Collecting Cyber-News from over 60 sources

Tag: encryption

âš¡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More

Jul 21, 2025 2:41 PM

Tags: attack, browser, chrome, encryption, exploit, macOS, nvidia, rce, remote-code-execution, spyware, tool, zero-day

Even in well-secured environments, attackers are getting in”, not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected.These attacks don’t depend on zero-days. They work by staying unnoticed”, slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious…
DORA Oversight Guide publiziert: Finanzunternehmen sollten sich dringend mit Verschlüsselung und Schlüsselhoheit befassen

Jul 21, 2025 12:40 AM

Tags: dora, encryption, guide

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/dora-oversight-guide-finanzunternehmen-verschluesselung-schluesselhoheit
Threat actors scanning for apps incorporating vulnerable Spring Boot tool

Jul 19, 2025 1:40 AM

Tags: access, attack, authentication, ciso, compliance, country, credentials, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, finance, flaw, governance, group, hacker, incident response, infrastructure, Internet, kev, nist, organized, password, risk, technology, threat, tool, vulnerability, zero-day

/health endpoints, commonly used to detect internet-exposed Spring Boot deployments. If vulnerable implementations of apps, including TeleMessage SGNL, are found, they could be exploited to steal sensitive data in heap memory, including plaintext usernames and passwords. The hole is serious enough that it was added this week to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited…
DORA-Oversight-Guide Was Finanzunternehmen jetzt über Verschlüsselung und Schlüsselhoheit wissen müssen

Jul 17, 2025 2:40 PM

Tags: cloud, dora, encryption, guide

Am 15. Juli 2025 veröffentlichten die europäischen Aufsichtsbehörden (ESA) den ersten , ein entscheidendes Dokument, das die künftige Überwachung kritischer IKT-Drittdienstleister konkretisiert. Im Zentrum steht der Aufbau sogenannter Joint-Examination-Teams (JETs) zur europaweiten Kontrolle von Cloud-Anbietern, Softwarelieferanten und anderen wichtigen Drittparteien. Doch der Guide enthält weit mehr als nur organisatorische Hinweise. Insbesondere Artikel 5.4.1 […] First…
Talos IR ransomware engagements and the significance of timeliness in incident response

Jul 16, 2025 12:40 PM

Tags: encryption, incident response, ransomware

The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/talos-ir-ransomware-engagements-and-the-significance-of-timeliness-in-incident-response/
APJ Ransomware Demands Drop 50%, Yet 54% Firms Pay Hackers

Jul 14, 2025 12:40 PM

Tags: attack, defense, encryption, hacker, ransomware, service, sophos, threat

Experts Say MDR Services and Proactive Defense Can Break the Payment Cycle APJ organizations face a ransomware paradox: demands dropped 50% to $500,000, yet 54% paid the threat actors. The new Sophos report shows why firms continue paining, how successful negotiations work and what proactive defenses can stop attacks before encryption begins First seen on…
Rockerbox Data Breach Exposes 245,949 Users’ SSNs and Driver’s Licenses

Jul 11, 2025 3:40 PM

Tags: breach, cyber, cybersecurity, data, data-breach, encryption, password

Jeremiah Fowler, an ethical researcher, discovered an unsecured database with 245,949 entries totaling 286.9 GB in a huge cybersecurity issue. The database was assumed to be owned by Rockerbox, a tax credit consulting organization situated in Texas. The exposed repository, lacking encryption and password protection, housed a trove of personally identifiable information (PII), including full…
Post-Quanten-Kryptografie in der Praxis: Warum hybride Verschlüsselung oft der bessere Weg ist

Jul 9, 2025 6:39 PM

Tags: encryption, infrastructure, tool

Auch wenn die Umstellung zunächst überwältigend wirken mag: Mit den richtigen Tools lässt sie sich gut beherrschen. Moderne, automatisierte Lösungen zum Management der Public Key Infrastructure (PKI) helfen dabei First seen on infopoint-security.de Jump to article: www.infopoint-security.de/post-quanten-kryptografie-in-der-praxis-warum-hybride-verschluesselung-oft-der-bessere-weg-ist/a41346/
AiLock Ransomware Emerges with Hybrid Encryption Tactics: ChaCha20 Meets NTRUEncrypt

Jul 7, 2025 5:34 PM

Tags: cyber, cybersecurity, data, encryption, leak, malicious, ransom, ransomware, service, tactics

The AiLock ransomware organization, which Zscaler first discovered in March 2025, has become a powerful force in the ransomware-as-a-service (RaaS) market, which is a frightening trend for cybersecurity professionals. This malicious entity operates with a sophisticated structure, leveraging both a negotiation site to extract ransoms from victims and a Data Leak Site (DLS) to threaten…
Linux Boot Vulnerability Lets Attackers Bypass Secure Boot Protections

