Amazon is currently offering the Ring Video Doorbell Pro in certified refurbished condition for $99.99 shipped. Having originally retailed for $249, youll more recently pay $170 for a new condition model with todays offer amounting to 42% in savings and the second-best price to date that comes within $5 of the all-time low. Ring Doorbell Pro features 1080p video recording alongside 30-days of free cloud storage, dual-band Wi-Fi support, and enhanced motion detection to ensure you know when a package gets dropped off. Ring also just recently rolled out end-to-end encryption for some extra peace of mind.Includes the same 1-year warranty youd find on a new condition model. Over 35,700 Amazon shoppers have left a4.5/5 star rating.

Amore affordable way to get in the Ring ecosystem and fend off porch pirates is with thebrands latest wired Video Doorbell at$60. This more affordable offering delivers 1080p feeds and the usual Alexa integration, as well as motion alerts and integration with the larger Ring ecosystem. Dive intoour launch coveragefor a closer look at all of the details.

Another way to upgrade your smart home would be checking out the discount we spotted to kick off the week onthe Nest Hello Video Doorbell. Youre looking at much of the same form-factor above, but with a Google focus rather than Alexa. Bringing peace of mind to your front door, the surveillance upgrade packs motion alerts, Assistant integration, and 1080p recording at thesecond-best price of the year at$160.

When you attach the Ring Video Doorbell Pro from Ring to your existing hardwired doorbell, you are able to monitor your front door area using your mobile device. The Ring Doorbell Pro features 1920 x 1080 resolution for high-quality images, and it has built-in IR LEDs for use at night or in low-light conditions. The camera has a 160 field of view for a wide coverage area, and integrated 2-way audio allows you to listen and respond to those you are monitoring.

FTC: We use income earning auto affiliate links. More.

Subscribe to the 9to5Toys YouTube Channel for all of the latest videos, reviews, and more!

Read more here:
Ring Video Doorbell Pro packs end-to-end encryption at $100 (Refurb, Orig. $249) - 9to5Toys

When crypto investors discuss quantum computing, they invariably worry about its potential to undermine encryption. Quantum computers alone do not pose such a mortal threat, however. Its their capacity to exploit Shors algorithm that makes them formidable.

Thats because Shors algorithm can factor large prime numbers, the security behind asymmetric encryption.

Another quantum algorithm can potentially undermine the blockchain as well. Grovers algorithm helps facilitate quantum search capabilities, enabling users to quickly find values among billions of unstructured data points at once.

Unlike Shors algorithm, Grovers algorithm is more of a threat to cryptographic hashing than encryption. When cryptographic hashes are compromised, both blockchain integrity and block mining suffer.

Collision Attacks

One-way hash functions help to make a blockchain cryptographically secure. Classical computers cannot easily reverse-engineer them. They would have to find the correct arbitrary input that maps to a specific hash value.

Using Grovers algorithm, a quantum attacker could hypothetically find two inputs that produce the same hash value. This phenomenon is known as a hash collision.

By solving this search, a blockchain attacker could serendipitously replace a valid block with a falsified one. Thats because, in a Proof-of-Work system, the current blocks hash can verify the authenticity of all past blocks.

This kind of attack remains a distant threat, however. Indeed, achieving a cryptographic collision is far more challenging than breaking asymmetric encryption.

Mining Threats

A somewhat easier attack to pull off using Grovers algorithm involves proof-of-work mining.

Using Grovers search algorithm, a quantum miner can mine at a much faster rate than a traditional miner. This miner could generate as much Proof-of-Work as the rest of the network combined. Consequently, the attacker could effectively take over the blockchain and force consensus on any block they selected.

Story continues

A quantum miner might also use Grovers search algorithm to help facilitate the guessing of a nonce. The nonce is the number that blockchain miners are solving for, in order to receive cryptocurrency. Thats because Grovers algorithm provides a quadratic speedup over a classical computer (for now, ASIC-based mining remains considerably faster).

How fast is a quadratic speedup? Roughly stated, if a classical computer can solve a complex problem in the time of T, Grovers algorithm will be able to solve the problem in the square root of T (T).

Thus, any miner who can solve the nonce faster than other miners will be able to mine the blockchain faster as well.

