Tag: encryption

New Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption Feature

Jul 30, 2025 1:28 PM

Tags: attack, cyber, encryption, group, linux, ransomware, threat, virus, windows

The new Gunra group has expanded its attack surface beyond Windows PCs by releasing a Linux version of their virus, which was initially discovered in April 2025. This is a major uptick in the ransomware ecosystem. This development underscores the group’s strategic pivot toward cross-platform targeting, inspired by predecessors like Conti ransomware. Trend Micro’s threat…
Prepping for the quantum threat requires a phased approach to crypto agility

Jul 30, 2025 10:28 AM

Tags: access, ceo, ciso, computing, crypto, cryptography, cybersecurity, encryption, firmware, government, Hardware, identity, network, nist, open-source, software, supply-chain, threat, tool, vulnerability

Missing pieces: Michael Smith, field CTO at DigiCert, noted that the industry is “yet to develop a completely PQC-safe TLS protocol.””We have the algorithms for encryption and signatures, but TLS as a protocol doesn’t have a quantum-safe session key exchange and we’re still using Diffie-Hellman variants,” Smith explained. “This is why the US government in…
Senator warns of new UK surveillance risks to US citizens following Apple ‘backdoor’ row

Jul 30, 2025 10:28 AM

Tags: apple, backdoor, encryption, law, risk

US lawmaker calls for the US to publish an assessment of the risks posed by UK surveillance laws to US citizens in the wake of disclosures that the UK has ordered Apple to introduce ‘backdoors’ in Apple encryption First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366628083/Senator-warns-of-new-UK-surveillance-risks-to-US-citizens-following-Apple-back-door-row
Google says UK government has not demanded an encryption backdoor for its users’ data

Jul 29, 2025 10:28 PM

Tags: access, apple, backdoor, data, encryption, google, government

Google refused to tell a U.S. senator whether the company had received a secret U.K. surveillance order demanding access to encrypted data, similar to an order served on Apple earlier this year. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/29/google-says-uk-government-not-demanded-encryption-backdoor-for-its-users-data/
The healthcare industry is at a cybersecurity crossroads

Jul 29, 2025 9:28 AM

Tags: access, ai, api, attack, backdoor, backup, breach, business, ciso, cloud, communications, compliance, control, cyber, cybersecurity, data, encryption, firmware, flaw, framework, governance, government, healthcare, infrastructure, intelligence, Internet, monitoring, network, nist, programming, ransomware, risk, risk-management, service, software, tactics, technology, threat, tool, training, unauthorized, vulnerability

Digital transformation of business processes. Examples include telehealth, remote patient monitoring, e-prescribing, and ambient listening/note taking. These systems require new equipment, such as internet of medical things (IoMT), high-speed networks, cloud services, APIs, and tightly integrated applications.Aggressive adoption of AI. AI diagnostics are gaining popularity in areas such as cardiology, oncology, and radiology, especially at…
Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Jul 28, 2025 7:27 AM

Tags: cybersecurity, encryption, flaw, framework, network, vulnerability

Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium’s Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances.”These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device,” Nozomi Networks Labs said in a First seen…
Tridium Niagara Framework Flaws Expose Sensitive Network Data

Jul 25, 2025 12:27 PM

Tags: automation, cve, cyber, cybersecurity, data, encryption, flaw, framework, infrastructure, network, vulnerability

Cybersecurity researchers at Nozomi Networks Labs have discovered 13 critical vulnerabilities in Tridium’s widely-used Niagara Framework, potentially exposing sensitive network data across building management, industrial automation, and smart infrastructure systems worldwide. The vulnerabilities, consolidated into 10 distinct CVEs, could allow attackers to compromise systems when encryption is misconfigured, raising significant concerns for critical infrastructure security.…
WhatsApp is refused right to intervene in Apple legal action on encryption ‘backdoors’

Jul 23, 2025 11:05 PM

Tags: access, apple, backdoor, data, encryption, law

Investigatory Powers Tribunal to hear arguments in public over lawfulness of secret UK order requiring Apple to give UK law enforcement access to users’ encrypted data stored on the Apple iCloud First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366627911/WhatsApp-is-refused-right-to-intervene-in-Apple-legal-action-on-encryption-backdoors
Top 10 MCP vulnerabilities: The hidden risks of AI integrations

Jul 23, 2025 9:12 PM

Tags: access, ai, api, attack, authentication, backdoor, breach, business, data, data-breach, detection, email, encryption, github, google, identity, injection, least-privilege, LLM, login, malicious, mfa, network, risk, social-engineering, software, sql, supply-chain, theft, threat, tool, unauthorized, vulnerability

Living off AI attacks: A threat actor posing as an employee, business partner, or customer sends a request to a human support agent. But the request contains a hidden prompt injection with instructions that only an AI can read. When the human employee passes the request on to their AI assistant it then, by virtue…
Dell demonstration platform breached by World Leaks extortion group

Jul 23, 2025 9:12 PM

Tags: access, attack, breach, data, data-breach, defense, encryption, exploit, extortion, finance, group, insurance, international, leak, network, ransomware, risk, risk-management, strategy, threat, tool

