US-Regulierer erinnert Tech-Konzerne an #Datenschutz im Ausland | heise online https://www.heise.de/news/US-Regulierer-erinnert-Tech-Konzerne-an-Datenschutz-im-Ausland-10574114.html #privacy #DigitalServicesAct #DSA #OnlineSafetyAct #DSGVO #GDPR #Verschlüsselung #encryption #Zensur #censorship #E2EE #EndToEndEncryption #End2EndEncryption #FTC #FederalTradeCommission
File Encryption with JavaScript.
I've been exploring the #WebCryptoAPI and I'm impressed!
When combined with the #FileSystemAPI, it offers a seemingly secure way to #encrypt and #store files directly on your device. Think #localstorage, but with #encryption!
I know #webapps can have #security vulnerabilities since the code is served over the web, so I've #OpenSourced my demo! You can check it out, and it should even work if #selfhosted on #GitHubPages.
Live Demo: https://dim.positive-intentions.com/?path=/story/usefs--encrypted-demo
Demo Code: https://github.com/positive-intentions/dim/blob/staging/src/stories/05-Hooks-useFS.stories.js
About the Dim framework:
https://positive-intentions.com/docs/category/dim
IMPORTANT NOTES (PLEASE READ!):
* This is NOT a product. It's for #testing and #demonstration purposes only.
* It has NOT been reviewed or audited. Do NOT use for sensitive data.
* The "password encryption" currently uses a hardcoded password. This is for demonstration, not security.
* This is NOT meant to replace robust solutions like #VeraCrypt. It's just a #proofofconcept to show what's possible with #browser #APIs.
"The centerpiece of the Thunderbird Pro offering is Thundermail, Thunderbird’s first official email hosting service. Built to support IMAP, SMTP, and JMAP protocols from day one, Thundermail will work seamlessly with the Thunderbird client and other standards-based email apps. Notably, the initial infrastructure will be based in Germany, a jurisdiction known for its robust data protection laws under the GDPR framework and a long-standing culture of digital privacy.
Locating Thundermail’s infrastructure in Germany positions the service as a privacy-focused alternative to US-based providers, many of which are subject to surveillance regimes like the CLOUD Act. Users will be able to bring their own custom domain or choose a Thunderbird-provided address with @thundermail.com or @tb.pro suffixes.
Thunderbird describes this move as part of its broader mission to reinforce support for open standards and provide users with a cohesive, privacy-conscious email experience, entirely within its own ecosystem."
https://cyberinsider.com/thunderbird-to-launch-encrypted-email-service-hosted-in-germany/
Interesting blog about creating a fully encrypted cloud storage on nextcloud.
https://community.hetzner.com/tutorials/encrypted-private-nextcloud-VPS-and-storagebox
#cybersecurity #nextcloud #encryption #cloud
This week's net.wars, "Email to Ofgem", finds the US declaring victory over the UK Home Office's demand that Apple weaken its encryption, and emails OfGem to oppose Tesla's application to enter the UK energy market: https://netwars.pelicancrossing.net/2025/08/22/email-to-ofgem/ #Apple #encryption #ukpol #energy
Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture – Source: www.schneier.com https://ciso2ciso.com/jim-sanborn-is-auctioning-off-the-solution-to-part-four-of-the-kryptos-sculpture-source-www-schneier-com/ #rssfeedpostgeneratorecho #historyofcryptography #SchneierOnSecurity #SchneieronSecurity #CyberSecurityNews #Uncategorized #Encryption #CIA
StartMail promotes making PGP encryption easy with just one click to encrypt email.
CLARIFICATION
Webmail client supports PGP.
PGP is implemented server-side.
Server-side does not support end-to-end encryption.
SUMMARY
Server-side PGP is more secure than plaintext email.
Client-side PGP is more secure than server-side.
ALTERNATIVE
Thunderbird desktop client: https://mastodon.online/@blueghost/111891560151967986
Website: https://www.startmail.com
Lumo 1.1 is out: a faster, more capable AI assistant with zero-access encryption & open source apps. Claims 200%+ improvement in reasoning and better privacy than Big Tech AIs. 
Anyone here actually using Lumo? Is it really private and secure in practice? Curious what others think. 
Tails 6.19 is out
– Tor Browser updated to 14.5.6 
– Tor client updated to 0.4.8.17 
– Thunderbird updated to 128.13.0 
– Fixed: false error when configuring Tor bridges 
Automatic upgrades from 6.0+ supported. Manual install also available. Persistent Storage preserved only on upgrade. 
New Variant of ACRStealer Actively Distributed with Modifications
A modified version of the ACRStealer infostealer is being actively distributed, featuring enhanced detection evasion and analysis obstruction techniques. The malware uses the Heaven's Gate technique for executing x64 code in WoW64 processes and implements low-level NT functions for C2 communications. It employs domain disguising, self-signed certificates, and data encryption. Recent variants have introduced random string paths for exfiltration and changed the configuration request method. ACRStealer, now rebranded as AmateraStealer, can steal sensitive information from various sources and install additional malware. The ongoing feature updates make it one of the most active infostealer variants, posing a significant threat to users.
