, 2020

Good news for the victims of the ThiefQuest (EvilQuest) ransomware, they can recover their encrypted files for free. The victims of the ThiefQuest (EvilQuest) ransomware victims can recover their encrypted files without needing to pay the ransom due to the availability of a free decryptor. macOS ransomware #decryptor ( #EvilQuest )! |

Ransomware

Ransomware Encryption Malware Advertising

The CPRA: What You Should Know as an InfoSec Professional

SecureWorld News

DECEMBER 1, 2022

Endpoint encryption for all laptops. Privacy training, specifically. Well documented policies and standards for employees (data handling). Enterprise endpoint protection and remediation (anti-malware, anti-virus software). Intrusion detection and response. Cyber insurance (critical). And more (listen in for the full list). "I

InfoSec

InfoSec Cyber Insurance Consumer Protection Insurance

Telegram is NOT an Encrypted Messaging App, Must-See Documentaries

Security Boulevard

SEPTEMBER 1, 2024

In this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app’s encryption claims. Is Telegram truly an encrypted messaging app? The post Telegram is NOT an Encrypted Messaging App, Must-See Documentaries appeared first on Security Boulevard.

Encryption

Encryption Media Data privacy InfoSec

Secure Communications: Relevant or a Nice to Have?

Jane Frankland

FEBRUARY 7, 2025

Why Free Tools Don’t Cut It While consumer grade and free communication tools like WhatsApp, Telegram, and Signal offer end-to-end encryption, and can help in crises, they do fall short when it comes to enterprise level security and compliance.

Cyber Risk

Cyber Risk CISO Risk Encryption

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Security Affairs

JANUARY 25, 2021

Leaked data includes names, e-mails, mobile numbers, encrypted passwords, user wallet details, order details, bank details, KYC details (PAN number, passport numbers) and deposit history. Story – [link] #InfoSec pic.twitter.com/1xFOtLcd8F — Rajshekhar Rajaharia (@rajaharia) January 21, 2021. You leaked my own data too.

Cryptocurrency

Cryptocurrency Hacking InfoSec Data breaches

Security BSides Dublin 2021 – Rob Slade’s ‘Homomorphic Encryption’

Security Boulevard

JUNE 13, 2021

The post Security BSides Dublin 2021 – Rob Slade’s ‘Homomorphic Encryption’ appeared first on Security Boulevard. Our thanks to Security BSides Dublin for publishing their outstanding videos on the organization's YouTube channel.

Encryption

Encryption Education InfoSec Information Security

USENIX Security ’22 – Simon Oya, Florian Kerschbaum – ‘IHOP: Improved Statistical Query Recovery Against Searchable Symmetric Encryption Through Quadratic Optimization’

Security Boulevard

FEBRUARY 14, 2023

Permalink The post USENIX Security ’22 – Simon Oya, Florian Kerschbaum – ‘IHOP: Improved Statistical Query Recovery Against Searchable Symmetric Encryption Through Quadratic Optimization’ appeared first on Security Boulevard.

Encryption

Encryption Education InfoSec Cybersecurity

Your Work Email Address is Your Work's Email Address

Troy Hunt

JULY 21, 2021

Not just infosec headlines or tech headlines, but the headlines of major consumer media the likes my mum and dad would read. Sidenote: there's a whole other discussion about active interception of encrypted communications that may also give an employer access to this.)

Accountability

Accountability Data breaches Government InfoSec

Security BSides Dublin 2021 – Rob Slade’s ‘Homomorphic Encryption’

Security Boulevard

JANUARY 31, 2022

The post Security BSides Dublin 2021 – Rob Slade’s ‘Homomorphic Encryption’ appeared first on Security Boulevard. Additionally, the Security BSides Dublin organization has slated their eponymous Security BSides Dublin 2022 confab at the The Convention Centre Dublin ( CCD ) on 2022/03/19. Just a month and a half away.

Encryption

Encryption Education InfoSec Information Security

Security BSides London 2021 – Eva Summerfield’s ‘When Encryption Fails’

Security Boulevard

JANUARY 19, 2022

The post Security BSides London 2021 – Eva Summerfield’s ‘When Encryption Fails’ appeared first on Security Boulevard. Our thanks to Security BSides London for publishing their tremendous videos from the Security BSides London 2021 Conference on the organization’s YouTube channel.

