Category: Encryption

Last month, the UK government demanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyone’s cyber-risk in an already dangerous world.

If you’re an iCloud user, you have the option of turning on something called “advanced data protection,” or ADP. In that mode, a majority of your data is end-to-end encrypted. This means that no one, not even anyone at Apple, can read that data. It’s a restriction enforced by mathematics—cryptography—and not policy. Even if someone successfully hacks iCloud, they can’t read ADP-protected data.

Using a controversial power in its 2016 Investigatory Powers Act, the UK government wants Apple to re-engineer iCloud to add a “backdoor” to ADP. This is so that if, sometime in the future, UK police wanted Apple to eavesdrop on a user, it could. Rather than add such a backdoor, Apple disabled ADP in the UK market.

Should the UK government persist in its demands, the ramifications will be profound in two ways. First, Apple can’t limit this capability to the UK government, or even only to governments whose politics it agrees with. If Apple is able to turn over users’ data in response to government demand, every other country will expect the same compliance. China, for example, will likely demand that Apple out dissidents. Apple, already dependent on China for both sales and manufacturing, won’t be able to refuse.

Second: Once the backdoor exists, others will attempt to surreptitiously use it. A technical means of access can’t be limited to only people with proper legal authority. Its very existence invites others to try. In 2004, hackers—we don’t know who—breached a backdoor access capability in a major Greek cellphone network to spy on users, including the prime minister of Greece and other elected officials. Just last year, China hacked U.S. telecoms and gained access to their systems that provide eavesdropping on cellphone users, possibly including the presidential campaigns of both Donald Trump and Kamala Harris. That operation resulted in the FBI and the Cybersecurity and Infrastructure Security Agency recommending that everyone use end-to-end encrypted messaging for their own security.

Apple isn’t the only company that offers end-to-end encryption. Google offers the feature as well. WhatsApp, iMessage, Signal, and Facebook Messenger offer the same level of security. There are other end-to-end encrypted cloud storage providers. Similar levels of security are available for phones and laptops. Once the UK forces Apple to break its security, actions against these other systems are sure to follow.

It seems unlikely that the UK is not coordinating its actions with the other “Five Eyes” countries of the United States, Canada, Australia, and New Zealand: the rich English-language-speaking spying club. Australia passed a similar law in 2018, giving it authority to demand that companies weaken their security features. As far as we know, it has never been used to force a company to re-engineer its security—but since the law allows for a gag order we might never know. The UK law has a gag order as well; we only know about the Apple action because a whistleblower leaked it to the Washington Post. For all we know, they may have demanded this of other companies as well. In the United States, the FBI has long advocated for the same powers. Having the UK make this demand now, when the world is distracted by the foreign-policy turmoil of the Trump administration, might be what it’s been waiting for.

The companies need to resist, and—more importantly—we need to demand they do. The UK government, like the Australians and the FBI in years past, argues that this type of access is necessary for law enforcement—that it is “going dark” and that the internet is a lawless place. We’ve heard this kind of talk since the 1990s, but its scant evidence doesn’t hold water. Decades of court cases with electronic evidence show again and again the police collect evidence through a variety of means, most of them—like traffic analysis or informants—having nothing to do with encrypted data. What police departments need are better computer investigative and forensics capabilities, not backdoors.

We can all help. If you’re an iCloud user, consider turning this feature on. The more of us who use it, the harder it is for Apple to turn it off for those who need it to stay out of jail. This also puts pressure on other companies to offer similar security. And it helps those who need it to survive, because enabling the feature couldn’t be used as a de facto admission of guilt. (This is a benefit of using WhatsApp over Signal. Since so many people in the world use WhatsApp, having it on your phone isn’t in itself suspicious.)

On the policy front, we have two choices. We can’t build security systems that work for some people and not others. We can either make our communications and devices as secure as possible against everyone who wants access, including foreign intelligence agencies and our own law enforcement, which protects everyone, including (unfortunately) criminals. Or we can weaken security—the criminals’ as well as everyone else’s.

