Category Archives: Encryption

Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive – Joseph Steinberg

Written by admin on July 20, 2022 — Leave a Comment

There is little doubt that quantum computing will ultimately undermine the security of most of todays encryption systems, and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption.

What remains uncertain, however, is when the day of so-called quantum supremacy will arrive.

As such, many organizations have hesitated to start preparing for the quantum era after all, they reason, there are enough fires to fight now, and limited resources with which to do so.

But, quantum supremacy is not something that can be addressed when it becomes a fire if we do not start protecting ourselves until encryption-busting devices are known to exist, we are likely to suffer severe consequences. Such an attitude is not alarmist it is reality, whether we like it or not.

Remember, quantum computers already exist. And, while todays commercially-created quantum machines are nowhere near powerful enough to approach quantum supremacy, absolutely nobody knows the true extent of the quantum capabilities of all of the technologically-advanced governments around the world.

Even if no governments can already quickly crack the asymmetric encryption mechanisms used to protect so much of our digital economy, there is no way for the public to known when governments do obtain such capabilities. Unlike commercial sector R&D centers, intelligence agencies certainly are not going to broadcast anything about their accomplishments and advancements. In short, the public is not likely to know when quantum supremacy actually arrives until well after it has arrived.

Another important reason why we must address quantum-supremacy risks well in advance has to do with the nature of data.

Unlike computer hardware and software that are regularly replaced when they become obsolete, data often remains in its original form for many years, if not for decades. As such, one cannot simply address encryption algorithm obsolescence on a forward-thinking basis all of todays sensitive data that is currently protected by encryption will likely need to be identified, decrypted, and re-encrypted with quantum-safe encryption and all copies of the original data in any and all stores in which it resides must be properly destroyed.

Identifying, locating, and converting all data requiring conversion may be a task that is relatively easy for an individual to accomplish, but, for a large enterprise merely identifying and locating the data, never mind actually converting it, is a task is likely to prove complex, time consuming, expensive, and prone to error.

And, of course, the consequences of not fully locating and re-protecting old data can be catastrophic; a single long-forgotten laptop, ZIP disk, CD, or backup tape or even an old floppy disk! could potentially lead to terrible financial losses, legal headaches, and ruined reputations. Organizations that have utilized encryption to protect healthcare information within their possession, for example, could become flagrant violators of HIPAA and face stiff penalties for simply allowing existing backups to remain as is within storage facilities.

On that note, we must realize that at some point in the future, even before encryption-busting quantum computers arrive on the market, those in the know will consider it gross negligence to encrypt data with algorithms known to be vulnerable to quantum compromise. Imagine the reaction from customers, the media, and regulators if IBM announced that it would deliver an encryption-breaking quantum computer in 6 months, and cybersecurity professionals working at a bank reacted by saying that they would wait until after the device arrived on the scene to upgrade their encryption mechanisms? And, again, we wont even get a 6-month warning or any warning at all if, as expected, governments achieve quantum supremacy before industry.

Clearly, there is a need to act in advance and acting takes time. For most organizations, transitioning from todays encryption technologies to quantum-safe encryption mechanisms will likely be a more complex, expensive, and timely process that many people expect, in some cases, even taking years to properly plan and execute. As such, despite the fact that todays known quantum computers are nowhere near ready for prime-time encryption busting, we may already be late vs-a-vis preparing for quantum supremacy; it is possible that we have already reached a point at which it will take the world longer to completely replace its existing encryption mechanisms and re-encrypt its data than it will take for encryption-busting quantum computers to arrive on the scene

One other important note: Sensitive information that is relayed and stored today may remain sensitive in the future, including after quantum computers have rendered todays encryption impotent. In 2022, for example, people around the globe who bank, shop, chat, and use social media online rely on encryption known as TLS to prevent anyone from capturing and viewing communications flowing across the insecure Internet as network traffic. Quantum computing, however, will ultimately render todays TLS impotent; if someone records encrypted sessions as they pass over the Internet now, that party may be able to decrypt such sessions in the future, and expose all of the relevant contents. In short, any data that is captured now can potentially be decrypted and exposed tomorrow; the photos that you just sent your romantic partner over WhatsApp, the results of your recent bloodwork, and your credit report that you accessed over the weekend could all leak. With storage so inexpensive, various governments and perhaps corporations are, in fact, collecting and storing huge amounts of data and who knows how they will use that data once quantum-supremacy arrives. The bottom line is that if we truly want todays communications to remain secret for years to come, we should already be using quantum-safe-encryption to protect it.

Finally, keep in mind that while adding additional transistors to todays classic CPUs grows processing power linearly, quantum computing capabilities expand exponentially with physical system growth; as such, our human experience observing the advancement of technology likely misleads us into wildly underappreciating how fast quantum computing may advance. IBMs recent forecast of its quantum capabilities growing from around 1,000 Qubits next year to over 4,000 Qubits 2 years later, to potentially hundreds of thousands of Qubits shortly thereafter, clearly reinforces the concern about rapid growth delivering quantum supremacy to the market in the not so distant future.

