encryption software | Breaking Cybersecurity News | The Hacker News

Google has launched a new encryption algorithm that has been built specifically to run on mobile phones and smart IoT devices that don't have the specialized hardware to use current encryption methods to encrypt locally stored data efficiently. Encryption has already become an integral part of our everyday digital activities. However, it has long been known that encryption is expensive, as it causes performance issues, especially for low-end devices that don't have hardware support for making the encryption and decryption process faster. Since data security concerns have recently become very important, not using encryption is no more a wise tradeoff, and at the same time, using a secure but slow device on which apps take much longer to launch is also not a great idea. Currently Android OS supports AES-128-CBC-ESSIV for full-disk encryption and AES-256-XTS for file-based encryption, and Google has already made it mandatory for device manufacturers to include AES encry

A security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. The disclosure comes almost a month after researchers revealed a series of flaws, dubbed eFail , in PGP and S/Mime encryption tools that could allow attackers to reveal encrypted emails in plaintext , affecting a variety of email programs, including Thunderbird, Apple Mail, and Outlook. Software developer Marcus Brinkmann discovered that an input sanitization vulnerability, which he dubbed SigSpoof , makes it possible for attackers to fake digital signatures with someone's public key or key ID, without requiring any of the private or public keys involved. The vulnerability, tracked as CVE-2018-12020 , affects popular email applications including GnuPG, Enigmail, GPGTools and python-gnupg, and have now been patched in their latest available so

The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms

Beware, If you are using S/MIME protocol over Microsoft Outlook to encrypt your email communication, you need to watch out. From at least last 6 months, your messages were being sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers. S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an end-to-end encryption protocol—based on public-key cryptography and works just like SSL connections—that enables users to send digitally signed and encrypted messages. According to a security advisory published by SEC Consult earlier this week, a severe bug (CVE-2017-11776) in Microsoft Outlook email client causes S/MIME encrypted emails to be sent with their unencrypted versions attached. When Outlook users make use of S/MIME to encrypt their messages and format their emails as plain text, the vulnerability allows the seemingly encrypted emails to be sent in both encrypted as well as human-readable clear text f

After TrueCrypt mysteriously discontinued itself, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, and privacy conscious people. Due to the huge popularity of VeraCrypt, security researchers from the OSTIF ( The Open Source Technology Improvement Fund ) announced at the beginning of this month that it had agreed to audit VeraCrypt independently. Using funds donated by DuckDuckGo and VikingVPN, the OSTIC hired vulnerability researchers from QuarksLab to lead the audit, which would look for zero-day vulnerabilities and other security holes in VeraCrypt's code. Now, the most troubling part comes here: The OSTIF announced Saturday that its confidential PGP-encrypted communications with QuarkLabs about the security audit of VeraCrypt were mysteriously intercepted. "We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders." the OSTIF said . "Not

The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies. You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in a much larger fight. Now, in an effort to make its iPhone surveillance-and-hack proof, Apple has rehired security expert and cryptographer Jon Callas , who co-founded the widely-used email encryption software PGP and the secure-messaging system Silent Circle that sells the Blackphone. This is not Apple's first effort over its iPhone security . Just a few months back, the company hired Frederic Jacobs , one of the key developers of Signal — World's most secure, open source and encrypted messaging app . Now Apple has rehired Callas, who has previously worked for Apple twice, first from 1995 to 1997 and then from 2009 to 2011. During his second joining, Callas designed a ful

Just last month, DARPA launched a project dubbed "Improv," inviting hackers to transform simple household appliances into deadly weapons . Now, the Defense Advanced Research Projects Agency is finding someone in the private sector to develop a hacker-proof " secure messaging and transaction platform " for the U.S. military. Darpa wants researchers to create a secure messaging and transaction platform that should be accessible via the web browser or standalone native application. The secure messaging app should " separate the message creation, from the transfer (transport) and reception of the message using a decentralized messaging backbone to allow anyone anywhere the ability to send a secure message or conduct other transactions across multiple channels traceable in a decentralized ledger, " agency's  notice explains. In simple words, DARPA aims to create a secure messaging service that not only implements the standard encryption and se

Hacking Team – the infamous Italy-based spyware company that had more than 400 GB of its confidential data stolen last year – is facing another trouble.  This time not from other hackers, but from its own government. Hacking Team is infamous for selling surveillance spyware to governments and intelligence agencies worldwide, but now it may not be allowed to do so, as the Italian export authorities have revoked the company's license to sell outside of Europe. Almost a year after it was hacked and got all its secrets leaked online , Hacking Team somehow managed to resume its operations and start pitching new hacking tools to help the United States law enforcement gets around their encryption issues. Hacking Team had sold its malware, officially known as the Galileo Remote Control System , to authorities in Egypt, Morocco, Brazil, Malaysia, Thailand, Kazakhstan, Vietnam, Mexico, and Panama. Hacking Team had also signed big contracts with the Federal Burea

Hacking Team, the infamous Italy-based spyware company that had more than 400 GB of its confidential information stolen earlier this year, has resumed its operations and started pitching new hacking tools to help US law enforcement gets around their encryption issues . Yes, Hacking Team is back with a new set of Encryption Cracking Tools for government agencies as well as other customers to break encrypted communications. The announcement came in an email pitch sent to existing and potential new customers on October 19 when Hacking Team CEO David Vincenzetti confirmed that Hacking Team is now "finalizing [its] brand new and totally unprecedented cyber investigation solutions." The e-mail is not made public, but Motherboard has been able to obtain a copy of it that states: "Most [government agencies] in the United States and abroad will become 'blind,' they will 'go dark,' they will simply be unable to fight vicious phenomena such as te

