Encryption and Libraries - Information Management Today

Google discloses a severe flaw in widely used Libgcrypt encryption library

Security Affairs

FEBRUARY 1, 2021

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. It’s also the crypto library used by systemd for DNSSEC. The team recommends users to stop using the vulnerable version of the library. which we released last week.

Libraries

Libraries Encryption Privacy IT

Malware attack took down 600 computers at Volusia County Public Library

Security Affairs

JANUARY 22, 2020

System supporting libraries in Volusia County were hit by a cyber attack, the incident took down 600 computers at Volusia County Public Library (VCPL) branches. 600 staff and public access computers were taken down at Volusia County Public Library (VCPL) branches in Daytona Beach, Florida, following a cyberattack.

Libraries

Libraries Ransomware Encryption Access

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

JULY 6, 2022

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The most important change in the latest Hive variant is the encryption mechanism it adopts. ” reads the post published by Microsoft. ” continues Microsoft. .

Encryption

Encryption Ransomware Blockchain Libraries

Webinars

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Google expert disclosed details of an unpatched flaw in SymCrypt library

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The flaw could be exploited by malicious programs trigger a denial of service condition by interrupting the encryption service for other programs. Pierluigi Paganini.

Libraries

Libraries Encryption Security IT

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Authentication Libraries

Apple Mail stores parts of encrypted emails in plaintext DB

Security Affairs

NOVEMBER 10, 2019

The Apple Mail app available on macOS stores leave s a portion of users encrypted emails in plaintext in a database called snippets. The Apple expert Bob Gendler discovered that the Apple Mail app available on macOS stores leaves a portion of users encrypted emails in plaintext in a database called snippets. ” continues the post.

Encryption

Encryption Libraries Data collection Privacy

New EvilQuest ransomware targets macOS users

Security Affairs

JULY 1, 2020

Security experts have uncovered a new piece of ransomware dubbed EvilQuest designed to encrypt macOS systems, it is also able to install additional payloads and potentially take over the infected machine. Once encrypted the file on the infected host, a popup is displayed to the victim, informing it that its files have been encrypted.

Ransomware

Ransomware Libraries Encryption Communications

Ransomware Toolkit Cryptonite turning into an accidental wiper

Security Affairs

DECEMBER 6, 2022

The encryption and decryption are not robust and the ransomware lack features like Windows Shadow Copy removal, File unlocking for a more thorough impact, Anti-analysis, and Defensive evasion (AMSI bypass, disabling event logging, etc.). At this point in this ransomware, the encryption process has already finished.

Ransomware

Ransomware Encryption Libraries IT

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

Security Affairs

JUNE 15, 2022

Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption keys. Intel provided guidance to mitigate the attack by hardening their libraries and applications. “Hertzbleed is a new family of side-channel attacks: frequency side channels.

Encryption

Encryption Libraries Security Cybersecurity

A new variant of Cicada ransomware targets VMware ESXi systems

Security Affairs

SEPTEMBER 2, 2024

These parameters, managed via the clap::args library, include options like: sleep : Delays execution of the ransomware by a specified number of seconds. ui : Displays real-time progress and statistics of the encryption process, such as the number of files encrypted. ” reported Truesec.

Ransomware

Ransomware Encryption Libraries IT

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

Security Affairs

JULY 7, 2022

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. SecurityAffairs – hacking, encryption).

Libraries

Libraries Encryption Communications Security

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Security Affairs

JUNE 17, 2022

Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive and target cloud infrastructure. Researchers from Proofpoint reported that a feature in the in Microsoft 365 suite could be abused to encrypt files stored on SharePoint and OneDrive. ” continues the report.

Libraries

Libraries Encryption Ransomware Cloud

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

Some variants of the ransomware append the English name of the target company to the filenames of the encrypted files. “The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption. as the suffix name. . ” reported The Record. . ” reported The Record. Pierluigi Paganini.

