Encryption
September 17, 2024
Chrome Switching to NIST-Approved ML-KEM Quantum Encryption Full Text
Abstract
Google is updating Chrome's post-quantum cryptography to defend against quantum computer attacks. The new encryption system, ML-KEM, replaces Kyber for enhanced security.Bleeping Computer
August 30, 2024
‘Store Now, Decrypt Later’: US Leaders Prep for Quantum Cryptography Concerns Full Text
Abstract
U.S. cybersecurity leaders are focusing on preparing for the potential risks posed by quantum cryptography tools that could threaten critical infrastructure and national security.The Record
August 14, 2024
NIST Formalizes World’s First Post-Quantum Cryptography Standards Full Text
Abstract
The finalized post-quantum cryptography standards are Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203), Module-Lattice-Based Digital Signature Standard (FIPS 204), and Stateless Hash-Based Digital Signature Standard (FIPS 205).Infosecurity Magazine
July 10, 2024 – Phishing
Regional Transport Office Themed Phishing Campaign Targets Android Users In India Full Text
Abstract
Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named "VAHAN PARIVAHAN.apk".Cyble As CISOs Grapple with the C-Suite, Job Satisfaction Takes a Hit Full Text
Abstract
Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent.Cybersecurity Dive
May 15, 2024
A Cost-Effective Encryption Strategy Starts With Key Management Full Text
Abstract
A cost-effective encryption strategy starts with effective key management, which involves making critical decisions about where to store encryption keys, how to manage them, and how to prepare for the post-quantum future.Dark Reading
March 20, 2024
Microsoft Announces Deprecation of 1024-Bit RSA Keys in Windows Full Text
Abstract
1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor. Experts in the field consider 2048-bit keys safe until at least 2030.Bleeping Computer
February 15, 2024
Encryption Vital For Right to Privacy, European Court Rules Full Text
Abstract
The European Court of Human Rights ruled in favor of a Russian petitioner who challenged a Kremlin rule requiring telecom firms to provide backdoor access to servers for law enforcement data collection.Cyware
February 7, 2024
Three Ways to Achieve Crypto Agility in a Post-Quantum World Full Text
Abstract
Crypto agility, including the ability to rapidly switch between certificate authorities and encryption standards, is essential for securing digital infrastructure in today's automated operational environment.Cyware
November 8, 2023
Outdated Cryptographic Protocols Put Vast Amounts of Network Traffic at Risk Full Text
Abstract
A recent study by Quantum Xchange reveals that a large percentage of network traffic has encryption flaws due to the use of older protocols like TLS 1.0 and SSL v3 and is unencrypted, posing a significant risk to businesses.Cyware
November 6, 2023
UK’s NCSC Publishes Guidance to Help Firms Prepare for Post-Quantum Cryptography Full Text
Abstract
Post-quantum cryptography (PQC) algorithms should be implemented to replace vulnerable traditional public key cryptography (PKC) algorithms to mitigate the threat of quantum computers.Cyware
September 29, 2023
Post-Quantum Cryptography: Finally Real in Consumer Apps? Full Text
Abstract
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight. Today, many rely on encryption in their daily lives to protect their fundamental digital privacy and security, whether for messaging friends and family, storing files and photos, or simply browsing the web. The question experts have been asking for a long time, with their eye on the advances in quantum computing, is, "How long before these defenses fail?" The ticking clock of quantum computing One set of researchers is already sounding the alarms, claiming that they've found a way to break 2048-bit RSA encryption with a quantum computer. While the claims may be premature, they hint toward a scary future that is perhaps closer than we once thought. Breaking RSA encryption would represent a massive privacy and security vulnerability for virtually everyThe Hacker News
September 20, 2023
Signal Messenger Introduces PQXDH Quantum-Resistant Encryption Full Text
Abstract
Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman ( X3DH ) specification to Post-Quantum Extended Diffie-Hellman ( PQXDH ). "With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards," Signal's Ehren Kret said . The development comes weeks after Google added support for quantum-resistant encryption algorithms in its Chrome web browser and announced a quantum-resilient FIDO2 security key implementation as part of its OpenSK security keys initiative last month. The Signal Protocol is a set of cryptographic specifications that provides end-to-end encryption (E2EE) for private text and voice communications. It's used in various messaging apps like WhatsApp and Google's encrypted RCS messages for Android. While quantum cThe Hacker News
