A day after the British Parliament approved a bill intended to eradicate child abuse content, cabinet officials called on social media giant Meta to halt a rollout of end-to-end encryption. Meta hasn't provided assurances that it will safeguard users, charged Home Secretary Suella Braverman.
Chinese hackers were able to access the email accounts of senior U.S. officials after Microsoft included an active digital signing key in a snapshot of data taken to analyze a crash of its consumer signing system in April 2021. Inclusion of the key in the crash dump was just one of many mishaps.
Security researchers uncovered multiple vulnerabilities in a widely used radio communication system used by law enforcement and in critical infrastructure for data transmission that could allow remote decryption of cryptographically protected communications.
A European Commission effort to require instant messenger apps such as WhatsApp and iMessage to scan for child sexual abuse material would likely violate Europeans' human rights and weaken encryption protections for consumers, a leaked document from the commission's internal legal service says.
Quantum computers and chatbots, as well as hype around blockchain, were topics discussed during The Cryptographers' Panel at RSA Conference 2023. For anyone who needs to keep data secure for more than 30 years, advice from panelist Adi Shamir was simple: Don't rely on public key cryptography.
A European effort to wrest greater control over the infrastructure underpinning internet encryption has some security experts warning about degraded website security. The European Union is on the cusp of requiring web browsers to honor web certificates known as QWACs.
Major internet chat platforms are urging the United Kingdom government to reconsider a bill intended to decrease exposure to online harms but which opponents say would open the door to massive government surveillance. Proponents say online platforms should have a duty of care to protect users.
A 3-month-old federal law meant to future-proof federal computers from quantum computer decryption will have an effect on healthcare sector entities, too, says Mac McMillan, founder and CEO emeritus of privacy and security consulting firm CynergisTek.
GitHub has replaced its private RSA SSH host key after discovering it was being inadvertently exposed to the public via a GitHub repository. Used to safeguard SSH access to Git operations, a bad actor could use the key to impersonate GitHub or eavesdrop. But GitHub reported no signs of abuse.
Police in multiple European countries carried out raids against the operators and users of the Exclu encrypted chat app, arresting four dozen individuals. German authorities began investigating the app following a 2019 raid on the Cyberbunker web hosting facility.
Moving from certificate-based to FIDO authentication reduces overhead and complications for enterprises looking to move away from passwords, says Microsoft's Libby Brown. FIDO allows organizations to go passwordless by simply buying a FIDO key and turning it on in their Azure Active Directory.
A class action lawsuit against LastPass alleges that a data breach in August resulted in the theft of $53,000 in bitcoin. An unnamed plaintiff alleges that negligence in the password management company's data security practices led to the Thanksgiving weekend theft.
Smartphone giant Apple says that starting later this year, users can enable end-to-end encryption of iPhone backups stored in the company's commercial cloud. Apple took pains to frame its announcement in the context of cloud computing data breaches.
A year after buying Wickr's encrypted instant-messaging app, Amazon will shut down Wickr Me on Dec. 31, 2023. The app has come under law enforcement scrutiny for allegations that the strong encryption shields drug peddlers and child abusers from prosecution.
The U.S. Federal Trade Commission pushed until June 9 the date for nonbanking financial firms to follow cybersecurity mandates in the updated Safeguards Rule. The agency approved the update in a partisan vote in October 2021, imposing requirements such as a written information security program.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.