Ransomware

Ransomware Encryption Libraries Communications

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

Quantum computings ability to break todays encryption may still be years awaybut security leaders cant afford to wait. Related: Quantum standards come of age The real threat isnt just the eventual arrival of quantum decryptionits that nation-state actors are already stockpiling encrypted data in harvest now, decrypt later attacks.

Encryption

Encryption Financial Services Risk Libraries

OpenSSL fixed two high-severity vulnerabilities

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library. of the library.

Libraries

Libraries Encryption Authentication Communications

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs

AUGUST 12, 2024

. “Attackers use the classic DLL sideloading technique: when the desktop.exe file is launched, the malicious VERSION.dll library is loaded into the corresponding process” reads the report published by Kaspersky. “This library is a backdoor packed with the VMProtect tool.

Libraries

Libraries Encryption Cloud Archiving

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

This issue arises because the GeoTools library API, which GeoServer uses, evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library, allowing arbitrary code execution. GeoServer versions prior to 2.23.6,

Libraries

Libraries Encryption Cybersecurity Access

EventBot, a new Android mobile targets financial institutions across Europe

Security Affairs

APRIL 30, 2020

The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . Most recent versions of EventBot also include a ChaCha20 library that can improve performance, but it is not currently being used, a circumstance that suggests authors are actively working to optimize EventBot. .

Financial Services

Financial Services Libraries Encryption Authentication

Strong Encryption Explained: 6 Encryption Best Practices

eSecurity Planet

JANUARY 5, 2024

Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. What Makes an Encryption Algorithm Strong?

Encryption

Encryption Passwords Libraries Security

Researchers released a free decryption tool for the Rhysida Ransomware

Security Affairs

FEBRUARY 12, 2024

The experts exploited the vulnerability to reconstruct encryption keys and developed a decryptor that allows victims of the Rhysida ransomware to recover their encrypted data for free. Rhysida ransomware employed a secure random number generator to generate the encryption key and subsequently encrypt the data.

Ransomware

Ransomware Encryption Paper Manufacturing

Message Decryption Key for Signal Desktop application stored in plain text

Security Affairs

OCTOBER 23, 2018

The flaw affects the process implemented by the Signal Desktop application to encrypt locally stored messages. Signal Desktop application leverages an encrypted SQLite database called db.sqlite to store the user’s messages. The encryption key is used each time Signal Desktop application accessed the database.

Encryption

Encryption Passwords Libraries Cybersecurity

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Security Affairs

JANUARY 11, 2022

Another gang, Night Sky ransomware operation, started exploiting the Log4Shell vulnerability in the Log4j library to gain access to VMware Horizon systems. The Night Sky ransomware operation started exploiting the Log4Shell flaw (CVE-2021-44228) in the Log4j library to gain access to VMware Horizon systems.

Ransomware

Ransomware Libraries File names Encryption

Avast released a free decryptor for the Windows version of the Akira ransomware

Security Affairs

JULY 1, 2023

This Linux version is 64-bit and also uses the Boost library, it uses the Crypto++ library instead of Windows CryptoAPI. “During the run, the ransomware generates a symmetric encryption key using CryptGenRandom() , which is the random number generator implemented by Windows CryptoAPI. . Bernstein’s implementation ).”

Ransomware

Ransomware Encryption Libraries Education

New PyLocky Ransomware stands out for anti-machine learning capability

Security Affairs

SEPTEMBER 12, 2018

exe will drop malware components — several C++ and Python libraries and the Python 2.7 Core dynamic-link library (DLL) — along with the main ransomware executable (lockyfud.exe, which was created via PyInstaller ) in C:Users{user}AppDataLocalTempis-{random}.tmp.” When successfully run, the Facture_23100.31.07.2018.exe

Ransomware

Ransomware Libraries Encryption Archiving

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. CERT-FR’s alert states that the Pysa ransomware code based on public Python libraries. newversion file extension instead of.