It’s a question of security vs. security. Yes, we are all more secure if the police are able to investigate and solve crimes. But we are also more secure if our data and communications are safe from eavesdropping. A backdoor in Apple’s security is not just harmful on a personal level, it’s harmful to national security. We live in a world where everyone communicates electronically and stores their important data on a computer. These computers and phones are used by every national leader, member of a legislature, police officer, judge, CEO, journalist, dissident, political operative, and citizen. They need to be as secure as possible: from account takeovers, from ransomware, from foreign spying and manipulation. Remember that the FBI recommended that we all use backdoor-free end-to-end encryption for messaging just a few months ago.

Securing digital systems is hard. Defenders must defeat every attack, while eavesdroppers need one attack that works. Given how essential these devices are, we need to adopt a defense-dominant strategy. To do anything else makes us all less safe.

This essay originally appeared in Foreign Policy.

Email encryption is an essential protection for modern businesses. The software market has adapted to this need, so leaders have a broad range of potential solutions available to fill the gap. But what are the best email encryption options for enterprises?

What Are the Best Email Encryption Options for Enterprises?

Once it’s clear what differentiates a top-tier messaging encryption solution from the crowd, you can make an informed decision. With that in mind, here are the 10 best email encryption options for enterprises to kick-start your search.

1. DataMotion

The best overall email encryption service for most organizations is DataMotion, an artificial intelligence (AI)-powered secure data exchange. DataMotion works with several leading email platforms using FIPS-validated AES encryption standards.

In addition to securing emails, DataMotion offers secure direct messaging capabilities, which are ideal for health care and government operations. The company also employs a zero-trust model, ensuring access to sensitive data remains as tight as possible. Such protection is all the more valuable in light of its support for third-party integrations for productivity tools and other apps.

Customers have seen 28% reductions in support and 48% efficiency gains, highlighting the platform’s ease of use and streamlined nature. A built-in generative AI model can further aid security and productivity efforts by providing quick, informative answers to user questions.

2. Proton Mail

Another reliable all-around solution is Proton Mail, which comes from the same developers as Proton VPN. Proton enables end-to-end encryption, secure cloud storage, self-deleting messages and multi-factor authentication (MFA) to maximize data protection for companies of any size.

Many enterprises like Proton for its Swiss roots, as Switzerland has some of the world’s strictest data privacy laws. It’s also open-source, enabling thorough auditing, and offers anti-phishing measures. Phishing remains the most common data breach vector, so such defenses are hard to overlook.

Proton Mail also has a free version, making it one of the more accessible options. Unfortunately, its integrations are limited, and users cannot use their current email accounts.

3. RMail

RMail is another one of the best email encryption options for enterprises today. The standout feature of this service is that it includes automatic proof of delivery receipts, which are helpful when complying with laws like the General Data Protection Regulation (GDPR).

The platform also includes electronic signatures to strengthen secure document exchanges. It’s highly configurable, too, letting you set rules for which types of messages to encrypt, adjust compliance automations and choose between multiple cryptography standards.

Despite such high-level protective measures, RMail works with many existing email platforms. However, its user interface is relatively complex, and its pricing can be difficult to figure out, so it may not be the best for smaller or less technically experienced companies.

4. Mimecast Advanced Email Security

Another far-reaching secure messaging solution is Mimecast’s Advanced Email Security. In addition to encryption, it includes anti-phishing measures, AI-powered email threat detection and strong authentication protocols.

Mimecast focuses on stopping business email compromise (BEC), which has led to over $55 billion in losses since 2013. It’s able to do so thanks to a wide array of advanced tools, including QR code analysis, impersonation detection and real-time threat intelligence. Intelligence sharing across the solutions’ 250-plus integrations takes these benefits further.

These advanced features have the downside of requiring additional technical expertise to capitalize on fully. The minimum requirement of 50 users may also make the platform less ideal for smaller operations.

5. Barracuda Email Protection

Organizations wanting a multi-layered approach without as much complexity should consider Barracuda Email Protection. Like Mimecast, Barracuda includes phishing protection, malware detection and threat analytics to complement its email encryption. However, it’s more accessible to smaller or less tech-savvy businesses.

You can also get phishing simulations and zero-trust enforcement from Barracuda, but only with a Premium Plus subscription. Still, AI-powered tools like behavioral analytics and policy enforcement are available on all tiers.

