Netherlands Maastricht University becomes a victim of ransomware just before Christmas

On December 24, Maastricht University, also dubbed as UM, released an official report about a ransomware attack that managed to encrypt almost all of its Windows systems. The attack against the University was performed on December 23 and complicated the use of email-related services:[1]

Maastricht University (UM) has been hit by a serious cyber attack. Almost all Windows systems have been affected and it is particularly difficult to use e-mail services.

There are no particular details on what type of ransomware virus attacked the institution and also no data whether the criminals managed to steal any private data before locking it with the encryption key or not. However, UM is trying to find out if there was any information accessed.

Maastricht University is a successful educational institution located in the Netherlands, having 18,000 students, even a greater number of alumni 70,000 and 4,400 employees. Additionally, during the past two years, this institution has also been included in the top 500 universities.[2]

Sadly, when everybody was celebrating Christmas Eve, Maastricht University had to deal with a ransom attack. The authorities have explained that they worked on the attack by putting all the systems down as a protective measure. It might take some time until they will be put up again. However, even it is still unknown when the systems will be available again due to the ongoing investigation process,[3] the doors of the UM buildings will be open from January 2 to all students again.

University's staff has also been working with law enforcement agencies while trying to investigate this attempt deeper. The institution is expecting to find out methods that would allow it to avoid similar attacks in the upcoming future and identify the current damage.[4]

The attack targeting Maastricht University is not the only one that has been reported during these days. The United States Coast Guard operation was also taken down due to a ransomware attack. This time, the malware that was spread via phishing email messages and included a malicious hyperlink that was the hidden ransomware payload was Ryuk ransomware.[5]

Ransomware viruses are one of the most dangerous threats that are lurking out in the cybersphere. Malicious actors manage to deliver these viruses through infected emails and attachments or hyperlinks, cracked software, malvertising, and other deceptive strategies. Afterward, the ransomware launches its encryption module and locks all data that is placed on the infected computer.

Then, this dangerous threat demands a particular ransom price via a ransom note. Even though the money amount for regular users can be only $50 or $200 in Bitcoin, the cybercriminals are very likely to demand a big sum from worldwide organizations, companies, and institutions that can come up to $1 million in BTC or another type of cryptocurrency.

See more here:
Maastricht University gets almost all of its Windows systems encrypted by ransomware - 2-spyware.com

My book group recently read a 2017 mystery calledThe Lost Book of the Grailby Charlie Lovett. In the novel, an English bibliophile and an American digitizer track down a mysterious book thought to lead to the Holy Grail. The chief clue: a secret message hidden in the rare books collection of the fictional Barchester Cathedral Library. The message is a complex polyalphabetic substitution cipher that can only be solved by finding key words hidden in the books. Coded messages are common plot devices, used not just by Dan Brown but also by Edgar Allan Poe, Sir Arthur Conan Doyle, Jules Verne, Dorothy Sayers, Agatha Christie, and Neal Stephenson, among many others.

Aficionados distinguish among codes and ciphers. They also talk about steganography, which involves hiding messages, sometimes covertly as in a microdot and sometimes in plain sight as when the first letters of the paragraphs of a text spell out a word. Aficionados also refer to anagrams, which are expression made up by rearranging the letter (or numbers) of another expression. My name, for example, anagrams as BATTLED WAISTLINE.

There is also a distinction between codes and ciphers. A code is a technique for rendering one set of meanings using other, usually shorter, symbols. In early Morse Code telegraphy, for example, a word in the code book could be used to stand for a whole sentence or phrase, enabling efficient messaging. Stenographers and journalists use shorthand and the US Secret Service uses code names for its protecteeslike Lancer (for JFK) and Rawhide (for Ronald Reagan). Ciphers refer to messages which are systematically altered by some algorithm, such as replacing one symbol for another. Cryptography refers to both ciphers and codes.

How do ciphers work? The classic example is one called the Caesar shift. This is an encryption in which each character is replaced by one a certain number of places down the alphabet. Julius Caesars encrypted messages were said to use a shift of three characters to the left. Edwin Battistella would become BATFK YXQQFPQBIIX. Simple ciphers like the Caesar shift are (said to be) easy to decrypt.