Ransomware

Ransomware Government Encryption Passwords

DinodasRAT Linux variant targets users worldwide

Security Affairs

MARCH 31, 2024

The Linux version of DinodasRAT uses Pidgin’s libqq qq_crypt library functions for encryption and decryption of data. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data. 0x18 DealExShell Execute shell command and send its output to C2. 0x28 DealLocalProxy Send “ok”.

Libraries

Libraries Encryption Communications Government

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

. “While continuing to monitor activity of the OceanLotus APT Group, BlackBerry Cylance researchers uncovered a novel payload loader that utilizes steganography to read an encrypted payload concealed within a.png image file.” ” reads the report published by the experts.

Libraries

Libraries Encryption Communications Manufacturing

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Security Affairs

DECEMBER 31, 2021

CVE-2021-45732 : Configuration Manipulation via Hardcoded Encryption Routines. Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions. CVE-2021-23147 : Insufficient UART Protection Mechanisms.

Communications

Communications Libraries Encryption Passwords

1.2 million CPR numbers for Danish citizen leaked through tax service

Security Affairs

FEBRUARY 10, 2020

The good news is that according to the Agency, data was encrypted, it also added that Google and Adobe were not able to see the CP R numbers. “Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on. ” states the Government Agency. “Google has accessed 1.2

Encryption

Encryption Libraries Access Government

New Golang-based Zergeca Botnet appeared in the threat landscape

Security Affairs

JULY 5, 2024

Unique features include multiple DNS resolution methods, prioritizing DNS over HTTPS ( DoH ) for command and control (C2) resolution, and using the uncommon Smux library for C2 communication, encrypted via XOR The analysis revealed that Zergeca’s C2 IP address, 84[.]54.51.82, ” concludes.

Encryption

Encryption Libraries Communications IT

macOS: Bashed Apples of Shlayer and Bundlore

Security Affairs

JULY 14, 2021

The openssl program is a command line tool in macOS for using the various cryptography functions (SSL, TLS) of OpenSSL’s crypto library from the shell. Some of the most commonly seen variants in the wild are: Bash scripts invoking encrypted Zip file Macho Binary downloading a Bash script Bash scripts decoding the payload.

Encryption

Encryption Passwords Libraries Security

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

These included relocating malicious functions to obfuscated native libraries, using certificate pinning to secure C2 communications, and determine if it was running on a rooted device or in an emulated environment. “In April 2024, we found a suspicious sample that turned out to be a new version of Mandrake.

Libraries

Libraries Communications Encryption IT

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

The Mac version uses the same AES key and IV as the Linux variant to encrypt and decrypt the config file. Like the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm. “Both Mac and Linux variants use the WolfSSL library for SSL communications.

Libraries

Libraries Communications Encryption Authentication

Victims of Pylocky ransomware can decrypt their files for free

Security Affairs

JANUARY 11, 2019

In this phase, the ransomware sends to the command and control server information on the encryption process, including a string that contains the Initialization Vector (IV) and a random password used by the ransomware to encrypt the files. “To combat this ransomware, Cisco Talos is releasing a free decryption tool.

Ransomware

Ransomware Encryption Passwords Libraries

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. CERT-FR’s alert states that the Pysa ransomware code based on public Python libraries. The malicious code appended the extension .

Education

Education Ransomware Encryption Government

Telegram flaw could have allowed access to users secret chats

Security Affairs

FEBRUARY 16, 2021

The “ rlottie ” folder caught their attention, it was the folder used for the Samsung native library for playing Lottie animations, originally created by Airbnb. ” The experts used a fuzzy approach to test the Samsung’s C++ library rlottie to parse Lottie animations and triaging the crashes.

Access

Access Libraries Encryption Security

Wslink, a previously undescribed loader for Windows binaries

Security Affairs

OCTOBER 28, 2021

The encrypted module is subsequently received with a unique identifier – signature – and an additional key for its decryption.” ” Wslink runs as a service and can accept modules in the form of encrypted portal executable (PE) files only from a specific IP address.