Barracuda is relatively affordable compared to other comprehensive email security services, too. It works best when you can have a dedicated team to manage it, though. Considering that the nation faces a tech talent gap that could grow to 7.1 million unfilled roles by 2034, that may prove challenging.

6. Tuta Mail

Tuta, formerly known as Tutanota, runs another one of the best email encryption solutions for enterprises. Tuta Mail runs on virtually any operating system, including Windows, MacOS, Linux, Android and iOS. It also applies end-to-end encryption to the entire email, not just the main content.

Setting up Tuta Mail is fairly straightforward, and the service has a fee tier without any messaging limits. It’s also open-source, providing another layer of transparency and trust. Paid users get the added advantage of unlimited searching to sort through encrypted databases for specific messages.

Tuta is best for smaller operations or those without much IT experience. However, it doesn’t support existing email addresses, and its search function is computationally demanding.  

7. PreVeil

Another easy-to-use option is PreVeil. The platform has end-to-end email and file encryption, can work with existing accounts, supports both Gmail and Microsoft Outlook and, most importantly, offers all of this in its free package.

While 64% of organizations globally plan on increasing their cybersecurity spending this year, saving on email encryption frees room in the budget for other defenses. Consequently, it’s hard to overlook such a capable free option. PreVeil has several paid tiers, too, offering larger amounts of encrypted storage, advanced security options and built-in CMMC compliance.

Some of PreVeil’s most advantageous features, like its compliance automation, are locked behind paywalls. For teams only needing basic protections, though, its free version deserves consideration.

8. NeoCertified

Another of the best email encryption options to integrate into existing systems is NeoCertified’s Encrypted Email API. NeoCertified offers a range of application programming interfaces (APIs) to tie directly into the software you already use, and the Encrypted Email solution is one of its most helpful.

The API is FIPS-140 compliant and complies with other regulations like the Health Insurance Portability and Accountability Act (HIPAA) and the GDPR. On top of encrypting messages, it also offers monitoring and configurable permissions features.

NeoCertified’s business model removes many concerns over interoperability. However, implementing it can follow a steep learning curve, and its pricing is not the most transparent.

9. Virtru

Virtru is a more user-friendly email encryption alternative. It integrates with popular email platforms, even coming in the form of a Chrome extension for Gmail users, so implementing it is fairly easy. Automated detection enables automatic encryption without needing to specify a message as sensitive.

The Chrome extension is free, although it only works on Gmail. Still, Gmail accounts for 30.57% of all email opens, so this covers a large number of users. Keep in mind that the free version only offers basic protections. Enterprise users will likely need one of Virtru’s paid tiers.

While Virtru is fast to set up and easy to use, it lacks some of the advanced security features of its competitors. Higher-level tiers may also get expensive, but it’s a good option for small and medium-sized operations.

10. StartMail

StartMail may be the encryption solution of choice for some niche use cases. It offers easy-to-use password-based encryption, which can even apply to non-users to secure communications with outside recipients. More importantly, it includes aliases.

The standout feature of StartMail is that it uses disposable email addresses. While not every team needs such functionality, it’s useful when you need to register with outside parties to receive certain communications. Using aliases means you can hand out addresses freely without exposing yourself or your workforce to credential stuffing.

Unfortunately, StartMail does not have mobile support, despite 41.6% of email opens coming from mobile devices. It also lacks some advanced defenses, but for those who need disposable addresses, it’s the best platform available. 

What to Look for in an Email Encryption Solution

The key to finding the best email encryption service is understanding what sets a reliable solution apart from the rest. One of the most important factors to consider is the cryptography standards in use.

In general, a higher level of encryption is always preferable, but some enterprises require specific types of algorithms. The Cybersecurity Maturity Model Certification (CMMC) requires FIPS-validated or NSA-approved standards, so government contractors should only use a service providing such options.

Leading email encryption providers also cover a range of communications, covering instant messaging, not just emails. Similarly, further-reaching security measures are always preferable. End-to-end encryption, cryptography for attachments and both at-rest and in-transit protection make a solution stand out. Any security features outside of encryption are also ideal.