Grovers algorithm could also be used to speed up the generation of nonces. This capability would allow an attacker to quickly reconstruct the chain from a previously modified block (and faster than the true chain), .In the end, a savvy attacker could substitute this reconstructed chain for the true chain.

Grovers algorithm may ultimately help make Proof-of-Work obsolete. Thats because there is no possible PoW system that is not susceptible to Grover speed-up. In the end, quantum actors will always have an advantage over classical ones in PoW-based blockchains. (allowing them) to either mine more effectively or (instigate) an attack (source).

Proof-of-Work Weaknesses

As bitcoin matures, the weaknesses inherent within PoW become ever-more evident. Miners are pitted against each other as if in a never-ending arms race This arms race is incentivized by the ability of larger mining pools to achieve economies of scale, a cost advantage that quickly erodes the capacity of individual miners to survive.

Of course, Proof-of-Stake is not without flaws. For instance, critics assert that it favors larger stakeholders (hence the claim that it enables the rich to get richer). These critics neglect to note that PoW is amenable to the same strategy (albeit with miners).

As this arms race comes to a head, any miner with the resources to do so will use quantum computing to achieve a competitive advantage. Combined with Grovers algorithm, a quantum-based miner would outperform other miners (most likely, small-and medium-sized miners). .

With access to quadratic speedup, any PoW coin will inevitably fall under the control of mega-cap institutions and governments. If so, regular investors and mid to large-cap enterprises risk getting priced out of the market. In particular, their devices will be either too expensive or prone to excessive regulation (much the same way that PGP encryption once was).

Summary

Shors algorithm undoubtedly poses the most immediate threat to bitcoin (namely, the potential to break ECDSA, its digital signature algorithm). Grovers algorithm is a distant second in this respect.

Grovers algorithm may someday pose a formidable challenge to PoW mining, however. And it could conceivably threaten cryptographic hashing as well. Any algorithm powerful enough to reverse engineer hash values would invariably undermine PoW itself.

Quantum Resistant Ledger (QRL) will ultimately offer protection against both.

For instance, a quantum-safe digital signature scheme named XMSS safeguards the coin from Shors algorithm.

Likewise, the QRL team will rely on Proof-of-Stake to head off mining-based attacks using Grovers search algorithm.

As you can see, the QRL team is thoroughly preparing for a post-quantum future. Their mission is an increasingly urgent one, as quantum computing continues to advance by leaps and bounds.

See more from Benzinga

2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.

Read more from the original source:
Is Bitcoin (BTC) Safe from Grover's Algorithm? - Yahoo Finance

Operating a VPN generally looks very easy: just choose a location, click Connect, then Disconnect when you're done. But there's a lot of hard work going on under the hood.

Top of the list is how the app creates its connection to the server. Youhope it does this in the most secure way, right? But this doesn't always happen, and the worst offenders make horrible mistakes - especially with standard Windows VPN protocols (IKEv2, L2TP, PPTP, SSTP.)

Connections theoretically allowed with zero encryption, for instance, leaving you entirely protected? Yes, we've seen that several times!

If you only ever connect only via other protocols (OpenVPN, WireGuard, NordLynx, Lightway), then relax, we're not talking about those this time.

But if your app uses these Windows protocols, or you might use them in future, it's worth taking a couple of minutes to check out the relevant settings.

When you need to know more about your Windows VPN setup, the Network Connections window is the place to be. Type network connections in the Search box and click View Network Connections, or press Win+R, type NCPA.CPL and press Enter.

The default icon view doesn't give you much information. To switch, click the View button on the toolbar, or right-click an empty part of the window and select View, then choose Details,

Scan down the Name and Device Name columns, and you might spot the names of VPNs you're using now, or have used in the past. Surfshark, IPVanish, PureVPN, StrongVPN, VyprVPN, TurboVPN and others normally add new Windows VPN connections when they're installed (though in our experience, none of them make any dumb settings mistakes.)

Other VPNs only create the connection as required, when you click Connect. If you don't see anything right now, open your VPN, click Connect, and see if a new item appears in the Network Connections.

Keep in mind that we're looking only for connections using standard Windows protocols. If a connection has the device name 'WAN Miniport (IKEv2)', for instance, it's using IKEv2 and we need to check it. If it says something like 'TAP-Windows Adapter V9' then it's OpenVPN, and we don't.

