encryption

Pierluigi Paganini July 24, 2023
Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands

Apple could opt to pull iMessage and FaceTime services in the U.K. in response to the government’s surveillance demands. In light of the government’s surveillance demands, Apple might consider withdrawing iMessage and FaceTime services from the U.K. The UK government wants to give more surveillance powers to its intelligence agencies proposing changes to the Investigatory Powers […]

Pierluigi Paganini May 11, 2023
Twitter now supports Encrypted Direct Messages, with some limitations

Twitter is rolling out support for encrypted direct messages (DMs), the security feature will be initially available for the verified users. Twitter is rolling out support for encrypted direct messages (DMs), the feature is initially limited to verified users or affiliates to a verified organization that are using the latest version of the app (iOS, Android, Web). The latest […]

Pierluigi Paganini March 01, 2023
Google Gmail client-side encryption is available globally

Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers. Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. In December, Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta users can […]

Pierluigi Paganini November 02, 2022
OpenSSL fixed two high-severity vulnerabilities

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786, in its cryptography library. The flaws impact versions 3.0.0 through 3.0.6 of the library. The OpenSSL software […]

Pierluigi Paganini October 26, 2022
OpenSSL to fix the second critical flaw ever

The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project […]

Pierluigi Paganini October 19, 2022
Microsoft Office 365 Message Encryption (OME) doesn’t ensure confidentiality

A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. Researchers at the cybersecurity firm WithSecure discovered a bug in the message encryption mechanism used by Microsoft in Office 365 that can allow to access message contents due. The experts pointed out that Microsoft Office […]

Pierluigi Paganini July 07, 2022
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue, tracked as CVE-2022-2274, affecting the popular library. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines and triggers […]

Pierluigi Paganini October 14, 2021
WhatsApp made available end-to-end encrypted chat backups

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional layer of security to protect backups stored on Google Drive or iCloud cloud storage. Currently, WhatsApp […]

Pierluigi Paganini October 11, 2021
NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. A wildcard certificate is a public key certificate that can be used […]

Pierluigi Paganini September 13, 2021
Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud. While WhatsApp has already implemented end-to-end encrypion since 2016, the company […]