Interoperability and ease of use also deserve consideration. A solution that doesn’t work with your existing IT stack or requires technical expertise your workforce lacks will be of limited value. 

Find the Best Email Encryption Solution for Your Needs

What the best email encryption option is ultimately depends on your specific needs, budget and workflow constraints. However, you should be able to find something that works for you between these 10 solutions.

Modern enterprises cannot afford to ignore the need for email encryption and related secure messaging services. Begin your search today with these providers and ensure a safer yet still efficient workflow for your company tomorrow.

 

The post The 10 Best Email Encryption Options for Enterprises in 2025 appeared first on Cybersecurity Insiders.

The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement.

This is a big deal, and something we in the security community have worried was coming for a while now.

The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand. An Apple spokesman declined to comment.

Apple can appeal the U.K. capability notice to a secret technical panel, which would consider arguments about the expense of the requirement, and to a judge who would weigh whether the request was in proportion to the government’s needs. But the law does not permit Apple to delay complying during an appeal.

In March, when the company was on notice that such a requirement might be coming, it told Parliament: “There is no reason why the U.K. [government] should have the authority to decide for citizens of the world whether they can avail themselves of the proven security benefits that flow from end-to-end encryption.”

Apple is likely to turn the feature off for UK users rather than break it for everyone worldwide. Of course, UK users will be able to spoof their location. But this might not be enough. According to the law, Apple would not be able to offer the feature to anyone who is in the UK at any point: for example, a visitor from the US.

And what happens next? Australia has a law enabling it to ask for the same thing. Will it? Will even more countries follow?

This is madness.

As the digital world continues to evolve, so does the threat landscape, with cyberattacks growing more sophisticated and frequent. In this era of increasing data breaches, securing sensitive information has never been more critical. Among the various technological advancements poised to revolutionize data security, one stands out: Swift encryption.

Originally designed by Apple as part of its programming language ecosystem, Swift encryption is now gaining traction in the broader tech community due to its speed, efficiency, and potential for strengthening data security across platforms. But how exactly will Swift encryption define the future of data security? Let’s dive in.

What is Swift Encryption?

Swift encryption is part of Apple’s Swift programming language, developed to enable fast and secure encryption methods within applications. Swift is known for its speed and high performance, which translates to quicker processing times for encryption algorithms. It is capable of integrating strong encryption protocols, including AES (Advanced Encryption Standard), to safeguard user data during storage and transmission.

Unlike traditional encryption methods that can slow down systems due to their complex computations, Swift encryption is designed to maintain the speed of modern applications while ensuring robust data protection. This combination of speed and security positions Swift encryption as an ideal choice for developers working on sensitive applications in sectors like finance, healthcare, and e-commerce.

Speed and Efficiency: The Future of Real-Time Encryption

One of the defining features of Swift encryption is its speed. The fast encryption and decryption processes are crucial for real-time data transactions, especially in fields like online banking or healthcare, where sensitive data needs to be protected without affecting user experience. As the demand for immediate access to encrypted data increases, the need for faster and more efficient encryption methods becomes even more urgent.

Swift encryption can handle large volumes of data more quickly than older encryption methods. This is essential in ensuring that applications continue to run smoothly without compromising on security. In the future, as the number of connected devices and the volume of sensitive data grows, speed will be a critical factor in choosing the right encryption solutions for businesses and consumers alike.

Simplified Integration for Developers

Another way Swift encryption is shaping the future of data security is by simplifying the process of implementing encryption into software applications. Traditional encryption methods often require developers to have deep expertise in cryptography, which can make it more difficult for them to implement secure solutions quickly. Swift’s clean, easy-to-understand syntax enables developers to integrate encryption without having to be cryptography experts.

This ease of integration allows for broader adoption of strong encryption across various industries, especially in sectors where data privacy and compliance are paramount. By simplifying encryption implementation, Swift enables developers to create secure applications faster and more efficiently, helping businesses meet data protection standards such as GDPR and HIPAA without the need for extensive resources or specialized knowledge.

