Encryption, Internet and Software - Cyber Security Informer

MongoDB Offers Field Level Encryption

Schneier on Security

JUNE 26, 2019

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient.

Encryption

Encryption Authentication Passwords Internet

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

Were just getting started down the road to the Internet of Everything (IoE.) Perimeter-focused defenses must be retired and the focus must shift to where the action is — at the furthest edges of the internet, where billions of IoT sensors and controls are proliferating — with scan oversight.

Internet

Internet Internet IoT Manufacturing

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

Quantum computings ability to break todays encryption may still be years awaybut security leaders cant afford to wait. Related: Quantum standards come of age The real threat isnt just the eventual arrival of quantum decryptionits that nation-state actors are already stockpiling encrypted data in harvest now, decrypt later attacks.

Encryption

Encryption Financial Services Technology Risk

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

The Last Watchdog

OCTOBER 18, 2023

Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time. Customized decryption ABE builds upon digital certificates and the Public Key Infrastructure ( PKI ) that underpins secure communications across the Internet. Here are my takeaways. This adds complexity and computational overhead.

Encryption

Encryption Surveillance Internet Internet

xz Utils Backdoor

Schneier on Security

APRIL 2, 2024

modified the way the software functions. Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware.

Social Engineering

Social Engineering Engineering Software Encryption

The Myth of Consumer-Grade Security

Schneier on Security

AUGUST 28, 2019

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes.

Computers and Electronics

Computers and Electronics Encryption Internet Internet

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Related: Pushing the fly-by-wire envelope This is especially true because systems are more interconnected and use more complex commercial software than ever before, meaning a vulnerability in one system could lead to a malicious actor gaining access to more important systems. Risks delineated Still, there have been many other incidents since.

Software

Software Risk Artificial Intelligence Cyber Attacks

Do you actually need a VPN? Your guide to staying safe online!

Webroot

NOVEMBER 21, 2024

The five core components of a VPN are: Encryption : The conversion of information into a coded format that can only be read by someone who has the decryption key. Kill switch: Blocks your device’s internet access if the VPN connection drops. A VPN encrypts your connection, making it much harder for anyone to intercept your data.

VPN

VPN Antivirus Internet Internet

GCHQ on Quantum Key Distribution

Schneier on Security

AUGUST 1, 2018

The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. QKD also seems unsuitable for some of the grand future challenges such as securing the Internet of Things (IoT), big data, social media, or cloud applications. I agree with them.

Big data

Big data Encryption Authentication IoT

China’s Olympics App Is Horribly Insecure

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Citizen Lab examined the app and found it riddled with security holes.

Surveillance

Surveillance Encryption Wireless Government

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

The Last Watchdog

MAY 3, 2021

Encryption agility is going to be essential as we move forward with digital transformation. All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end of the day, come down to protecting encrypted data. Refer: The vital role of basic research.

Encryption

Encryption Retail Digital transformation Authentication

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

The Last Watchdog

NOVEMBER 14, 2022

The technology industry hopes that Matter arises as the lingua franca for the Internet of Things. Matter seeks to achieve this right out of the gate by leveraging and extending the public key infrastructure (PKI) — the tried-and-true authentication and encryption framework that underpins the legacy Internet.

Internet

Internet Internet IoT Manufacturing

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Joseph Steinberg

JULY 20, 2022

There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption. Such an attitude is not alarmist – it is reality, whether we like it or not.

Risk

Risk Encryption Government Artificial Intelligence

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. Federal Bureau of Investigation (FBI). Image: Wikipedia.

Antivirus

Antivirus VPN Encryption Malware

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

The Last Watchdog

DECEMBER 11, 2022

The Internet of Everything ( IoE ) is on the near horizon. Our reliance on artificially intelligent software is deepening, signaling an era, just ahead, of great leaps forward for humankind. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

Internet

Internet Internet Energy and Utilities IoT

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

They outlined why something called attribute-based encryption, or ABE, has emerged as the basis for a new form of agile cryptography that we will need in order to kick digital transformation into high gear. PKI is the authentication and encryption framework on which the Internet is built. Encrypting just once.

Encryption

Encryption Artificial Intelligence IoT Data collection

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

SecureWorld News

DECEMBER 17, 2024

However, when improperly configured or left exposed to the internet, HMIs become prime targets for cyberattacks. According to Casey Ellis, Founder and Advisor at Bugcrowd, safety-critical control systems like HMIs "should never be on the Internet." Exposing HMI systems to the Internet can have serious consequences," Raju explains.

Internet

Internet Internet Risk Passwords

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance. Then the Internet took off and trusting the connection between a user’s device and a web server became of paramount importance.