In literary works, such as mystery and spy fiction, encrypted messages can be used as plot devices, obstacles for the protagonists to overcome. Or they can be used as part of the plot itself, where the technique of decipherment is a major part of the story. In Arthur Conan Doyles short story The Adventure of the Dancing Men, a woman named Elsie Patrick is harassed by coded messages in which each character looks like a dancing person. Realizing the messages are written in a substitution cipher, Sherlock Holmes deciphers them by analyzing the frequency of the symbols. He explains to Watson that E is the most common letter in the English alphabet, and it predominates to so marked an extent that even in a short sentence one would expect to find it most often. Noting that T, A, O, I, N, S, H, R, D, and L are the next most frequent letters, he quickly deciphers the message, which said. Elsie, prepare to meet thy God.

Sometimes the cipher appears quite complex. Edgar Allan Poe used one as a plot device in his story The Gold Bug. The cipher was supposedly devised by Captain William Kidd, the Scottish pirate, giving directions to his buried treasure. Its a simple letter-to-symbol cipher using numbers and punctuation marks, but without spaces between the word divisions. Poes fictional cryptographer solves the cipher by using frequency analysis. You can give it a try yourself. Heres a clue, the letters E T A O I N S H R D L are represented by 8 ; 5 6 * ) 4 ( 0.

53305))6*;4826)4.)4);806*;488

60))85;;]8*;:*883(88)5*;46(;88*96

*?;8)*(;485);5*2:*(;4956*2(5*4)8

8*;4069285);)68)4;1(9;48081;8:8

1;4885;4)485528806*81(9;48;(88;4

(?34;48)4;161;:188;?;

Figuring out the cipher inThe Lost Book of the Grailwas more complex, and the deciphering takes place over many pages of the novel. Frequency analysis leads the protagonists to the letters U, Q and D, which they associate with the Latin wordsunus, quinqueanddecem:1, 5, and 10.The numbers point to books and chapters in the librarys medieval manuscript collection where the key words are found. That discover allows the cipher be decrypted by using the key to partially scramble the alphabet. So the keywordcorpusgoes before the English alphabet minus the letters in the key. The keyed English is aligned with the slightly shorter Latin alphabet (missing J and W, which were absent in classical Latin).

C O R P U S A B D E F G H I J K L M N Q T V W X Y Z

A B C D E F G H I K L M N O P Q R S T U V X Y Z

Ultimately, the key allows the protagonists to decipher strings like JULMCURQF CMQJLCHIQ UGBCULUFD as PERSAECUL ASUPRANOV EMHAERELI orper saecula supra novem hae reli-. Finding successive keys and applying them to further bits of text, they decipher the full Latin message. Its a complex puzzle spread over nearly sixty pages.

Not all secrets are so complex. In theDa Vinci Code, symbologist Robert Langdon is confronted with, among other clues the lines:

13-3-2-21-1-1-8-5

O, Draconian devil!

Oh, lame saint!

Each line is an anagram. O, Draconian Devil yields Leonardo Da Vinci and Oh, lame saint becomes The Mona Lisa. The line of numbers is an anagram of the beginning of the Fibonacci Sequence, in which numbers after 1 are the sum of the two previous numbers: 1-1-2-3-5-8-13-21. It is the combination of a later lockbox.

Hidden messages, from anagrams to codes and ciphers are part of a long literary tradition. Take some time to enjoy them or create one yourself.

Featured image credit: Enlightening Math by John Moeses Bauan. CC0 via Unsplash.

Read more here:
Codes and Ciphers - OUPblog

This February, with Venezuela rocked by economic collapse and a presidential succession crisis, an opposition party put out a call for volunteers. Juan Guaid, a political leader with the Popular Will party, called on supporters to register at the site Volunteers for Venezuela. Guaid announced that the call was successful, with over 100,000 supporters submitting their contact information to the site.

