A team of eight researchers from various universities has found a bug in the Libcrypto library that allows an attacker with local access to extract the RSA-1024 private key that was used to encrypt local data.
The European Commission, through the voice of EU Justice Commissioner Vera Jourova, announced plans to find a way for law enforcement to access data exchanged via encrypted instant messaging services, such as WhatsApp, Telegram, Signal, and others.
Discover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
In an advisory sent to enterprises across the US, the Department of Homeland Security's US-CERT group is warning that security products which perform HTTPS interception might weaken a company's overall security.
A large chunk of the 120,000 Chromebooks deployed at Maryland's Montgomery County schools went down last week after computers using Symantec BlueCoat security software weren't able to handle TLS 1.3 connections that Google started supporting with the release of Chrome and Chrome OS 56.
Late Friday, last week, Google announced a new tool for security-minded users, called E2EMail, a Chrome extension that simplifies the installation of PGP encryption for Gmail.
The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default.
A data encryption app for Linux users named Cryptkeeper has a bug that allows anyone to decrypt locked content using the password "p".
Google announced yesterday plans to become a self-standing, certified, and independent Root Certificate Authority, meaning the company would be able to issue its own TLS/SSL certificates for securing its web traffic via HTTPS, and not rely on intermediaries, as it does now.
Security researcher Tobias Boelter has discovered a bug in the encrypted communications system used by WhatsApp that allows a determined third-party actor, possibly Facebook, to intercept encrypted messages.
Last week, a report published by the House of Representatives Judiciary Committee and the House of Representatives Energy and Commerce Committee has made it crystal clear that the US government considers encryption backdoors as a threat to its "national interests."
After announcing earlier this year plans to force all iOS app developers to deploy HTTPS starting with 2017, Apple postponed its deadline indefinetly, to give app makers more time to migrate their app and backend infrastructures.
Google released this week a new tool called Project Wycheproof, which is a set of automated tests developers can run on their code and identify weaknesses or problems in the sections that deal with cryptography operations.
Swedish hardware hacker Ulf Frisk has published today instructions on how to build and use a $300 device that can retrieve login passwords for Macs protected by Apple's FileVault2 disk encryption system.
The number of HTTPS errors is about to go up as Google announced plans to remove support for SSL/TLS certificates signed with the SHA-1 cryptographic hash algorithm. Google plans to take this step with Chrome 56, scheduled for release at the end of January 2017.
HDDCryptor, sometimes spelled HDD Cryptor and also identified as Mamba, is a new ransomware variant that rewrites a computer's MBR (Master Boot Record) boot sectors and locks users out of their PCs. While we might hurry to classify this as a Petya clone, HDDCryptor predates both Petya and Satana.