Home Tags Encrypt

Tag: encrypt

Certificate Transparency and OCSP Must-Staple can't get here fast enough.

Schroedinger’s Pet(ya)

Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. Our investigation is ongoing and our findings are far from final at this time.

Despite rampant public speculation, the following is what we can confirm from our independent analysis.
Mozilla engineer spots a gap in Web security, reaches for the patch kit In spite of the rise of HTTPS, there are still spots where content originating on the Web can remain unencrypted, so a Mozilla engineer wants to close one of those gaps.…
Mozilla engineer spots a gap in online security, reaches for the patch kit Amid the rise of HTTPS, there are still many spots where content shifted encrypted across the web is ultimately stored in wide-open plain text, so a Mozilla engineer wants to close one of those gaps.…
Automated Certificate Management Environment (ACME) is set to become an internet standard later this year.
Cambridge UK, Thursday, June 8, 2017 – In a move that reflects the growing adoption of cloud storage, the latest version of SQL Backup Pro from Redgate Software now includes automatic integration with Amazon S3, making it easy for users to store their SQL Server backups in the cloud.SQL Backup Pro simplifies the backup process, covering different and multiple versions of SQL Server, and allowing users to compress, verify and securely encrypt backups at the... Source: RealWire
Sometimes ransomware developers make mistakes in their code.

These mistakes could help victims regain access to their original files after a ransomware infection.

This article is a short description of several errors, which were made by the WannaCry ransomware developers.
How do you protect a laptop filled with confidential files and personal secrets? For business-class PCs running Windows 10, the solution is simple: Turn on BitLocker.
In the several years that the Dridex family has existed, there have been numerous unsuccessful attempts to block the botnetrsquo;s activity.

The ongoing evolution of the malware demonstrates that the cybercriminals are not about to bid farewell to their brainchild, which is providing them with a steady revenue stream.
Wersquo;ve become accustomed to seeing a steady stream of security breaches month after month; and this quarter has been no exception, including attacks on Barts Health Trust, Sports Direct, Intercontinental Hotels Group and ABTA.
Earlier today, our products detected and successfully blocked a large number of ransomware attacks around the world.
In these attacks, data is encrypted with the extension “.WCRYrdquo; added to the filenames. Our analysis indicates the attack, dubbed “WannaCryrdquo;, is initiated through an SMBv2 remote code execution in Microsoft Windows.
The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure.

The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005.

The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made -- for example, for outdated payment terminals.To read this article in full or to leave a comment, please click here