#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

encryption software | Breaking Cybersecurity News | The Hacker News

Category — encryption software
Google Created Faster Storage Encryption for All Low-End Devices

Google Created Faster Storage Encryption for All Low-End Devices

Feb 08, 2019
Google has launched a new encryption algorithm that has been built specifically to run on mobile phones and smart IoT devices that don't have the specialized hardware to use current encryption methods to encrypt locally stored data efficiently. Encryption has already become an integral part of our everyday digital activities. However, it has long been known that encryption is expensive, as it causes performance issues, especially for low-end devices that don't have hardware support for making the encryption and decryption process faster. Since data security concerns have recently become very important, not using encryption is no more a wise tradeoff, and at the same time, using a secure but slow device on which apps take much longer to launch is also not a great idea. Currently Android OS supports AES-128-CBC-ESSIV for full-disk encryption and AES-256-XTS for file-based encryption, and Google has already made it mandatory for device manufacturers to include AES encry...
GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature

GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature

Jun 15, 2018
A security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail , in PGP and S/Mime encryption tools that could allow attackers to reveal encrypted emails in plaintext , affecting a variety of email programs, including Thunderbird, Apple Mail, and Outlook. Software developer Marcus Brinkmann discovered that an input sanitization vulnerability, which he dubbed SigSpoof , makes it possible for attackers to fake digital signatures with someone's public key or key ID, without requiring any of the private or public keys involved. The vulnerability, tracked as CVE-2018-12020 , affects popular email applications including GnuPG, Enigmail, GPGTools and python-gnupg, and have now been patched in their latest available so...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

Oct 12, 2017
Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out. From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers. S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption protocol—based on public-key cryptography and works just like SSL connections—that enables users to send digitally signed and encrypted messages. According to a security advisory published by SEC Consult earlier this week, a severe bug (CVE-2017-11776) in Microsoft Outlook email client causes S/MIME encrypted emails to be sent with their unencrypted versions attached. When Outlook users make use of S/MIME to encrypt their messages and format their emails as plain text, the vulnerability allows the seemingly encrypted emails to be sent in both encrypted as well as human-readable clear text f...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
Someone is Spying on Researchers Behind VeraCrypt Security Audit

Someone is Spying on Researchers Behind VeraCrypt Security Audit

Aug 16, 2016
After TrueCrypt mysteriously discontinued itself, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, and privacy conscious people. Due to the huge popularity of VeraCrypt, security researchers from the OSTIF ( The Open Source Technology Improvement Fund ) announced at the beginning of this month that it had agreed to audit VeraCrypt independently. Using funds donated by DuckDuckGo and VikingVPN, the OSTIC hired vulnerability researchers from QuarksLab to lead the audit, which would look for zero-day vulnerabilities and other security holes in VeraCrypt's code. Now, the most troubling part comes here: The OSTIF announced Saturday that its confidential PGP-encrypted communications with QuarkLabs about the security audit of VeraCrypt were mysteriously intercepted. "We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders." the OSTIF said . "Not ...
Apple hires Encryption Expert to Beef Up Security on its Devices

Apple hires Encryption Expert to Beef Up Security on its Devices

May 25, 2016
The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies. You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in a much larger fight. Now, in an effort to make its iPhone surveillance-and-hack proof, Apple has rehired security expert and cryptographer Jon Callas , who co-founded the widely-used email encryption software PGP and the secure-messaging system Silent Circle that sells the Blackphone. This is not Apple's first effort over its iPhone security . Just a few months back, the company hired Frederic Jacobs , one of the key developers of Signal — World's most secure, open source and encrypted messaging app . Now Apple has rehired Callas, who has previously worked for Apple twice, first from 1995 to 1997 and then from 2009 to 2011. During his second joining, Callas designed a ful...
​DARPA Wants To Build Ultra Secure Messaging App for US Military

​DARPA Wants To Build Ultra Secure Messaging App for US Military

Apr 24, 2016
Just last month, DARPA launched a project dubbed "Improv," inviting hackers to transform simple household appliances into deadly weapons . Now, the Defense Advanced Research Projects Agency is finding someone in the private sector to develop a hacker-proof " secure messaging and transaction platform " for the U.S. military. Darpa wants researchers to create a secure messaging and transaction platform that should be accessible via the web browser or standalone native application. The secure messaging app should " separate the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger, " agency's  notice explains. In simple words, DARPA aims to create a secure messaging service that not only implements the standard encryption and se...
'Hacking Team' Loses License to Sell Surveillance Malware Outside Europe

