Tag: encryption
-
Yurei Ransomware Uses PowerShell to Deploy ChaCha20 File Encryption
A newly discovered ransomware group called Yurei has emerged with sophisticated encryption capabilities, targeting organizations through double-extortion tactics while leveraging open-source code to rapidly scale operations. First observed on September 5, 2025, this Go-based ransomware employs the ChaCha20 encryption algorithm and PowerShell commands to compromise victim systems, marking another evolution in the ransomware-as-a-service ecosystem. Flow…
-
9 unverzichtbare Open-Source-Security-Tools
Tags: attack, authentication, backdoor, blueteam, breach, ciso, cyersecurity, data-breach, encryption, incident response, intelligence, linux, mail, malware, monitoring, open-source, powershell, privacy, risk, software, sql, threat, tool, vulnerability, windowsDiese Open-Source-Tools adressieren spezifische Security-Probleme mit minimalem Footprint.Cybersicherheitsexperten verlassen sich in diversen Bereichen auf Open-Source-Lösungen nicht zuletzt weil diese im Regelfall von einer lebendigen und nutzwertigen Community gestützt werden. Aber auch weil es inzwischen Hunderte qualitativ hochwertiger, quelloffener Optionen gibt, um Breaches und Datenlecks auf allen Ebenen des Unternehmens-Stacks zu verhindern.Falls Sie nun gedanklich bereits…
-
Cybersecurity Snapshot: Security Lags Cloud and AI Adoption, Tenable Report Finds, as CISA Lays Out Vision for CVE Program’s Future
Tags: access, ai, api, attack, automation, best-practice, breach, bug-bounty, business, cisa, cloud, communications, computer, control, cve, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, framework, google, governance, government, identity, infrastructure, intelligence, international, Internet, linkedin, mitre, network, nist, office, open-source, privacy, programming, RedTeam, resilience, risk, risk-management, service, skills, software, strategy, tactics, technology, threat, tool, update, vulnerabilityCheck out Tenable’s report detailing challenges and best practices for cloud and AI security. Plus, CISA rolled out a roadmap for the CVE Program, while NIST updated its guidelines for secure software patches. And get the latest on TLS/SSL security and AI attack disclosures! Here are five things you need to know for the week…
-
Microsoft under fire: Senator demands FTC investigation into ‘arsonist selling firefighting services’
Tags: access, attack, authentication, breach, business, cio, ciso, computer, corporate, cyber, cybersecurity, email, encryption, finance, government, hacker, mfa, microsoft, network, password, ransomware, service, software, technology, threat, updateThe technical reality behind the failures: Security experts have long criticized Microsoft’s reliance on outdated encryption standards. “RC4 should have been retired long ago, yet it still lurks in Active Directory and continues to enable attacks like Kerberoasting,” Gogia noted.Microsoft’s justification centered on backward compatibility concerns. “Microsoft’s line has been that switching it off overnight…
-
FTC should investigate Microsoft after Ascension ransomware attack, senator says
Tags: access, attack, encryption, finance, hacker, healthcare, microsoft, network, ransomware, technologyHackers leveraged insecure Microsoft encryption technology known as RC4 to gain access to the network of the hospital chain Ascension, Sen. Ron Wyden said in a letter asking the Federal Trade Commission to investigate. First seen on therecord.media Jump to article: therecord.media/ascension-ransomware-attack-wyden-seeks-ftc-microsoft-investigation
-
Brussels faces privacy crossroads over encryption backdoors
Over 600 security boffins say planned surveillance crosses the line First seen on theregister.com Jump to article: www.theregister.com/2025/09/11/eu_chat_control/
-
Wyden Urges FTC to Investigate Microsoft Over Weak RC4 Encryption Enabling Kerberoasting
Tags: attack, cyber, cybersecurity, encryption, finance, infrastructure, microsoft, ransomware, software, vulnerability, windowsSenator Ron Wyden has formally requested the Federal Trade Commission investigate Microsoft for cybersecurity negligence that has enabled ransomware attacks against critical infrastructure organizations nationwide. In a September 10 letter to FTC Chair Andrew Ferguson, Wyden detailed how Microsoft’s dangerous software engineering decisions have made Windows systems extremely vulnerable to sophisticated cyberattacks. The senator’s investigation…
-
Managed SOC für mehr Sicherheit
