VoidStealer Malware Darts Past Google Chrome's Encryption
Authors of the VoidStealer Trojan uncovered yet another way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers.
Stay secure with the latest encryption news, trends, and best practices in information security. Protect your data with cutting-edge cryptography.
Search across headline titles and summaries.
Background for this topic.
Encryption transforms readable data into ciphertext using an algorithm and a key, so someone who obtains the ciphertext cannot normally understand it without the required key. It protects confidentiality for data in transit, such as traffic between services, and at rest, such as files, databases, and backups. Encryption does not by itself prove who sent data, prevent tampering, or protect plaintext displayed on a compromised endpoint.
Its security therefore depends on implementation and key management. Attackers may target stolen, exposed, or overprivileged keys, weak algorithms or protocols, poor randomness, and systems that decrypt data unnecessarily. Use modern, authenticated encryption where appropriate; protect keys separately from encrypted data with tightly limited access, rotation and revocation procedures, and monitored use. Verify that encryption covers relevant backups and internal service links, while recognizing that lost keys can make recovery impossible and that encrypted traffic may still reveal metadata such as timing or endpoints.
Weekly headline count for the current query.
Authors of the VoidStealer Trojan uncovered yet another way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers.
Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the decryption of six malware variants. Here's his story.
The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption (E2E) by default across their services, as privacy concerns mount amid increased AI use.
A new ransomware strain that entered the scene last year has poorly designed code and an odd "Hebrew" identity that might be a false flag.
Researchers built an inexpensive device that circumvents chipmakers' confidential computing protections and reveals weaknesses in scalable memory encryption.
In a potential gift to geopolitical adversaries, the encrypted messaging app uses a leaky custom protocol that allows message replays, impersonation attacks, and sensitive information exposure from chats.
Despite daunting technical challenges, a quantum computer capable of breaking public-key encryption systems may only be a decade or two off.
New encryption, wiper, and cryptocurrency-stealing capabilities make the evolving ransomware-as-a-service operation more dangerous than ever.
Researchers have demonstrated an attack that can break through modern Intel and AMD processor technologies that protect encrypted data stored in memory.
The chairman sent letters out to companies like Apple, Meta, and Microsoft, advising them not to adhere to the demands of foreign governments to weaken their encryption.
Music tastes, location information, even encrypted messages — Apple's servers are gathering a "surprising" amount of personal data through Apple Intelligence, Lumia Security's Yoav Magid warns in his new analysis.
The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways.
The emerging cybercriminal gang, which initially targeted Microsoft Windows systems, is looking to go cross-platform using sophisticated, multithread encryption.
The acquisition gives the British cybersecurity solutions provider more insights into encrypted network traffic and additional decryption capabilities.
Researchers are using quantum computers to generate keys that are truly random to strengthen data encryption.
Encryption, collaboration, and AI can help organizations build up essential protection against ransomware.
Researchers discovered a phishing attack in the wild that takes multiple well-tread technologies like open source packages and AES encryption and combines them.
Though the app claims to use end-to-end encryption, hackers have reportedly accessed archived data on the app's servers via a new vulnerability.
An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?
By proactively embracing emerging trends around encryption, AI security, and platform consolidation, organizations can turn compliance burdens into competitive advantage.