September 1, 2023 – Breach
Data Breach Could Affect More Than 100,000 in Pima County Full Text
Abstract
More than 100,000 Pima County residents could be affected by a nationwide data breach that affected the company that handled COVID-19 case investigations and contact tracing here, officials say.Cyware
August 16, 2023
Google Introduces First Quantum Resilient FIDO2 Security Key Full Text
Abstract
Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative. "This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium's resilience against quantum attacks," Elie Bursztein and Fabian Kaczmarczyck said . OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards. The development comes less than a week after the tech giant said it plans to add support for quantum-resistant encryption algorithms in Chrome 116 to set up symmetric keys in TLS connections. It's also part of broader efforts to switch to cryptographic algorithms that can withstand quantum attacks in the future, necessitating the need to incorporate such technologies early on to facilitate a gradual rollout. "Fortunately, with the receThe Hacker News
August 11, 2023
Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116 Full Text
Abstract
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS , starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday. Kyber was chosen by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) as the candidate for general encryption in a bid to tackle future cyber attacks posed by the advent of quantum computing. Kyber-768 is roughly the security equivalent of AES-192 . The encryption algorithm has already been adopted by Cloudflare , Amazon Web Services , and IBM. X25519Kyber768 is a hybrid algorithm that combines the output of X25519 , an elliptic curve algorithm widely used for key agreement in TLS, and Kyber-768 to create a strong session key to encrypt TLS connections. "Hybrid mechanismThe Hacker News
August 4, 2023
SCARF Cipher Sets New Standards in Protecting Sensitive Data Full Text
Abstract
The cipher, designed by Assistant Professor Rei Ueno from the Research Institute of Electrical Communication at Tohoku University, addresses the threat of cache side-channel attacks, offering enhanced security and exceptional performance.Cyware
July 13, 2023
Only 45% of Cloud Data is Currently Encrypted Full Text
Abstract
About 39% of businesses experienced a data breach in their cloud environment last year, an increase from the 35% reported in 2022, according to Thales. Human error was reported as the leading cause of cloud data breaches by 55% of those surveyed.Cyware
March 06, 2023
Experts Discover Flaw in U.S. Govt’s Chosen Quantum-Resistant Encryption Algorithm Full Text
Abstract
A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber , one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH Royal Institute of Technology said in a paper. CRYSTALS-Kyber is one of four post-quantum algorithms selected by the U.S. National Institute of Standards and Technology (NIST) after a rigorous multi-year effort to identify the next-generation encryption standards that can withstand huge leaps in computing power. A side-channel attack, as the name implies, involves extracting secrets from a cryptosystem through measurement and analysis of physical parameters. Some examples of such parameters include supply current, execution time, and electromagnetic emission. The underlying idThe Hacker News
February 17, 2023
Pending National Cyber Strategy to Feature ‘Strong Stand’ on Quantum Cryptography Full Text
Abstract
Ahead of the release of the first National Cybersecurity Strategy from the White House Office of the National Cyber Director, Dylan Presman, the director for budget and assessment, confirmed that it will include guidance on post-quantum cryptography.Cyware
February 08, 2023
NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices Full Text
Abstract
The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things (IoT), including its myriad tiny sensors and actuators," NIST said . "They are also designed for other miniature technologies such as implanted medical devices, stress detectors inside roads and bridges, and keyless entry fobs for vehicles." Put differently, the idea is to adopt security protections via lightweight cryptography in devices that have a "limited amount of electronic resources." Ascon is credited to a team of cryptographers from the Graz University of Technology, Infineon Technologies, Lamarr Security Research, and Radboud University. The suite comprises authenticated ciphers ASCON-128, ASCON-128a, and a variThe Hacker News
January 27, 2023
Chinese researchers: RSA is breakable. Others: Do not panic! Full Text
Abstract
The basic claim of the paper, published last Christmas by 24 Chinese researchers, is that they have found an algorithm that enables 2,048-bit RSA keys to be broken even with the relatively low-power quantum computers available today.Cyware