Right-click an interesting connection and choose Properties to look at the settings.

Click the Security tab. (If you don't have one, this isn't a standard Windows connection. Try another.)

Ideally, the Data Encryption option should be set to 'Maximum strength encryption (disconnect if server declines).' It's not a total disaster if the connection is set to 'Require encryption', but we'd be more worried if it's set to 'Optional encryption (connect even if no encryption)' or 'No encryption allowed.'

How worried? Well, the 'Optional encryption' setting doesn't automatically leave you with no protection. If your app and the server correctly negotiate an encrypted connection, that's what you'll get. But even if it's only theoretically possible that you'd be left encryption-free, we think that's a big deal, especially as it's so easy to fix by just setting up the connection correctly in the first place.

Maybe your VPN provider has a good reason, but we'd recommend you at least ask. Fire off a message to Support. If you get a positive message plausibly explaining why having 'Optional Encryption' improves your security, great; if you get excuses or 'this doesn't really matter', maybe it's time to switch to another provider on our best VPN list.

Click the Options tab. If the 'Remember my credentials' option is checked, and the Windows connection is persistent (it was visible when you opened the Network Connections window), that means your server login username and password is saved along with the other connection details.

That's a potential risk, as your credentials can be harvested by malware or anyone else with access to your system. NirSoft's Dialupass is a tiny tool which does this with ease.

(If you download Dialupass, don't be surprised if your antivirus warns that it's a threat. Some hackers embed the program in their own malware, so antivirus apps can raise the alarm if they spot it. But Dialupass itself has been around for 20 years, and is entirely safe.)

Don't panic if your 'Remember...' option is turned on. The risk is small, and your credentials probably haven't been exposed. But why should you have to worry, at all? All the top VPNs leave this option set to Off, and if yours does something differently, ask them why.

There are one or two other interesting options in the Properties box. Click the Networking tab, for instance, and look at the 'Internet Protocol Version 6 (TCP/IPv6)' item. If that's unchecked, it probably means your VPN app is trying to apply IPv6 leak protection... and that's a good thing!

There are other ways to block IPv6, though, so although we prefer to see the setting disabled, having it turned on doesn't necessarily mean you're exposed. Try the IPv6 leak test at IPV6Leak.com to find out more.

Click the General tab, too, and you'll find the name of the server your VPN is trying to access. Is it a host name you expect? Search Google for the name and sometimes you'll find it belongs to another VPN provider, maybe because your current provider is reselling their services.

A poorly set up Windows VPN connection doesn't automatically mean your details have been exposed to the world, but for us, it creates a really bad impression of the provider.

It's not even faintly difficult to set up the connection correctly, so we're left wondering, why is this provider not following best practice? Have they just not noticed? Aren't they concerned about risks if they're 'too small'? What else might they have 'forgotten' to do?

You could try to fix some of these issues with a few manual tweaks. Changing the Data Encryption from Optional to 'Maximum strength encryption (disconnect if server declines)', for instance, and it might stick.

There's a chance you'll cause other problems, though, if the connection isn't set up the way the VPN expects, so generally we'd recommend you don't bother. It's not your job to make a VPN safer, that's up to the provider, and if you don't think they're delivering, switch to someone else.

Today's top overall VPNs in full:

Read more:

See more here:
Is your Windows VPN connection as secure as you think? - TechRadar

Called Matrix, the platform will provide German developers with the infrastructure, tools and protocols to build custom-made applications for instant messaging.

A fast-growing open communication platform has been picked by the German healthcare system to support instant messaging between health professionals and organizations across the country.

Called Matrix, the platform will provide German developers with the infrastructure, tools and protocols to build custom-made applications that will let up to 150,000 healthcare organizations securely share messages, data, images and files.

The entire healthcare system in Germany, from hospitals through clinics and insurance companies, will switch to this homegrown communication and collaboration network, which was hailed as a milestone in the country's digital transformation.

Healthcare organizations and professionals have increasingly been turning to digital tools to exchange information. In Germany, for example, between 2018 and 2020, the number of medical practices using messenger services has doubled.