Cybersecurity

Cybersecurity Digital transformation Computers and Electronics Encryption

Internet Safety Month: Keep Your Online Experience Safe and Secure

Webroot

MAY 31, 2024

What is Internet Safety Month? Each June, the online safety community observes Internet Safety Month as a time to reflect on our digital habits and ensure we’re taking the best precautions to stay safe online. How to protect it Install reputable antivirus software like Webroot on all your devices and keep it updated.

Internet

Internet Internet Identity Theft Passwords

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Ghost ransomware actors, identified as operating from China, have been targeting unpatched systems and stolen credentials to infiltrate networks, encrypt data, and demand ransom payments. Patching and vulnerability management Apply timely security updates to operating systems, software, and firmware.

Ransomware

Ransomware IoT Encryption Social Engineering

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Krebs on Security

JULY 19, 2021

“Suddenly the victim notices they have a couple of petabytes of data to restore over the Internet, and they realize that even with their fast connections it’s going to take three months to download all these backup files. We have backups, the data is there, but the application to actually do the restoration is encrypted.’

Backups

Backups Ransomware Encryption Insurance

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

Despite efforts by Columbus officials to thwart the attack by disconnecting the city’s systems from the internet, it became evident later that substantial data had been stolen and circulated on the dark web. Also, consider regularly patching software and keeping systems updated to close security gaps that attackers could exploit.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Attacking Machine Learning Systems

Schneier on Security

FEBRUARY 6, 2023

And there is a lesson in that similarity: the complex mathematical attacks make for good academic papers, but we mustn’t lose sight of the fact that insecure software will be the likely attack vector for most ML systems. Systems can only match images with human-provided labels, so the software would never notice the switch.

Encryption

Encryption Hacking Software Social Engineering

Android happy to check your nudes before you forward them

Malwarebytes

FEBRUARY 26, 2025

I use end-to-end-encrypted (E2EE) messaging for a reason. Im not oblivious to the many users that would be better off with such a service, but Im not so sure theyd appreciate it. However, what really concerned me is the fact that Google is looking at my incoming and outgoing pictures.

Artificial Intelligence

Artificial Intelligence Encryption Manufacturing Risk

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Quantum computing advances are making traditional encryption obsolete, and adversaries are stockpiling data for future decryption. FIPS-203 enables legal PQC deployment, prompting CISOs to overhaul encryption strategies. Supply chain attacks will intensify through poisoned APIs and unchecked software dependencies.

Risk

Risk Threat Detection Technology Phishing

Oops! Black Basta ransomware flubs encryption

Malwarebytes

JANUARY 2, 2024

The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Basta Buster, exploits a flaw in the encryption algorithm used in older versions of the Black Basta group’s ransomware. ” Files can be recovered if the plaintext of 64 encrypted bytes is known.

Encryption

Encryption Ransomware Backups Malware

No company too small for Phobos ransomware gang, indictment reveals

Malwarebytes

DECEMBER 2, 2024

Patch known vulnerabilities in internet-facing software and disable or harden the login credentials for remote work tools like RDP ports and VPNs. Prevent intrusions and stop malicious encryption. Use always-on cybersecurity software that can prevent exploits and malware used to deliver ransomware.

Ransomware

Ransomware Backups Small Business Malware

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. If they’re going for data ransoming, they’re encrypting the data itself — not the machines.”

Firmware

Firmware Malware Software Ransomware

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Krebs on Security

JANUARY 13, 2020

is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. dll might also be abused to spoof the digital signature tied to a specific piece of software. Sources tell KrebsOnSecurity that Microsoft Corp.

Internet

Internet Internet Software Media

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Troy Hunt

SEPTEMBER 17, 2020

I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them. Now let's try the mobile app: What's the encryption story there?

VPN

VPN Phishing DNS Encryption

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption

Encryption Passwords IoT Firewall

5G Security

Schneier on Security

JANUARY 14, 2020

Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Neither is banning Chinese microchips, software, or programmers. But the enhancements aren't enough. The 5G security problems are threefold.

Data collection

Data collection Software Marketing Government

Payroll Provider Gives Extortionists a Payday

Krebs on Security

FEBRUARY 23, 2019

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days. “When they encrypt the data, that happens really fast,” he said. Roswell, Ga. Roswell, Ga. on Tuesday, Feb.

Ransomware

Ransomware Backups Encryption Internet

As Internet-Connected Medical Devices Multiply, So Do Challenges

Cisco Security

JUNE 15, 2022

To consumers, the Internet of Things might bring to mind a smart fridge that lets you know when to buy more eggs, or the ability to control your home’s lighting and temperature remotely through your phone. But for cybersecurity professionals, internet-connected medical devices are more likely to be top-of-mind. The device side.