January 25, 2023
Fujitsu: Quantum computers no threat to encryption just yet Full Text
Abstract
Fujitsu said it ran trials using its 39-qubit quantum simulator hardware to assess how difficult it would be for quantum computers to crack data encrypted with the RSA cipher, using a Shor's algorithm approach.Cyware
January 9, 2023
Chinese researchers’ claimed quantum encryption crack looks unlikely Full Text
Abstract
Briefly this week, it appeared that quantum computers might finally be ready to break 2048-bit RSA encryption, but that moment has passed. An academic paper was released by two dozen authors affiliated with seven research institutions in China.Cyware
December 07, 2022
Apple rolls out end-to-end encryption for iCloud backups Full Text
Abstract
Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more.BleepingComputer
November 29, 2022
Let’s Encrypt issued over 3 billion certificates, securing 309M sites for free Full Text
Abstract
Internet Security Research Group (ISRG), the nonprofit behind Let's Encrypt, says the open certificate authority (CA) has issued its three billionth certificate this year.BleepingComputer
November 28, 2022
Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages Full Text
Abstract
Twitter chief executive Elon Musk confirmed plans for end-to-end encryption ( E2EE ) for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend. The company's plans for encrypted messages first came to light in mid-November 2022, when mobile researcher Jane Manchun Wong spotted source code changes in Twitter's Android app referencing conversation keys for E2EE chats. It's worth noting that various other messaging platforms, such as Signal, Threema, WhatsApp, iMessage, Wire, Tox, and Keybase, already support encryption for messages. Google, which previously turned on E2EE for one-to-one chats in its RCS-based Messages app for Android, is currently piloting the same option for group chats. Facebook, likewise, began enabling E2EE on MessengThe Hacker News
August 11, 2022
NIST post-quantum algorithm candidate’s future uncertain, with second attack proposed Full Text
Abstract
Uncertainty surrounds a cracked post-quantum cryptography algorithm being considered by the National Institute of Standards and Technology, now that researchers have potentially discovered a second attack method.Fed Scoop
August 03, 2022
Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour Full Text
Abstract
A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE — short for Supersingular Isogeny Key Encapsulation — which made it to the fourth round of the Post-Quantum Cryptography (PQC) standardization process by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST). "Ran on a single core, the appended Magma code breaks the Microsoft SIKE challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes, respectively," KU Leuven researchers Wouter Castryck and Thomas Decru said in a new paper. "A run on the SIKEp434 parameters, previously believed to meet NIST's quantum security level 1, took about 62 minutes, again on a single core." The code was executed on an Intel Xeon CPU E5-2630v2 at 2.60GHz, which was releaseThe Hacker News
July 20, 2022
Niche cryptographic technique could transform privacy in web3 Full Text
Abstract
While zero-knowledge proofs could indeed improve privacy and scalability for some of the most popular blockchains, they are far from being the only cryptographic method that could accelerate progress in web3.Tech Crunch
July 06, 2022
NIST Announces First Four Quantum-Resistant Cryptographic Algorithms Full Text
Abstract
The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) has chosen the first set of quantum-resistant encryption algorithms that are designed to "withstand the assault of a future quantum computer." The post-quantum cryptography ( PQC ) technologies include the CRYSTALS-Kyber algorithm for general encryption, and CRYSTALS-Dilithium , FALCON , and SPHINCS+ for digital signatures. "Three of the selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions," NIST, which kicked off the standardization process in January 2017, said in a statement. Cryptography, which underpins the security of information in modern computer networks, derives its strength from the difficulty of solving mathematical problems — e.g., factoring large composite integers — using traditional computers. Quantum computers, should they mature enough, pose a huge impact on the current puThe Hacker News
June 30, 2022
Security experts urge agencies to test post-quantum cryptography algorithms now Full Text
Abstract
Agencies should test post-quantum cryptography algorithms with their software and decide whether information security benefits outweigh the efficiency losses ahead of a federally mandated transition, according to security experts.Fed Scoop