According to the country's national agency for the digitalization of the healthcare system gematik, however,this switch to digital tools has been done in silo, resulting in a lack of interoperability between different professionals and organizations, as well as a failure to comply with appropriate security and privacy standards for what is likely to be highly sensitive patient information.

This is why gematik turned to Matrix, an open-source project that is designed to let organizations take ownership of their communication tools. Instead of relying on applications that exist already, Matrix users can access open-source HTTP APIs and SDKs for iOS, Android and Web, to develop their own chat rooms, video conferencing and instant messaging tools.

It isn't the first time that the German government has elected Matrix to run country-wide public services. Last year, the start-up was called uponto provide collaboration tools for 500,000 users in the education system in the states of Schlesweig-Holstein and Hamburg.

This time around, gematik will be using Matrix to build TI-Messenger, a new standard for instant messaging in the German healthcare system. The healthcare industry will be able to use TI-Messenger to create a wide range of apps for health organizations and professionals to use and all of them will be interoperable.

Gematik anticipates that between 15 and 20 apps will be built off the back of TI-Messenger for users to pick from for their daily communications needs, which will be available to every healthcare provider and professional once they have been securely authenticated.

One of the major benefits of using the system is better oversight and management of sensitive data. All servers in the network will effectively be hosted in Germany, either in the application vendor's datacenters or within healthcare institutions' own infrastructure.

Matrix has also committed to embedding end-to-end encryption as the by-default method in all of the services built on top of the platform, in another push to better protect data.

"Each organization and individual will therefore retain complete ownership and control of their communication data while being able to share it securely within the healthcare system with end-to-end encryption by default,"said Matrix co-founder Matthew Hodgson in a blog post announcing the new deal.

Underpinning the company's mission statement is the objective of moving away from today's most popular digital collaboration tools, which according to Matrix's founders, require users to make huge concessions when it comes to privacy and security.

Many organizations currently rely on centralized platforms, often hosted in the US, for their most critical communications yet have very little control over how their data is treated.

Matrix presents itself as an alternative to what the company's founders describe as a form of vendor lock-in, by giving users the means to create their own communication networks in a way, just like anybody can currently create their own website on the internet.

The idea is resonating with many customers, and the number of Matrix users is increasing at pace. During the COVID-19 crisis, the company saw a ten-fold increase in demand, and it has now hit 30 million users. Matrix's open-source platform was used by the French government to build Tchap, an app now used by employees to communicate instead of Telegram and WhatsApp.

Gematik, for its part, has confirmed that work is already underway to build the country's new network of communication for healthcare providers. The first Matrix-compliant apps are expected to be licensed by the second quarter of 2022.

Visit link:
Germany's healthcare system is using this open source standard for encrypted instant messaging - ZDNet

Global E-mail Encryption Market 2021 by Company, Regions, Type and Application, Forecast to 2026 added by MarketsandResearch.biz offers research-based global study and analysis of the market. The report contains reliable market information based on current and future market conditions. The report displays a far-reaching consistent survey of the present situation of the market and, with the assistance of present information, and gives a forward-looking view of the way in which the global E-mail Encryption market will grow in a couple of years from 2021 to 2026.

The report provides an overview of all the leading players in the market, taking into account key factors such as performance, production, and portfolio product. This report provides an in-depth overview of the drivers and limitations available in the market. The research illuminates strategic production, revenue, and consumption trends for players to increase sales and growth in the global E-mail Encryption market.

DOWNLOAD FREE SAMPLE REPORT: https://www.marketsandresearch.biz/sample-request/202945

Top leading companies of market are:

The report also focuses on the latest developments, sales, market value, gross margin, and other important business factors of major players operating in the global E-mail Encryption market. Detailed market segmentation by product/application and by region is given. In addition, global and regional supply chain insight offers crucial information about retail suppliers, distributors, and key end-users. The study also outlines import-export scenarios, influencing forces, and other factors in order to completely and thoroughly explain market conditions.

On the basis of types, the global market is primarily split into:

On the basis of applications, the global covers:

The regional and country-level analysis covers:

ACCESS FULL REPORT: https://www.marketsandresearch.biz/report/202945/global-e-mail-encryption-market-2021-by-company-regions-type-and-application-forecast-to-2026

Crucial information on global E-mail Encryption market size, geographical presence, objectives, the market scope is included. Exhaustive information about new products, untapped geographies, recent developments, and investments in the market is given in the report. It also identifies significant trends, drivers, influence factors in global and regions. The report further recognizes noteworthy patterns and factors driving or representing the market development.