Experts have already identified already several methods of encrypting that we believe will remain safe from quantum cryptanalysis for the foreseeable future yet such technologies are barely leveraged anywhere in the commercial sector. Rather than trying to scramble once we have an unsolvable problem, it would be wise for us to start planning to augment our encryption as needed. NIST has already begun to narrow down its list of recommended ways to address quantums risks to encryption and products have already hit the market already that enable businesses to begin such transitions.

This post is sponsored byIronCAP. Please click the link to learn more about IronCAPs patent protected methods of keeping data safe against not only against todays cyberattacks, but also against future attacks from quantum computers.

Visit link:
Why Businesses Must Address Risks of Quantum Computing NOW Rather Than Wait Until Problems Arrive - Joseph Steinberg

The FBI Forced A Suspect To Unlock Amazon’s Encrypted App Wickr With Their Face – Forbes

Written by admin on July 20, 2022 — Leave a Comment

A warrant allowed FBI agents in Tennessee to force a suspect to unlock his encrypted Amazon messaging app, Wickr, with his face. It's an unprecedented move by the feds.

In November last year, an undercover agent with the FBI was inside a group on Amazon-owned messaging app Wickr, with a name referencing young girls. The group was devoted to sharing child sexual abuse material (CSAM) within the protection of the encrypted app, which is also used by the U.S. government, journalists and activists for private communications. Encryption makes it almost impossible for law enforcement to intercept messages sent over Wickr, but this agent had found a way to infiltrate the chat, where they could start piecing together who was sharing the material.

As part of the investigation into the members of this Wickr group, the FBI used a previously unreported search warrant method to force one member to unlock the encrypted messaging app using his face. The FBI has previously forced users to unlock an iPhone with Face ID, but this search warrant, obtained by Forbes, represents the first known public record of a U.S. law enforcement agency getting a judges permission to unlock an encrypted messaging app with someones biometrics.

According to the warrant, the FBI first tracked down the suspect by sending a request for information, via an unnamed foreign law enforcement partner, to the cloud storage provider hosting the illegal images. That gave them the Gmail address the FBI said belonged to Christopher Terry, a 53-year-old Knoxville, Tennessee resident, who had prior convictions for possession of child exploitation material. It also provided IP addresses used to create the links to the CSAM. From there, investigators asked Google and Comcast via administrative subpoenas (data requests that dont have the same level of legal requirements as search warrants) for more identifying information that helped them track down Terry and raid his home.

When they apprehended Terry, the FBI obtained his unlocked phone as well. But there was a problem: His Wickr account was locked with Apples Face ID facial recognition security. By the time it was made known to the FBI that facial recognition was needed to access the locked application Wickr, Terry had asked for an attorney, the FBI noted in its warrant. Therefore, the United States seeks this additional search warrant seeking Terrys biometric facial recognition to complete the search of Terrys Apple iPhone 11.

Most courts are going to find they can force you to use your face to unlock your phone because it's not compelling you to speak or incriminate yourself...

After the FBI successfully forced Terry to use his face to unlock his Wickr account, Terry was charged in a criminal complaint with distribution and possession of CSAM, but has not yet offered a plea. His lawyer did not respond to a request for comment at the time of publication.

Amazons Wickr hadnt provided comment at time of publication. The FBI, Google and Comcast did not immediately respond to a request for comment.

Forcing people to unlock encrypted messaging with their biometrics is unprecedented and controversial. Thats because of an illogical quirk in U.S. law: Courts across the U.S. have not allowed investigators to compel people to hand over a passcode for phones or apps, but they have allowed them to repeatedly unlock phones using biometrics. Thats despite the obvious fact that the result is the same.

Jerome Greco, a public defender in the Digital Forensics Unit of the Legal Aid Society in New York City, says this is because American law hasnt caught up with the technology. Passcodes, unlike biometric information, are legally considered testimonial, and citizens are not obliged to provide such testimony because the Fifth Amendment protects you from self-incrimination. But body parts are, by their nature, not as private as a persons thoughts, Greco notes.

Most courts are going to find they can force you to use your face to unlock your phone because it's not compelling you to speak or incriminate yourself... similar to fingerprints or DNA, Greco says.

But he believes there will soon be enough diverging case law for the Supreme Court to have to decide whether or not compelled facial recognition unlocks are lawful. We're trying to apply centuries-old constitutional law that no one could have envisioned would have been an issue when the laws were written, he says. I think the fight is coming.

