-
EU to Propose New Measures for Accessing Encrypted IM Apps
The European Commission, through the voice of EU Justice Commissioner Vera Jourova, announced plans to find a way for law enforcement to access data exchanged via encrypted instant messaging services, such as WhatsApp, Telegram, Signal, and others.
- March 30, 2017
- 09:25 AM
0
-
US-CERT: Security Products That Perform HTTPS Interception Weaken Security
In an advisory sent to enterprises across the US, the Department of Homeland Security's US-CERT group is warning that security products which perform HTTPS interception might weaken a company's overall security.
- March 17, 2017
- 01:18 PM
2
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Tens of Thousands of Chromebooks Fail Due to Bug in Security Product
A large chunk of the 120,000 Chromebooks deployed at Maryland's Montgomery County schools went down last week after computers using Symantec BlueCoat security software weren't able to handle TLS 1.3 connections that Google started supporting with the release of Chrome and Chrome OS 56.
- February 28, 2017
- 11:15 AM
- 1
-
Google Open-Sources Chrome Extension to Make PGP Encryption Easier in Gmail
Late Friday, last week, Google announced a new tool for security-minded users, called E2EMail, a Chrome extension that simplifies the installation of PGP encryption for Gmail.
- February 27, 2017
- 09:25 AM
- 0
-
PHP Becomes First Programming Language to Add Modern Cryptography Library in Its Core
The PHP team has unanimously voted to integrate the Libsodium library in the PHP core, and by doing so, becoming the first programming language to support a modern cryptography library by default.
- February 20, 2017
- 05:15 PM
- 25
-
Epic Fail: Linux Encryption App Cryptkeeper Has Universal Password: 'p'
A data encryption app for Linux users named Cryptkeeper has a bug that allows anyone to decrypt locked content using the password "p".
- January 31, 2017
- 02:15 PM
- 1
-
Fed up with Intermediaries, Google Becomes Root Certificate Authority
Google announced yesterday plans to become a self-standing, certified, and independent Root Certificate Authority, meaning the company would be able to issue its own TLS/SSL certificates for securing its web traffic via HTTPS, and not rely on intermediaries, as it does now.
- January 27, 2017
- 12:05 PM
- 0
-
Researcher: WhatsApp Bug Exposes Encrypted Messages
Security researcher Tobias Boelter has discovered a bug in the encrypted communications system used by WhatsApp that allows a determined third-party actor, possibly Facebook, to intercept encrypted messages.
- January 13, 2017
- 02:22 PM
- 1
-
Congress Report Rules Against Encryption Backdoors
Last week, a report published by the House of Representatives Judiciary Committee and the House of Representatives Energy and Commerce Committee has made it crystal clear that the US government considers encryption backdoors as a threat to its "national interests."
- December 28, 2016
- 01:11 PM
- 0
-
Apple Gets Lazy on Encryption, Extends HTTPS Enforcement Deadline for iOS Apps Indefinitely
After announcing earlier this year plans to force all iOS app developers to deploy HTTPS starting with 2017, Apple postponed its deadline indefinetly, to give app makers more time to migrate their app and backend infrastructures.
- December 23, 2016
- 01:52 PM
- 0
-
Google Releases Tool to Help Developers Find Crypto Bugs
Google released this week a new tool called Project Wycheproof, which is a set of automated tests developers can run on their code and identify weaknesses or problems in the sections that deal with cryptography operations.
- December 21, 2016
- 06:51 PM
- 3
-
$300 Device Can Steal Mac FileVault2 Passwords
Swedish hardware hacker Ulf Frisk has published today instructions on how to build and use a $300 device that can retrieve login passwords for Macs protected by Apple's FileVault2 disk encryption system.
- December 15, 2016
- 05:35 PM
- 1
-
Google to Show Errors for SHA1 Certificates Starting with Chrome 56
The number of HTTPS errors is about to go up as Google announced plans to remove support for SSL/TLS certificates signed with the SHA-1 cryptographic hash algorithm. Google plans to take this step with Chrome 56, scheduled for release at the end of January 2017.
- November 17, 2016
- 09:45 AM
- 0
-
HDDCryptor Ransomware Overwrites Your MBR Using Open Source Tools
HDDCryptor, sometimes spelled HDD Cryptor and also identified as Mamba, is a new ransomware variant that rewrites a computer's MBR (Master Boot Record) boot sectors and locks users out of their PCs. While we might hurry to classify this as a Petya clone, HDDCryptor predates both Petya and Satana.
- September 18, 2016
- 10:30 AM
- 8