Encryption

Encryption Education InfoSec Information Security

Discord’s New End-to-End Encryption, LinkedIn Using Your Data for AI Training

Security Boulevard

SEPTEMBER 29, 2024

In episode 348, Tom and Scott discuss Discord’s new end-to-end encryption for audio and video calls, involving the DAVE Protocol, third-party vetting by Trail of Bits, and its impact on users. The post Discord’s New End-to-End Encryption, LinkedIn Using Your Data for AI Training appeared first on Security Boulevard.

Encryption

Encryption Data privacy Cyber threats InfoSec

Friday Five 5/21

Digital Guardian

MAY 20, 2021

Ransomware transparency, double encryption, and predictions for the future - catch up on all of the week's infosec news with the Friday Five!

InfoSec

InfoSec Encryption Ransomware

Kingston Technology Wins Coveted Global InfoSec Awards During RSA Conference 2021

CyberSecurity Insiders

MAY 22, 2021

a world leader in memory products and technology solutions, is proud to announce it has won the following Global InfoSec Awards for its encrypted USB solutions family from Cyber Defense Magazine (CDM), the industry’s leading electronic information magazine: Data Loss Prevention Market Leader. Encryption Market Leader.

InfoSec

InfoSec Technology Encryption Marketing

Cybersec’s Messy Messaging

Javvad Malik

NOVEMBER 23, 2021

Infosec types revolt against use of ancient abbreviation by Bitcoin and NFT devotees. You have governments trying to ban end to end encryption (refer to Alec Muffet for more nuanced discussions on E2E encryption ), no-one ever seems to have got PGP working, and what does cryptography has to do with privacy or secure banking?

InfoSec

InfoSec Encryption Cryptocurrency Banking

Risks to Your Network from Insecure Code Signing Processes

Security Boulevard

JULY 7, 2022

Plus, the practice of individually storing code signing keys results in an inscrutable and unsafe labyrinth of encryption keys, often referred to as key sprawl. Many InfoSec teams don’t have the visibility into what their software development teams are doing. In years past, InfoSec may have been the central keeper of code signing.

Risk

Risk InfoSec Software Digital transformation

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Non-encrypted data, insecure protocols and poor user authentication mechanisms are among the security issues that leave seismological networks open to breaches, the authors note.

IoT

IoT InfoSec Data collection Encryption

Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma

Security Boulevard

MAY 21, 2023

Next, we discuss Google Domains’ introduction of new top-level domains (TLDs) like.zip and […] The post Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma appeared first on Shared Security Podcast.

Encryption

Encryption Passwords Accountability Data privacy

USENIX Security ’22 – Jiafan Wang, Sherman S. M. Chow – ‘Omnes Pro Uno: Practical Multi-Writer Encrypted Database’

Security Boulevard

FEBRUARY 13, 2023

Chow – ‘Omnes Pro Uno: Practical Multi-Writer Encrypted Database’ appeared first on Security Boulevard. Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Jiafan Wang, Sherman S.

Encryption

Encryption Education InfoSec Cybersecurity

Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document

Security Boulevard

DECEMBER 19, 2021

This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to steal cars, and a FBI training document describes what data can be obtained by encrypted messaging apps. ** Links mentioned on the show […].

Encryption

Encryption InfoSec Technology Information Security

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

I seem to be doing most of that activity now on Mastodon , which appears to have absorbed most of the infosec refugees from Twitter, and in any case is proving to be a far more useful, civil and constructive place to post such things. For a variety of reasons, I will no longer be sharing these updates on Twitter. ” SEPTEMBER.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

The Importance of Technology Integration to the Value of an InfoSec product

NopSec

DECEMBER 4, 2015

The sync is bi-directional and credentials are encrypted with a customer’s unique encryption key. The post The Importance of Technology Integration to the Value of an InfoSec product appeared first on NopSec. Since our 3.4.7

InfoSec

InfoSec Technology Encryption Data breaches

Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption

Security Boulevard

DECEMBER 15, 2024

Additionally, Scott discusses the massive Salt Typhoon hacking [] The post Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption appeared first on Shared Security Podcast. The post Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption appeared first on Security Boulevard.

Encryption

Encryption Government Hacking Risk

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of February 28, 2022

Security Boulevard

MARCH 7, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 28, 2022. I’ve also included some comments on these stories.

