Skype will soon join the likes of Facebook Messenger, Apple's iMessage, and WhatsApp by introducing end-to-end encryption, a method of communication that adds an extra layer to conversations by ensuring only the communicating users can read the messages. Skype, Microsoft’s messaging service that boasts nearly 300 million months users, will take advantage of the Signal Protocol, a non-federated cryptographic protocol co-authored by Moxie Marlinspike, the founder of Open Whisper Systems, four years ago. Joshua Lund, a developer with Signal announced the news in a blog on Thursday. Skype users will be able to use the encryption in a forthcoming feature, Private Conversations, already available to users of Skype Insider, a beta build of the app Microsoft makes available to interested parties on its site. It’s unclear when the feature will make it to the final build of Skype. For now only 8.13.76.8, the most recent version of Skype Insider for Android, iOS, Linux, Mac, and Windows includes end-to-end encryption. The feature only works if other users have the same version of the app; it does not work for video or group chats yet. Users will have to work a little harder to user the feature in Skype; it's not being rolled out by default. According to the company users will have to tap or click the "+" icon and select "New Private Conversation." Assuming the user accepts the invitation, a private conversation will start. The conversation will only remain confidential on that device, meaning users can't expect to carry over one chat from their iPhone to their Macbook and expect it to remain encrypted. While the functionality, at least for the moment, is a bit limited, privacy advocates, like the Electronic Frontier Foundation, called the move a step in the right direction this week while encouraging Microsoft deploy the feature by default. Communication tools and platforms should implement end-to-end encryption as the default, rather than an option. — EFF (@EFF) January 12, 2018 Joshua Franco, Head of Technology and Human Rights at Amnesty International had similar sentiments. “It is about time that Microsoft takes its users’ privacy seriously, and we are now calling on the company to roll out default end-to-end encryption for all Skype communications,” Franco said, “Companies who don’t install full encryption are effectively handing the keys to cyber criminals and intrusive state surveillance agents. As more and more communications move online, it is up to companies to demonstrate they are on the side of human rights – the future of freedom of expression is partly in their hands.”

Failing to patch the Meltdown and Spectre processor flaws could expose organizations to steep fines under the EU’s General Data Protection Regulation (GDPR) officials in the UK have warned.

Western Digital recently fixed a series of vulnerabilities in its My Cloud devices that could have let an attacker execute code and remotely takeover the devices.

15 security experts discuss the top three free security tools every infosec pro should use.

Learn about fileless malware and how to protect against this threat in Data Protection 101, our series on the fundamentals of information security.

Studies show that U.S. consumers are worried about data breaches, but assume they’re not affected by them.

Homeland Security Advisor Thomas Bossert pinned WannaCry on North Korea in a Wall Street Journal op-ed Monday night.

Mobile security researchers discovered two new strains of Android malware, Loapi and GnatSpy, on Monday.

Learn about Adware, how it works, and how you can protect yourself against it in Data Protection 101, our series on the fundamentals of information security.

A database containing more than 1.4 billion stolen passwords exposes the collective shame of weak passwords and password reuse.

30 infosec pros discuss the top information security concerns for 2018 and beyond.

Apple says it plans to fully resolve a vulnerability in HomeKit, its internet of things framework, that could have allowed an attacker to commandeer IoT accessories like smart locks and garage door openers, later this week.The vulnerability, identified and disclosed last Thursday by daily Apple news site 9to5Mac. Apple reportedly fixed the vulnerability with a server-side fix last week but plans to update iOS 11.2 later this week to “resolve any broken functionality” the fix may have introduced.It will be the ninth update iOS 11 has received since debuting in September. The company fixed the KRACK vulnerability - a flaw that could have let an attacker in range of a victim's WiFi network to read encrypted traffic - in iOS 11.1. The company fixed a glitch that plagued iOS' keyboard a week later with iOS 11.1.1. While it wasn’t malicious, the bug, which replaced the letter "I" and other vowels with "A[?]," was widely viewed as a nuisance by users.According to 9to5Mac Apple was informed of the HomeKit vulnerability in late October but didn’t push a fix for the issue, along with other vulnerabilities, until iOS 11.2 and watchOS 4.2 were released four days ago.The publication didn’t get into details around the vulnerability; it only said it was difficult to reproduce and in order to exploit it an attacker would need at least one device on iOS 11.2, connected to the HomeKit user's iCloud account. 9to5Mac hints the vulnerability could have granted full access to any smart home product that works with HomeKit but that the most dangerous outcome could be the remote control of smart locks and connected garage door openers.HomeKit, released in 2014, allows Apple users to turn off their lights with Siri, turn up music on their HomePod, lock doors, control cameras, doorbells, humidifiers, and control a slew of other IoT devices.In a statement provided to 9to5Mac and other publications last week the company said HomeKit users may have difficulties if they had remote access to shared users enabled, at least until the update arrives later this week:“The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”It’s the second major security issue to affect Apple in the last two weeks. At the end of November the company was forced to issue an emergency software update to remediate a critical bug in macOS High Sierra, its latest operating system, that could have let anyone login to a machine as a root without a password.

Learn about PGP encryption as well as the benefits of using it to secure your private messages in Data Protection 101, our series on the fundamentals of information security.

Legislation filed last week would require companies to notify consumers of data breaches within 30 days and make it a crime punishable by as much as five years in prison for knowingly concealing them.

19 security pros discuss the most important cybersecurity metrics that your organization should measure.

Macro malware is making a comeback. Learn how to identify potential threats and how to protect yourself against macro malware attacks in Data Protection 101, our series on the fundamentals of information security.

Learn about the General Data Protection Regulation (GDPR) and the requirements for compliance in Data Protection 101, our series on the fundamentals of information security.

Firewalls are a standard security tool for the majority of companies, but in today’s changing threat landscape, next generation firewalls are the only firewalls that can provide proper protection.

16 infosec pros and security experts discuss the top information security considerations for manufacturers today.

A banking Trojan, BankBot, snuck past Google Play's protections last month to target Wells Fargo, Chase, and Citibank customers on Android devices worldwide.