Internet

Internet Internet Manufacturing IoT

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

The Last Watchdog

DECEMBER 13, 2023

Each time we use a mobile app or website-hosted service, digital certificates and the Public Key Infrastructure ( PKI ) come into play — to assure authentication and encrypt sensitive data transfers. This is a fundamental component of Digital Trust – and the foundation for securing next-gen digital connections.

Encryption

Encryption Technology CISO IoT

Types of Encryption, Methods & Use Cases

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Encryption algorithm types will provide an overview of the mathematical algorithms used to encrypt data (AES, RSA, etc.),

Encryption

Encryption Passwords Authentication Password Management

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Latency build-up has become intolerable, Rosteck noted, as more and more IoT devices send larger and larger rivers of data up into the Internet cloud for processing. Very well said! I’ll keep watch and keep reporting.

IoT

IoT Internet Internet Technology

8 security tips for small businesses

Malwarebytes

NOVEMBER 6, 2024

Get your patches and updates asap Once you have established the hardware and software in your environment you need to perform effective patch and vulnerability management. Very important files and documents can be encrypted or stored in password protected folders to keep them safe from prying eyes.

Small Business

Small Business Backups VPN Firewall

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Security Affairs

APRIL 7, 2024

Netsecfish reported that over 92,000 Internet-facing devices are vulnerable. Products that have reached their EOL/EOS no longer receive device software updates and security patches and are no longer supported by D-Link.” This trick allows attackers to obtain bypass authentication.

Internet

Internet Internet DNS Hacking

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Taylor Monahan is founder and CEO of MetaMask , a popular software cryptocurrency wallet used to interact with the Ethereum blockchain.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Microsoft Patch Tuesday, January 2023 Edition

Krebs on Security

JANUARY 10, 2023

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. When that happens, AskWoody.com usually has the lowdown.

Software

Software Encryption Engineering Internet

Microsoft Patch Tuesday, May 2021 Edition

Krebs on Security

MAY 11, 2021

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. On deck this month are patches to quash a wormable flaw, a creepy wireless bug, and yet another reason to call for the death of Microsoft’s Internet Explorer (IE) web browser.

Wireless

Wireless Internet Internet Backups

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

The security flaws involve iLnkP2P , software developed by China-based Shenzhen Yunni Technology. iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. A Webcam made by HiChip that includes the iLnkP2P software.

IoT

IoT Firewall Manufacturing Computers and Electronics

Black Hat Fireside Chat: Replacing VPNs with ZTNA that leverages WWII battlefield tactics

The Last Watchdog

AUGUST 19, 2022

VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. A user gets continually vetted, per device and per software application — and behaviors get continually analyzed to sniff out suspicious patterns.

Small Business

Small Business Technology Software Encryption

MongoDB Offers Field Level Encryption

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

Trending Sources

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

DEEP TECH NEWS: How ‘attribute-based encryption’ preserves privacy at a fined-grained level

xz Utils Backdoor

The Myth of Consumer-Grade Security

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

Do you actually need a VPN? Your guide to staying safe online!

GCHQ on Quantum Key Distribution

China’s Olympics App Is Horribly Insecure

MY TAKE: Agile cryptography is coming, now that ‘attribute-based encryption’ is ready for prime time

MY TAKE: Can Matter 1.0 springboard us from truly smart homes to the Internet of Everything?

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive

Adventures in Contacting the Russian FSB

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

Exposed HMIs: A Direct Pathway for Cyberattacks on Critical Infrastructure

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

Internet Safety Month: Keep Your Online Experience Safe and Secure

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Don’t Wanna Pay Ransom Gangs? Test Your Backups.

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Attacking Machine Learning Systems

Android happy to check your nudes before you forward them

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Oops! Black Basta ransomware flubs encryption

No company too small for Phobos ransomware gang, indictment reveals

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

What Is Encryption? Definition, How it Works, & Examples

5G Security

Payroll Provider Gives Extortionists a Payday

As Internet-Connected Medical Devices Multiply, So Do Challenges

MY TAKE: Fostering Digital Trust – the role of ‘post-quantum crypto’ and ‘crypto agility’ in 2024

Types of Encryption, Methods & Use Cases

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

8 security tips for small businesses

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Microsoft Patch Tuesday, January 2023 Edition

Microsoft Patch Tuesday, May 2021 Edition

P2P Weakness Exposes Millions of IoT Devices

Black Hat Fireside Chat: Replacing VPNs with ZTNA that leverages WWII battlefield tactics

Stay Connected