But according to researchers with Venezuela Inteligente, CrowdStrike, and Kaspersky Lab, bad actors used DNS response injection to route these visitors to a fake version of the site. The fake version of the site looked identical to the real one, but researchers believe that the information collected was sent to the attackers instead of to Guaids party. On February 17th, the identities of the activists were leaked by a media outlet supporting Guaids rival Nicols Maduro, which the Atlantic Councils Digital Forensics Research Lab believes had access to the database of phished information.

DNS is a part of the Internet infrastructure that serves as a directory to help Internet users find and connect to the servers for the domains they want to connect to, by letting the domain owners publish contact information about their services, and letting users query to receive that information. Ideally, the type of attack that took place in Venezuela should not be possible; we would hope that DNS would accurately tell users where the site theyre looking for is located, and not direct them to some other site.

Unfortunately, the DNS infrastructure was created in a more innocent era in which the Internet was often seen as comprised of trustworthy organizations and people. DNS remains highly vulnerable to monitoring, readily revealing what sites people are trying to visit (for purposes of advertising, commercial profiling, political profiling, network censorship, or espionage). Its also vulnerable to spoofing, whether by an Internet service providers own resolver service (which could give deliberately false replies to users queries) or by someone who has compromised Internet routers (who could observe queries and then quickly inject false replies even before the genuine ones arrive), among other possibilities.

The lack of DNS encryption is a serious privacy concern for all Internet users. But in countries where residents are targeted by their government for extrajudicial killings, unencrypted DNS is a safety issue that must be fixed.

Fortunately, volunteers working through the Internet Engineering Task Force (IETF) have made tremendous progress towards encrypting DNS. Two protocols have emerged to encrypt DNS queries: DNS over TLS (DoT) and DNS over HTTPS (DoH). We think both protocols are progress over the unencrypted DNS query situation. DoT retrofits the classic DNS protocol with TLS encryption, while DoH wraps it inside web browsing so the DNS query and reply travel the Internet looking likeand protected likea web browsing session, which should make it harder for ISPs to block DoH queries. In the Venezuela case, for example, if the attackers had the cooperation of Venezuelan ISPs, they might have tried to force users to use vulnerable resolver services within the country, even if the users wanted to use more neutral and trustworthy services elsewhere. DoH will make it harder for ISPs to abuse their position to force their users to use a DNS service that the ISPs operate or can monitor or interfere with.

Nevertheless, plans for the imminent implementation of DNS over HTTPS received a tremendous amount of criticism this year, with the Internet Services Providers Association (a UK-based trade group for Internet service providers) going so far as to call Mozilla a villain for the latters plans to implement DoH.

Internet service providers in the US also lobbied against DoH through trade groups, raising concerns with Congressional committees that Googles Chrome browser would override the operating systems configured resolver to use Googles resolver instead. We agree that this would effect an alarming shift towards the centralization of DNS, but Google has never announced plans to implement DoH in the manner that the trade groups described. In Googles plan, most users will continue using their ISP-provided resolver services, with a DoH upgrade when the ISPs service offers it, which provides privacy benefits when the network connection is shared with others or monitored by a third party. Users who actively choose a different DNS service will also get better privacy.

Some DoH criticism focused on Mozillas plans to default users of its Firefox browser to Cloudflares public DNS servicesoften referred to as 1.1.1.1 after one of the IP addresses where Cloudflare makes its DNS resolver services available. Critics worried that this will inappropriately centralize some of the functionality of the DNS. Weve encouraged Mozilla to make sure that users have an easy, straightforward choice of DNS services.

EFF worked with Congressional staff members in the House Energy and Commerce Committee to address some of the concerns around DoH. Alongside Consumer Reports and the National Consumers League, we wrote an open letter to Congress explaining the important role that DNS encryption will play in protecting privacy and freedom of expression. We also talked to Congressional Research Service researchers who have been looking into the controversy.

Despite the concerns raised by some ISPs, technology companies have made substantial progress towards implementing support for encrypted DNS protocols over the past year. Comcast is currently testing support for both DoH and DoT in production, and the company has made strong public commitments to protect the privacy of their customers DNS queries. Microsoft has announced plans to support DNS over HTTPS in Windows.