Tags: awareness, cloud, compliance, cyberattack, encryption, germany, infrastructure, nis-2, password, risk, security-incident, service, soc, software, supply-chainAls zentrale Einheit überwachen Fachleute im SOC die gesamte IT-Infrastruktur eines Unternehmens. Rund um die Uhr analysieren sie alle sicherheitsrelevanten Ereignisse in Echtzeit.Die Anforderungen an IT-Sicherheit haben sich in den vergangenen Jahrzehnten drastisch verändert. Während früher ein einfaches Passwort als Schutzmaßnahme genügte, sind heute mehrschichtige Sicherheitskonzepte erforderlich. Nur so können sich Unternehmen effektiv vor Cyberangriffen…
-
1.6 Million Voices Stolen: Your Voice Could Be Next
A cybersecurity researcher’s recent discovery from yesterday should make every gym member’s blood run cold. Jeremiah Fowler uncovered something that defies belief, 1,605,345 audio recordings sitting completely exposed online, no password, no encryption, no protection whatsoever. These were not random files. They were five years of personal phone calls and voicemails from gym members spanning…
-
Why User Safety Should Be a Core SSO Design Principle
Explore why user safety should be the core of SSO design. Learn how MFA, encryption, and compliance keep authentication secure and trustworthy. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/why-user-safety-should-be-a-core-sso-design-principle/
-
Data Security in the Cloud: Best Practices for Protecting Your Business Insights
Protect your business insights with top cloud data security best practices. Learn encryption, access control, audits, backups, and compliance tips. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/data-security-in-the-cloud-best-practices-for-protecting-your-business-insights/
-
Cindy Cohn Is Leaving the EFF, but Not the Fight for Digital Rights
After 25 years at the Electronic Frontier Foundation, Cindy Cohn is stepping down as executive director. In a WIRED interview, she reflects on encryption, AI, and why she’s not ready to quit the battle. First seen on wired.com Jump to article: www.wired.com/story/eff-cindy-cohn-stepping-down/
-
CyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research Institutions
CyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom. Operating with pro-Russian leanings, CyberVolk specifically targets states perceived as hostile to Russian interests, leveraging sophisticated encryption techniques that render decryption impossible. This article delivers a technical analysis…
-
CyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research Institutions
CyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom. Operating with pro-Russian leanings, CyberVolk specifically targets states perceived as hostile to Russian interests, leveraging sophisticated encryption techniques that render decryption impossible. This article delivers a technical analysis…
-
X’s New Encrypted Chat Has Major Security Flaws Experts Warn
Cryptography experts are warning that X’s current implementation of encryption should not be trusted. While the platform claims to offer end-to-end encrypted messaging through its new XChat feature, the technical details reveal significant gaps that make it far less secure than established alternatives. What we are seeing is encryption theater; the marketing sounds impressive, but…
-
Eperi stellt auf der it-sa Datensouveränität und Quantum-Hacking-Resilienz in den Fokus
Mit der richtigen Verschlüsselungstechnologie können Unternehmen schon heute für Datensouveränität und Schutz vor potenziellen Quantum-Computing-Hacks sorgen. Das Encryption-Unternehmen Eperi präsentiert auf der diesjährigen it-sa (Halle 9, Stand 346) sein modernes Verschlüsselungsportfolio, mit dem Unternehmen ihre sensiblen Daten nicht nur vor aktuellen Bedrohungen schützen können, sondern auch vor etwaigen zukünftigen Angriffen. Besonderen Wert legt Eperi dabei…
-
Eperi stellt auf der it-sa Datensouveränität und Quantum-Hacking-Resilienz in den Fokus
Mit der richtigen Verschlüsselungstechnologie können Unternehmen schon heute für Datensouveränität und Schutz vor potenziellen Quantum-Computing-Hacks sorgen. Das Encryption-Unternehmen Eperi präsentiert auf der diesjährigen it-sa (Halle 9, Stand 346) sein modernes Verschlüsselungsportfolio, mit dem Unternehmen ihre sensiblen Daten nicht nur vor aktuellen Bedrohungen schützen können, sondern auch vor etwaigen zukünftigen Angriffen. Besonderen Wert legt Eperi dabei…
-
Symmetrische und asymmetrische Verschlüsselung – Was ist Verschlüsselung?