Customization of the Report:

This report can be customized to meet the clients requirements. Please connect with our sales team ([emailprotected]), who will ensure that you get a report that suits your needs. You can also get in touch with our executives on +1-201-465-4211 to share your research requirements.

Contact UsMark StoneHead of Business DevelopmentPhone: +1-201-465-4211Email: [emailprotected]Web: http://www.marketsandresearch.biz

See the original post:
Global E-mail Encryption Market Dynamics Analysis, Production, Supply and Demand, Covered in the Latest Research 2021-2026 - Digital Journal

You are dealing with a newer variant ofSTOP (Djvu) Ransomwareas explainedherebyAmigo-A(Andrew Ivanov). Since switching to the new STOP Djvu variants (and the release of .gero) the malware developers have been consistent on using4-letter extensions.

The.djvu* and newer variants will leave ransom notes named_openme.txt,_open_.txtor_readme.txt

Please read thefirst page(Post #1) of theSTOP Ransomware (.STOP, .Puma, .Djvu, .Promo, .Drume) Support TopicAND theseFAQsfor asummary of this infection, it's variants,any updatesandpossible decryption solutionsusing theEmsisoft Decryptor.

In regards tonew variants of STOP (Djvu) Ransomware...decryption of data requires anOFFLINE IDwith corresponding private key. There no longer is an easy method to get a private key for many of these newer variants andno way to decrypt files if infected with an ONLINE KEY without paying the ransom(which is not recommended)and obtaining the private keys from the criminals who created the ransomware. Emsisoft can only get a private key for OFFLINE IDs AFTER a victim has PAID the ransom, receives a key and provides it to them.

If infected with an ONLINE KEY, decryption is impossiblewithout the victims specific private key.ONLINE KEYS are unique for each victim and randomly generated in a secure manner with unbreakable encryption. Emsisoft cannot help decrypt files encrypted with the ONLINE KEY due to the type of encryption used by the criminals and the fact that there is no way to gain access to the criminal's command server and retrieve this KEY.ONLINE ID'sfor new STOP (Djvu) variants arenot supportedby theEmsisoft Decryptor

TheEmsisoft Decryptorwill also tell you if your files are decryptable, whether you're dealing with an "old" or "new" variant of STOP/Djvu, and whether your ID is ONLINE or OFFLINE.

Emsisoft has obtained and uploaded to their server OFFLINE IDs for many(but not all)of the new STOP (Djvu) variantsas noted inPost #9297and elsewhere in the support topic.

**If there is no OFFLINE ID for the variantyou are dealing with,we cannot help you unless a private key is retrieved and provided toEmsisoft. When and if the private key for any new variant is obtained it will be pushed to the Emsisoft server and automatically added to the decryptor. Thereafter, any files encrypted by the OFFLINE KEY for that variant can be recovered using theEmsisoft Decryptor. For now, the only other alternative to paying the ransom, is tobackup/save your encrypted data as is and wait for possible future recovery of a private key for an OFFLINE ID.

There is no timetable for when or if a private key for an OFFLINE ID will be recovered and shared with Emsisoft and no announcement by Emsisoft when they arerecovereddue tovictim confidentiality. That means victims should keep reading the support topic for updates orrun the decryptor on a test sample of encrypted files every week or twoto check if Emsisoft has been able to obtain and add the private key for the specific variant which encrypted your data.

** If an OFFLINE ID is available for the variant you are dealing with and your files were not decrypted by Emsisoft Decryptor, then you most likely were encrypted by anONLINE KEYand those files arenot recoverable(cannot be decrypted) unless you pay the ransom to the criminals and receive the private key.If infected with an ONLINE ID, theEmsisoft Decryptorwill indicate this fact under theResults Taband note the variant is impossible to decrypt.

You need to post any questions in the above support topic.If you have followed those instruction and need further assistance, then you still need to ask for help in that support topic.

Rather than have everyone with individual topics and to avoid unnecessary confusion, this topic is closed.