There has been some pushback over such biometric unlocks from judges in some states. That includes two 2019 cases in California and Idaho, where the police wanted to force open phones inside properties relevant to the investigations. The judges in those cases declared biometric data was, in fact, testimonial, and law enforcement couldnt force the owners of those phones to use their faces to unlock them.

But last year, Forbes revealed the Justice Department was continuing to carry out such searches. It had also adopted new language in its warrants that said suspects have a legal right to decline to tell law enforcement whether its your face, your finger, or your eye that unlocks your phone. But even if you dont say what will unlock your phone, the DOJ said investigators could unlock your device by simply holding it up to your face or pressing your finger to it.

The search also comes after years of campaigning by the FBI to have tech giants provide more assistance in providing access to encrypted data. Since the 2015 San Bernardino terrorist attack, where the Justice Department demanded Apple open the shooters iPhone, that debate has intensified. The warrant, however, shows the government does have some techniques it can use to find criminals using the likes of Wickr and its encrypted data.

For now, Greco says the best way a person can protect themselves from such searches is to lock a device with a complex passcode rather than a face. Its possible to do the same with Wickr by disabling Touch ID or Face ID.

Go here to read the rest:
The FBI Forced A Suspect To Unlock Amazon's Encrypted App Wickr With Their Face - Forbes

Cloud Encryption Market Size, Scope, Growth Opportunities, Trends by Manufacturers And Forecast to 2029 This Is Ardee – This Is Ardee

Written by admin on July 20, 2022 — Leave a Comment

New Jersey, United States TheCloud EncryptionMarket research guides new entrants to obtain precise market data and communicates with customers to know their requirements and preferences. It spots outright business opportunities and helps to bring new products into the market. It identifies opportunities in the marketplace. It aims at doing modifications in the business to make business procedures smooth and make business forward. It helps business players to make sound decision making. Cloud Encryption market report helps to reduce business risks and provides ways to deal with upcoming challenges. Market information provided here helps new entrants to take informed decisions making. It emphasizes on major regions of the globe such as Europe, North America, Asia Pacific, Middle East, Africa, and Latin America along with their market size.

Such unique Cloud Encryption Market research report offers some extensive strategic plans that help the players to deal with the current market situation and make your position. It helps in strengthening your business position. It offers better understanding of the market and keep perspective to aid one remain ahead in this competitive market. Organizations can gauze and compare their presentation with others in the market on the basis of this prompt market report. This market report offers a clarified picture of the varying market tactics and thereby helps the business organizations gain bigger profits. You get a clear idea about the product launches, trade regulations and expansion of the market place through this market report.

Get Full PDF Sample Copy of Report: (Including Full TOC, List of Tables & Figures, Chart) @https://www.verifiedmarketresearch.com/download-sample/?rid=2644

Key Players Mentioned in the Cloud Encryption Market Research Report:

Gemalto Symantec Corporation, N.V., Sophos Group plc, Stormshield, Thales e-Security, Skyhigh Networks, Netskope Inc., CipherCloud, Randtronics, HyTrust, Inc.

Cloud EncryptionMarket report consists of important data about the entire market environment of products or services offered by different industry players. It enables industries to know the market scenario of a particular product or service including demand, supply, market structure, pricing structure, and trend analysis. It is of great assistance in the product market development. It further depicts essential data regarding customers, products, competition, and market growth factors. Cloud Encryption market research benefits greatly to make the proper decision. Future trends are also revealed for particular products or services to help business players in making the right investment and launching products into the market.

Cloud EncryptionMarket Segmentation:

Cloud Encryption Market, By Service Model

Platform-as-a-Service Infrastructure-as-a-Service Software-as-a-Service

Cloud Encryption Market, By Component

Solutio

Inquire for a Discount on this Premium Report@ https://www.verifiedmarketresearch.com/ask-for-discount/?rid=2644

For Prepare TOC Our Analyst deep Researched the Following Things:

Report Overview:It includes major players of the Cloud Encryption market covered in the research study, research scope, market segments by type, market segments by application, years considered for the research study, and objectives of the report.

Global Growth Trends:This section focuses on industry trends where market drivers and top market trends are shed light upon. It also provides growth rates of key producers operating in the Cloud Encryption market. Furthermore, it offers production and capacity analysis where marketing pricing trends, capacity, production, and production value of the Cloud Encryption market are discussed.

Market Share by Manufacturers:Here, the report provides details about revenue by manufacturers, production and capacity by manufacturers, price by manufacturers, expansion plans, mergers and acquisitions, and products, market entry dates, distribution, and market areas of key manufacturers.

Market Size by Type:This section concentrates on product type segments where production value market share, price, and production market share by product type are discussed.

Market Size by Application:Besides an overview of the Cloud Encryption market by application, it gives a study on the consumption in the Cloud Encryption market by application.

Production by Region:Here, the production value growth rate, production growth rate, import and export, and key players of each regional market are provided.

