All news with #encryption in transit tag

🔒 Amazon Aurora MySQL-Compatible Edition now supports community MySQL 8.4, aligning Aurora version numbers with community releases and managing underlying patches for customers. The release enforces stronger security defaults—TLS 1.2/1.3 only and caching_sha2_password for new accounts—and offers customizable password validation via DB cluster parameter groups. Automated upgrade prechecks reduce upgrade risk, and multiple upgrade and migration paths are supported, including Blue/Green Deployments and AWS DMS.

🔒 Discord has enabled default end-to-end encryption (E2EE) for all voice and video calls after completing the deployment in March. The company extended the open-source DAVE protocol across desktop, mobile, web browsers, PlayStation, Xbox and Discord SDKs, and is removing legacy unencrypted fallback code. The encryption layer now covers DMs, group DMs, voice channels and Go Live streams, while Stage channels remain excluded. Discord says it has no current plans to apply DAVE to text due to major engineering constraints tied to its existing messaging architecture.

🔒 Apple and Google have initiated a beta rollout of end-to-end encrypted RCS messaging between iPhone and Android devices, closing a long-standing interoperability gap. The feature requires iOS 26.5 on supported iPhones and the latest Google Messages on Android, with carrier activation determining availability. Encryption is enabled by default, marked by a lock icon, and the rollout implements the GSMA Universal Profile 3.0 with MLS.

🔐 Apple released iOS 26.5, adding beta support to enable end-to-end encryption for RCS messages across iPhone and Android devices when used with supported carriers and the latest Google Messages. The feature is enabled by default for new and existing conversations and displays a lock icon to indicate encryption. Apple and GSMA say this is part of a cross‑industry effort to modernize SMS. The update also patches over 50 vulnerabilities in iOS and iPadOS.

🔐 AWS Elastic Beanstalk now supports configuring TLS listeners for environments that use a Network Load Balancer. You can attach an SSL/TLS certificate and select a security policy so the load balancer terminates encrypted connections and forwards decrypted traffic to instances. TLS listener settings are configurable via the Elastic Beanstalk console or CLI, and the feature is available in all regions that support Beanstalk and NLBs.

🔒 Cloudflare has made post-quantum encryption generally available for Cloudflare IPsec using hybrid ML‑KEM (FIPS 203), implementing draft-ietf-ipsecme-ikev2-mlkem. The rollout enables site-to-site WAN tunnels protected against harvest-now-decrypt-later attacks and has been tested interoperably with Cisco and Fortinet branch connectors. This brings post-quantum IPsec closer to Internet-scale deployment and supports Cloudflare’s goal of full post-quantum security by 2029.

🔒 AWS Managed Microsoft AD can now forward Kerberos Encryption audit event logs (Event IDs 201–209) to Amazon CloudWatch Logs. These logs provide visibility into whether clients and services negotiate RC4 or AES encryption, helping you decide whether to upgrade clients for stronger protection or retain compatibility. Enable log forwarding from the directory's Network and Security tab in the Directory Service console. This feature is available in all AWS Regions offering the service except UAE and Bahrain.

🔐 Google has extended client-side encryption (CSE) for Gmail to Android and iOS for organizations using the Enterprise Plus with Assured Controls edition. Messages and attachments are encrypted on-device with customer-managed keys and require admins to enable the mobile clients in the CSE admin console. The feature is opt-in, requires premium licensing, and disables some Gmail capabilities (including AI features and full search) for encrypted content. Non-Gmail recipients receive a secure web portal to read and reply.

🔐 Google has rolled out native end-to-end encryption for Gmail on Android and iOS, allowing enterprise users to compose and read encrypted emails without installing extra apps. The capability uses client-side encryption (CSE) and is available to organizations with Enterprise Plus licenses plus the Assured Controls add-on after admins enable mobile clients. Encrypted messages and attachments are encrypted on the device and delivered as regular emails, and recipients using other services can read them in a web browser.

📧 Amazon Simple Email Service Mail Manager now supports optional TLS (including STARTTLS) and certificate-based mutual TLS (mTLS) on Ingress Endpoints, plus two new rule actions: Invoke Lambda function and Bounce. These additions let organizations preserve compatibility with legacy email systems while implementing stronger authentication and custom processing workflows. The Invoke Lambda action enables direct serverless email processing and automation, and the Bounce action issues RFC-compliant SMTP responses to senders. The features are available today in all Regions offering SES Mail Manager except the Middle East (UAE and Bahrain).