Limited impact but strategic implications: Dell emphasized that the breached platform is architecturally separated from customer-facing networks and internal production systems. “Data used in the solution center is primarily synthetic (fake) data, publicly available datasets used solely for product demonstration purposes or Dell scripts, systems data, non-sensitive information, and testing outputs,” the report added, quoting…
UK Signals It Will Back Peddle on Apple Encryption Demand

Jul 23, 2025 9:12 PM

Tags: access, apple, backup, cloud, data, encryption, government, office

Apple, US Took Hard Line Against British Demand. The U.K. government is reportedly set to reverse course on requiring smartphone giant Apple to give police access to device data stored as backups in the California company’s cloud service. The Home Office is basically going to have to back down, a British official said. First seen…
PoisonSeed überlistet FIDO-Schlüssel

Jul 22, 2025 1:40 PM

Tags: authentication, ceo, crypto, cyberattack, encryption, fido, mfa, okta, password, phishing, qr, social-engineering, vulnerability

Cyberkriminelle nutzen die geräteübergreifende Anmeldeoption von FIDO aus, um eine von ihnen kontrollierte authentifizierte Sitzung zu erstellen.FIDO-Schlüssel verwenden eine hardwarebasierte Multi-Faktor-Authentifizierung, um Schwachstellen anderer MFA-Methoden zu beheben. Der berüchtigten Krypto-Hackergruppe PoisonSeed ist es jedoch offenbar gelungen, diese zusätzliche Sicherung zu umgehen. Forscher von Expel sind auf eine Angriffskampagne der Gruppe gestoßen, bei der FIDO mit…
Sicherheitslösung aus der Schweiz – Infomaniak stärkt Datenschutz mit einfacher E-Mail-Verschlüsselung

Jul 22, 2025 9:40 AM

Tags: encryption, mail

First seen on security-insider.de Jump to article: www.security-insider.de/infomaniak-staerkt-datenschutz-mit-einfacher-e-mail-verschluesselung-a-6e69861b49498bd2103f1edf12e43bfd/
UK may be seeking to pull back from Apple encryption row with US

Jul 22, 2025 12:40 AM

Tags: apple, encryption, government, office, service

UK government officials say that attempts by the Home Office to require Apple to introduce ‘back doors’ to its secure encrypted storage service will cross US red lines First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366627928/UK-may-be-seeking-to-pull-back-from-Apple-encryption-row-with-US
âš¡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More

Jul 21, 2025 2:41 PM

Tags: attack, browser, chrome, encryption, exploit, macOS, nvidia, rce, remote-code-execution, spyware, tool, zero-day

Even in well-secured environments, attackers are getting in”, not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected.These attacks don’t depend on zero-days. They work by staying unnoticed”, slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious…
DORA Oversight Guide publiziert: Finanzunternehmen sollten sich dringend mit Verschlüsselung und Schlüsselhoheit befassen

Jul 21, 2025 12:40 AM

Tags: dora, encryption, guide

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/dora-oversight-guide-finanzunternehmen-verschluesselung-schluesselhoheit
Threat actors scanning for apps incorporating vulnerable Spring Boot tool

Jul 19, 2025 1:40 AM

Tags: access, attack, authentication, ciso, compliance, country, credentials, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, finance, flaw, governance, group, hacker, incident response, infrastructure, Internet, kev, nist, organized, password, risk, technology, threat, tool, vulnerability, zero-day

/health endpoints, commonly used to detect internet-exposed Spring Boot deployments. If vulnerable implementations of apps, including TeleMessage SGNL, are found, they could be exploited to steal sensitive data in heap memory, including plaintext usernames and passwords. The hole is serious enough that it was added this week to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited…
DORA-Oversight-Guide Was Finanzunternehmen jetzt über Verschlüsselung und Schlüsselhoheit wissen müssen

Jul 17, 2025 2:40 PM

Tags: cloud, dora, encryption, guide

Am 15. Juli 2025 veröffentlichten die europäischen Aufsichtsbehörden (ESA) den ersten , ein entscheidendes Dokument, das die künftige Überwachung kritischer IKT-Drittdienstleister konkretisiert. Im Zentrum steht der Aufbau sogenannter Joint-Examination-Teams (JETs) zur europaweiten Kontrolle von Cloud-Anbietern, Softwarelieferanten und anderen wichtigen Drittparteien. Doch der Guide enthält weit mehr als nur organisatorische Hinweise. Insbesondere Artikel 5.4.1 […] First…
Talos IR ransomware engagements and the significance of timeliness in incident response

Jul 16, 2025 12:40 PM

Tags: encryption, incident response, ransomware

The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/talos-ir-ransomware-engagements-and-the-significance-of-timeliness-in-incident-response/
APJ Ransomware Demands Drop 50%, Yet 54% Firms Pay Hackers

Jul 14, 2025 12:40 PM

Tags: attack, defense, encryption, hacker, ransomware, service, sophos, threat

Experts Say MDR Services and Proactive Defense Can Break the Payment Cycle APJ organizations face a ransomware paradox: demands dropped 50% to $500,000, yet 54% paid the threat actors. The new Sophos report shows why firms continue paining, how successful negotiations work and what proactive defenses can stop attacks before encryption begins First seen on…
Rockerbox Data Breach Exposes 245,949 Users’ SSNs and Driver’s Licenses