We are back with our last week's top cyber security threats and challenges, just in case you missed any of them ( ICYMI ). THN Weekly Round Up is The Hacker News efforts to help you provide all important stories of last week in one shot. We recommend you read the full story ( just click 'Read More' because there's some valuable advice in there as well ). Here's the list: 1. Quantum Teleportation — Scientists Teleported Quantum Data over 60 Miles While the world is battling between Quantum computers and Encryption , the NIST Scientists have set a new record in the field of " Quantum Teleportation "... …by successfully Teleporting a small amount of data (qubit) inside light particles over a distance of 60 Miles (100 km) through a network of optical fiber – the record which is four times faster than previous one. To know how the Quantum Teleportation works and how the researchers able to reach this record, Read More … 2. Pirate Bay co-fo

If you are among thousands of privacy-conscious people who are still using ' no longer available ' TrueCrypt Encryption Software , then you need to pay attention. Two critical security vulnerabilities have been discovered in the most famous encryption tool, TrueCrypt, that could expose the user's data to hackers if exploited. TrueCrypt was audited earlier this by a team of Security researchers and found to be backdoor-free . James Forshaw , Security researcher with Google's Project Zero — which looks for zero-day exploits — has found a pair of privilege elevation flaws in TrueCrypt package. Last year, TrueCrypt project was dropped after its mysterious developers had claimed the Windows disk-encryption software had ' unfixed security issues '. TrueCrypt is a widely-used ' On-the-Fly ' Open source Hard disk encryption program. Reportedly, TrueCrypt vulnerabilities would not directly allow an attacker to decrypt drive data. Instead, successful exploitation

Sometimes, instead of black and white we tend to look out, how a grey would look? Yes, today we are going to discuss the 'entangling' or 'superpositioning' which is a power packed functionality of quantum computers. And simultaneously, how can they pose a threat when fully launched in the world. Superposition is a state in which a system can be in multiple stages i.e. it can be 'up' and 'down' at the same time. The Quantum systems can hit different modules of a problem simultaneously, split across possible versions of the universe. What are Quantum Computers? Quantum computers are going to be the next huge development in computing for processing data, with an ability to perform calculations thousands of times faster than today's modern supercomputers. Quantum computing is not well suited for tasks such as word processing and email, but it is ideal for tasks such as cryptography, modeling and indexing enormous databases. A quantum computer can compute in min

Imagine… You drive to work in your Smart-Car connected to the GPS automatically, but a hacker breaks into your car's network, takes control of the steering wheel, crashes you into a tree, and BOOM ! Believe it or not, such cyber attacks on smart devices are becoming reality. Car Hacking was recently demonstrated by a pair of security researchers who controlled a Jeep Cherokee remotely from miles away, which shows a rather severe threat to the growing market of the Internet of Things (IoT) . Internet of Things (IoT) — A technology that connects objects to a network or the Internet, and enables interaction among varied devices such as: Smart Cars Smart TVs Refrigerators Wearables Routers Other embedded computing as well as non-computing devices. Few days back, I had read about Smart Dustbins that are the latest smart objects to become Wi-Fi-enabled. Internet of Things to make Cities Smart or Dumb? Cities around the world are becoming

The USB flash drives or memory sticks are an excellent way to store and carry data and applications for access on any system you come across. With storage spaces already reaching 256 gigabytes, nowadays USB drives are often larger than past's hard drives. Thanks to increased storage capacity and low prices, you can easily store all your personal data on a tiny, easy-to-carry, USB memory stick. The USB drive is a device that is used by almost everyone today. However, there's a downside… I think you'll agree with me when I say: USB sticks are easily lost or stolen. Aren't they? However, in today's post I am going to show you how to use your USB drives without fear of being misplaced. If you are not aware, the leading cause of data breaches for the past few years has been the loss or theft of laptops and USB storage devices. However, USB flash memory sticks are generally treated with far less care than laptops, and criminals seeking for corporate devices could cost your c

In cryptography, Block ciphers such as AES or DES are a symmetric key cipher operating on fixed-length groups of bits, called blocks, and typically operate on large input data blocks i.e. 64 or more than 128, 256 bits. Block cipher encrypts Plain-text to Cipher-text by applying cryptographic key and algorithm to a block of data at once as a group rather than to one bit at a time, so that identical blocks of text do not get encrypted the same way. However, some applications need smaller blocks, and possibly non-binary blocks. So, to fulfil this need Cisco is providing a  small block cipher , what it calls "FNR" (Flexible Naor and Reingold), but currently it is an experimental block cipher rather a production software. Sashank Dara , software engineer at the security technology group Cisco , says in a detailed explanation that FNR is a flexible length small domain block cipher for encrypting objects that works without the need for padding, as happens in the traditional

In a previous story, I reported about a new ransomware threat known as Simplocker discovered by researchers at the security firm ESET, targeting Android users in the UK, Switzerland, Germany, India and Russia, for ransom. Simplocker (Android/Simplocker.A) is the latest Android ransomware that has ability to encrypt the files using Advanced Encryption Standard (AES) on the Android device SD cards demanding users pay a ransom of 260 UAH ( Ukrainian hryvnias ), which is roughly equal to $21 US, for those files to be decrypted. To hide their track, the malware author is using the Command-and-Control server hosted on TOR .onion domain, which makes it difficult to trace the server's physical location or determine who is operating it. The malware collects information about the users' phone such as IMEI number, Operating System, phone model and manufacturer to send it all to Command-and-Control server. STUDENT CRACKS SIMPLOCKER RANSOMWARE Now, an undergraduate stu