Consumption by Region:This section provides information on the consumption in each regional market studied in the report. The consumption is discussed on the basis of country, application, and product type.

Company Profiles:Almost all leading players of the Cloud Encryption market are profiled in this section. The analysts have provided information about their recent developments in the Cloud Encryption market, products, revenue, production, business, and company.

Market Forecast by Production:The production and production value forecasts included in this section are for the Cloud Encryption market as well as for key regional markets.

Market Forecast by Consumption:The consumption and consumption value forecasts included in this section are for the Cloud Encryption market as well as for key regional markets.

Value Chain and Sales Analysis:It deeply analyzes customers, distributors, sales channels, and value chain of the Cloud Encryption market.

Key Findings:This section gives a quick look at the important findings of the research study.

For More Information or Query or Customization Before Buying, Visit @ https://www.verifiedmarketresearch.com/product/global-cloud-encryption-market-size-and-forecast-to-2025/

About Us: Verified Market Research

Verified Market Research is a leading Global Research and Consulting firm that has been providing advanced analytical research solutions, custom consulting and in-depth data analysis for 10+ years to individuals and companies alike that are looking for accurate, reliable and up to date research data and technical consulting. We offer insights into strategic and growth analyses, Data necessary to achieve corporate goals and help make critical revenue decisions.

Our research studies help our clients make superior data-driven decisions, understand market forecast, capitalize on future opportunities and optimize efficiency by working as their partner to deliver accurate and valuable information. The industries we cover span over a large spectrum including Technology, Chemicals, Manufacturing, Energy, Food and Beverages, Automotive, Robotics, Packaging, Construction, Mining & Gas. Etc.

We, at Verified Market Research, assist in understanding holistic market indicating factors and most current and future market trends. Our analysts, with their high expertise in data gathering and governance, utilize industry techniques to collate and examine data at all stages. They are trained to combine modern data collection techniques, superior research methodology, subject expertise and years of collective experience to produce informative and accurate research.

Having serviced over 5000+ clients, we have provided reliable market research services to more than 100 Global Fortune 500 companies such as Amazon, Dell, IBM, Shell, Exxon Mobil, General Electric, Siemens, Microsoft, Sony and Hitachi. We have co-consulted with some of the worlds leading consulting firms like McKinsey & Company, Boston Consulting Group, Bain and Company for custom research and consulting projects for businesses worldwide.

Mr. Edwyne Fernandes

Verified Market Research

US: +1 (650)-781-4080UK: +44 (753)-715-0008APAC: +61 (488)-85-9400US Toll-Free: +1 (800)-782-1768

Email: sales@verifiedmarketresearch.com

Website:- https://www.verifiedmarketresearch.com/

Continued here:
Cloud Encryption Market Size, Scope, Growth Opportunities, Trends by Manufacturers And Forecast to 2029 This Is Ardee - This Is Ardee

UPDATE — Think On, Inc. and Lorica Cybersecurity Partner to Deliver Next-Generation Encrypted Data Analytics Solutions – Yahoo Finance

Written by admin on July 20, 2022 — Leave a Comment

Think On Inc.

Through a multi-year collaboration with Lorica Cybersecurity, ThinkOn is extending its leadership position in cloud data security and privacy-enhancing computation

TORONTO, July 19, 2022 (GLOBE NEWSWIRE) -- Think On, Inc. the only 100% Canadian owned cloud service provider allowed to host sensitive information for the Government of Canada, announces a technology partnership with Lorica Cybersecurity to bring next-generation encrypted data analytics solutions to the ThinkOn cloud computing platform. This partnership is intended to deliver cutting-edge solutions aligned with ThinkOns commitment to privacy, security, and data sovereignty in the cloud.

With data and digital assets coming under ever-greater threat, enterprises are seeking solutions to further protect sensitive data and eliminate the risk of data exposure in the event of a data breach. Over the coming months, Lorica Cybersecuritys cloud-native and quantum-resistant solution based on patented high-performance fully homomorphic encryption (HP-FHE) technology will be made available to ThinkOn partners and end subscribers through the ThinkOn cloud computing platform.

As a leading provider of cloud services to public and private sector enterprises, ThinkOn is committed to providing proven data security and privacy solutions, said Craig McLellan, Founder and CEO, ThinkOn. This partnership represents a unique opportunity for us to provide truly cutting-edge secure data archiving and analytics technology solutions to our partners and customers. We look forward to continued collaboration with the outstanding team at Lorica Cybersecurity.

We are absolutely thrilled to be partnering with ThinkOn, a leading Canadian cloud services provider with a global business footprint, said Glenn Gulak, Co-Founder and CEO, Lorica Cybersecurity. Our patented and highly-optimized encrypted data analytics solutions will provide unmatched data protection and market-leading performance for enterprises on the ThinkOn cloud.