We applaud the work being done by these companies to protect the privacy of their users, and encourage anyone who operates a resolver to implement support for encrypted DNS.

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2019.

DONATE TO EFF

Like what you're reading? Support digital freedom defense today!

Read more here:
Encrypting DNS: Year in Review 2019 - EFF

New Jersey, United States Verified Market Research provides a credible report about the worldwide Encryption Software Market. The Encryption Software Market report passes on a through and through productive perspective of the information related to the Encryption Software Market.This market report utilizes well-examined market strategies such as SWOT analysis and Porters Five Forces analysis that convey deep market insights. The report includes a thorough investigation of different components impacting the market development. The report provides a complete assessment of present as well as future market prospects for the estimated period of time i.e. 2019-2026.

Global Encryption Software Market was valued at USD 3.32 billion in 2016 and is projected to reach USD 30.54 billion by 2025, growing at a CAGR of 27.96% from 2017 to 2025.

This report includes factors such as market size, market share, market segmentation, significant growth drivers, market competition, different aspects impacting economic cycles in the market, demand, expected business up-downs, changing customer sentiments, key companies operating in the Encryption Software Market, etc. In order to deliver a complete understanding of the global market, the report also shares some of the useful details regarding regional as well as significant domestic markets. The report presents a 360-degree overview and SWOT analysis of the competitive landscape of the industries. Moreover, the report delivers a summarized assessment of the impact of federal policies and regulations on market operations. It also comprises detailed information pertaining to the Encryption Software Markets current dynamics.

The report concludes with the profiles of major players in the Encryption Software market are:

Dell, Thales E-Security, Eset, Symantec, IBM Corporation, Sophos, Ciphercloud, Pkware, Mcafee, Gemalto, Trend Micro, Microsoft Corporation

Get | Download Free Sample Copy @https://www.verifiedmarketresearch.com/download-sample/?rid=1826&utm_source=TCA&utm_medium=003

Competitive Landscape:

Market players need to have a complete picture of the competitive landscape of the Encryption Software market as it forms an essential tool for them to plan their future strategies accordingly. The report puts forth the key sustainability strategies taken up by the companies and the impact they are likely to have on the Encryption Software market competition. The report helps the competitors to capitalize on opportunities in the Encryption Software market and cope up with the existing competition. This will eventually help them to make sound business decisions and generate maximum revenue.

Market Segment Analysis:

The report offers a comprehensive study of product type and application segments of the Encryption Software market. The sentimental analysis provided in the report is based on significant factors such as market share, market size, consumption, production, and growth rate of the market segments studied. Readers of the report are also provided with exhaustive geographical analysis to provide clear understanding of the regional growth of the Encryption Software market. Developed as well as developing regional markets for Encryption Software have been deeply studied to help market players identify profit-making opportunities in different regions and countries.

(Check Our Exclusive Offer : Ask For Discount @https://www.verifiedmarketresearch.com/ask-for-discount/?rid=1826&utm_source=TCA&utm_medium=003

Table of Content

1 Introduction of Encryption Software Market

1.1 Overview of the Market1.2 Scope of Report1.3 Assumptions

2 Executive Summary

3 Research Methodology of Verified Market Research

3.1 Data Mining3.2 Validation3.3 Primary Interviews3.4 List of Data Sources

4 Encryption Software Market Outlook

4.1 Overview4.2 Market Dynamics4.2.1 Drivers4.2.2 Restraints4.2.3 Opportunities4.3 Porters Five Force Model4.4 Value Chain Analysis

5 Encryption Software Market, By Deployment Model

5.1 Overview

6 Encryption Software Market, By Solution

6.1 Overview

7 Encryption Software Market, By Vertical

7.1 Overview

8 Encryption Software Market, By Geography

8.1 Overview8.2 North America8.2.1 U.S.8.2.2 Canada8.2.3 Mexico8.3 Europe8.3.1 Germany8.3.2 U.K.8.3.3 France8.3.4 Rest of Europe8.4 Asia Pacific8.4.1 China8.4.2 Japan8.4.3 India8.4.4 Rest of Asia Pacific8.5 Rest of the World8.5.1 Latin America8.5.2 Middle East