ThanksThe BC Staff

More:
ransomeware threat.files are encrypted with .moqs extension - Ransomware Help & Tech Support - BleepingComputer

The Global AES Encryption Software industry comprises numerous aspects and each has been shocked by the covid-19 crisis. The quarterly sales volume at regional and global level is also fluctuated. Some businesses have responded positively to the uncertainties while some have struggled to survive. This global AES Encryption Software market report examines the likely impact of covid-19 on the AES Encryption Software industry in the near term and current situation of the market with respect to reopening of the market. The report explores how the pandemic could fundamentally change the AES Encryption Software industry in the next ten years period. The report explores how the retailers, investors, and market players are adapting to the changing market environment. The report gives a short-term outlook of the global AES Encryption Software industry. The report has studied the epidemiological trends and effectiveness of thenew policy decisions by the regulatory authorities.

Request a sample of this report @https://www.orbisresearch.com/contacts/request-sample/4215463?utm_source=Rohit

This study covers following key players:

DellEsetGemaltoIBMMcafeeMicrosoftPkwareSophosSymantecThales E-SecurityTrend MicroCryptomathicStormshield

Key Manufacturers:

The report evaluates the performance of the key manufacturers based on their total annual revenue, total sales, global expansion, and customer reach. Moreover, the report highlights the market contribution of the key manufacturers to the global AES Encryption Software industry. The competitive intelligence about the key manufacturers is evaluated in the report. Their response to the changing market conditions, marketing strategies, technology developments, annual sales, and supply chain functions are detailed in the report.

Regional Analysis:

The vital factors pertinent to the regional analysis such as location, market size, and projections are taken into consideration. Moreover, the political, social and economic forces that are driving the regions are studied in the report. The global AES Encryption Software market report gives a better understanding of the regions by highlighting the evolving trends and the impact of the trends on the companies operating in the regions. The key market regions are studied comprehensively to examine the competitiveness of AES Encryption Software industry. The report provides valuable information of the market which is beneficial for all the market participants across the globe. Market companies operating in the regions are deeply studied and their developmental opportunities in the next five years.

Browse the complete report @ https://www.orbisresearch.com/reports/index/global-aes-encryption-software-market-size-status-and-forecast-2020-2026?utm_source=Rohit

Market segment by Type, the product can be split into

On-premisesCloud

Market segment by Application, split into

Disk EncryptionFile/folder EncryptionDatabase EncryptionCommunication EncryptionCloud Encryption

For Enquiry before buying report @ https://www.orbisresearch.com/contacts/enquiry-before-buying/4215463?utm_source=Rohit

Crucial Questions Answered In The Report:

Why Buy this Report?

The product specifications, annual revenue, investment cost, pricing structure, distribution channels, and marketing techniques of the leading players are provided in the report.

About Us:Orbis Research (orbisresearch.com) is a single point aid for all your market research requirements. We have vast database of reports from the leading publishers and authors across the globe. We specialize in delivering customized reports as per the requirements of our clients. We have complete information about our publishers and hence are sure about the accuracy of the industries and verticals of their specialization. This helps our clients to map their needs and we produce the perfect required market research study for our clients.

Contact Us:Hector CostelloSenior Manager Client Engagements4144N Central Expressway,Suite 600, Dallas,Texas 75204, U.S.A.Phone No.: USA: +1 (972)-362-8199 | IND: +91 895 659 5155

View original post here:
AES Encryption Software Market Growth in the Forecast Period of 2021 to 2026 With Top Companies: , Dell, Eset, Gemalto, IBM, Mcafee Domestic Violence...

Press Releases

07/29/2021

(Hartford, CT) Following an unnerving increase in the frequency and scale of ransomware attacks across the globeunderscored by the massive attack on software company Kaseya on the brink of the July 4th holiday weekendAttorney General William Tong is leading a bipartisan coalition of attorneys general in urging businesses and government entities to immediately assess their current data security practices and take appropriate steps to protect operations and consumer data.

Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Cybercriminals demand ransom in exchange for decryption, often threatening to sell or leak exfiltrated information if the ransom is not paid. Ransomware is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage on businesses and government entities alike.

