Encryption | SC Media

Encryption

Best practices for implementing a DLP solution

Traditional defenses are no match for targeted attacks that bypass security controls and steal sensitive data. As IT changes continue to occur, organizations need to be more strategic to combat modern threats. They must shift their focus from attempting to secure everything, to protecting what matters most—the data itself. No matter where it is stored,…

Flaw impacts most new Intel chipsets

A vulnerability was found in most of the Intel chipsets released in the last five years that could allow an attacker to extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key. The issue, CVE-2019-0090, was found by Positive Technologies and resides in the Intel Converged Security…

Bug prompts Let’s Encrypt to revoke over 3M TLS certificates

Beginning today, Let’s Encrypt is revoking more than 3 million of its Transport Layer Security (TLS) certificates, following the discovery of a bug that affects the way it rechecks CAA (Certificate Authority Authorization) records. “Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days,” explained Jacob Hoffman-Andrew,…

Encryption everywhere

While encryption will deter data breaches, it comes with its own baggage — and keys It is not a question of if the bad actors will access confidential or highly classified data, rather it is a question of can attackers read and use confidential and classified data after they access it. Many experts believe the…

Cellebrite claims it can crack any iPhone or Android, Trump admins weigh encryption ban

Israeli data extraction firm Cellebrite announced the ability to break into any iPhone or Android device for law enforcement agencies near the same time Trump administration officials weighed the pros and cons of banning encryption law enforcement can’t break.   Senior Trump officials met Wednesday to discuss whether to seek legislation that would crack down on…

Unpatched bug in Windows SymCrypt library could cause DoS condition, warns researcher

Google’s Project Zero vulnerability hunting team has publicly disclosed an unpatched bug in the SymCrypt cryptography library for Windows, which could create a denial of service condition when the user initiates any function that requires cryptography. Project Zero researcher Tavis Ormandy said in a June 11 tweet that even though the problem is of “relatively…

Future-proof cybersecurity: Addressing implementation challenges in quantum cryptography

As cyberattacks grow in number and sophistication, it is essential that data is protected. But in today’s evolving threat landscape, this is not as simple as applying traditional security to communications systems. Indeed, many current systems use protocols based on mathematical problems, such as integer factorization, which could be easily cracked by quantum computers of…

Adiantum boosts encryption for low-end Android devices

Google has developed a new storage encryption solution that will boost encryption capabilities for low-end Android devices that don’t have the hardware to support AES. Researchers said the new solution, called Adiantum, allows the use of the ChaCha stream cipher “in a length-preserving mode, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR and HCH,”…

Next post in Security News