9 Encryption Software Market Competitive Landscape

9.1 Overview9.2 Company Market Ranking9.3 Key Development Strategies

10 Company Profiles

10.1.1 Overview10.1.2 Financial Performance10.1.3 Product Outlook10.1.4 Key Developments

11 Appendix

11.1 Related Research

Complete Report is Available @https://www.verifiedmarketresearch.com/product/global-encryption-software-market-size-and-forecast-to-2025/?utm_source=TCA&utm_medium=003

Finally, Encryption Software market report gives you details about the market research finding and conclusion which helps you to develop profitable market strategies to gain competitive advantage. Supported by comprehensive primary as well as secondary research, the Encryption Software market report is then verified using expert advice, quality check and final review.

About Us:

Verified market research partners with clients to provide insight into strategic and growth analytics; data that help achieve business goals and targets. Our core values include trust, integrity, and authenticity for our clients. Our research studies help our clients to make superior data-driven decisions, capitalize on future opportunities, and optimize efficiency and keeping them competitive by working as their partner to deliver the right information without compromise.

Contact Us:

Mr. Edwyne Fernandes

Call: +1 (650) 781 4080

Email:[emailprotected]

https://www.linkedin.com/company/verified-market-research

Encryption Software Market Size, Encryption Software Market Analysis , Encryption Software Market Growth , Verified Market Research

This post was originally published on Chief Analyst

Follow this link:
Encryption Software Market 2019 | Analysis, Research, Share, Growth, Sales, Trends, Supply & Forecast till 2026 - Chief Analyst

As we 2019, its time to have a look at the year 2020 and what it would have in store for enterprises.

Since we are in the business of securing our enterprise customers infrastructures, we keep a close eye on how the security and encryption landscape is changing so we can help our customers to stay one step ahead.

In 2019, ransomware made a comeback, worldwide mobile operators made aggressive strides in the transformation to 5G, and GDPR achieved its first full year of implementation and the industry saw some of the largest fines ever given for massive data breaches experienced by enterprises.

2020 will no doubt continue to bring a host of the not new, like the continued rash of DDoS attacks on government entities and cloud and gaming services, to the new and emerging. Below are just a few of the trends we see coming next year.

Ransomware will increase globally through 2020Ransomware attacks are gaining widespread popularity because they can now be launched even against smaller players. Even a small amount of data can be used to hold an entire organisation, city or even country for ransom. The trend of attacks levied against North American cities and city governments will only continue to grow.

We will see at least three new strains of ransomware types introduced:

To no surprise, the cyber security skills gap will keep on widening. As a result, security teams will struggle with creating fool-proof policies and leveraging the full potential of their security investments

Slow Adoption of new Encryption Standards

Decryption: Its not a Choice Any Longer

TLS decryption will become mainstream as more attacks leverage encryption for infection and data breaches. Since decryption remains a compute-intensive process, firewall performance degradation will remain higher than 50% and most enterprises will continue to overpay for SSL decryption due to lack of skills within the security teams. To mitigate firewall performance challenges and lack of skilled staff, enterprises will have to adopt dedicated decryption solutions as a more efficient option as next-generation firewalls (NGFWs) continue to polish their on-board decryption capabilities

Cyber attacks are indeed the new normal. Each year brings new security threats, data breaches and operational challenges, ensuing that businesses, governments and consumers have to always be on their toes. 2020 wont be any different, particularly with the transformation to 5G mobile networks and the dramatic rise in IoT, by both consumers and businesses. The potential for massive and widespread cyber threats expands exponentially.

Lets hope that organisations, as well as security vendors, focus on better understanding the security needs of the industry, and invest in solutions and policies that would give them a better chance at defending against the ever-evolving cyber threat landscape.

