Tag: encryption
-
New TETRA Radio Encryption Flaws Expose Law Enforcement Communications
Cybersecurity researchers have discovered a fresh set of security issues in the Terrestrial Trunked Radio (TETRA) communications protocol, including in its proprietary end-to-end encryption (E2EE) mechanism that exposes the system to replay and brute-force attacks, and even decrypt encrypted traffic.Details of the vulnerabilities dubbed 2TETRA:2BURST were presented at the Black Hat USA First seen on…
-
Utilities, Factories at Risk From Encryption Holes in Industrial Protocol
The OPC UA communication protocol is widely used in industrial settings, but despite its complex cryptography, the open source protocol appears to be vulnerable in a number of different ways. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/utilities-factories-encryption-holes-industrial-protocol
-
MuddyWater’s DarkBit ransomware cracked for free data recovery
Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang’s encryptors, allowing them to recover a victim’s files for free without paying a ransom. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/muddywaters-darkbit-ransomware-cracked-for-free-data-recovery/
-
Am 1.1.2026 muss die TI auf ECC-Verschlüsselung umgestellt sein; droht ein GAU?
Ich greife mal ein Problem auf, welches bei IT-Mitarbeitern, die im Medizinwesen tätig sind, schon eine Weile diskutiert wird. Zum 1.1.2026 müssen alle Praxen bei der Kommunikation mit der gematik Telematik Infrastruktur (TI) auf eine ECC-Verschlüsselung umgestellt sein. Bedeutet, dass … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/08/11/am-1-1-2026-muss-die-ti-auf-ecc-verschluesselung-umgestellt-sein-droht-ein-gau/
-
Encryption made for police and military radios may be easily cracked
An encryption algorithm can have weaknesses that could allow an attacker to listen in. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/08/encryption-made-for-police-and-military-radios-may-be-easily-cracked/
-
Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data
Microsoft security researchers have uncovered four critical vulnerabilities in Windows BitLocker that could allow attackers with physical access to bypass the encryption system and extract sensitive data. The findings, revealed in research dubbed >>BitUnlocker,
-
Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data
Microsoft security researchers have uncovered four critical vulnerabilities in Windows BitLocker that could allow attackers with physical access to bypass the encryption system and extract sensitive data. The findings, revealed in research dubbed >>BitUnlocker,
-
Still Dangerous After All These Years
Ransomware isn’t dying, it’s evolving, swapping encryption for aggressive extortion as attacks and data theft hit record highs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/ransomware-still-dangerous-after-all-these-years/
-
What is a CISO? The top IT security leader role explained
Tags: access, authentication, breach, business, ceo, cio, cisa, ciso, compliance, computer, container, control, corporate, credentials, cyber, cybersecurity, data, ddos, defense, dns, encryption, exploit, finance, firewall, framework, fraud, guide, Hardware, healthcare, infosec, infrastructure, intelligence, international, jobs, kubernetes, mitigation, msp, mssp, network, nist, programming, RedTeam, regulation, risk, risk-management, security-incident, service, skills, software, strategy, technology, threat, training, vpn, zero-day, zero-trust. You’ll often hear people say the difference between the two is that CISOs focus entirely on information security issues, while a CSOs remit is wider, also taking in physical security as well as risk management.But reality is messier. Many companies, especially smaller ones, have only one C-level security officer, called a CSO, with IT…
-
Encryption Made for Police and Military Radios May Be Easily Cracked
Researchers found that an encryption algorithm likely used by law enforcement and special forces can have weaknesses that could allow an attacker to listen in. First seen on wired.com Jump to article: www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find/
-
Researchers uncover RCE attack chains in popular enterprise credential vaults
Tags: access, api, attack, authentication, cloud, credentials, cve, encryption, exploit, flaw, identity, infrastructure, login, malicious, mfa, open-source, password, ransomware, rce, remote-code-execution, risk, service, software, vulnerabilityFrom identity forgery to full RCE: An AWS instance identity typically corresponds to a hostname. But the researchers explored how this could be abused within Conjur’s resource model, which uses three parameters: Account (Conjur account name), Kind (resource type, host, user, variable, policy, etc.), and Identifier (unique resource name). These parameters are also used in…
-
ReVault flaws let attackers bypass Windows login or place malware implants on Dell laptops
Planting implants: An investigation by Cisco Talos uncovered two out-of-bounds vulnerabilities (CVE-2025-24311, CVE-2025-25050) an arbitrary free (CVE-2025-25215) and a stack-overflow flaw (CVE-2025-24922), all affecting the ControlVault firmware.The same researchers also discovered an unsafe deserialization flaw (CVE-2025-24919) affecting ControlVault’s Windows APIs. This vulnerability makes it possible to trigger arbitrary code execution on the ControlVault firmware, allowing…
-
Raspberry Robin Malware Targets Windows Systems via New CLFS Driver Exploit
The Raspberry Robin malware, also known as Roshtyak, has undergone substantial updates that enhance its evasion and persistence on Windows systems. Active since 2021 and primarily disseminated through infected USB devices, this sophisticated downloader has integrated advanced obfuscation techniques to thwart reverse-engineering efforts. Encryption Tactics Researchers at Zscaler’s ThreatLabz have observed the addition of multiple…
-
How ‘Plague’ infiltrated Linux systems without leaving a trace
