encryption
WhatsApp, Signal group chats not as secure as users might believe
Researchers have discovered flaws in the way WhatsApp, Signal, and Threema messaging apps handle secure (encrypted) group communication, which could result in unauthorized …
Why cryptography is much harder than software engineers think
The recent ROCA vulnerability (CVE-2017-15361) raises some important issues about the design of secure cryptographic software. The vulnerability is not in this case an obvious …
Why phishers love HTTPS
As more and more sites switch to HTTPS, the number of phishing sites hosted on HTTPS domains is also increasing. “In the third quarter of 2017, we observed nearly a …
New Amazon S3 encryption and security features introduced
Amazon Web Services has announced the availability of five new encryption and security features for the Amazon S3 cloud storage service. These include: Default object …
The race to quantum supremacy and its cybersecurity impact
Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept. However, it is widely believed that its creation is …
NotPetya successor Bad Rabbit hits orgs in Russia, Ukraine
Bad Rabbit ransomware, apparently modeled on NotPetya, has hit a number of organizations across Russia, Ukraine, and Eastern Europe on Tuesday. Russian security outfit …
Vulnerability in code library allows attackers to work out private RSA keys
Researchers have discovered a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding …
WPA2 weakness allows attackers to extract sensitive info from Wi-Fi traffic
WPA2, a protocol that secures modern protected Wi-Fi networks, sports serious weaknesses that can allow attackers to read and capture information that users believe to be …
Alleged cyberstalker unmasked by VPN logs
A Massachusetts man was arrested on cyberstalking charges after the online activities he tried to hide through VPN use were revealed by logs provided by PureVPN. “It is …
Google to enforce HTTPS on TLDs it controls
In its sustained quest to bring encryption to all existing Web sites, Google has announced that it will start enforcing HTTPS for the 45 Top-Level Domains it operates. How …
How attackers can take advantage of encrypted tunnels
Many organizations are not actively examining the encrypted traffic in their network. According to a Venafi survey, roughly a quarter (23%) of security professionals don’t …
Microsoft Azure confidential computing keeps data in use secret
Microsoft has announced a new Azure (cloud) data security capability: confidential computing. Who’s it for? The capability allows companies to use the cloud even if they …
Featured news
Resources
Don't miss
- Man vs. machine: Striking the perfect balance in threat intelligence
- Misconfig Mapper: Open-source tool to uncover security misconfigurations
- Why AI deployment requires a new level of governance
- Mastering the cybersecurity tightrope of protection, detection, and response
- PRevent: Open-source tool to detect malicious code in pull requests