Story continues

About Think On, Inc.Think On, Inc. is a proudly Canadian-owned and operated cloud service provider (CSP) with a global data centre footprint. ThinkOn is a Canadian VMware Sovereign Cloud partner. ThinkOn helps the Canadian government leverage domestic infrastructure technology to deploy sensitive workloads and run digital solutions in the cloud. Providing comprehensive cloud solutions that meet strict compliance, sovereignty and security requirements. ThinkOn enables the Government to operate with increased agility and address complex security controls that are key to deliver a quality user experience for the public sector and the Canadians they serve. Consider them yourdedicated department of data-obsessed experts. They will protect your data like their own, making it more resilient, secure, actionable, and searchable. ThinkOn works with a trusted ecosystem of top technology partners to provide cost-effective Infrastructure-as-a-Service solutions and data management services with predictable pricing and no hidden fees.

http://www.thinkon.com

About Lorica Cybersecurity Inc.Lorica Cybersecurity has developed quantum-resistant cloud data security and privacy solutions that eliminate the risk of data exposure leveraging cutting-edge high-performance fully homomorphic encryption (HP-FHE). Working discreetly with customers in the financial, telecommunications, government and national security sectors, Lorica protects some of the most sensitive data and valuable proprietary information in the world. Headquartered in Toronto, Lorica enables customers to have confidence working with their proprietary data and digital assets in the cloud both now and well into the future.

http://www.loricacyber.com

For further information: (press only) contact Sarah Finney, Director of Marketing, Think On, Inc. sarah.finney@thinkon.com

New Omdia Report Cites TripleBlind Privacy-Enhancing Technology as ‘Attractive to Customers Large and Small’ – GlobeNewswire

Written by admin on July 20, 2022 — Leave a Comment

KANSAS CITY, Mo., July 20, 2022 (GLOBE NEWSWIRE) -- TripleBlind, creator of the most complete and scalable solution for privacy enhancing computation, was featured in a new report from analyst firm, Omdia. The report, On the Radar: TripleBlind Enables Secure Data for Third-Party Processing,'' is now available on the TripleBlind and Omdia websites.

Rik Turner, principal analyst, Emerging Technologies and author of the report noted, This issue (data collaboration) has arisen of late because analysis of big datasets can achieve unique insights, that is, ones that analysis of smaller datasets simply cannot surface. This is particularly important in certain fields such as healthcare, where the analysis of the data of millions of patients can indicate general trends in an entire population or in particular demographic groups.

The report compares TripleBlind to other privacy-enhancing technologies (PET) as follows:

Turner adds that TripleBlinds solution is complementary to confidential computing in that it can deliver the encryption/anonymization capability that confidential computing itself does not. He notes that TripleBlind is also complementary to differential privacy.

Healthcare is the place where third-party analytics delivered on securely private data has so far generated the most immediate interest. That said, tech such as TripleBlinds is clearly relevant elsewhere as its financial services customers demonstrate, Turner concluded.

Additional Resources:

About TripleBlindCombining Data and Algorithms while Preserving Privacy and Ensuring Compliance

TripleBlind has created the most complete and scalable solution for privacy enhancing computation.

The TripleBlind solution is software-only and delivered via a simple API. It solves for a broad range of use cases, with current focus on healthcare and financial services. The company is backed by Accenture, General Catalyst and The Mayo Clinic.

TripleBlinds innovations build on well understood principles, such as federated learning and multi-party compute. Our innovations radically improve the practical use of privacy preserving technologies, by adding true scalability and faster processing, with support for all data and algorithm types. We support all cloud platforms and unlock the intellectual property value of data, while preserving privacy and ensuring compliance with all known data privacy and data residency standards, such as HIPAA and GDPR.

TripleBlind compares favorably with existing methods of privacy preserving technology, such as homomorphic encryption, synthetic data and tokenization and has documented use cases for more than two dozen mission critical business problems.

For an overview, a live demo, or a one-hour hands-on workshop, contact@tripleblind.ai.

ContactMadi Oliv / Valeria CarrilloUPRAISE Marketing + Public Relations for TripleBlindtripleblind@upraisepr.com 415.397.7600

Continue reading here:
New Omdia Report Cites TripleBlind Privacy-Enhancing Technology as 'Attractive to Customers Large and Small' - GlobeNewswire

Researcher develops Hive ransomware decryption tool – TechTarget

Written by admin on July 18, 2022 — Leave a Comment

A malware researcher known as "reecDeep" has developed and published a decryption tool on GitHub for the latest version of Hive ransomware.

Published Tuesday, the tool specifically decrypts the version 5 variant of Hive ransomware. Hive was originally written in programming language Go, but more recently the ransomware authors switched to Rust, a language that has overall superior encryption technology and is harder to reverse engineer.

