Encryption and Security - Information Management Today

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The ransomware group Codefinger utilizes an AES-256 encryption key they generate and store locally.

Encryption

Encryption Ransomware Authentication Cloud

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption

Encryption File names Phishing Passwords

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Security Affairs

JANUARY 3, 2025

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. TLS (Transport Layer Security) is a cryptographic protocol designed to provide secure communication over a computer network.

Encryption

Encryption Passwords Access Communications

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and modifies BitLocker configurations to encrypt a system’s drives.

Ransomware

Ransomware Encryption Passwords Authentication

The Modern Encryption Software Checklist: The Secret to Understanding Your Data Security Needs

Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company. The following checklist is built to help you evaluate the scope of services offered by various encryption solutions on the market and covers questions on the following topics: Encryption.

Encryption

AMD fixed a flaw that allowed to load malicious microcode

Security Affairs

FEBRUARY 4, 2025

AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked asCVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV).

Encryption

Encryption Security Access Information Security

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Security Affairs

DECEMBER 3, 2024

Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. million year-to-date. According to the FORM 8-K report filed with the U.S. ” reads the report filed with SEC.

Ransomware

Ransomware Encryption Cybersecurity Access

Quantum Computing: A New Dawn for Encryption Vulnerabilities

Data Breach Today

MARCH 19, 2024

They highlight the need for proactive measures to protect digital assets from future breaches, deliver long-term data security and ensure the integrity of encryption.

Encryption

Encryption Security

How Shady Chinese Encryption Chips Got Into the Navy, NATO, and NASA

WIRED Threat Level

JUNE 15, 2023

The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.

Encryption

Encryption Military Government IT

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device.

Passwords

If you're not working on quantum-safe encryption now, it's already too late

Collaboration 2.0

FEBRUARY 6, 2025

Quantum computers could soon break today's strongest encryption, putting sensitive data at risk. Let's dive deep into what this all means for telecommunications, security, AI, and our future.

Encryption

Encryption IT Risk Security

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. at the end of October. reported 404 Media.

Encryption

Encryption Passwords Security Communications

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. Warn “Small businesses face a unique set of cybersecurity challenges and threats and must be especially proactive with cybersecurity training,” said Dara Warn, CEO of INE Security. “At Cary, NC, Oct.

Security

Security Data breaches Passwords Cybersecurity

German BSI Forces Microsoft to Disclose Security Measures

Data Breach Today

JUNE 18, 2024

Company Publishes Information on Double Key Encryption Under Regulatory Pressure Following a legal intervention made by the German federal cybersecurity agency, Microsoft has disclosed additional information on encryption measures it adopted to secure its customer data.

Encryption

Encryption Security Paper Cybersecurity

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Cybersecurity Encryption Cloud

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

Researchers at Elastic Security Labs analyzed the malware and confirmed it can steal keychain passwords and data from multiple browsers. reads the report published by Elastic Security Labs. The ZIP file is then XOR encrypted, base64 encoded, and sent via a POST request to a specified URL using the built-in cURL command.

Archiving

Archiving Encryption Passwords IT

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

The reverse shell issued a challenge by sending an encrypted string using a hard-coded certificate. Lumen experts also mentioned another variant of cd00r, codenamed SEASPY , that was used in a campaign targeting Barracuda Email Security Gateway (ESG) appliances that dates back in 2022. ” concludes the report.

Encryption

Encryption Access Security IT

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33

Security Affairs

FEBRUARY 16, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security

Security Data breaches Encryption Ransomware

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

Researchers at Elastic Security Labs who first analyzed the malware confirmed it can steal keychain passwords and data from multiple browsers. A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November.

Archiving

Archiving Phishing Encryption Passwords

What's Next for Secure Communication After Exploding Pagers?

Data Breach Today

SEPTEMBER 19, 2024

No OpSec Measure Is Bulletproof to the Effects of a Corrupted Supply Chain Secure communications in an age of network insecurity has focused mostly on encryption and fears of surveillance tracking.

Communications

Communications Security Encryption

Sumo Logic discloses security breach and recommends customers rotate credentials

Security Affairs

NOVEMBER 8, 2023

Security firm Sumo Logic disclosed a security breach after discovering the compromise of its AWS account compromised last week. The company disclosed a security breach after discovering that its AWS account was compromised last week. The company discovered the security breach on Friday, November 3, 2023.