May 31, 2022
Singapore ups investment in quantum computing to stay ahead of security threats Full Text
Abstract
The Singapore government on Tuesday announced plans to set aside SG$23.5 million (US$17.09 million) to support three national platforms, parked under its Quantum Engineering Programme (QEP), for up to 3.5 years.ZDNet
May 05, 2022
White House: Prepare for cryptography-cracking quantum computers Full Text
Abstract
President Joe Biden signed a national security memorandum (NSM) on Thursday asking government agencies to implement a set of measures that would mitigate risks posed by quantum computers to US national cyber security.BleepingComputer
March 5, 2022
New Side-Channel Attack on Homomorphic Encryption Full Text
Abstract
A group of researchers has demonstrated the first side-channel attack on homomorphic encryption that can let anyone read the data in encrypted mode. The attack exploiting the flaw is named RevEAL and exploits the Gaussian sampling that exists in Microsoft SEAL's encryption phase. This manif ... Read MoreCyware Alerts - Hacker News
March 03, 2022
Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption Full Text
Abstract
A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the "first side-channel attack" on homomorphic encryption that could be exploited to leak data as the encryption process is underway. "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted," Aydin Aysu, one of the authors of the study, said . "This demonstrates that even next generation encryption technologies need protection against side-channel attacks." Homomorphic Encryption is a form of encryption that allows certain types of computation to be performed directly on encrypted data without having to decrypt it in the first place. It's also meant to be privacy-preserving in that it allows sharing of sensitive data with other third-party services, such as data analytics firms, for further processing while the underlyinThe Hacker News
March 1, 2022
How the U.K. and the Senate Judiciary Committee Are Being Dangerously Foolish About Cryptography Full Text
Abstract
In an attempt to prevent the online circulation of child sexual abuse material, a reintroduced Senate bill runs the risk of failing to combat the problem while simultaneously decreasing internet security.Lawfare
February 23, 2022
Samsung Shattered Encryption on 100M Phones Full Text
Abstract
One cryptography expert said that ‘serious flaws’ in the way Samsung phones encrypt sensitive material, as revealed by academics, are ’embarrassingly bad.’Threatpost
November 21, 2021
Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023 Full Text
Abstract
Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption (E2EE) across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to finish the global rollout of end-to-end encryption by default across all our messaging services until sometime in 2023," Meta's head of safety, Antigone Davis, said in a post published in The Telegraph over the weekend. The new scheme, described as a "three-pronged approach," aims to employ a mix of non-encrypted data across its apps as well as account information and reports from users to improve safety and combat abuse, noting that the goal is to deter illegal behavior from happening in the first place, giving users more control, and actively encouraging users to flag harmful messages. Meta had previously outlined plans to be "fully end-to-enThe Hacker News
November 8, 2021
Initiative Persistence and the Consequence for Cyber Norms Full Text
Abstract
Documents like CYBERCOM's 2018 Command Vision are less provocative in the context of other directives, but who in the U.S. government takes precedence in constructing cyber norms?Lawfare
October 14, 2021
WhatsApp made available end-to-end encrypted chat backups Full Text
Abstract
WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional...Security Affairs
September 14, 2021
Quantum cryptography: This air-filled fiber optic cable can transport un-hackable keys, say researchers Full Text
Abstract
A new type of optical fiber filled with nothing but thin air has been found to be particularly effective to carry out quantum key distribution (QKD), a security protocol that is in principle un-hackable.ZDNet
September 1, 2021
Quantum threat to cryptography and how to overcome this Full Text
Abstract
To maintain confidentiality, organizations use symmetric and public-key cryptography. Though public key encryption is the most prone to quantum attacks, symmetric key encryption is also susceptible.AT&T Cybersecurity
June 23, 2021
Quantum computing may transform cybersecurity eventually – but not yet Full Text
Abstract
While government agencies and standards bodies are racing to test and vet new quantum resistant algorithms for widespread consumption, a small but growing industry of vendors has popped up offering to sell such protections to the broader public. What should potential buyers make of such offerings?SCMagazine
