Police specialists in Belgium managed to crack an encrypted messaging service, revealing detailed information about cocaine shipments into Antwerp, Belgium. Belgian police issued a statement this week saying they seized several shipments of cocaine with a street value of 1.4 billion euros ($1.65 billion) after cracking the encryption algorithm of Sky ECC, a supplier of modified phones designed for ultra-private communications. Since Feb. 20, police systematically seized a total of 27.64 tons of cocaine at the port of Antwerp, including a record shipment of almost 11 tons overnight from 2-3 Ap ..read more

A joint operation headed by European and British law agencies dismantled the Encrochat messaging service, leading to the arrests of more than 100 people as well as the seizure of numerous weapons and ammunitions, drugs and millions in criminal funds. Encrochat was an instant messaging service with a twist. It was an application deployed on custom-build Android devices that had the camera, microphone and GPS removed. The idea was to make it difficult for law enforcement to track the users. The devices were running dual operating systems, and allowed users to wipe data remotely if they lost the ..read more

Zoom announced that end-to-end encryption (E2EE) will be available to all users, free and premium, marking a shift in strategy at the US company. One of the more controversial measures announced by Zoom a few weeks ago was related to their end-to-end encryption (E2EE) option and the company’s decision to only offer the feature to paying customers. The main reason pertained to security, as the implementation of E2EE would make it difficult to identify Zoom bombers and other similar infractions. Their decision wasn’t received with open arms, and the company continued to look for a solution, hel ..read more

Security researchers found a couple of vulnerabilities affecting the chat features of the popular video conferencing app Zoom that, if exploited, would have let attackers achieve arbitrary code execution. While the mere mention of Zoom makes people think of video conferencing, the application has a number of other features that can harbor vulnerabilities. In fact, a couple of critical flaws were identified by Cisco researchers in the Chat feature; either would have been enough to give attackers a way to execute code remotely. The first one, dubbed CVE-2020-6109, is an exploitable path travers ..read more

The Signal messaging app is getting a new security feature called Signal PINs, allowing users to secure their cloud-stored information in a way not available to anyone else, and that includes the company making the app. More and more messaging apps are using true encrypted communications, so it’s no longer an exotic feature. But what happens with that data when a user changes the phone or reinstalls the operating system? It relies on the company building the app to store profile information, and that means that private data could be available to other parties as well. The new Signal PIN comes ..read more

The group behind the Shade ransomware has closed up shop and distributed around 750,000 decryption keys, along with decryption software, apologizing to everyone that was affected by their malware. There are numerous types of ransomware in use today, and Shade was one of them for more than half a decade. Also known under the name of Troldesh, it’s been around since around 2014, and was mainly deployed in Russia, the United States, Japan, parts of Europe, Canada, and a few other countries. Shade activity was a constant in the past few years, but it slowed down by the end of 2019. The reason for ..read more

A certificate authority named Let’s Encrypt found a bug in code used to generate certificates and was forced to revoke millions of certificates, leaving websites very little time for renewal. When a user visits a site that has an invalid certificate, a warning is displayed that it’s not safe. While it might not pose a threat to people visiting the website, the affected pages will project a feeling of insecurity to users, troubling businesses. A customer who has no idea what a certificate is or why they’re being warned that it’s not safe to be there could easily get spooked. Let’s Encrypt is a ..read more

The developers of Thunderbird, one of the most-used free email clients in the world, plan to implement OpenPGP support in 2020. Thunderbird used to be made by Mozilla, but the company dropped it a few years ago, and the community took over the project. The email client is still using some of Firefox’s infrastructure. Since Thunderbird is an open-source and cross-platform email client, it would make sense to bundle GnuPG software, but the differences in licenses make that impossible (MPL version 2.0 vs. GPL version 3+).  The devs have to look for another solution, and the only to make it ..read more

Perhaps we should all change our Facebook passwords to play it safe, following news that Facebook kept, from as early as 2012, “hundreds of millions” of user account passwords in plain text, making them available to some 20,000 employees, writes KrebsOnSecurity following a tip from a source at Facebook. According to Brian Krebs, Facebook is looking into a number of application “security failures” that led to the logging and storage of unencrypted password data on the internal network. This glitch may have affected between 200 million and 600 million accounts, but the company is still investig ..read more

Researchers at Netherlands-based Radboud University, which is active in almost all scientific fields, have discovered grave security flaws in several popular solid-state drives (SSD) that promise full disk encryption. In a nutshell, they can be cracked. Self-encrypting drives are regarded as very safe to use, and they are — unless those drives can be found in the list below: Crucial (Micron) MX100, MX200 and MX300 internal hard disks Samsung T3 and T5 USB external disks Samsung 840 EVO and 850 EVO internal hard disks The Radboud geeks found that the Windows BitLocker software encryption tru ..read more