Secure-messaging firm Signal was told by Amazon not to use its AWS servers for domain-fronting, a technique used to enable communications in countries such as Egypt, Oman, Qatar and UAE where the service is banned.

The team behind the popular open-source framework Electron warns a remote code execution flaw could compromise user privacy.

WhatsApp said that claims that infiltrators can add themselves to an encrypted group chat without being noticed is incorrect.

U.S. Deputy Attorney General and other top cyber policy makers warn the use of strong encryption hobbles law enforcement’s ability to protect the public and solve crimes and is a serious problem.

The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed.

Signal is testing out a new private contact discovery service that will let the app determine if a user has Signal contacts in their address book, but forbid its servers from accessing the users’ address book.

The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities.

Zerodium announced new $500,000 payouts for zero days in secure messaging apps such as Signal, WhatsApp and others.

The Senate’s use of the end-to-end encrypted messaging app Signal is a good first step in protecting U.S. democratic institutions, but much more needs to be protected.

FBI Director James Comey revived old rhetoric on strong encryption during a keynote at the Boston Conference on Cyber Security. He did not address the leak of CIA hacking tools or Russia during his talk.