Earlier this month, REvila Russian-linked cybercrime gangperpetrated the single largest global ransomware attack on record against the software company Kaseya. REvils supply-chain attack on Kaseyas VSA software is believed to have infected thousands of client systems in at least 17 countries. A wide variety of businesses and public agencies were victims of the massive attack. REvil demanded $70 million in cryptocurrency in exchange for decrypting all affected machinesbut in an usual twist, by July 14, the group had disappeared from the Internet, along with sites where it directed its victims to negotiate and receive decryption tools. Last week, Kaseya announced that it had obtained a decryption key through a trusted third party and strongly denied having paid any ransom. This was REvils second high-profile attack in recent weekshaving extorted $11 million from JBS Foods, the worlds largest meat-processor, last month.

More than ever information systems of American businesses are under attack, threatening not just consumer data, but critical infrastructure, Attorney General Tong said. The sad reality is that no one is saferegardless of size or whether you are in the public or private sectorand we all must act to protect our systems.

Attorney General Tong co-chairs the National Association of Attorneys Generals Internet Safety / Cyber Privacy and Security Committee, which serves as a resource for the attorney general community to discuss privacy issues. The Committee members joint advisory echoes a June 2, 2021 memo issued by Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology, titled What We Urge You To Do To Protect Against The Threat of Ransomware. The memo discusses the pressing threat that ransomware attacks pose to American businesses and government entities and recommends several best practices to respond to the threat and providing the following recommendations:

Implement the five best practices from the Presidents Executive Order: The Presidents Executive Order on Improving the Nations Cybersecurity outlines five high-impact best practices that will significantly reduce the risk of a cyberattack: multifactor authentication (because passwords alone are routinely compromised), endpoint detection and response (to hunt for malicious activity on a network and block it), encryption (so if data is stolen, it is unusable) and a skilled, empowered security team (to patch rapidly, and share and incorporate threat information in your defenses).

Backup your data, system images, and configurations, regularly test them, and keep the backups offline: Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems.

Update and patch systems promptly: This includes maintaining the security of operating systems, applications, and firmware, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program.

Test your incident response plan: There is nothing that shows the gaps in plans more than testing them. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?

Check your security teams work: Use a third-party penetration tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.

Segment your networks: There has been a recent shift in ransomware attacksfrom stealing data to disrupting operations. It is critically important that your corporate business functions and manufacturing/production operations are separated and that you carefully filter and limit internet access to operational networks, identify links between these networks, and develop workarounds or manual controls to ensure industrial control system (ICS) networks can be isolated and continue operating if your corporate network is compromised. Regularly test contingency plans such as manual controls so that safety critical functions can be maintained during a cyber incident.

All organizations face the threat of a ransomware attack. Guidance and resources from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) on how to guard your organization against ransomware attacks can be found here. CISA and the Federal Bureau of Investigation (FBI) have also issued specific guidance for managed service providers (MSPs) and their customers affected by the Kaseya ransomware attack, discussed above. This guidance can be found here.

The National Institute of Standards and Technology (NIST) also provides guidelines and best practices for organizations to manage and reduce cybersecurity risk, which can be found here.

Victims of ransomware should report it immediately to CISA, a local FBI Field Office, or Secret Service Field Office. Victims should also file a report online through the Internet Crime Complaint Center (IC3).

Attorney General Tong is joined by the attorneys general of Arizona, Colorado, Hawaii, Guam, Mississippi, North Dakota and Utah.

Elizabeth Bentonelizabeth.benton@ct.gov

860-808-5318attorney.general@ct.gov

See more here:
AG Tong Alerts Businesses and Government Entities to Protect Operations and Personal Information - CT.gov

Indeed, Amazon has confirmed to Business Insider that it is going to accept cryptocurrencies, but did not reveal when exactly this is set to happen. Business Insiderhas foundan Amazon job listingthat seeks a leader who will develop the retailers Digital Currency and Blockchain strategy as well as a product roadmap. The future employee of Amazon will be a part of The Amazon Payment Acceptance & Experience Team is responsible for how Amazons customers pay on Amazons sites and through Amazons services around the globe, which pretty much implies that one of the worlds biggest retailers will start accepting cryptocurrency as payments sometimes in the future.

Amazon used to be pretty sceptic about cryptocurrencies back in 2017 due to lack of demand, but as more people start using cryptocurrencies to keep their savings or make investments, there are obviously enough parties interested in using various digital coins for payments and avoid their conversion to real money.