Security

Security Encryption Analytics Cybersecurity

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

TIM.exe then loads a malicious launcher DLL libcurl.dll whichwilldecrypt and load the PLAYFULGHOST payload from an encrypted file named Debug.log.” Google researchers provided event rules within Google Security Operations to dete ctPLAYFULGHOST activity.

File names

File names Archiving Phishing Encryption

Why Apple's disabling of iCloud encryption in the UK is bad news for everyone

Collaboration 2.0

FEBRUARY 25, 2025

The UK's demand for an encryption backdoor in iCloud, and Apple's response, have repercussions that go far beyond national borders, threatening user privacy and security worldwide.

Encryption

Encryption Privacy Security

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

Then he requested help from Amnesty Internationals Security Lab fearing to be the target of surveillance software like other journalists in Serbia. After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi. ” reads the report published by Amnesty.

Personal data

Personal data Encryption Security Privacy

Terrapin attack allows to downgrade SSH protocol security

Security Affairs

JANUARY 2, 2024

Researchers discovered an SSH vulnerability, called Terrapin, that could allow an attacker to downgrade the connection’s security. An attacker can trigger the flaw to downgrade the connection’s security implemented by the protocol. Its most notable applications are remote login and command-line execution.

Security

Security Authentication Paper Encryption

Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

Security Affairs

MAY 22, 2024

GitHub has rolled out security fixes to address a critical authentication bypass issue, tracked as CVE-2024-4985 (CVSS score: 10.0), in the GitHub Enterprise Server (GHES). This setup is ideal for companies that require more control over their data, enhanced security, and customization to meet internal compliance and regulatory requirements.

Authentication

Authentication Encryption IT Compliance

How to Protect Privacy and Build Secure AI Products

Security Affairs

JULY 18, 2024

How to protect privacy and build secure AI products? How to Protect Privacy and Build Secure AI Products AI systems are transforming technology and driving innovation across industries. However, their unpredictability raises significant concerns about data security and privacy. Real-time monitoring of models is also crucial.

Privacy

Privacy Security Data Privacy Risk

Security Researchers Warn of New Risks in DeepSeek AI App

Data Breach Today

FEBRUARY 10, 2025

Weak Encryption, Data Transfers to China, Hidden ByteDance Links Found Security researchers found DeepSeek AI has weak encryption, SQL injection flaws and sends user data to Chinese state-linked entities. Regulators in Europe, South Korea, and Australia are investigating, with bans and warnings issued over security risks.

Risk

Risk Security Encryption IT

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

Security Affairs

MAY 24, 2024

Microsoft explained that the Recall feature will store encrypted snapshots locally on the user’s computer, the feature will be only implemented in forthcoming Copilot+ PCs. ” reads the announcement. Microsoft doesn’t have access to the snapshot.

Privacy

Privacy Security Encryption Passwords

The Official DOGE Website Launch Was a Security Mess

WIRED Threat Level

FEBRUARY 15, 2025

Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire.

Security

Security Encryption Privacy

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server. Cado Security Labs recently became aware that Cerber ransomware is being deployed into Confluence servers via the CVE-2023-22518 exploit.

Ransomware

Ransomware Encryption Access IT

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. “Akira threat actors utilize a sophisticated hybrid encryption scheme to lock data.

Ransomware

Ransomware Encryption Education Phishing

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. The Barracuda Email Security Gateway (ESG) 900 appliance. Campbell, Calif. They don’t need it.

IT

IT Security Ransomware Access

Why Your VPN May Not Be As Secure As It Claims

Krebs on Security

MAY 6, 2024

VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications. But researchers at Leviathan Security say they’ve discovered it’s possible to abuse an obscure feature built into the DHCP protocol so that other users on the local network are forced to connect to a rogue DHCP server.

IT

IT Security Encryption Passwords

How to easily use Cloudflare's secure DNS on your Mac and why it even matters

Collaboration 2.0

DECEMBER 31, 2024

If you want to get a security bump on your Mac, you should switch to secure DNS to encrypt your web traffic.

Security

Security Encryption IT

A New Era of Attacks on Encryption Is Starting to Heat Up

WIRED Threat Level

MARCH 14, 2025

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more crude than those in recent years, experts say.