Encryption

Encryption Libraries Communications Security

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

It is also possible to decrypt single files paying $19.99, in this case, victims have to send the encrypted file to the operators. The ransomware is an ELF ARM binary that does not append a specific extension to the encrypted files. Gillespie says that it matches the encryption algorithm he noted above.”

Ransomware

Ransomware Encryption File names Libraries

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Security Affairs

JULY 24, 2023

OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network. The vulnerability can be exploited only if certain libraries are installed on systems running the vulnerable versions and the SSH authentication agent is forwarded to an attacker-controlled system.

Libraries

Libraries Authentication Encryption Security

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Security Affairs

NOVEMBER 27, 2018

The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 million downloads a week. It has been estimated that the tainted version of the library was downloaded by nearly 8 million developers. The malicious code was introduced in the version 3.3.6,

Libraries

Libraries Encryption IT Security

Microsoft details techniques of Mac ransomware

Security Affairs

JANUARY 6, 2023

One of the most important capabilities of ransomware is the capability of targeting specific files to encrypt. FileCoder and MacRansom use the Linux find utility to search for selected files to encrypt. . However, these same ransomware families differ in encryption logic. ” reads the analysis published by Microsoft.

Ransomware

Ransomware Encryption Libraries Security

New enhanced Joker Malware samples appear in the threat landscape

Security Affairs

JULY 16, 2021

The developers are embedding Joker as a payload that can be encrypted in different ways, either a.dex file xored or encrypted with a number, or through the same. dex file as before. The payload is hidden inside an image using steganography to evade scanner detection.

Encryption

Encryption Libraries Cloud Security

Threat actors are using the Tox P2P messenger as C2 server

Security Affairs

AUGUST 24, 2022

Tox is a peer-to-peer serverless instant messaging services that uses NaCl for encryption and decryption. The binary is written in C and has only statically linked the c-toxcore library. Threat actors are using the Tox peer-to-peer instant messaging service as a command-and-control server, Uptycs researchers reported.

Communications

Communications Ransomware Libraries Encryption

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library.

File names

File names Encryption Manufacturing Libraries

Google discloses a severe flaw in widely used Libgcrypt encryption library

Malware attack took down 600 computers at Volusia County Public Library

Webinars

Trending Sources

New Hive ransomware variant is written in Rust and use improved encryption method

Webinars

Google expert disclosed details of an unpatched flaw in SymCrypt library

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Apple Mail stores parts of encrypted emails in plaintext DB

New EvilQuest ransomware targets macOS users

Ransomware Toolkit Cryptonite turning into an accidental wiper

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips

A new variant of Cicada ransomware targets VMware ESXi systems

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Experts warn of attacks using a new Linux variant of SFile ransomware

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

OpenSSL fixed two high-severity vulnerabilities

EastWind campaign targets Russian organizations with sophisticated backdoors

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

EventBot, a new Android mobile targets financial institutions across Europe

Strong Encryption Explained: 6 Encryption Best Practices

Researchers released a free decryption tool for the Rhysida Ransomware

Message Decryption Key for Signal Desktop application stored in plain text

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

Avast released a free decryptor for the Windows version of the Akira ransomware

New PyLocky Ransomware stands out for anti-machine learning capability

CERT France – Pysa ransomware is targeting local governments

DinodasRAT Linux variant targets users worldwide

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

1.2 million CPR numbers for Danish citizen leaked through tax service

New Golang-based Zergeca Botnet appeared in the threat landscape

macOS: Bashed Apples of Shlayer and Bundlore

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Victims of Pylocky ransomware can decrypt their files for free

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Telegram flaw could have allowed access to users secret chats

Wslink, a previously undescribed loader for Windows binaries

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

A flaw in OpenSSH forwarded ssh-agent allows remote code execution

Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Microsoft details techniques of Mac ransomware

New enhanced Joker Malware samples appear in the threat landscape

Threat actors are using the Tox P2P messenger as C2 server

China-linked APT41 group targets Hong Kong with Spyder Loader

Stay Connected