Jul 7, 2025 10:34 AM

Tags: cyber, defense, encryption, exploit, guide, linux, password, vulnerability

A newly highlighted vulnerability in the Linux boot process exposes a critical weakness in the security posture of many modern distributions. Despite widespread adoption of Secure Boot, full-disk encryption, and bootloader passwords, attackers can still bypass these defenses by exploiting the Initial RAM Filesystem (initramfs) debug shell”, a loophole often overlooked in hardening guides, as…
Aegis Authenticator: Free, open-source 2FA app for Android

Jul 7, 2025 8:34 AM

Tags: 2fa, android, encryption, login, open-source

Aegis Authenticator is an open-source 2FA app for Android that helps you manage login codes for your online accounts. The app features strong encryption and the ability to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/07/aegis-2fa-authenticator-free-open-source-android/
Hunters International Is Not Shutting Down, It’s Rebranding

Jul 4, 2025 2:35 PM

Tags: cyber, encryption, extortion, group, international, leak, ransomware

Some admins of Hunters International are now part of the encryption-less cyber extortion group World Leaks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ransomware-hunters-international/
Why every company needs a travel security program

Jul 2, 2025 11:34 AM

Tags: access, advisory, awareness, business, china, conference, corporate, credentials, cyber, encryption, government, Hardware, infrastructure, intelligence, international, iran, mfa, middle-east, network, password, resilience, risk, risk-assessment, russia, service, social-engineering, strategy, threat, ukraine, vpn

Geopolitical flashpoints are multiplying: The war in Ukraine continues to destabilize Europe’s eastern edge. In the Middle East, recent US airstrikes on Iranian nuclear facilities have escalated tensions involving Iran, Israel, and the United States, triggering a worldwide caution advisory and rerouting international air traffic. Demonstrations targeting Western business interests are growing in scale and…
Ghost in the Machine: A Spy’s Digital Lifeline

Jul 1, 2025 5:34 PM

Tags: access, ai, attack, authentication, best-practice, cloud, communications, control, country, crypto, cyber, data, encryption, endpoint, framework, government, Hardware, identity, infrastructure, intelligence, jobs, law, linux, mfa, military, network, resilience, risk, software, spy, strategy, technology, threat, tool, vpn, windows, zero-trust
New C4 Bomb Attack Breaks Through Chrome’s AppBound Cookie Protections

Jul 1, 2025 12:34 PM

Tags: attack, breach, browser, chrome, credentials, cyber, cybersecurity, data, encryption, google, risk, theft

Cybersecurity researchers have unveiled a new attack”, dubbed the “C4 Bomb” (Chrome Cookie Cipher Cracker)”, that successfully bypasses Google Chrome’s much-touted AppBound Cookie Encryption. This breakthrough exposes millions of users to renewed risks of cookie theft, credential compromise, and potential data breaches, despite Google’s recent efforts to harden Chrome against infostealer malware. AppBound Cookie Encryption…
Cloudflare open-sources Orange Meets with End-to-End encryption

Jun 29, 2025 6:34 PM

Tags: encryption, open-source

Cloudflare has implemented end-to-end encryption (E2EE) to its video calling app Orange Meets and open-sourced the solution for transparency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudflare-open-sources-orange-meets-with-end-to-end-encryption/
Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat

Jun 27, 2025 6:36 PM

Tags: access, advisory, ai, api, attack, authentication, best-practice, cisa, computer, computing, crypto, cryptography, cyber, cybersecurity, data, defense, encryption, exploit, finance, framework, google, governance, government, group, hacker, healthcare, infrastructure, injection, intelligence, Internet, iran, login, mfa, military, mitigation, mitre, network, nist, passkey, password, programming, ransomware, risk, rust, service, software, strategy, tactics, technology, terrorism, threat, tool, training, vulnerability, warfare

Check out the U.S. government’s latest call for developers to use memory-safe programming languages, as well as its warning for cybersecurity teams regarding cyber risk from hackers tied to Iran. Plus, get the latest on ransomware trends, the quantum computing cyber threat and more! Dive into five things that are top of mind for the…
How to Keep Client Data Safe in a World Full of Online Threats

Jun 27, 2025 2:36 PM

Tags: access, cloud, control, data, encryption, strategy, threat, training

Businesses, big or small, must prioritize data security not only to maintain trust but also to stay compliant with evolving regulations. This article explores practical, actionable strategies to safeguard client information, including encryption, access control, employee training, and secure cloud practices. Learn how to build a resilient security culture that protects your clients and your…
Let’s Encrypt Launches 6-Day Certificates for IP-Based SSL Encryption

Jun 27, 2025 2:36 PM

Tags: cyber, encryption, Internet, update

Let’s Encrypt, the world-renowned free Certificate Authority (CA), is on the verge of a significant milestone: issuing SSL/TLS certificates for IP addresses, a long-awaited feature that promises to enhance security for a broader range of internet-connected devices and services. In a recent update, Let’s Encrypt staff member JamesLE announced that the organization is preparing to…
E Ende-zu-Ende-Verschlüsselung in Gmail