Encryption

Encryption Privacy Security

Microsoft Announces Security Update with Windows Resiliency Initiative

eSecurity Planet

DECEMBER 4, 2024

Microsoft recently announced that they’re making changes to their Windows operating system to improve security and reliability. During the Ignite 2024 conference, Microsoft announced the Windows Resiliency Initiative to address these security concerns.

Security

Security Phishing Encryption Passwords

Apple created post-quantum cryptographic protocol PQ3 for iMessage

Security Affairs

FEBRUARY 24, 2024

Apple announced a new post-quantum cryptographic protocol called PQ3 that will be integrated into the company messaging application iMessage to secure communications against highly sophisticated quantum attacks. However, researchers believe that a sufficiently powerful quantum computer could compromise of end-to-end encrypted communications.

Encryption

Encryption Communications Authentication Security

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. Security experts attributed 67 attacks to the group in May 2023, most of the victims are in the U.S. Generation of target list of extensions and folders to encrypt. and Brazil.

Ransomware

Ransomware Encryption Metadata Manufacturing

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

Quantum computings ability to break todays encryption may still be years awaybut security leaders cant afford to wait. Forresters The Future of Quantum Security makes it clear: the transition to quantum-safe cryptography must start now. So where should security leaders focus? Why is that a dangerous mindset?

Encryption

Encryption Financial Services Risk Libraries

How to add PGP support on Android for added security and privacy

Collaboration 2.0

NOVEMBER 13, 2024

If you need to add encryption or digital signing to the Thunderbird email app (or other supporting apps) on Android, there's one clear and easy route to success.

Privacy

Privacy Encryption Security

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

” The group uses an ARCrypter ransomware variant, derived from Babuks leaked code , to encrypt files after infiltrating a network. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking, ransomware)

Ransomware

Ransomware Manufacturing Paper Archiving

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

JANUARY 23, 2024

In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor. Depending on the file size, the ransomware encrypts the initial 5000 bytes. continues the researchers.

Encryption

Encryption Ransomware Blockchain Insurance

Researchers released a free decryptor for Black Basta ransomware

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware

Ransomware Encryption Blockchain Insurance

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Webinars

Trending Sources

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Webinars

Bitdefender released a decryptor for the ShrinkLocker ransomware

The Modern Encryption Software Checklist: The Secret to Understanding Your Data Security Needs

AMD fixed a flaw that allowed to load malicious microcode

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Quantum Computing: A New Dawn for Encryption Vulnerabilities

How Shady Chinese Encryption Chips Got Into the Navy, NATO, and NASA

Prevent Data Breaches With Zero-Trust Enterprise Password Management

If you're not working on quantum-safe encryption now, it's already too late

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

German BSI Forces Microsoft to Disclose Security Measures

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

The source code of Banshee Stealer leaked online

J-magic malware campaign targets Juniper routers

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 33

Banshee macOS stealer supports new evasion mechanisms

What's Next for Secure Communication After Exploding Pagers?

Sumo Logic discloses security breach and recommends customers rotate credentials

PLAYFULGHOST backdoor supports multiple information stealing features

Why Apple's disabling of iCloud encryption in the UK is bad news for everyone

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Terrapin attack allows to downgrade SSH protocol security

Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

How to Protect Privacy and Build Secure AI Products

Security Researchers Warn of New Risks in DeepSeek AI App

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

The Official DOGE Website Launch Was a Security Mess

Linux variant of Cerber ransomware targets Atlassian servers

Akira ransomware received $42M in ransom payments from over 250 victims

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

Why Your VPN May Not Be As Secure As It Claims

How to easily use Cloudflare's secure DNS on your Mac and why it even matters

A New Era of Attacks on Encryption Is Starting to Heat Up

Microsoft Announces Security Update with Windows Resiliency Initiative

Apple created post-quantum cryptographic protocol PQ3 for iMessage

8Base ransomware operators use a new variant of the Phobos ransomware

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

How to add PGP support on Android for added security and privacy

Cloak ransomware group hacked the Virginia Attorney General’s Office

Black Basta gang claims the hack of the UK water utility Southern Water

Researchers released a free decryptor for Black Basta ransomware

Stay Connected