Enhancing Data Privacy in a Hyperconnected World

As the Internet of Things (IoT), cloud computing, and mobile devices proliferate, the amount of personal data shared across networks increases exponentially. This presents significant risks for individuals and organizations alike. Cybercriminals are constantly looking for ways to exploit vulnerabilities in data storage and transmission, which has led to an increase in high-profile data breaches.

Swift encryption, with its emphasis on fast and efficient data protection, can help mitigate these risks by ensuring that data remains encrypted and safe during both storage and transmission. The swift, seamless encryption of sensitive information reduces the chances of data being intercepted or stolen, ultimately providing individuals with more control over their privacy.

Moreover, with the rise of AI-powered cybersecurity tools, Swift encryption can complement these technologies by providing a high level of protection while allowing for more sophisticated real-time threat detection and response.

A Key Component of Future Cryptographic Systems

Looking ahead, Swift encryption is likely to play a pivotal role in the broader landscape of cryptographic systems. As quantum computing approaches the threshold of practical use, encryption systems must evolve to stay ahead of quantum-enabled threats. The efficient and scalable nature of Swift encryption could be a key asset in developing next-generation encryption methods capable of withstanding these advanced technologies.

Furthermore, Swift encryption’s open-source nature allows for continued innovation and adaptation. It gives developers the flexibility to refine and enhance encryption protocols as new threats emerge. This adaptability ensures that Swift encryption will remain relevant in the evolving cybersecurity landscape.

Conclusion

Swift encryption is not just a trend—it is set to be a game-changer in the way we approach data security. By offering speed, efficiency, and ease of integration, Swift encryption is paving the way for more secure applications and systems in a world where data breaches and cyberattacks are an ever-present threat.

As businesses and consumers increasingly rely on secure digital interactions, Swift encryption will continue to evolve, becoming a cornerstone of future cryptographic systems and helping define the next era of data security. Whether it’s through faster encryption methods, enhanced privacy, or streamlined development, Swift encryption is poised to shape the future of how we protect sensitive information in the digital age.

The post How Swift Encryption Will Define the Future of Data Security appeared first on Cybersecurity Insiders.

In the ever-evolving world of cybersecurity, the term “encrypted cyber attacks” is gaining attention as a significant threat to organizations and individuals alike. These types of attacks use encryption techniques to hide malicious activities from detection, making it difficult for security systems to identify and block them. In this article, we will explore what encrypted cyber attacks are, how they work, and the potential risks they pose.

Understanding Encryption in Cyber Attacks

Encryption is a security measure used to protect sensitive data by transforming it into unreadable text, which can only be deciphered with a decryption key. It is widely used to safeguard information during transmission over networks, such as in online banking or email services. However, cybercriminals have learned to exploit encryption for malicious purposes, using it to obfuscate their attacks and avoid detection.

In encrypted cyber attacks, attackers often encrypt their communication with compromised systems or data exfiltration, making it challenging for traditional security measures (such as firewalls and intrusion detection systems) to identify and block malicious activities. These attacks may involve malware, ransomware, or other forms of cyber threats.

Types of Encrypted Cyber Attacks

1. Encrypted Ransomware Attacks: One of the most notorious types of encrypted cyber attacks is ransomware. In these attacks, cybercriminals use encryption to lock files and systems, making them inaccessible to the victim. The attackers then demand a ransom payment in exchange for the decryption key to restore access. Encrypted ransomware attacks can cause severe disruptions to businesses and individuals, and sometimes even result in permanent data loss if the decryption key is never provided.

2. Encrypted Data Exfiltration: Attackers may use encryption to exfiltrate sensitive data from a target system. By encrypting the stolen data, cybercriminals can prevent detection by security tools that monitor for unusual or unauthorized data transfers. Once the data is encrypted, it can be exfiltrated without raising suspicion, often through legitimate communication channels such as HTTPS or encrypted email.

3. Encrypted Command and Control (C2) Communications: In more advanced persistent threats (APTs), cybercriminals or state-sponsored hackers can encrypt their communications with infected systems. This allows them to issue commands to compromised devices or servers without alerting security teams to their activities. Encrypted C2 traffic makes it much harder to detect the presence of malicious actors within a network.

