Home Tags Advanced Encryption Standard

Tag: Advanced Encryption Standard

54% off SanDisk Extreme PRO 128GB USB 3.0 Flash Drive, Speeds...

The SanDisk Extreme PRO USB 3.0 Flash Drive features a sizable 128GB of storage, and read speeds of up to 260MB/s lets you easily transfer a full-length movie in seconds. The sophisticated design and durable aluminum metal casing help to protect against every day wear and tear on the outside, while the included SanDisk SecureAccess software provides 128-bit AES file encryption and password protection on the inside for your private files.

The SanDisk Extreme PRO USB 3.0 Flash Drive is backed with a lifetime limited warranty.
It currently averages 4.6 out of 5 stars on Amazon from over 530 people (80% rate the full 5 stars: see reviews here), and its typical list price has been reduced generously to just $59.99.
See this deal on Amazon.To read this article in full or to leave a comment, please click here

60% off SanDisk Extreme PRO 128GB USB 3.0 Flash Drive, Speeds...

The SanDisk Extreme PRO USB 3.0 Flash Drive features a sizable 128GB of storage, and read speeds of up to 260MB/s lets you easily transfer a full-length movie in seconds. The sophisticated design and durable aluminum metal casing help to protect against every day wear and tear on the outside, while the included SanDisk SecureAccess software provides 128-bit AES file encryption and password protection on the inside for your private files.

The SanDisk Extreme PRO USB 3.0 Flash Drive is backed with a lifetime limited warranty.
It currently averages 4.6 out of 5 stars on Amazon from over 530 people (80% rate the full 5 stars: see reviews here), and its typical list price has been reduced generously to just $52.10.
See this deal on Amazon.To read this article in full or to leave a comment, please click here

XPan, I am your father

While we have previously written on the now infamous XPan ransomware family, some of it’s variants are still affecting users primarily located in Brazil.

This sample is what could be considered as the “father” of other XPan ransomware variants.

A considerable amount of indicators within the source code depict the early origins of this sample.

A free decryption tool is now available for all Bart ransomware...

Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.The Bart ransomware appeared back in June and stood out because it locked victi...

PetrWrap: the new Petya-based ransomware used in targeted attacks

This year we found a new family of ransomware used in targeted attacks against organizations.

After penetrating an organization's network the threat actors used the PsExec tool to install ransomware on all endpoints and servers in the organization.

The next interesting fact about this ransomware is that the threat actors decided to use the well-known Petya ransomware to encrypt user data.

Kauai is moving from diesel generators to renewable energy with help...

Shipping fuel is expensive, so why not generate it from energy sources found locally?

Largest grid-tied lithium ion battery system deployed today in San Diego

CA Public Utilities Commissioner: "We are far in advance of where we expected to be."

Breaking The Weakest Link Of The Strongest Chain

Around July last year, more than a 100 Israeli servicemen were hit by a cunning threat actor.

The attack compromised their devices and exfiltrated data to the attackers’ C&C.
In addition, the compromised devices were pushed Trojan updates.

The operation remains active at the time of writing this post.

Apricorn Aegis Secure Key 3z hardware-encrypted flash drive

256-bit AES XTS hardware encryption security at entry-level pricing

Satan enters roll-your-own ransomware game

Code named for Prince of Darkness offers commissions for spreading evil Satan is infecting computers, encrypting files and demanding ransoms. No, we're not talking about the prince of darkness itself, but an underground ransomware service bearing its name.
It's devilish code: net demons wielding it can create a customised ransomware payload that will encrypt a victim's files with RSA-2048 bit and AES-256 bit encryption. Those Satan enslaves are directed through the many circles of the Tor network in order to pay a bitcoin ransom that varies in size. The Satan ransomware is available openly on the Tor network and presents punters with a slick form through which the malware is customised. The established malware researcher known as Xylitol reported the malware El Reg ignored VXers' constant pleas "not upload malware to VirusTotal" by promptly uploading the ransomware to VirusTotal, finding that it was detected by about half of antivirus scanners, although this number can differ thanks to heuristics and other antivirus dynamic checks not covered by the lauded online security service. Malware that is uploaded to VirusTotal is at risk of being discovered by anti-virus engines and security researchers. Should you choose to spread the word of Satan, the hell-code's authors claim to take a 30 per cent cut of any ransoms paid to customers. "The bitcoin paid by the victim will be credited to your account. We will keep a 30 percent fee of the income … [which] will become lower depending on the number of infections and payments you have." The service will help customers encrypt their files and wrap it in Word document macros and installers.
It is up to customers to decide how to disseminate the malware, but most arrive by phishing. Create your malware.
Satan's panels. Satan is not alone in its evil ways: other ransomware-as-a-service offerings including a JavaScript-based instance have been uncovered. Many ransomware variants have been undone by white hat hackers working under the No More Ransom Alliance to find and exploit holes in the malware that allows free file decryption. The Alliance unifies previously un-co-ordinated ransomware reversal efforts.