Tags: encryptionFirst seen on security-insider.de Jump to article: www.security-insider.de/was-ist-symmetrische-asymmetrische-verschluesselung-a-df0ee339bb8784103c734b86a1019b1d/
-
How Strong Device Policies Can Help Solve Your Shadow IT Problem
Remote work fuels Shadow IT risks. Learn how to manage USBs and portable storage with encryption, EDR, and policies that balance security with usability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-strong-device-policies-can-help-solve-your-shadow-it-problem/
-
How Strong Device Policies Can Help Solve Your Shadow IT Problem
Remote work fuels Shadow IT risks. Learn how to manage USBs and portable storage with encryption, EDR, and policies that balance security with usability. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/how-strong-device-policies-can-help-solve-your-shadow-it-problem/
-
Grade School Crypto Videos
This is a short, gentle two-part introduction to basic cryptographic concepts using text-based crypto examples. The videos illustrate encryption, decryption, ciphers, keys, algorithms, code cracking, cryptanalysis, and letter frequency analysis. Full disclosure: I produced these videos over a decade ago. Now they are hosted directly on this web site. The technical details in the videos……
-
Smart Approaches to Non-Human Identity Detection
Are We Fully Leveraging the Power of NHI and Secrets Management? Many organizations are waking up to the potential of Non-Human Identity (NHI) management to reinforce their cybersecurity strategies. They are recognizing the potential of NHI a combination of machine-created identities and encryption secrets to offer next-gen protection. However, could they be doing… First seen…
-
TDL 002 – Defending the DNS: How Quad9 Protects the Internet with John Todd
Tags: access, apple, attack, business, china, ciso, communications, control, country, crime, cyber, cybersecurity, data, defense, dns, email, encryption, firewall, google, ibm, india, infrastructure, intelligence, Internet, jobs, law, malicious, malware, network, phishing, privacy, service, strategy, technology, threat, tool, zero-trustSummary The Defender’s Log episode features John Todd from Quad9, discussing their mission to protect the internet through secure DNS. Quad9, a non-profit launched in 2017 with founding partners Global Cyber Alliance, Packet Clearing House, and IBM, provides a free, global recursive DNS resolver that blocks malicious domains. Todd emphasizes that Quad9’s success is a…
-
Quantum Is Closer Than You Think”, So Why Are You Still Encrypting Like It’s 2015?
Tags: access, ai, business, cloud, communications, compliance, computer, computing, container, crypto, cryptography, data, defense, encryption, endpoint, exploit, government, guide, Hardware, infrastructure, network, nist, privacy, regulation, resilience, risk, risk-assessment, service, software, strategy, technology, threat, tool, update, vulnerabilityQuantum Is Closer Than You Think”, So Why Are You Still Encrypting Like It’s 2015? madhav Tue, 09/02/2025 – 05:43 Not long ago, the idea that quantum computers could one day break today’s strongest encryption felt like science fiction. Today, it’s no longer about if”, but when. While real-world demonstrations of quantum algorithms like Shor’s…
-
How to Secure Your Email Via Encryption and Password Management
From emailing vendors to communicating with team members, serious business happens in the inbox. That’s why it’s critical to secure it. These TechRepublic Premium resources can help. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/securing-your-email-inbox/
-
How to Secure Your Email Via Encryption and Password Management
From emailing vendors to communicating with team members, serious business happens in the inbox. That’s why it’s critical to secure it. These TechRepublic Premium resources can help. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/securing-your-email-inbox/
-
US says UK has agreed to drop encryption ‘backdoor’ demands against Apple
US and UK end diplomatic row over UK encryption ‘backdoor’ order against Apple, but it remains unclear whether Apple will restore advanced encryption services to UK users First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366629434/US-says-UK-has-agreed-to-drop-encryption-back-door-demands-against-Apple
-
2025 CSO Hall of Fame: George Finney on decryption risks, AI, and the CISO’s growing clout
Tags: ai, attack, automation, breach, business, ciso, computing, conference, cyber, cybersecurity, data, encryption, intelligence, jobs, LLM, microsoft, risk, soc, threat, tool, zero-trustWhat do you see as the biggest cybersecurity challenges for the next generation of CISOs, and how should they prepare? : George Finney: One major challenge is the threat of attackers saving encrypted data today with the intention of decrypting it later. With quantum computing, we know that in five to 10 years, older encryption…