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/98rSE3CD0sM/by-babur-nawaz-khan-product-marketing.html

Read this article:
Cyber Attacks are the Norm - Security Boulevard

The report Global Encryption Key Management Software Market 2020 offers an extensive and finest overview including definitions, classifications, and its applications. The Encryption Key Management Software industry foresee a decisive expansion in forthcoming years. The report analyzes necessary driving forces trailing the growth of the market in detail. It interprets the new Encryption Key Management Software industry data and market forecast 2020-2024. To clarify the Encryption Key Management Software market size, the report considers the revenue generated from the various segment. It also includes business tactics, development plans, import/export details.

Encryption Key Management Software market forecast report provides a valuable source of knowledgeable data for business strategists. Likewise, it gives the overview with growth analysis, Encryption Key Management Software futuristic cost, revenue, demand/supply data. Similarly, it elaborates the Encryption Key Management Software value chain and analysis of its distributor. This Encryption Key Management Software market study presents thorough data which enhances the understanding, scope, and application.

Get a sample of the report from https://www.orbisreports.com/global-encryption-key-management-software-market/?tab=reqform

Furthermore, it describes the extensive analysis of key Encryption Key Management Software market segments and sub-segments. Especially, includes evolving industry trends and dynamics, challenges, and competitive insights. Opportunity mapping in terms of technological breakthroughs for Encryption Key Management Software business development. The report analyzes the Encryption Key Management Software industry potential for each geographical region accordingly.

The report enlists the main competitors and displays the insights of vital world Encryption Key Management Software market Analysis of the key factors influencing the global industry.

Key Manufacturers of Encryption Key Management Software market are

Netlib SecurityFortanixAvery OdenAWSMicrosoftOpenBSDHyTrustGnuPGHashicorpGemalto

Different product types include:

Cloud BasedWeb Based

Encryption Key Management Software industry end-user applications including:

Large EnterprisesSMEs

For more Information or Ask for discount @ https://www.orbisreports.com/global-encryption-key-management-software-market/?tab=discount

At last, the report lists essential constraints having an impact on Encryption Key Management Software industry size growth and reducing the popularity of specific product segments during the forecast period. Encryption Key Management Software report also examines the potential growth opportunities and their influence on the world Encryption Key Management Software industry. Similarly, it interprets the fresh industry data and Encryption Key Management Software market forecast, trends, allowing you to pinpoint the products and clients driving revenue growth and profitability.

Moreover, it serves a forward-looking perspective on different Encryption Key Management Software driving factors or restraining market growth. Report predicts how the Encryption Key Management Software market will be grown in coming years. It illustrates changing Encryption Key Management Software market competition dynamics and keeps you ahead of competitors. Study helps in making crucial Encryption Key Management Software business decisions having thorough insights of market and by making in detail analysis of Encryption Key Management Software market segments.

What was the historic Encryption Key Management Software market data? What is the global Encryption Key Management Software industry forecast from 2020 to 2024? Which are the leading worldwide Encryption Key Management Software industry companies, how are they positioned in the market in terms of competition, sustainability, production capacity and strategic outlook? What are the Encryption Key Management Software technology & innovation trends, how will they evolve by 2024? Which are the leading Encryption Key Management Software market products, applications & regions and how will they perform by 2024? A detailed analysis of Encryption Key Management Software market size, regulatory trends, industry pitfalls, drivers coupled with challenges and growth opportunities for participants

Click here to see full TOC https://www.orbisreports.com/global-encryption-key-management-software-market/?tab=toc

This post was originally published on Market Reports Observer

See more here:
Encryption Key Management Software Market 2020 Major Players, Industry Size, Share, Applications, Recent Developments, Product, Services and Forecast...

After problem comes solution. Hacking has emerged as a major issue over the years. Well, it looks like the right solution for it has arrived. As per the researchers from the University of St Andrews, they have devised an encryption system that is completely unhackable and saves data in the form of light.

Diving into the details, once the data is sent through the chip, it issues a one-time-only key. The data (retained as light) passes through a carefully designed chip that mixes up the information by bending and refracting light.

As the bending and refraction of light is different each time depending on the data being transferred via chip, this tech is a physical embodiment of the OTP (One-Time Password) mechanism, known for validating countless services.

The chips in question are capable of delivering 0.1 Terabit of different keys for every single mm of the input channels length.