Cybersecurity

Cybersecurity InfoSec Encryption

Play Ransomware Gang Behind Oakland Cyberattack

SecureWorld News

MARCH 3, 2023

It adds the extension.play to the encrypted files and leaves a note with the word PLAY and an email address for contact, according to cybersecurity firm Avertium. The cyber gang uses a combination of encryption algorithms to lock the files, making them impossible to recover without the decryption key.

Ransomware

Ransomware Encryption InfoSec Manufacturing

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

We are rapidly approaching a "secure by default" web and the green padlock is becoming the norm ( about two thirds of all browser traffic is now encrypted ). A great resource for getting a quick snapshot of how a site implements their SSL / TLS / HTTPS ("encryption of traffic", for the masses) is SSL Labs.

Hacking

Hacking Government Encryption Risk

UK’s Secret Apple Backdoor Request, AI Chatbots Used For Stalking

Security Boulevard

FEBRUARY 16, 2025

In this episode, we discuss the UK governments demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy.

Backups

Backups Encryption Government Technology

USENIX Security ’22 – Long Chen, Ya-Nan Li, Qiang Tang, Moti Yung – ‘End-To-Same-End Encryption: Modularly Augmenting An App With An Efficient, Portable, And Blind Cloud Storage’

Security Boulevard

FEBRUARY 13, 2023

Permalink The post USENIX Security ’22 – Long Chen, Ya-Nan Li, Qiang Tang, Moti Yung – ‘End-To-Same-End Encryption: Modularly Augmenting An App With An Efficient, Portable, And Blind Cloud Storage’ appeared first on Security Boulevard.

Encryption

Encryption Education InfoSec Cybersecurity

Which Data Do Ransomware Attackers Target for Double Extortion?

Security Boulevard

NOVEMBER 23, 2021

The attackers first exfiltrate sensitive information from their target before launching the ransomware encryption routine. Double extortion is one of the most prevalent ransomware tactics today.

Ransomware

Ransomware Encryption Antivirus Backups

The New Zoom Controversy About Privacy and Police Access

SecureWorld News

JUNE 4, 2020

Zoom admitted the end-to-end encryption it claimed to offer was quite different from the cybersecurity community's definition of the privacy feature. New Zoom controversy over encryption and working with police. It's true that Zoom is not giving free users full end-to-end encryption. But the company itself can investigate abuse.

Encryption

Encryption CSO InfoSec Cybersecurity

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

M]uch of InfoSec management falls back on employee training and avoiding employee error – particularly with respect to phishing , spear phishing, and encryption lapses.”. Trotter further argued that encryption of Anthem’s data at rest would have offered only minimal security benefits and would not have prevented the hack.

Data privacy

Data privacy Encryption Data breaches Insurance

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

FEBRUARY 4, 2024

” This one, as far as infosec stories go, had me leaning and muttering like never before. During the disclosure process (more on that soon), Spoutible did say that those value were encrypted and without evidence of a private key compromise, they believe they're safe.

Passwords

Passwords Accountability Backups Data breaches

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Thales Cloud Protection & Licensing

OCTOBER 24, 2019

Infosec personnel should also help employees store those passwords safely such as via the use of a password manager. Through this means, infosec professionals can help prevent employees’ accounts from ending up in the wrong hands even if their passwords have been stolen. Employ Device Encryption.

Security Awareness

Security Awareness InfoSec Passwords Accountability

Keeper Security Acquires Glyptodon to Provide Zero-Trust Remote Access for IT Admins, SREs and DevOps Teams

CyberSecurity Insiders

FEBRUARY 3, 2022

It includes integration of Glyptodon Enterprise into Keeper Security’s zero-trust and zero-knowledge security and encryption architecture, resulting in a highly-secure, agentless remote access platform, without the need of a virtual private network (VPN). “In Keeper is SOC-2, FIPS 140-2 and ISO 27001 Certified.

Password Management

Password Management Passwords Encryption Data breaches

How Decryption of Network Traffic Can Improve Security

Threatpost

NOVEMBER 30, 2021

Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.

CISO

CISO Encryption InfoSec

Ransomware gang hits 49ers’ network before Super Bowl kick off

Malwarebytes

FEBRUARY 14, 2022

infosec #cybersecurity #threatintel #cyber #NFL pic.twitter.com/tl7OWM2Aqf — CyberKnow (@Cyberknow20) February 12, 2022. It is used by affiliates who breach organizations, steal valuable information, and then use ransomware to encrypt the organizations’ files—rendering them unusable. Smart marketing tbh.

