A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions.
Cisco, one of the world's largest vendor of networking equipment, released security updates today to patch a vulnerability in the IOS and IOS XE operating systems that run the vast majority of its devices.
FBI Director Chris Wray is following in predecessor James Comey's footsteps in joining the anti-encryption crusade. Though the FBI has admitted to distorting the number of encrypted devices it can't get into,
The US Department of Defense plans to implement HTTPS and HSTS (HTTP Strict Transport Security) for all its public-facing websites by the end of the year.
A cryptographic bug affects the Bluetooth implementations and operating system drivers of Apple, Broadcom, Intel, Qualcomm, and possibly other hardware vendors.
Apple's macOS surreptitiously creates and caches thumbnails for images and other file types stored on password-protected / encrypted containers (hard drives, partitions), according to Wojciech ReguÅa and Patrick Wardle, two macOS security experts.
Microsoft has recently published an interesting open source project called "PQCrypto-VPN" that implements post-quantum cryptography (PQC) with OpenVPN. This project is being developed by theÂ Microsoft Research Security and CryptographyÂ group as part of their research into post-quantum cryptography.
Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD's Secure Encrypted Virtualization (SEV), a safety mechanism designed to encrypt the data of virtual machines running on s
Starting last week, on May 8, Google has opened the .app top-level domain (TLD) to the general public, allowing anyone to register their desired .app domain name. As its name implies, the domain is intended for app developers, but anyone can register a domain, may it be for an app or not.
A team of nine academics is warning the world about a critical vulnerability in the OpenPGP and S/MIME email encryption tools. The flaw, if exploited, allow an attacker to decrypt sent or received messages, according to the researcher team.
The Tor Project announced today plans to discontinue Tor Messenger, the organization's security-hardened instant messaging application.
Mozilla Foundation engineers announced plans over the weekend to test the "DNS over HTTPS" (DoH) fledgling security standard in Firefox Nightly distributions.
For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature.
Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions.
German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more.
Keybase is notifying Android users of a bug in its mobile app that might have unintentionally included the users' private key âused to encrypt conversations and other private dataâ into the automatic backups created by the Android OS and uploaded on Google's servers.
Due to the usage of weak cryptography in the IEEE P1735 electronics standard, attackers can recover highly-valuable intellectual property in plaintext.
Open Whisper Systems, the company behind the Signal IM service, has finally launched standalone desktop applications for Windows, macOS, and Linux.
Some extremely lucky users will be able to recover files locked by the Bad Rabbit ransomware because of small operational mistakes on the part of the malware's authors.
After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly "great" start with the publication of a new crypto attack known as DUHK (Don't Use Hard-coded Keys)