Secure sockets layer (SSL) and transport layer security (TLS) have become an integral part of the internet, and adoption rates have skyrocketed. More than 45% of websites are encrypted today (up from 30% in October 2015) and 40-50% of enterprise traffic is encrypted, compared to just 25%-35% in 2013. This growth...
A man who allegedly used a smartphone with a Tor proxy and VPN client to hide his online activities has been arrested and charged with narcotics distribution after U.S. Postal Service employees spotted him mailing large numbers of envelopes while wearing latex gloves.
A new release from WikiLeaks - of what's alleged to be classified material from the CIA - has seemingly exposed some of the agency's most sensitive hacking projects and malware capabilities. Technology experts are scrambling to assess the impact, as well as WikiLeaks' claims.
The European Union's General Data Protection Regulation, which will be enforced beginning in May 2018, will affect organizations throughout the world because it applies to any company that handles Europeans' personal data, says Fred Kost of HyTrust.
Researchers have demonstrated the first practical attack against the SHA-1 cryptographic hash function. While security experts had already recommended dropping SHA-1, some browsers and other security tools still rely on it.
A federal judge in Illinois has rejected part of a search warrant application that would allow police to force anyone present at the time of a raid to use their fingerprints to unlock digital devices. But the decision far from resolves the issue of law enforcement's efforts to overcome encryption.
Emerging insider threats have quickly proven that the proverbial "walled garden" is not so walled after all, and without true end-to-end encryption, insiders and outsiders can compromise sensitive data, says Dr. Phillip Hallam-Baker of Comodo Group.
For anyone who's worried about the rise of quantum computers and the risk that they could be used to crack modern, public-key crypto systems, leading cryptographers at the RSA Conference 2017 delivered a clear message: For now, do nothing.
An analysis of integrity - a core foundation of cybersecurity - in the era of fake news leads the latest edition of the ISMG Security Report. Also, a new initiative aims to help ensure the security of medical devices and financial institutions in New York face new state cybersecurity regulations.
Amidst the increasing security chaos facing individuals and organizations, one of the dominant themes at this year's RSA Conference was the need for information security professionals to do more, bringing order to enterprise IT security as well as by influencing public policy.
The best starting point for effectively safeguarding data and protecting against breaches is to clearly understand what kind of data an organization has, where it's located and the risks, says Jason Hart of Gemalto.
In this edition of the ISMG Security Report: An evaluation of the challenges law enforcement faces in using lawful hacking and metadata as an alternative way to collect evidence when cracking an encrypted device is not an option. Also, a look at Trump's revised cybersecurity executive order.
In his eight years in the White House, former President Barack Obama made cybersecurity a priority. But will his legacy be his administration's various IT security initiatives or the damaging breaches that occurred during his tenure? That's the lead story in the latest edition of the ISMG Security Report.
Encrypted web communication routinely bypasses enterprise security controls. Left unscanned, these channels are perfect vehicles for hiding infection, command & control, and data exfiltration.
The malicious use of encryption is growing at an alarming rate, from 104 in 2014, to 13,542 as of mid-2016, according to...
Encryption keeps data confidential, but we're left unprotected from threats that may be embedded in the data. In fact, encryption actually conceals these threats and adds network performance burdens for organizations that wish to inspect encrypted traffic.
The first in a series on encryption, this technical brief...