A team of nine academics is warning the world about a critical vulnerability in the OpenPGP and S/MIME email encryption tools. The flaw, if exploited, allow an attacker to decrypt sent or received messages, according to the researcher team.
The Tor Project announced today plans to discontinue Tor Messenger, the organization's security-hardened instant messaging application.
Discover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
Mozilla Foundation engineers announced plans over the weekend to test the "DNS over HTTPS" (DoH) fledgling security standard in Firefox Nightly distributions.
For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature.
Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions.
German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more.
Keybase is notifying Android users of a bug in its mobile app that might have unintentionally included the users' private key —used to encrypt conversations and other private data— into the automatic backups created by the Android OS and uploaded on Google's servers.
Due to the usage of weak cryptography in the IEEE P1735 electronics standard, attackers can recover highly-valuable intellectual property in plaintext.
Open Whisper Systems, the company behind the Signal IM service, has finally launched standalone desktop applications for Windows, macOS, and Linux.
Some extremely lucky users will be able to recover files locked by the Bad Rabbit ransomware because of small operational mistakes on the part of the malware's authors.
After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Don't Use Hard-coded Keys)
Google has added support in Android for an experimental feature that will encrypt DNS requests and prevent network-level attackers from snooping on user traffic.
Russia has fined Telegram 800,000 Russian ruble — approximately $14,000 — for failing to comply with a government order that required the company to provide access to encrypted conversations to Russian intelligence agency FSB.
Infineon TPM chipsets that come with many modern-day motherboards generate insecure RSA encryption keys that put devices at risk of attack.
Users who utilized Microsoft Outlook to send out secure emails encrypted via the S/MIME standard might have had the content of those emails leaked by an Outlook bug.
Officials reminded everyone this week that governments in the US and UK have not given up on their efforts to force tech companies to provide encryption backdoors, despite previous attempts being shut down following public outcry.
Earlier today, Apple has issued an emergency update for macOS High Sierra to address a bug that exposed the passwords of encrypted APFS volumes via the password hint feature.
Francis Rawls, a former Philadelphia cop, will remain in jail for refusing to decrypt a hard drive federal investigators found in his home two years ago during a child abuse investigation.
A hacker who goes online only by the pseudonym of Xerub has released the decryption key for Apple's Secure Enclave Processor (SEP) firmware.
Two Chinese scientists have come up with a method of decrypting satellite phone communications, which works almost instantly and provides a third-party access to secure conversations in real-time.