Ransomware

Ransomware Backups Encryption InfoSec

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Security Boulevard

FEBRUARY 14, 2025

Cybersecurity News) How to mitigate buffer overflow vulnerabilities (Infosec Institute) How to prevent buffer overflow attacks (TechTarget) VIDEOS What is a Buffer Overflow Attack? For more information about the threat from quantum computing: Is Quantum Computing a Cybersecurity Threat? Kirsten Gillibrand (D-N.Y.)

Banking

Banking Cybercrime Cybersecurity Ransomware

Ransomware Gang Has Change of Heart, Gives Hospital Free Decryptor

SecureWorld News

JANUARY 4, 2023

The LockBit gang encrypted the hospital's data and demanded a ransom for the decryptor, but the hospital refused to pay and instead worked to restore its systems from backups. sickkids.ca @CBC @globeandmail #cybersecurity #infosec #LockBit @BleepinComputer @TheRecord_Media pic.twitter.com/5k54IkPUIX — Dominic Alvieri (@AlvieriD).

Ransomware

Ransomware Healthcare InfoSec Cybercrime

Thinking About the Future of InfoSec (v2022)

Inside the DemandScience by Pure Incubation Data Breach

Trending Sources

Inside the Massive Alleged AT&T Data Breach

Let’s Encrypt to revoke “mis-issued” certificates

CTO of Center for Internet Security Expounds on Transforming InfoSec

USENIX Enigma 2023 – Kenn White, MongoDB – ‘The Edge Of Developed Practice In Searching Encrypted Data’

The Clock To Q-Day Is Ticking: InfoSec Global and Thales Provide Collaborative Path to Quantum Readiness

SentinelOne released free decryptor for ThiefQuest ransomware

The CPRA: What You Should Know as an InfoSec Professional

Telegram is NOT an Encrypted Messaging App, Must-See Documentaries

Secure Communications: Relevant or a Nice to Have?

Cryptocurrency exchange BuyUcoin hacked, data of 325K+ users leaked

Security BSides Dublin 2021 – Rob Slade’s ‘Homomorphic Encryption’

USENIX Security ’22 – Simon Oya, Florian Kerschbaum – ‘IHOP: Improved Statistical Query Recovery Against Searchable Symmetric Encryption Through Quadratic Optimization’

Your Work Email Address is Your Work's Email Address

Security BSides Dublin 2021 – Rob Slade’s ‘Homomorphic Encryption’

Security BSides London 2021 – Eva Summerfield’s ‘When Encryption Fails’

Discord’s New End-to-End Encryption, LinkedIn Using Your Data for AI Training

Friday Five 5/21

Kingston Technology Wins Coveted Global InfoSec Awards During RSA Conference 2021

Cybersec’s Messy Messaging

Risks to Your Network from Insecure Code Signing Processes

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma

USENIX Security ’22 – Jiafan Wang, Sherman S. M. Chow – ‘Omnes Pro Uno: Practical Multi-Writer Encrypted Database’

Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document

Happy 13th Birthday, KrebsOnSecurity!

The Importance of Technology Integration to the Value of an InfoSec product

Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of February 28, 2022

Play Ransomware Gang Behind Oakland Cyberattack

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

UK’s Secret Apple Backdoor Request, AI Chatbots Used For Stalking

USENIX Security ’22 – Long Chen, Ya-Nan Li, Qiang Tang, Moti Yung – ‘End-To-Same-End Encryption: Modularly Augmenting An App With An Efficient, Portable, And Blind Cloud Storage’

Which Data Do Ransomware Attackers Target for Double Extortion?

The New Zoom Controversy About Privacy and Police Access

Security Compliance & Data Privacy Regulations

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Keeper Security Acquires Glyptodon to Provide Zero-Trust Remote Access for IT Admins, SREs and DevOps Teams

How Decryption of Network Traffic Can Improve Security

Ransomware gang hits 49ers’ network before Super Bowl kick off

Cybersecurity Snapshot: CISA Calls for Stamping Out Buffer Overflow Vulnerabilities, as Europol Tells Banks To Prep For Quantum Threat

Ransomware Gang Has Change of Heart, Gives Hospital Free Decryptor

Stay Connected