According to St Andrews Universitys Professor Andrea Di Falco, the new tech can be best explained with the analogy of talking to someone with two paper-cups attached by string. If the cups are crunched while someone is speaking, their sound would be masked. But the crunch would be different every time. This makes the new tech seemingly unbreakable.

The systems security is assessed on the basis of the Kerckhoff principle. The tech uses the second law of thermodynamics and the exponential sensitivity and chaos in order to stop bad actors from getting their hands on any piece of information on the key being traded by the user.

If everything goes right, this invention can put an end to all cybersecurity issues across the world. It remains to be seen if these chips get used in the future to authorize the communication channels.

Nature.com has published a relevant research paper in which you can discover more about the new technology.

The rest is here:
The First-ever "Unhackable" Encryption System is Finally Here! - Digital Information World

Learn how to hide or encrypt specific files in Windows in order to better protect them.

Image: Getty Images/iStockphoto

You can--and should--protect your Windows computer with a strong and secure login password or other means of authentication. Perhaps there are specific folders and files on your PC for which you want an extra layer of security. Windows gives you a couple of options:

SEE:Windows 10 security: A guide for business leaders(TechRepublic Premium)

First, open File Explorer on your Windows computer. Select a folder or file (or files) that you want to hide. Right-click on your selection and select Properties from the menu. From the Properties dialog box, click the checkbox for Hidden. Then click OK (Figure A).

Figure A

If you're still able to see the folder or files, that likely means the option to view hidden files is turned on. Click on the View tab and uncheck the box for Hidden Files. The files should then vanish (Figure B).

Figure B

Hiding folders and files is a simple process but one with a couple of obvious drawbacks. First, if you want to work with those files, you have to either unhide them or re-enable the option to view Hidden Files, which defeats the whole purpose of hiding them. Second, if someone does gain access to your computer, that person could easily turn on the option for Hidden Files, which acts like a red flag for any potentially secret or sensitive files.

A more secure option is to encrypt any folder or files you wish to safeguard. Windows offers a built-in encryption tool called Encrypted File Service (EFS). EFS is available in Windows 10 Pro, Windows 10 Enterprise, Windows 8/8.1 Pro, Windows 8/8.1 Enterprise, Windows 7 Professional, Windows 7 Ultimate, and Windows 7 Enterprise. If you encrypt a file with EFS, only you can access the file through your Windows account. Other accounts, even those with administrative privileges on the machine, will be unable to access it.

To set up the encryption, insert a USB stick into your computer, which you'll use to back up the encryption key. Select and right-click the specific folder or files. Select Properties from the menu. At the Properties box, click on the Advanced button and then check the box to Encrypt Contents To Secure Data. Click OK (Figure C). Back at the Properties window, click OK or Apply.

Figure C

If you're trying to encrypt a file or files, a message appears asking if you want to encrypt the file and its parent folder or only the file. If the file is encrypted but not its folder, and you modify that file, an unencrypted version of the file could be stored temporarily as you edit it. Plus, any new files you create in the folder would not be encrypted. Choose your preferred option and then click OK (Figure D).

Figure D

If you're trying to encrypt a folder, a message asks if you want to apply changes to this folder only or to this folder, subfolder, and files. In this case, you'll likely want to choose the latter option, which is selected by default. Click OK (Figure E).

Figure E

A message should then appear prompting you to back up your encryption key. Make sure a USB stick or other removable media is inserted into your computer. Choose the first option to Back Up Now. The Certificate Export Wizard pops up with a welcome screen. Click Next. At the next screen for file format, keep the default selections. Click Next. At the Security screen, enter and then re-enter a password to protect the encryption key. At the File To Export screen, type the name of the file you wish to store on the USB drive. Click Next. At the final screen, click Finish. A message will pop up telling you that the export was successful. Click OK (Figure F).

Figure F

As long as you're signed into Windows with your own account, you'll be able to access and work with the folders or files you encrypted. If another person signs in or tries to access the files without your account or the encryption key, that person will receive a message indicating that the document may be read-only or encrypted.