'Hacking Team' Loses License to Sell Surveillance Malware Outside Europe

Apr 07, 2016
Hacking Team – the infamous Italy-based spyware company that had more than 400 GB of its confidential data stolen last year – is facing another trouble.  This time not from other hackers, but from its own government. Hacking Team is infamous for selling surveillance spyware to governments and intelligence agencies worldwide, but now it may not be allowed to do so, as the Italian export authorities have revoked the company's license to sell outside of Europe. Almost a year after it was hacked and got all its secrets leaked online , Hacking Team somehow managed to resume its operations and start pitching new hacking tools to help the United States law enforcement gets around their encryption issues. Hacking Team had sold its malware, officially known as the Galileo Remote Control System , to authorities in Egypt, Morocco, Brazil, Malaysia, Thailand, Kazakhstan, Vietnam, Mexico, and Panama. Hacking Team had also signed big contracts with the Federal Burea...
Hacking Team Offering Encryption Cracking Tools to Law Enforcement Agencies

Hacking Team Offering Encryption Cracking Tools to Law Enforcement Agencies

Oct 31, 2015
Hacking Team, the infamous Italy-based spyware company that had more than 400 GB of its confidential information stolen earlier this year, has resumed its operations and started pitching new hacking tools to help US law enforcement gets around their encryption issues . Yes, Hacking Team is back with a new set of Encryption Cracking Tools for government agencies as well as other customers to break encrypted communications. The announcement came in an email pitch sent to existing and potential new customers on October 19 when Hacking Team CEO David Vincenzetti confirmed that Hacking Team is now "finalizing [its] brand new and totally unprecedented cyber investigation solutions." The e-mail is not made public, but Motherboard has been able to obtain a copy of it that states: "Most [government agencies] in the United States and abroad will become 'blind,' they will 'go dark,' they will simply be unable to fight vicious phenomena such as te...
THN Weekly Roundup — 11 Most Important Hacking News Stories

THN Weekly Roundup — 11 Most Important Hacking News Stories

Oct 05, 2015
We are back with our last week's top cyber security threats and challenges, just in case you missed any of them ( ICYMI ). THN Weekly Round Up is The Hacker News efforts to help you provide all important stories of last week in one shot. We recommend you read the full story ( just click 'Read More' because there's some valuable advice in there as well ). Here's the list: 1. Quantum Teleportation — Scientists Teleported Quantum Data over 60 Miles While the world is battling between Quantum computers and Encryption , the NIST Scientists have set a new record in the field of " Quantum Teleportation "... …by successfully Teleporting a small amount of data (qubit) inside light particles over a distance of 60 Miles (100 km) through a network of optical fiber – the record which is four times faster than previous one. To know how the Quantum Teleportation works and how the researchers able to reach this record, Read More … 2. Pirate Bay co-fo...
TrueCrypt Encryption Software Has Two Critical Flaws: It's time to Move On

TrueCrypt Encryption Software Has Two Critical Flaws: It's time to Move On

Oct 01, 2015
If you are among thousands of privacy-conscious people who are still using ' no longer available ' TrueCrypt Encryption Software , then you need to pay attention. Two critical security vulnerabilities have been discovered in the most famous encryption tool, TrueCrypt, that could expose the user's data to hackers if exploited. TrueCrypt was audited earlier this by a team of Security researchers and found to be backdoor-free . James Forshaw , Security researcher with Google's Project Zero — which looks for zero-day exploits — has found a pair of privilege elevation flaws in TrueCrypt package. Last year, TrueCrypt project was dropped after its mysterious developers had claimed the Windows disk-encryption software had ' unfixed security issues '. TrueCrypt is a widely-used ' On-the-Fly ' Open source Hard disk encryption program. Reportedly, TrueCrypt vulnerabilities would not directly allow an attacker to decrypt drive data. Instead, successful exploitation ...
Web Encryption Protocol That Even Quantum Computers Can't Crack