Hive is a ransomware-as-a-service operation that was first discovered last summer. It immediately hit the ground running, claiming hundreds of victims in its first six months. Last year, the ransomware was responsible for compromising European retailer MediaMarkt and allegedly included a demand of $240 million. Earlier this year, Hive claimed an attack against Medicaid provider Partnership HealthPlan of California.

According to the decryption tool's GitHub page, reecDeep developed the tool with a fellow anonymous malware researcher known as "rivitna." The post includes technical details of how Hive v5 works as well as how the researchers developed their brute-force decryption tool.

"I had the pleasure of collaborating with a great malware analyst and reverse engineer @rivitna who in the past has analyzed previous versions of Hive and published code and PoCs regarding their encryption mechanisms," reecDeep wrote in the GitHub post. "He has contributed (not a little) to identify the components involved in the encryption operations of Hive v5, which being written in Rust has become more difficult to analyze."

Asked about compatibility between the decryptor and various v5 updates, reecDeep told SearchSecurity over Twitter direct message that while he hasn't fully confirmed, "as far as I know, minor updates from major version 5, (so 5.1, 5.2 and so on) don't have any improvements on encryption algorithms."

ReecDeep also said v5 "has nothing to do with previous Hive 1-4 versions," which were written in the Go programming language.

Earlier this month, the Microsoft Threat Intelligence Center published a blog post detailing Hive's recent evolution. The post described Hive as "one of the most prevalent ransomware payloads in the ransomware-as-a-service (RaaS) ecosystem."

"The upgrades in the latest variant are effectively an overhaul: the most notable changes include a full code migration to another programming language and the use of a more complex encryption method," the post read. "The impact of these updates is far-reaching, considering that Hive is a RaaS payload that Microsoft has observed in attacks against organizations in the healthcare and software industries by large ransomware affiliates like DEV-0237."

The tech giant recommended that organizations search for known Hive indicators of compromise to assess whether an intrusion has occurred.

Decryption tools like reecDeep's have become increasingly common over the years. For example, security vendor Emsisoft maintains a list of more than 80 free ransomware decryptors, including strains like DeadBolt and SunCrypt.

RaaS operators like Hive have likewise become more prevalent and are one of the key defining aspects of ransomware in 2022, alongside stricter cyber insurance policies and emerging extortion tactics.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

More:
Researcher develops Hive ransomware decryption tool - TechTarget

What is a Double VPN and why you should use one – Laptop Mag

Written by admin on July 18, 2022 — Leave a Comment

Over the past few years, increasing concerns surrounding our internet safety have given way to a huge surge in VPN popularity. Today, VPNs can come in many different forms. While traditional VPNs are most well-known, double VPNs are now also available on a number of different providers. But what exactly is a double VPN, and how can it protect you online?

If youre using a typical VPN provider, such as ExpressVPN, SurfShark, or ProtonVPN, youre likely having your internet data sent through and encrypted via one server. This means that your data is going through one layer of encryption only.

While this can still provide you with a high level of online security, it can be improved upon through the use of a double VPN.

As the name suggests, a double VPN provides users with an extra layer of security by using two servers instead of one. So, when you connect to the internet via a double VPN, your data is being encrypted twice. Though this involves two servers, it isnt the same as using two VPNs simultaneously. Double VPNs link two servers from the same provider, whereas youd have to link two separate providers if you wanted to use two VPNs at the same time.

This creates a pocket of safety for your data, as it will be encrypted on both ends of the channel, meaning a cybercriminal will have a very hard time accessing any data that is yet to be encrypted. This process is also known as VPN server chaining, or cascade configuration, and can be a highly effective security measure.

However, two encryption layers arent always present in a double VPN. While a number of VPN providers offer two layers with their double VPN feature, others do not (though your data will still be sent through two servers in such cases). But in any case, a double VPN is designed to heighten your security when online.

However, double VPNs do come with one major disadvantage.

If a double VPN can provide you with such a high level of protection online, using it is a no-brainer, right?

Well, not quite. Though double VPNs can keep your data supersafe, they come with one significant downside: poorer connection speeds.

If you already use a regular VPN, you may have noticed that your upload or download speed decreases when it is active. Because your data is being sent and encrypted through a remote server when you use a VPN, youll often have to wait a little longer to connect. You may notice that web pages take longer to load, or that youre experiencing more buffering than usual when streaming.

Unfortunately, this is just how VPNs work, but the problem can be worsened further through the use of a double VPN. This is because your data is going through two servers instead of one, which takes even more time. If your connection speeds are already pretty sub-par without the use of a VPN, using a double VPN can cause a lot of issues, and may make your online experience very frustrating.

But this doesnt mean that you have to sacrifice your online security for better connection speeds. Double VPNs are more suited to those who require a very high level of online security for specific reasons. For example, you may be a journalist trying to protect your sources, or an individual in a country that has strict internet laws.