To decrypt the folder or files, simply reverse the process. Sign in with your account, right-click on the folder or files, select Properties. At the Properties box, click the Advanced button. Uncheck the box to Encrypt Contents To Secure Data. Click OK. At the Properties box, click OK or Apply. Choose the option to apply changes to the folder or the folder, subfolders, and files, or the file and its parent folder. Click OK. The folder or file is then decrypted (Figure G).

Figure G

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

See the original post:
How to protect specific folders and files in Windows - TechRepublic

On December 26 the State Department will publish a long-awaited rule amending the International Traffic in Arms Regulations (ITAR) by providing a definition of activities that are not exports, reexports, retransfers, or temporary imports at 22 CFR section 120.54. Notably, this definition provides much-needed guidance on whether and under what circumstances end-to-end encrypted technical data is controlled under the ITAR. Published as an interim final rule, the State Department will accept comments through January 25, 2020, which could result in additional changes. However, the effective date of the interim final rule is set to be March 25, 2020, ninety days after publication in the Federal Register.

In 2015, the State Department published a proposed rule with a number of possible revisions to key definitions of the ITAR. One of the main goals of these revisions was to harmonize the ITAR and the Department of Commerces Export Administration Regulations (EAR) as part of the Export Control Reform Initiative announced by President Obama in 2009. Several of these proposed definitions were eventually adopted in final rules, but many were not.

In 2016, the Commerce Department adopted a definition for activities that are not exports, reexports, or retransfers, at 15 CFR section 734.18, which it amended in December 2017. The present rule issued by the State Department adopts a similar definition for the ITAR. Additionally, the rule amends the definition of release (22 CFR section 120.50), adds a definition of access information (22 CFR section 120.55) and makes minor amendments elsewhere to reference these new sections.

As with the definition in the EAR, the ITAR lists five activities that are not considered exports or other controlled events that would otherwise require a license or approval. These five activities are:

In response to a number of comments, the State Departments interim final rule provides additional guidance and context relevant to the interpretation of these new and amended definitions in the ITAR.

Read this article:
State Department publishes long-awaited ITAR rule on encryption and other excluded activities - Lexology

If your company uses WhatsApp to communicate among its team or with customers, you might want to evaluate your other options as the popular end-to-end encrypted messaging service has endured some security issues this year.

Most recently is a vulnerability that could allow a hacker to deliver a malicious message to a group chat that would crash the app for all members of the group. Users would be forced to uninstall and reinstall the app and delete the group message that was targeted, according to cybersecurity provider Check Point, which discovered the latest vulnerability.

That could have serious consequences for a business using it to communicate with employees or its customers. This also has implications for U.S. national security, as some White House staffers have reportedly used the app to communicate.

Check Point disclosed its findings to WhatsApp in August, and the Facebook-owned company has since patched the issue, but users still need to update to the latest version of the app.

According to Forbes, this is hardly the apps only security issue.

In May, WhatsApp revealed that a major cybersecurity breach enabled targeted spyware to be installed on phones through voice calls thanks to a malicious code from Israeli technology firm NSO Group Technologies.

Other security flaws found this fall included the ability to use a GIF to access a users content and a stack-based buffer overflow that could be trigged by sending an MP4 file to a WhatsApp user that could compromise the system and allow malware to be implanted on the device to eavesdrop or control it remotely.

Now, government officials are working with Facebook to come up with a solution that would give law enforcement a backdoor into WhatsApp communications to help fight terrorism and other crimes.

Read Next: U.S. Wants Encryption Backdoor in Personal Devices

WhatsApp became popular because of its encryption, security and privacy, especially in the 21st century as when normal business functions like email and payment solutions are increasingly the target of cyberattacks.

The company does offer an enterprise-focused version of the app that it released in 2018 and made available on iOS this fall, WhatsApp Business, but Facebook confirmed that some versions of the business app were affected by the Israeli hack and GIF hack.

Its important to note that the company has since fixed the issues, but they seem to keep popping up.

View original post here:
Popular Encrypted Messaging App WhatsApp Has A History of Security Flaws - TechDecisions