🔒 AWS VPC Encryption Controls is now available in AWS GovCloud (US-East) and GovCloud (US-West). The feature lets security teams enable monitoring and enforcement of encryption in transit across existing VPCs, automatically identifying flows that permit plaintext. It transparently activates hardware-based AES-256 encryption across VPC resources (including Fargate, NLB, and ALB) and produces audit logs to help demonstrate compliance with standards such as HIPAA, PCI DSS, FedRAMP, and FIPS 140-2.

🔒 Proton has launched Meet, a privacy-focused video conferencing service offering end-to-end encrypted calls as an alternative to mainstream platforms. Meet supports free one-hour meetings with up to 50 participants and offers a Pro tier starting at $7.99/month for longer sessions. The service uses the open-source MLS protocol, WebRTC with SFUs, and client-side encryption; authentication relies on SRP. Meetings are created via links containing an ID and locally held passwords, and Proton says it retains only non-sensitive meeting IDs, minimizing exposure even in server compromises.

🔒 US organizations should begin operationalizing post-quantum cryptography now to protect long-lived secrets and meet an emerging 2030 readiness horizon. With NIST finalizing initial PQC standards in 2024 and agencies like NSA and CISA aligning guidance, a pragmatic hybrid strategy—pairing existing classical algorithms (ECDHE/TLS) with post-quantum primitives such as ML-KEM—reduces long-term confidentiality risk while preserving interoperability. Start with a comprehensive crypto inventory tied to data value, pilot internal mTLS, VPN and code-signing migrations in a lab, improve crypto agility, add telemetry for rollout metrics, and add PQC requirements into procurement to buy time and avoid last-minute disruption.

📡 AWS has opened a new AWS Direct Connect location at Equinix SY5 in Sydney, Australia. From this site you can establish private, direct network access to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones. The location supports dedicated 10 Gbps and 100 Gbps connections and offers MACsec encryption. This is the fourth Direct Connect site in Sydney and the tenth in Australia, providing a more consistent private networking option than the public internet.

🔒 Meta will discontinue support for end-to-end encryption for Instagram chats after May 8, 2026, and says affected users will receive instructions to download any messages or media they wish to keep. The company notes some users may need to update older versions of the app before downloading impacted chats. The encrypted-direct-messaging feature was first tested in 2021 and remains available only in select regions and not enabled by default.

🔒 AWS is introducing pricing for VPC Encryption Controls, a regional capability that audits and enforces encryption-in-transit for traffic within and across Virtual Private Clouds. The feature supports Monitor mode to detect unencrypted flows and Enforce mode to prevent the creation or operation of resources that allow unencrypted traffic. Beginning March 1, 2026, AWS will apply a fixed hourly charge to every non-empty VPC with Encryption Controls enabled; empty VPCs enabled with the feature are not charged. When encryption is enabled on a Transit Gateway, standard VPC Encryption Controls charges apply to all VPCs attached to that Transit Gateway regardless of each VPC's mode or whether they are empty.

🔐 Android 17 public beta introduces a secure-by-default architecture that tightens app protections and refines developer workflows. The release deprecates the android:usesCleartextTraffic attribute and will block cleartext by default for apps targeting API level 37 without a network security configuration. It also adds a public SPI for HPKE hybrid cryptography, enables certificate transparency by default and introduces install-time permissions for localhost interactions. Large-screen behavior changes, a lock-free MessageQueue and generational garbage collection in ART target performance, while Google replaces the traditional Developer Preview with a continuous Canary channel for earlier feature access and streamlined testing.

🔐 Apple has released an iOS and iPadOS 26.4 developer beta that introduces end-to-end encryption (E2EE) for RCS conversations between compatible Apple devices, with a wider rollout planned for iOS, iPadOS, macOS and watchOS in a future update. The feature is currently in beta and limited to Apple devices and supported carriers. The update also expands Memory Integrity Enforcement (MIE), allowing applications to opt in to full protections beyond Soft Mode. Additionally, iOS 26.4 is expected to enable Stolen Device Protection by default and the SDK is available via Xcode 26.4.

🔒 Apple has introduced end-to-end encryption for RCS messaging in the iOS and iPadOS 26.4 developer beta, enabling encrypted conversations between Apple devices during testing. The feature remains in beta and is not available for all devices or carriers, and it currently does not extend to non-Apple platforms such as Android. The release also introduces an opt-in for full Memory Integrity Enforcement and signals forthcoming Stolen Device Protection defaults.

🔐 Google issues a call to action to protect digital systems against quantum threats, outlining its post-quantum cryptography (PQC) work and policy recommendations. The company warns that large-scale quantum computers could break current public-key cryptography and cautions about 'store now, decrypt later' harvesting of encrypted data. Google commits to research transparency, completing PQC migrations within NIST guidelines, and strengthening crypto agility, critical shared infrastructure, and ecosystem readiness.