Because double VPNs can be so detrimental to your internet speed, you should really only use one if its an absolute necessity. Of course, anyone who uses a provider with a double VPN feature can use one, but this may prove to be more of a frustration than a joy if your speeds are hit that badly.

However, if you still feel a double VPN could be useful for you, there are many providers out there who offer this feature, including:

Its worth noting that, when you use a double VPN, you likely wont have the same number of servers to choose from. So, if you have a favorite VPN server that you often connect to, you may find that it is unavailable when your double VPN feature is active.

If youre in a position where you require ultra-high levels of security when browsing the web, a double VPN might be a useful addition to your regular VPN connection. This will allow you to circumvent tracking entirely and add an extra layer of encryption to your precious internet data.

Continued here:
What is a Double VPN and why you should use one - Laptop Mag

Encryption Software Market Latest Trend and Business Attractiveness 2022 to 2028 – Digital Journal

Written by admin on July 18, 2022 — Leave a Comment

The Encryption Software Market research report consists of a detailed study of the market and the market dynamics that are related to the same. The in-depth data on the development of the market is presented in the Research report. Not only this but also the detailed data on the performance of the market for the forecast period are presented in the Encryption Software Market research report. The performance analysis is included in the data which will help the readers to get detailed knowledge on the change in the market dynamics. Apart from this the comprehensive study of all the crucial elements of the Encryption Software Market is presented in the market report like production, market share, region and key players. The market research report contains a detailed study of the market dynamics as we have already mentioned above and it is being presented with the help of table, graphs and pie charts with an aim to provide the reader with a better presentation of the data.

Vendor Landscape:

Market Dynamics

The Global Encryption Software Market research report contains detailed data of the major industry events in the previous years. The major events which take place in the global market include various operational business decisions, mergers, innovation, major investments and collaborations. Not only this but also the Encryption Software Market research report contains the study of the present condition of the market with the help of reliable market numbers. This study will help the manufacturers and the market leaders who are present in the industry in learning the changing dynamics of the global market over the forecast period. Moreover, the research report contains a detailed analysis of all the factors which are investing in the global growth of the market. So to maintain this condition and this position in the market the manufacturers and the sailors need to follow all these strategies. Finally, The Encryption Software Market research report acts as an important tool for the stakeholders who are looking for opportunities in the industry.

Get Sample Copy of This Report: https://skyquestt.com/sample-request/encryption-software-market

Key Market Overview

The documentation of the market research report contains various market analysis strategies that are involved to study the Encryption Software Market such as PESTLE analysis, SWOT analysis and Five point analysis. All these strategies will help the readers to understand the environmental, social and economic as well as political aspects that are associated with the Encryption Software Market. The market research report on the Encryption Software Market offers a detailed analysis of the present market demand along with the data for the future prediction of the industry. When it comes to the in-depth study the market research report is recognised to be a useful guide for the market leaders. The market research study contains the study of all the important strategies that are involved in the growth process of the market.

Market Segment Are

By Component:

By Deployment Model:

By Organization Size:

By Function:

By Industry Vertical:

By Region:

Read This Report :https://skyquestt.com/report/encryption-software-market

Impact Of COVID 19 On Global Encryption Software Market

The onset of coronavirus pandemic has brought along a global recession that has severely impacted various industries. Not only the impact of the COVID pandemic has also introduced new business opportunities for the Encryption Software Market. Overall the competitive landscape and the market and a mix of the Encryption Software Market have severely disrupted due to this pandemic. And all these impacts, as well as disruptions, are studied and analysed quantifiably in this market research report.

Geographical Outlook Of Global Encryption Software Market

In the past few years, the global Encryption Software Market was dominated by few regions which we have mentioned in this research report owing to the increasing demand as well as fast population growth. The key regions which are covered in the market research report are Canada, the US, and Mexico in North America, France, the UK, Switzerland, Netherlands, Russia, Belgium, Spain, Turkey, Italy and the Rest of Europe in Europe, Japan, China, India, Thailand, Australia, South Korea, Malaysia, Singapore, Philippines and Rest of Asia Pacific in the Asia Pacific, UAE, Saudia Arabia, Egypt, Israel, South Africa in Rest of the Middle East and Africa, Brazil, Argentina and Rest of South America in South America.

Conclusion

The SkyQuest Technology provides detailed analysis for the forecast period, Apart from this the global study also consists of the segmental analysis and overview of the current market trends as well as factors. These market dynamics factors also consist of opportunities, barriers, restrains and threats and effects of certain factors on the global market.

About Us:SkyQuest Technology Group is a Global Market Intelligence, Innovation Management & Commercialization organization that connects innovation to new markets, networks & collaborators for achieving Sustainable Development Goals.