4. Encrypted Malware: Some malware is specifically designed to use encryption to evade detection by antivirus programs and firewalls. These types of malware may encrypt their payload or communication channels, allowing them to bypass traditional security measures. Once the malware is inside the network, it can decrypt itself and carry out malicious activities without raising alarms.

How Encrypted Cyber Attacks Bypass Security

Traditional cybersecurity tools rely heavily on signature-based detection, where known patterns of malicious activity are identified and blocked. However, encrypted attacks are designed to disguise these patterns, making them difficult for conventional security systems to spot.

1. Lack of Visibility: Encryption can obscure the contents of network traffic, making it impossible for network monitoring tools to analyze it. Without visibility into the actual data being transmitted, it becomes challenging to detect signs of a cyber attack, such as the transfer of sensitive data or command execution from an external attacker.

2. SSL/TLS Encryption: Cybercriminals can exploit SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption protocols, which are widely used for secure communication on the internet. These protocols are designed to protect user privacy and confidentiality, but attackers can use them to hide malicious traffic from network security tools that cannot decrypt the encrypted packets.

3. Obfuscation Techniques: Attackers may use sophisticated encryption algorithms to obscure their attack code. This makes it difficult for security tools to analyze and flag the code as malicious. Even if a security system detects the presence of a suspicious file, it may not be able to identify the true nature of the file due to encryption.

Potential Risks of Encrypted Cyber Attacks

Encrypted cyber attacks pose several serious risks to organizations and individuals:

1. Data Theft and Privacy Violations: When attackers successfully exfiltrate sensitive data without detection, they can exploit it for financial gain or other malicious purposes. This can result in a violation of privacy, identity theft, and loss of intellectual property.

2. Business Disruption: Ransomware attacks, in which data is encrypted and held hostage, can paralyze entire organizations. Businesses may face significant downtime, loss of revenue, and reputational damage while trying to recover from an attack.

3. Evading Legal and Regulatory Compliance: Many industries have strict data protection regulations, such as GDPR and HIPAA, that require organizations to secure their data. Encrypted cyber attacks, particularly those involving data exfiltration, can violate these regulations, potentially leading to costly fines and legal consequences.

4. Advanced Persistent Threats (APTs): Encrypted communications can be a hallmark of sophisticated, long-term cyberattacks orchestrated by well-funded and well-organized threat actors. These attacks can remain undetected for extended periods, during which time attackers may carry out espionage, sabotage, or other malicious activities.

How to Defend Against Encrypted Cyber Attacks

Defending against encrypted cyber attacks requires a multi-layered approach that combines traditional security measures with modern detection techniques:

 1. End-to-End Encryption Monitoring: Ensure that your organization can monitor and decrypt traffic where necessary to identify malicious behavior, without compromising privacy.

2. SSL/TLS Inspection: Implement SSL/TLS inspection proxies to decrypt and inspect secure traffic for potential threats. However, it is important to balance privacy concerns when decrypting this type of traffic.

3. Behavioral Analysis: Use advanced security tools that focus on behavioral analysis rather than signature-based detection. This allows systems to identify unusual or malicious activities based on patterns of behavior, even if the traffic is encrypted.

4. Multi-Factor Authentication (MFA): Ensure that critical systems and sensitive data are protected with multi-factor authentication, making it harder for attackers to gain unauthorized access, even if they have encrypted communication channels.

5. Employee Training: Educate employees about cybersecurity best practices, such as avoiding phishing emails and being cautious with downloading attachments. Preventing the initial compromise is often the best defense against encrypted attacks.

Conclusion

Encrypted cyber attacks represent an increasingly sophisticated threat to the digital landscape. By leveraging encryption to evade detection, cybercriminals and advanced attackers can operate covertly, making it harder for security teams to identify and respond to malicious activities. As encryption plays a vital role in protecting legitimate data, it is crucial for organizations to adopt advanced detection methods and remain vigilant to protect against this evolving threat.

The post What Are Encrypted Cyber Attacks appeared first on Cybersecurity Insiders.

