encryption Archives - Security Affairs

Pierluigi Paganini July 24, 2023

Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands

Apple could opt to pull iMessage and FaceTime services in the U.K. in response to the government’s surveillance demands. In light of the government’s surveillance demands, Apple might consider withdrawing iMessage and FaceTime services from the U.K. The UK government wants to give more surveillance powers to its intelligence agencies proposing changes to the Investigatory Powers […]

Pierluigi Paganini May 11, 2023

Twitter now supports Encrypted Direct Messages, with some limitations

Twitter is rolling out support for encrypted direct messages (DMs), the security feature will be initially available for the verified users. Twitter is rolling out support for encrypted direct messages (DMs), the feature is initially limited to verified users or affiliates to a verified organization that are using the latest version of the app (iOS, Android, Web). The latest […]

Pierluigi Paganini March 01, 2023

Google Gmail client-side encryption is available globally

Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers. Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. In December, Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta users can […]

Pierluigi Paganini November 02, 2022

OpenSSL fixed two high-severity vulnerabilities

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786, in its cryptography library. The flaws impact versions 3.0.0 through 3.0.6 of the library. The OpenSSL software […]

Pierluigi Paganini October 26, 2022

OpenSSL to fix the second critical flaw ever

The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project […]

Pierluigi Paganini October 19, 2022

Microsoft Office 365 Message Encryption (OME) doesn’t ensure confidentiality

A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. Researchers at the cybersecurity firm WithSecure discovered a bug in the message encryption mechanism used by Microsoft in Office 365 that can allow to access message contents due. The experts pointed out that Microsoft Office […]

Pierluigi Paganini July 07, 2022

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue, tracked as CVE-2022-2274, affecting the popular library. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines and triggers […]

Pierluigi Paganini October 14, 2021

WhatsApp made available end-to-end encrypted chat backups

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional layer of security to protect backups stored on Google Drive or iCloud cloud storage. Currently, WhatsApp […]

Pierluigi Paganini October 11, 2021

NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. A wildcard certificate is a public key certificate that can be used […]

Pierluigi Paganini September 13, 2021

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud. While WhatsApp has already implemented end-to-end encrypion since 2016, the company […]

encryption

Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands

Twitter now supports Encrypted Direct Messages, with some limitations

Google Gmail client-side encryption is available globally

OpenSSL fixed two high-severity vulnerabilities

OpenSSL to fix the second critical flaw ever

Microsoft Office 365 Message Encryption (OME) doesn’t ensure confidentiality

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

WhatsApp made available end-to-end encrypted chat backups

NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Microsoft linked attacks on SharePoint flaws to China-nexus actors

Cisco confirms active exploitation of ISE and ISE-PIC flaws

SharePoint under fire: new ToolShell attacks target enterprises

CrushFTP zero-day actively exploited at least since July 18

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

QUICK LINKS

encryption

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!