June 16, 2021
Can Homomorphic Encryption Bring Down The Curtain On POS Malware? Full Text
Abstract
In standard encryption, we need to decrypt the ciphertext to process data at a destination, but in this case, this encryption can work on the same ciphertext and produce the same output as clear text.Forbes
June 14, 2021
Google Workspace Now Offers Client-side Encryption For Drive and Docs Full Text
Abstract
Google on Monday announced that it's rolling out client-side encryption to Google Workspace (formerly G Suite), thereby giving its enterprise customers direct control of encryption keys and the identity service they choose to access those keys. "With client-side encryption, customer data is indecipherable to Google, while users can continue to take advantage of Google's native web-based collaboration, access content on mobile devices, and share encrypted files externally," the search giant said . "When combined with our other encryption capabilities, customers can add new levels of data protection for their Google Workspace data." The development coincides with the Google Workspace and Google Chat's broader availability to all users with a Google account. Workspace is the company's enterprise offering consisting of Gmail, Chat, Calendar, Drive, Docs, Sheets, Slides, Meet, and other tools. Businesses using Google Workspace have the choice oThe Hacker News
June 11, 2021
Quantum Breakthrough in Britain Creates 600km Secure Link Full Text
Abstract
The breakthrough by Toshiba will enable long-distance quantum-secured information transferInfosecurity Magazine
June 11, 2021
One step closer to quantum-secure conference calls Full Text
Abstract
The Quantum Key Distribution (QKD) technology deployed in this demonstration harnesses the properties of quantum physics to facilitate guaranteed secure distribution of cryptographic keys.Help Net Security
May 25, 2021
Post-quantum cryptographic standards to be finalized later this year Full Text
Abstract
The new cryptographic standards will likely underpin IT design and guide industrial purchasing decisions for decades to come.SCMagazine
April 5, 2021
Encryption debate could have enterprise security implications Full Text
Abstract
As the United Kingdom reignites the debate over data encryption, concern about trickle down impact to businesses emerge.SCMagazine
April 5, 2021
Encryption is either secure or it’s not – there is no middle ground Full Text
Abstract
The principle of end-to-end encryption underpins a system of communication where only the communicating users can read the messages, thereby preventing any eavesdropping.Help Net Security
March 31, 2021
In wake of PHP Git server attack, researcher advises developers to enable encryption Full Text
Abstract
Had two malicious commits not been caught, they could have infected scores of websites using the programming language.SCMagazine
March 31, 2021
In wake of PHP Git server attack, researcher advises developers to enable encryption Full Text
Abstract
Had two malicious commits not been caught, they could have infected scores of websites using the programming language.SCMagazine
March 9, 2021
DARPA Ramps-Up FHE Encryption Project with Intel Full Text
Abstract
Research teams will try to make FHE calculations as fast as plaintextInfosecurity Magazine
March 8, 2021
Intel, DoD start sprint to make homomorphic encryption ready for real Full Text
Abstract
If successful, it could thwart the hurdle that keeps the pervasive privacy and security technology out of general use.SCMagazine
December 21, 2020
Europol and European Commission Launch New Decryption Platform to Combat Encryption Misuse Full Text
Abstract
The new platform launched by Europol and the European Commission includes both software and hardware tools to provide help in accessing the encrypted material for law enforcement investigations.CISO MAG
December 18, 2020
Europol launches new decryption platform for law enforcement Full Text
Abstract
Europol and the European Commission have launched a new decryption platform that will help boost Europol's ability to gain access to information stored in encrypted media collected during criminal investigations.BleepingComputer
December 17, 2020
It’s time to prepare for fully homomorphic encryption, says IBM Full Text
Abstract
In a nutshell, the capability allows computers to perform operations on encrypted information without decrypting it first – meaning data science and machine learning are possible without actually seeing the data.SCMagazine
December 17, 2020
Cryptologists Crack Zodiac Killer’s 340 Cipher Full Text
Abstract
The Zodiac’s serial killer’s 340 cipher, which couldn’t be solved for 50 years, has been cracked by a remote team of mathematicians.Threatpost
December 07, 2020
Law Enforcement Is Accessing Locked Devices Quite Well, Thank You Full Text