Jul 11, 2025 3:40 PM

Tags: breach, cyber, cybersecurity, data, data-breach, encryption, password

Jeremiah Fowler, an ethical researcher, discovered an unsecured database with 245,949 entries totaling 286.9 GB in a huge cybersecurity issue. The database was assumed to be owned by Rockerbox, a tax credit consulting organization situated in Texas. The exposed repository, lacking encryption and password protection, housed a trove of personally identifiable information (PII), including full…
Post-Quanten-Kryptografie in der Praxis: Warum hybride Verschlüsselung oft der bessere Weg ist

Jul 9, 2025 6:39 PM

Tags: encryption, infrastructure, tool

Auch wenn die Umstellung zunächst überwältigend wirken mag: Mit den richtigen Tools lässt sie sich gut beherrschen. Moderne, automatisierte Lösungen zum Management der Public Key Infrastructure (PKI) helfen dabei First seen on infopoint-security.de Jump to article: www.infopoint-security.de/post-quanten-kryptografie-in-der-praxis-warum-hybride-verschluesselung-oft-der-bessere-weg-ist/a41346/
AiLock Ransomware Emerges with Hybrid Encryption Tactics: ChaCha20 Meets NTRUEncrypt

Jul 7, 2025 5:34 PM

Tags: cyber, cybersecurity, data, encryption, leak, malicious, ransom, ransomware, service, tactics

The AiLock ransomware organization, which Zscaler first discovered in March 2025, has become a powerful force in the ransomware-as-a-service (RaaS) market, which is a frightening trend for cybersecurity professionals. This malicious entity operates with a sophisticated structure, leveraging both a negotiation site to extract ransoms from victims and a Data Leak Site (DLS) to threaten…
Linux Boot Vulnerability Lets Attackers Bypass Secure Boot Protections

Jul 7, 2025 10:34 AM

Tags: cyber, defense, encryption, exploit, guide, linux, password, vulnerability

A newly highlighted vulnerability in the Linux boot process exposes a critical weakness in the security posture of many modern distributions. Despite widespread adoption of Secure Boot, full-disk encryption, and bootloader passwords, attackers can still bypass these defenses by exploiting the Initial RAM Filesystem (initramfs) debug shell”, a loophole often overlooked in hardening guides, as…
Aegis Authenticator: Free, open-source 2FA app for Android

Jul 7, 2025 8:34 AM

Tags: 2fa, android, encryption, login, open-source

Aegis Authenticator is an open-source 2FA app for Android that helps you manage login codes for your online accounts. The app features strong encryption and the ability to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/07/aegis-2fa-authenticator-free-open-source-android/
Hunters International Is Not Shutting Down, It’s Rebranding

Jul 4, 2025 2:35 PM

Tags: cyber, encryption, extortion, group, international, leak, ransomware

Some admins of Hunters International are now part of the encryption-less cyber extortion group World Leaks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-hunters-international/
Why every company needs a travel security program

Jul 2, 2025 11:34 AM

Tags: access, advisory, awareness, business, china, conference, corporate, credentials, cyber, encryption, government, Hardware, infrastructure, intelligence, international, iran, mfa, middle-east, network, password, resilience, risk, risk-assessment, russia, service, social-engineering, strategy, threat, ukraine, vpn

Geopolitical flashpoints are multiplying: The war in Ukraine continues to destabilize Europe’s eastern edge. In the Middle East, recent US airstrikes on Iranian nuclear facilities have escalated tensions involving Iran, Israel, and the United States, triggering a worldwide caution advisory and rerouting international air traffic. Demonstrations targeting Western business interests are growing in scale and…
Ghost in the Machine: A Spy’s Digital Lifeline

Jul 1, 2025 5:34 PM

Tags: access, ai, attack, authentication, best-practice, cloud, communications, control, country, crypto, cyber, data, encryption, endpoint, framework, government, Hardware, identity, infrastructure, intelligence, jobs, law, linux, mfa, military, network, resilience, risk, software, spy, strategy, technology, threat, tool, vpn, windows, zero-trust
New C4 Bomb Attack Breaks Through Chrome’s AppBound Cookie Protections

Jul 1, 2025 12:34 PM

Tags: attack, breach, browser, chrome, credentials, cyber, cybersecurity, data, encryption, google, risk, theft

Cybersecurity researchers have unveiled a new attack”, dubbed the “C4 Bomb” (Chrome Cookie Cipher Cracker)”, that successfully bypasses Google Chrome’s much-touted AppBound Cookie Encryption. This breakthrough exposes millions of users to renewed risks of cookie theft, credential compromise, and potential data breaches, despite Google’s recent efforts to harden Chrome against infostealer malware. AppBound Cookie Encryption…
Cloudflare open-sources Orange Meets with End-to-End encryption

Jun 29, 2025 6:34 PM

Tags: encryption, open-source

Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudflare-open-sources-orange-meets-with-end-to-end-encryption/