The Reg expects it won't be long before the Alliance's forces are arrayed against Satan's in an effort to unravel its encryption and bring the good word to the afflicted. ® Sponsored: Customer Identity and Access Management

Google Cloud Platform finally offers key management service

Google is finally giving administrators the ability to manage their encryption keys in Google Cloud Platform (GCP) with its Cloud Key Management Service (KMS). Google is the last of the three major cloud providers to provide the key management service, as Amazon and Microsoft already have similar offerings. The Cloud KMS, currently in beta, helps administrators manage the encryption keys for their organization without having to maintain an on-premise key management system or deploy hardware security modules. With Cloud KMS, administrators can manage all the organization's encryption keys, not only the ones used to protect data in GCP. Administrators can create, use, rotate, and destroy AES-256 symmetric encryption keys via the Cloud KMS API. Multiple versions of a key can be active at any time for decryption, but only one primary key version can be used for encrypting new data. The rotation schedule can be defined to automatically generate a new key version at fixed time intervals. There's also a built-in 24-hour delay when trying to destroy keys to prevent accidental or malicious loss. Cloud KMS integrates with GCP's Cloud Identity Access Management and Cloud Audit Logging services so that administrators can manage permissions for individual keys and monitor usage. Cloud KMS also provides a REST API that allows AES-256 encryption or decryption in Galois/Counter Mode, which is the same encryption library used internally to encrypt data in Google Cloud Storage. AES GCM is implemented in the BoringSSL library maintained by Google, and the company continually checks for weaknesses in the encryption library using several tools, "including tools similar to the recently open-sourced cryptographic test tool Project Wycheproof," said Google product manager Maya Kaczorowski on the Google Cloud Platform blog. Compared to AWS and Windows Azure, GCP has lagged in encryption. Amazon introduced customer-supplied encryption keys (CSEK) to AWS customers for its S3 service in June 2014, and it introduced the AWS Key Management Service later that year. Microsoft added CSEK via Key Vault in January 2015. Google began offering CSEK in June 2015 and is only now rolling out Cloud KMS. Google Cloud Storage manages server-side encryption by default, and administrators have to specifically select "Cloud Key Management Service" to manage the keys in the cloud service, or "Customer Supplied Encryption Keys" to manage the keys on-premise. CSEK is also available with Compute Engine. Kaczorowski said organizations in regulated industries, such as financial services and health care, can benefit from hosted key management services "for the ease of use and peace of mind that they provide." However, administrators should evaluate whether the convenience is worth the possibility that if the government has a legal order compelling Google to provide information about the keys, the company will have to comply because it has access to all the keys managed by the service. There's another potential hiccup for administrators to consider if the organization gathers personal information from Europeans. The European General Data Protection Regulation applies to European personal data, regardless of where it is stored in the world, and regulators in the past have recommended not storing encryption keys with the same cloud provider. If the key is kept securely with the organization, the cloud provider can't do anything beyond just maintaining access to and availability of the data. Using GCP and Cloud KMS simultaneously may or may not be acceptable to European regulators. "Encryption is only effective is you separate the encrypted data from the key storage. Using the same vendor, be it AWS or Google to store the keys and data still raises compliance and security challenges for many businesses,” said Pravin Kothari, founder, chairman, and CEO of cloud encryption company CipherCloud. 

43% off Microsoft Wireless Desktop 900 Keyboard and Mouse Bundle –...

The Wireless Desktop 900 keyboard from Microsoft has quiet-touch keys and customizable buttons for access to the Windows features you use most.

The full-size ambidextrous mouse provides comfortable, precise navigation.

The Wireless Desktop 900 also includes Advanced Encryption Standard to help protect your information by encrypting your keystrokes.

Both the keyboard and the mouse have an average battery life of 2-years.

The typical list price of $50 has been reduced to $28.28, making this a good deal on Amazon where it averages 4.5 out of 5 stars (read recent reviews) from over 140 reviewers.  See it now on Amazon. This story, "43% off Microsoft Wireless Desktop 900 Keyboard and Mouse Bundle - Deal Alert" was originally published by TechConnect.