Weare inspired by the innovation happening in the cryptocurrency space and are exploring what this could look like on Amazon,a statement by Amazon reads. We believe the future will be built on new technologies that enable modern, fast, and inexpensive payments, and hope to bring that future to Amazon customers as soon as possible.

What remains to be seen is how Amazon plans to mitigate volatility of cryptocurrencies like Bitcoin that can fluctuate significantly even during a week. Perhaps, the company will simply convert Bitcoins to real money quickly. Alternatively, it may attempt to make some additional profits by waiting till a digital currency goes up in price.

But no matter what Amazon will do with cryptocurrencies it gets as payments, the very idea that such a large retailer will accept cryptocurrencies increases their value and makes some of the holders richer.

Disclaimer: If you need to update/edit this news or article then please visit our help center.

Read more from the original source:
Amazon prepares to accept bitcoins and develop an encryption strategy - BollyInside

Delteks Federal Cloud Computing Market, 2020-2022 Report predicts federal cloud investments will reach $7.8 billion by fiscal 2022.For government agencies, migrating resources to the cloud increases flexibility, efficiency and promises enhanced security features.But in a cloud-centric world, security is increasingly complex. While security tools do exist within platforms, users may accidentally or unknowingly disable security features.

Additionally, cloud-based applications must be protected from cloud infrastructure attacks, including insider threats.This requires encrypting data at rest and end-to-end encryption for data-in-transit. Taking it a step further than encryption itself, agencies must consider security and access to the keys used to encrypt data.

Have You Seen My Keys?

When employing a cloud solution, agencies may enlist multiple providers to create a multi or hybrid cloud environment. Utilizing multiple clouds can mean encryption keys end up stored in more than one location across various infrastructures, enhancing the risk of the keys falling into the hands of a bad actor.

In the same way we use a key to lock valuable assets in a safe deposit box, agencies can lock up encryption keys for personally identifiable information, such as email addresses and mobile device management credentials. Locking encryption keys grants agencies the ability to control access to keys, manage key rotation and handle data within a specific region, which is especially helpful in government, as agencies face FISMA compliance regulations.

The cloud will continue to grow in importance for federal agencies and the time is now to ensure the government cloud is as secure as possible. The Cloud Security Alliance recommends encrypting data in the cloud and managing the encryption keys on-premises within a FIPS-certified boundary. Keys should be managed and secured in a FIPS 140-2 certified key manager.

Tamper-resistant FIPS 140-2 Level 3 Hardware Security Modules provide the highest level of security against internal and external threats that may result from an increased number of endpoint devices connecting to resources via the cloud.

Cloud Encryption and Mobile Applications

Cloud-based applications often connect directly to mobile and other endpoint devices. By processing and storing data on the cloud, mobile applications can function more efficiently, extending battery life and improving reliability. However, with multiple cloud applications connecting to agency resources through mobile devices, the threat landscape is greatly expanded.

Cloud-based applications on mobile devices can also serve as entry points for bad actors through malicious apps, mobile phishing and more. As such, encryption and other cloud security must extend to mobile.

Protection on mobile devices needs to include, but go beyond, cloud encryption for comprehensive mobile endpoint security. Precautions, such as user education and a zero-trust policy that extends to mobile, can ensure mobile devicesand the information they contain stay safe.

To fully protect an agency and its information, mobile security needs to protect applications, networks and devices from phishing and other mobile threats. While workers may be able to identify phishing attacks on desktops or laptops, it becomes much more difficult on mobile devices. Attacks may be harder to spot due to small screen size and layout of a mobile device but can gain the same access to agency data if successful.

Cloud Is Here to Stay

As agencies continue to prioritize cloud in a government, the ability to manage encryption keys offers assurance that sensitive data can never be accessed or controlled by unauthorized individuals. This includes apps on mobile endpoint devices, which constantly communicate with the cloud, transferring data to and from the device. Mobile security must extend to the cloud, keeping agencies and the devices accessing their resources protected from cybercriminals and malicious nation-states as attacker strategies evolve.

Tim LeMaster is vice president ofWW Systems Engineering at Lookout.

Go here to read the rest:
Leveraging Encryption Keys to Better Secure the Federal Cloud - Nextgov