SkyQuest Technology Consulting Pvt. Ltd.1 Apache Way,Westford,Massachusetts 01886USA (+1) 617-230-0741Email- [emailprotected]Website: https://www.skyquestt.com/

View original post here:
Encryption Software Market Latest Trend and Business Attractiveness 2022 to 2028 - Digital Journal

Securing PKI and Machine Identities in the Modern Enterprise – Security Boulevard

Written by admin on July 18, 2022 — Leave a Comment

Contact Sales[emailprotected]+1-216-931-0465

When attempting to manage and secure company identities and credentials, you may think predominantly in terms of people and their roles within an organization. How do we make sure that Janet from Quality Assurance has the credentials to access the needed assets, and how do we make sure that no one else can access those credentials?

But human identities are only one piece of the security puzzle. While employees, partners, vendors, customers, and consultants might be some of the most crucial sources of security vulnerabilities in your organization, the volume of machine identities is increasing, creating additional points of entry for hackers and malware.

The 2022 State of Machine Identity Report from the Ponemon Institute (from which we get the statistics below unless otherwise noted) reveals the latest data on just how complex machine identity management can be.

Machine identities are the digital keys, secrets, and certificates that establish the validity of digital transactions. They include X.509 certificates, SSH and encryption keys, and code signing certificates for secure communication between servers and VMS, workstations, scripts and bots, applications, services, etc.

With the adoption of remote work, cloud-based services, IoT, and Zero Trust initiatives, the number and importance of public keys and certificates being used by organizations is increasing rapidly. The days of one or two CAs behind the four walls of the data center are behind us, and managing machine identities should be at the forefront of your security posture. In the Gartner Hype Cycle for IAM report in 2021, Gartner Managing VP Tricia Phillips said:

Digital transformation has led to an explosion in the number of machines such as workloads, code, applications, and containers that need to identify themselves and communicate.

Some of the most common elements of PKI include:

Making sure machine identities are protected is becoming a costly and time-consuming task. The majority of organizations say that the growing use of keys and certificates has significantly increased the operational burden on their IT teams and that theyre concerned about the increased workload and risk of outages due to shorter TLS cert lifespans.

Additionally, over half of the organizations polled say their organization doesnt even know exactly how many keys and certificates they have.

If neglected, machine identities can create huge gaps in your security, as any vulnerabilities can enable a threat actor to move laterally from one system into others on the network.

In the last two years, over 95 percent of organizations have experienced all three of the following PKI-related issues:*

Because they can bring operations to a halt, certificate outages tend to receive the most focus. Nearly 40 percent of outages take over four hours to identify and remediate, which can be costly and damaging to a companys reputation. The Lets Encrypt outage in September 2021, for instance, affected operations at major corporations like Cisco, Palo Alto, Bluecoat, AWS, Auth0, Fortinet, Heroku, and others.

But outages are just the tip of the iceberg, indicating bigger risks below the surface that need to be addressed, including manual processes, wildcard certificates, weak cryptography, and misconfigured or exposed CAs.

The number of machines (workloads and devices) now outnumbers humans by an order of magnitude, and organizations must establish tooling and processes to control those identities. Gartner: Managing Machine Identities, Secrets, Keys and Certificates, Erik Wahlstrom, 16 March 2022

If you dont feel like you have a good grasp of how to secure your public key infrastructure, youre not alone:

Additionally, about 40 percent of organizations have only a limited PKI strategy for specific applications or use cases, and 16 percent dont have any strategy at all.

You have to know what certificates youre using to effectively secure them. Discovering and creating an inventory of your certs and CAs will give you an overview of which ones have the highest priority.

Create a cross-functional working group to establish ownership for tools, processes, and strategy and to provide oversight and bridge gaps between business units. Then define machine identities for your organization, identify use cases for your PKI and machine IDs, and analyze your existing identity fabric or toolset.

The more identities and sources of information you have, the more possibility for mistakes and/or vulnerabilities. Once you have a good handle on what PKI management tools are at your disposal, pare them down. Ask yourself questions like:

You need to define policies and best practices for your public key infrastructure.

Most security teams spend at least 50% of their time on maintenance and operational tasks. The key is to automate, automate, automate. Automation decreases risks related to human error and misconfiguration and ensures that you can scale with new demands. Additionally, automation enables integration with existing DevOps and cloud workflows.

Security threats adapt quickly to security controls, so you have to be ready to adapt just as fast. To maintain operations and prevent incidents related to PKI, you need to constantly educate yourself and maintain a crypto-agile security posture:

Check out the2022 State Machine Identity Management report to stay informed of the latest cybersecurity data and analysis. With an in-depth analysis of the threat landscape for PKI and machine IDs at your disposal, you can make informed decisions about what security measures to put in place to keep your organization safe and operating at full capacity.

You can also watch our webinar on demand for additional insights from Keyfactor leaders: The State of PKI and Machine Identity Management