The encryption platform TrueCrypt has been an unsupported application for a while, meaning that its developers no longer provide updates to the system, but unfortunately many consumers are still using this product. As of recently, this was just behavior frowned upon by security professionals. Now that a Google team, specifically Project Zero and James Forshaw (a security researcher) found two holes within the software related to the escalation of privileges, it has been deemed no longer safe. Exploiting this vulnerability would allow an attacker to have full reign of the machine and its data, thus rending the encryption of information unless.
Basically, if an organization is using TrueCrypt to encrypt data, they are not really keeping their information secure. TrueCrypt is a product with a great price tag, but unfortunately is not the product to help lock down a machine. Engadget recommends VeraCrypt and CipherShed as alternatives, due to the fact that their bug has already been patched, and they are also easy on the wallet. These two versions are also open source relatives of TrueCrypt, so they are similar in nature.
Have a question?
If you have any further questions regarding this information or are looking for advice on security best practices, please contact a certified GraVoc employee.
In this blog post, we provide five cybersecurity awareness tips for employees to help them practice better cyber hygiene and defend sensitive data.
Click here to access KnowBe4’s FREE Resource Kit containing resources to share with employees throughout Cybersecurity Awareness Month!
We explore the top 3 red flags of phishing that businesses & employees should be aware of in order to recognize & mitigate a threat.