Pulse ID: 68a746627dcb5238c0b6cf9b
Pulse Link: https://otx.alienvault.com/pulse/68a746627dcb5238c0b6cf9b
Pulse Author: AlienVault
Created: 2025-08-21 16:16:34
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Tracking GLOBAL GROUP Ransomware from Mamona to Market Scale
A new ransomware actor, GLOBAL GROUP, emerged on the Ramp4u cybercrime forum in June 2025, claiming to offer a fresh Ransomware-as-a-Service (RaaS) platform. However, forensic evidence reveals that GLOBAL is a rebranded continuation of the Mamona RIP and Black Lock ransomware families. The ransomware, built in Golang, supports cross-platform execution and uses ChaCha20-Poly1305 encryption. It features a dual-portal model for leak site viewing and negotiations, with an AI-powered chatbot for automated communication. The group's infrastructure mistakes exposed backend SSH credentials and real IP addresses. GLOBAL relies on Initial Access Brokers for network infiltration and offers a full-featured affiliate portal for custom payload generation.
Pulse ID: 68a7465dffe0f0d5bcc3161b
Pulse Link: https://otx.alienvault.com/pulse/68a7465dffe0f0d5bcc3161b
Pulse Author: AlienVault
Created: 2025-08-21 16:16:29
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#China cut itself off from the global #internet on Wednesday • The Register
#GreatFirewall took out all traffic to #port443 at a time #Beijing didn't have an obvious need to keep its #netizens in the dark
#firewall #censorship #443 #security #encryption
https://www.theregister.com/2025/08/21/china_port_443_block_outage/
APT MuddyWater Targets CFOs with Multi-Stage Phishing & NetBird Abuse
A sophisticated spear-phishing campaign, likely linked to APT MuddyWater, is targeting CFOs and finance executives across multiple continents. The attackers use Firebase-hosted phishing pages with custom CAPTCHA challenges, malicious VBS scripts, and multi-stage payload delivery to deploy NetBird, a legitimate remote-access tool, for persistent system control. The campaign employs social engineering tactics, impersonating a Rothschild & Co recruiter to lure victims. Analysis revealed evolving infrastructure, updated payload paths, and overlaps with known MuddyWater activities. The attackers abuse legitimate tools like NetBird and AteraAgent for remote access and monitoring, while using sophisticated techniques such as AES encryption and math-based CAPTCHA lures to evade detection.
Pulse ID: 68a6cc4ca8c0e77008166455
Pulse Link: https://otx.alienvault.com/pulse/68a6cc4ca8c0e77008166455
Pulse Author: AlienVault
Created: 2025-08-21 07:35:40
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture https://www.schneier.com/blog/archives/2025/08/jim-sanborn-is-auctioning-off-the-solution-to-part-four-of-the-kryptos-sculpture.html #historyofcryptography #Uncategorized #encryption #CIA
Product showcase: iStorage datAshur PRO+C encrypted USB flash drive https://www.helpnetsecurity.com/2025/08/21/product-showcase-istorage-datashur-proc-encrypted-usb-flash-drive/ #Productshowcase #datasecurity #encryption #Don'tmiss #hardware #iStorage #storage #backup #News
"Parents who find Signal on their child's phone should contact the police." - Petra Lundh, Sweden's National Police Commissioner
I don’t know what’s worse: if they actually believe this, or if they’re deliberately trying to fool the masses. Both are terrifying.
Framing a basic right to private communication as a danger isn’t just careless, it’s harmful.
What’s next? Criminals drive cars, call us if you see one.
#Discover #DeltaChat: The #app that changes #messaging without the hassle and with real #security. 
- Uses your #email (no #phone numbers or new accounts!). 
- Automatic #encryption (just like the pros!).
- ZERO #ads, ZERO #tracking, ZERO mystery! 
The best part? It's super easy to use! Install and go? Exactly! 
Don't wait for your privacy to be compromised. Activate NOW!
Click here & download FREE in 1 minute:
https://delta.chat
New video is live: https://youtu.be/WX3tB00TVaI
Politicians in the EU, UK & US are pushing laws like Chat Control, KOSA & Online Safety Acts that break encryption & demand internet ID. Here’s why that’s dangerous.
#Britain Drops Request That #Apple Create a #BackDoor
The #Trump administration says that law enforcement organizations in Britain would back off asking the company for a tool to access customers’ data.
#privacy #encryption
https://www.nytimes.com/2025/08/19/technology/britain-apple-back-door.html
The U.K. backs down on demands for a backdoor to Apple’s encrypted iCloud data, preserving privacy for users worldwide.
The move protects civil liberties and avoids weakening security for millions. 
Will this set a precedent for future government access requests to encrypted data?
