VeraCrypt security audit reveals many flaws, some already patched

VeraCrypt, the free, open source disk encryption software based on TrueCrypt, has been audited by experts from cybersecurity company Quarkslab. The researchers found 8 critical, 3 medium, and 15 low-severity vulnerabilities, and some of them have already been addressed in version 1.19 of the software, which was released on the same day as the audit report. The code auditing effort analyzed VeraCrypt 1.18 and its bootloaders. “A first step consisted in verifying that the problems … More Continue reading VeraCrypt security audit reveals many flaws, some already patched

How the EFF was pushed to rethink its Secure Messaging Scorecard

As good as the idea behind Electronic Frontier Foundation’s Secure Messaging Scorecard is, its initial version left much to be desired. The idea was to provide a guideline for users of communication technologies like chat clients, text messaging apps, emails apps, and technologies for voice and video calls, on which of those offerings might be more secure to use than others. Unfortunately, the seven criteria on which the EFF evaluated the solutions were simply not … More Continue reading How the EFF was pushed to rethink its Secure Messaging Scorecard

75% of the top 20 US banks are infected with malware

SecurityScorecard released its 2016 Financial Cybersecurity Report, a comprehensive analysis that exposes cybersecurity vulnerabilities across 7,111 global financial institutions including investment banks, asset management firms, and major commercial banks. Among the report’s findings are the following observations: The US Commercial bank with the lowest security posture is one of the top 10 largest financial service organizations in the US (by revenue). Only one of the top 10 largest banks, Bank of America, received an overall … More Continue reading 75% of the top 20 US banks are infected with malware

Google open sources vendor security review tool

Google has open sourced its Vendor Security Assessment Questionnaire (VSAQ) Framework with the hope that other companies and developers could use it to improve their vendor security programs and/or posture. “VSAQ is an interactive questionnaire application. Its initial purpose was to support security reviews by facilitating not only the collection of information, but also the redisplay of collected data in templated form,” the company explained. “At Google, questionnaires like the ones in this repository are … More Continue reading Google open sources vendor security review tool