Web Encryption Protocol That Even Quantum Computers Can't Crack

Aug 07, 2015
Sometimes, instead of black and white we tend to look out, how a grey would look? Yes, today we are going to discuss the 'entangling' or 'superpositioning' which is a power packed functionality of quantum computers. And simultaneously, how can they pose a threat when fully launched in the world. Superposition is a state in which a system can be in multiple stages i.e. it can be 'up' and 'down' at the same time. The Quantum systems can hit different modules of a problem simultaneously, split across possible versions of the universe. What are Quantum Computers? Quantum computers are going to be the next huge development in computing for processing data, with an ability to perform calculations thousands of times faster than today's modern supercomputers. Quantum computing is not well suited for tasks such as word processing and email, but it is ideal for tasks such as cryptography, modeling and indexing enormous databases. A quantum computer can compute in min...
Most Vulnerable Smart Cities to Cyber Attack on Internet of Things (IoT)

Most Vulnerable Smart Cities to Cyber Attack on Internet of Things (IoT)

Jul 31, 2015
Imagine… You drive to work in your Smart-Car connected to the GPS automatically, but a hacker breaks into your car's network, takes control of the steering wheel, crashes you into a tree, and BOOM ! Believe it or not, such cyber attacks on smart devices are becoming reality. Car Hacking was recently demonstrated by a pair of security researchers who controlled a Jeep Cherokee remotely from miles away, which shows a rather severe threat to the growing market of the Internet of Things (IoT) . Internet of Things (IoT) — A technology that connects objects to a network or the Internet, and enables interaction among varied devices such as: Smart Cars Smart TVs Refrigerators Wearables Routers Other embedded computing as well as non-computing devices. Few days back, I had read about Smart Dustbins that are the latest smart objects to become Wi-Fi-enabled. Internet of Things to make Cities Smart or Dumb? Cities around the world are becoming...
How To Encrypt Your USB Drive to Protect Data

How To Encrypt Your USB Drive to Protect Data

Jun 15, 2015
The USB flash drives or memory sticks are an excellent way to store and carry data and applications for access on any system you come across. With storage spaces already reaching 256 gigabytes, nowadays USB drives are often larger than past's hard drives. Thanks to increased storage capacity and low prices, you can easily store all your personal data on a tiny, easy-to-carry, USB memory stick. The USB drive is a device that is used by almost everyone today. However, there's a downside… I think you'll agree with me when I say: USB sticks are easily lost or stolen. Aren't they? However, in today's post I am going to show you how to use your USB drives without fear of being misplaced. If you are not aware, the leading cause of data breaches for the past few years has been the loss or theft of laptops and USB storage devices. However, USB flash memory sticks are generally treated with far less care than laptops, and criminals seeking for corporate devices could cost your c...
Cisco Open Sources Experimental Small Domain Block Cipher

Cisco Open Sources Experimental Small Domain Block Cipher

Jun 23, 2014
In cryptography, Block ciphers such as AES or DES are a symmetric key cipher operating on fixed-length groups of bits, called blocks, and typically operate on large input data blocks i.e. 64 or more than 128, 256 bits. Block cipher encrypts Plain-text to Cipher-text by applying cryptographic key and algorithm to a block of data at once as a group rather than to one bit at a time, so that identical blocks of text do not get encrypted the same way. However, some applications need smaller blocks, and possibly non-binary blocks. So, to fulfil this need Cisco is providing a  small block cipher , what it calls "FNR" (Flexible Naor and Reingold), but currently it is an experimental block cipher rather a production software. Sashank Dara , software engineer at the security technology group Cisco , says in a detailed explanation that FNR is a flexible length small domain block cipher for encrypting objects that works without the need for padding, as happens in the traditi...
Student Decrypts Simplocker Android Ransomware that Encrypts Files

Student Decrypts Simplocker Android Ransomware that Encrypts Files

Jun 17, 2014
In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker (Android/Simplocker.A) is the latest Android ransomware that has ability to encrypt the files using Advanced Encryption Standard (AES) on the Android device SD cards demanding users pay a ransom of 260 UAH ( Ukrainian hryvnias ), which is roughly equal to $21 US, for those files to be decrypted. To hide their track, the malware author is using the Command-and-Control server hosted on TOR .onion domain, which makes it difficult to trace the server's physical location or determine who is operating it. The malware collects information about the users' phone such as IMEI number, Operating System, phone model and manufacturer to send it all to Command-and-Control server. STUDENT CRACKS SIMPLOCKER RANSOMWARE Now, an undergraduate stu...
Expert Insights / Articles Videos
Cybersecurity Resources