Jun 27, 2025 12:36 PM

Tags: encryption, google, mail

First seen on security-insider.de Jump to article: www.security-insider.de/ende-zu-ende-verschluesselung-in-gmail-a-c8970726ec782863d74d0c04a3b27dd2/
SAP-Schwachstellen gefährden Windows-Nutzerdaten

Jun 26, 2025 3:36 PM

Tags: access, compliance, cve, cvss, cyberattack, encryption, fortinet, GDPR, PCI, phishing, risk, sap, spear-phishing, update, vulnerability, windows

Schwachstellen in SAP GUI geben sensible Daten durch schwache oder fehlende Verschlüsselung preis.Die Forscher Jonathan Stross von Pathlock, und Julian Petersohn von Fortinet warnen vor zwei neuen Sicherheitslücken in einer Funktion von SAP GUI, die für die Speicherung der Benutzereingaben in den Windows- (CVE-2025-0055) und Java-Versionen (CVE-2025-0056) zuständig ist .Dadurch werden sensible Informationen wie Benutzernamen,…
Protecting Business Data From Unauthorized Encryption Threats

Jun 26, 2025 10:36 AM

Tags: business, data, encryption, threat, unauthorized

Your business operates in an online environment where unauthorized encryption of data isn’t just possible, it’s probable. The… First seen on hackread.com Jump to article: hackread.com/protecting-business-data-unauthorized-encryption-threats/
Bridewell report indicates rise in lone wolf ransomware actors

Jun 26, 2025 5:36 AM

Tags: attack, cybersecurity, data, encryption, extortion, ransomware, service, strategy, theft, threat

Bridewell, a UK-based cybersecurity services company, has released its latest CTI Annual Report a comprehensive deep dive into ransomware trends. It highlighted a significant shift in attack strategies, payment dynamics and threat actor behaviours, revealing that data theft and extortion have overtaken traditional encryption-only ransomware as the most successful approach for attackers. While encryption-based The…
Protect Your Privacy: Best Secure Messaging Apps in 2025

Jun 25, 2025 10:35 PM

Tags: data, encryption, privacy

Looking for the safest way to chat in 2025? Explore the best secure messaging apps with end-to-end encryption and zero data tracking. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/cybersecurity/best-secure-messaging-apps/
SAP GUI flaws expose sensitive data via weak or no encryption

Jun 25, 2025 3:36 PM

Tags: attack, breach, cve, data, encryption, exploit, flaw, phishing, sap, spear-phishing, threat, update, vulnerability, windows

The impact could be much greater: Dani noted that a breach through these vulnerabilities can facilitate further targeted attacks. “Not undermining the fact that this extracted data provides attackers with enough gunpowder for reconnaissance activities, a threat actor could comprehend organizational structure, usage patterns, and system configurations from the exploitation of these vulnerabilities and weaponize…
SAP GUI Input History Found Vulnerable to Weak Encryption

Jun 25, 2025 3:36 PM

Tags: data, encryption, sap, vulnerability

Two SAP GUI vulnerabilities have been identified exposing sensitive data due to weak encryption in input history features First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sap-gui-vulnerable-weak-encryption/
UK govt dept website that campaigns against encryption hijacked to advertise … payday loans

Jun 25, 2025 12:35 PM

Tags: encryption, government

Company at center of findings blamed SEO on outsourcer First seen on theregister.com Jump to article: www.theregister.com/2025/06/25/home_office_antiencryption_campaign_website/
Managing Encryption Keys vs. Access Keys

Jun 25, 2025 10:35 AM

Tags: access, encryption

6 min readNot all keys are created equal, and treating them as if they are can quietly introduce risk. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/managing-encryption-keys-vs-access-keys/
The tiny amplifier that could supercharge quantum computing

Jun 25, 2025 8:35 AM

Tags: ai, computer, computing, encryption

Quantum computers are built to handle problems that are far too complex for today’s machines. They could lead to major advances in areas like drug development, encryption, AI, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/25/quantum-amplifier-breakthrough/
Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware

Jun 24, 2025 10:35 PM

Tags: access, adware, ai, antivirus, attack, chatgpt, cloud, control, crypto, data, detection, dns, encryption, exploit, fraud, google, injection, malicious, malware, microsoft, monitoring, network, password, software, threat, tool, update, windows, wordpress

IntroductionZscaler ThreatLabz researchers recently uncovered AI-themed websites designed to spread malware. The threat actors behind these attacks are exploiting the popularity of AI tools like ChatGPT and Luma AI. These websites are utilizing platforms such as WordPress and are designed to poison search engine rankings and increase the probability of unsuspecting users landing on these…