From obfuscation to audit evasion: Plague’s stealth begins at compile time. Early versions used simple XOR-based string encoding, but later variants deployed multi-layer encryption, including custom KSA/PRGA routines and DRBG-based stages, to obfuscate decrypted payloads and strings.The use of advanced cryptographic routines, including algorithms like the Key Scheduling algorithm (KSA), the Pseudo-Random Generation algorithm (PRGA),…
-
How ‘Plague’ infiltrated Linux systems without leaving a trace
From obfuscation to audit evasion: Plague’s stealth begins at compile time. Early versions used simple XOR-based string encoding, but later variants deployed multi-layer encryption, including custom KSA/PRGA routines and DRBG-based stages, to obfuscate decrypted payloads and strings.The use of advanced cryptographic routines, including algorithms like the Key Scheduling algorithm (KSA), the Pseudo-Random Generation algorithm (PRGA),…
-
âš¡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & More
Malware isn’t just trying to hide anymore”, it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just…
-
The 7 Best Encryption Software Choices in 2025
This is a comprehensive list of the best encryption software and tools, covering their features, pricing and more. Use this guide to determine your best fit. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/encryption-software/
-
Summer: Why cybersecurity must be strengthened as vacations abound
Tags: access, ai, attack, authentication, automation, awareness, backup, control, corporate, credentials, cybersecurity, data, detection, email, encryption, exploit, infrastructure, malicious, mfa, monitoring, network, office, password, resilience, risk, theft, threat, tool, training, update, usa, vpn, wifiGuillermo Fernandez, Sales Engineer for Southern Europe at WatchGuard Technologies. WatchGuard Technologies.Another important point is that, during the summer, attackers know that many IT and cybersecurity teams are operating with more limited resources or with staff on vacation. “They take advantage of this to launch phishing campaigns and other targeted attacks, aware that attention and vigilance often…
-
Ransomware gang tells Ingram Micro, ‘Pay up by August 1’
Tags: access, attack, backup, breach, cyber, cyberattack, data, data-breach, encryption, exploit, extortion, government, group, international, Internet, law, leak, organized, ransom, ransomware, technology, tool, vpn, vulnerabilityRansomware attacks increase: In a report on ransomware released this week, researchers at Zscaler ThreatLabz said the number of organizations listed on all ransomware leak sites rose 70% in the 12 month period ending in April.A growing number of ransomware operators are abandoning encryption of data in favour of just data extortion, it noted. For…
-
Ransomware upstart Gunra goes cross-platform with encryption upgrades
Tags: attack, breach, control, data, detection, encryption, endpoint, group, healthcare, linux, ransomware, update, vmware, windows-r” or “ratio” parameter. The “-l” or the “limit” parameter is used to control how much of the file gets encrypted. If no value is provided, the entire file is encrypted,” Trend Micro added.Additionally, the variant offers flexible key-storage options for RSA-encrypted keys. Using the “-s” or ““, store” parameter makes the ransomware save each…
-
Ransomware-Gruppen haben innerhalb eines Jahres 238 TByte an Daten gestohlen
Zscaler veröffentlicht seinen jährlichen . Ransomware-Angriffe nehmen in alarmierendem Tempo zu, was durch den Anstieg der in der Zscaler-Cloud abgewehrten Angriffsversuche im Vergleich zum Vorjahr um 146 Prozent zum Ausdruck kommt. Ransomware-Gruppen legen zudem mehr Fokus auf Erpressung als auf Verschlüsselung, denn die im Berichtszeitraum exfiltrierten Daten stiegen um 92 Prozent […] First seen on…
-
New Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption Feature
The new Gunra group has expanded its attack surface beyond Windows PCs by releasing a Linux version of their virus, which was initially discovered in April 2025. This is a major uptick in the ransomware ecosystem. This development underscores the group’s strategic pivot toward cross-platform targeting, inspired by predecessors like Conti ransomware. Trend Micro’s threat…
-
Senator warns of new UK surveillance risks to US citizens following Apple ‘backdoor’ row
US lawmaker calls for the US to publish an assessment of the risks posed by UK surveillance laws to US citizens in the wake of disclosures that the UK has ordered Apple to introduce ‘backdoors’ in Apple encryption First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366628083/Senator-warns-of-new-UK-surveillance-risks-to-US-citizens-following-Apple-back-door-row
-
Prepping for the quantum threat requires a phased approach to crypto agility
Tags: access, ceo, ciso, computing, crypto, cryptography, cybersecurity, encryption, firmware, government, Hardware, identity, network, nist, open-source, software, supply-chain, threat, tool, vulnerabilityMissing pieces: Michael Smith, field CTO at DigiCert, noted that the industry is “yet to develop a completely PQC-safe TLS protocol.””We have the algorithms for encryption and signatures, but TLS as a protocol doesn’t have a quantum-safe session key exchange and we’re still using Diffie-Hellman variants,” Smith explained. “This is why the US government in…
-
Google says UK government has not demanded an encryption backdoor for its users’ data
Google refused to tell a U.S. senator whether the company had received a secret U.K. surveillance order demanding access to encrypted data, similar to an order served on Apple earlier this year. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/29/google-says-uk-government-not-demanded-encryption-backdoor-for-its-users-data/
-
Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide
Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium’s Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances.”These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device,” Nozomi Networks Labs said in a First seen…