Starting next year:

Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

Because we’ve done so much to encourage automation over the past decade, most of our subscribers aren’t going to have to do much in order to switch to shorter lived certificates. We, on the other hand, are going to have to think about the possibility that we will need to issue 20x as many certificates as we do now. It’s not inconceivable that at some point in our next decade we may need to be prepared to issue 100,000,000 certificates per day.

That sounds sort of nuts to me today, but issuing 5,000,000 certificates per day would have sounded crazy to me ten years ago.

This is an excellent idea.

Slashdot thread.

The Federal Bureau of Investigation (FBI) has issued a strong warning to smartphone users, urging them to avoid sending regular text messages between Android and iPhone devices. According to the FBI, such message exchanges are vulnerable to interception by hackers or third parties, potentially compromising sensitive information.

This warning comes amid growing concerns about a cyber espionage campaign allegedly conducted by a Chinese hacking group known as “Salt Typhoon.” The group is believed to have been targeting telecom networks in the U.S. for several years, stealing large volumes of data, including metadata such as call and message timestamps, as well as information on the recipients of communications. The Pentagon only became aware of the campaign earlier this year.

Reuters reports that the hacking group has been infiltrating telecom networks for the past three years, siphoning off crucial data from various services, including communications from high-profile individuals, such as celebrities using providers like Virgin. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued a notification regarding the widespread nature of these espionage activities.

In light of these concerns, the FBI is advising users to switch to encrypted messaging apps like WhatsApp for sending text, photos, videos, and documents. These platforms use encryption to convert messages into unreadable formats, making it more difficult for third parties to monitor or intercept the content.

While Google has recently promoted its Messages app as offering strong encryption, this feature is not enabled by default, and users may experience issues with features like ‘read receipts’ if encryption is activated. Any disruptions in message synchronization could increase the risk of security breaches. It remains to be seen how Apple’s iMessage platform addresses these encryption concerns.

Meanwhile, the Chinese government has denied these allegations, calling them false. In a statement, they accused the U.S. of spying on its own citizens in the name of national security, citing whistleblower Edward Snowden‘s 2013 revelations as evidence of American surveillance activities since 2012.

The post FBI asks users to stop exchanging texts between Android and iPhones appeared first on Cybersecurity Insiders.

Starbucks Coffee Lovers Box Phishing Scam Alert

Starbucks is making headlines due to a phishing scam targeting its customers with a promise of a free “Coffee Lovers Box.” However, this offer is entirely fraudulent. According to an update from Action Fraud, this ongoing scam has already victimized over 900 individuals, and that number continues to rise.

The true intent of the scam is to extract sensitive information from victims, potentially leading them into financial difficulties. The emails sent to unsuspecting users contain malicious links that redirect them to counterfeit websites.

It is clear that this scam is unrelated to the Starbucks brand. Scammers often exploit the names of well-known companies in their emails to attract online users, tricking them into scams that can lead to significant financial losses.

Online users are urged to remain vigilant regarding the Starbucks Coffee Lovers Box phishing scam and to promptly report any incidents of being targeted. Timely reporting can assist law enforcement in recovering lost funds more efficiently.

China’s Quantum Computing Threat to Encryption

In the coming years, Chinese hackers are expected to breach cryptographic systems using advanced quantum computing techniques. Researchers at Shanghai University are reportedly developing methods to exploit quantum computers to compromise encryption systems, posing a significant threat to cybersecurity.

The team is utilizing D-Wave quantum annealing systems to attack RSA encryption methods, which could undermine the future of symmetric encryption. Their research paper, titled “Quantum Annealing Public Key Cryptographic Attack Algorithm based on D-Wave,” is still in the early stages and requires further research and analysis to tackle complex optimization challenges.

In response to potential threats from quantum computing, the NSA launched a program in 2015 aimed at developing quantum-resistant cryptography. This initiative, known as the “Post-Quantum Cryptography Standardization Process,” was intended to conclude by 2016.

Since then, three Federal Information Processing Standards (FIPS) concerning quantum-resistant cryptography have been introduced, with additional developments expected to adapt to the evolving landscape of cyber threats.

The post Beware of Starbucks Phishing Scam and China using Quantum tech to break encryption appeared first on Cybersecurity Insiders.