Collecting Cyber-News from over 60 sources

Tag: encryption

Ab 2026: EU-Staaten sollen auf Post-Quanten-Kryptografie wechseln

Jun 24, 2025 4:35 PM

Tags: encryption, nis-2

Ein EU-Gremium hat den Zeitplan für den Wechsel auf quantensichere Verschlüsselung vorgestellt. Den sollten sich auch NIS2 unterliegende Unternehmen ansehen. First seen on golem.de Jump to article: www.golem.de/news/ab-2026-eu-staaten-sollen-auf-post-quanten-kryptografie-wechseln-2506-197412.html
Unstructured Data Management: Closing the Gap Between Risk and Response

Jun 24, 2025 11:35 AM

Tags: access, ai, business, cio, ciso, cloud, compliance, control, data, email, encryption, finance, framework, GDPR, HIPAA, intelligence, monitoring, PCI, regulation, risk, service, software, strategy, threat, update, windows

Unstructured Data Management: Closing the Gap Between Risk and Response madhav Tue, 06/24/2025 – 05:44 The world is producing data at an exponential rate. With generative AI driving 90% of all newly created content, organizations are overwhelmed by an ever-growing data estate. More than 181 zettabytes of data now exist globally”, and 80% of it…
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages

Jun 23, 2025 8:35 AM

Tags: cyber, encryption, flaw, Hardware, open-source, risk, vulnerability

A severe cryptographic vulnerability in the popular open-source Meshtastic project allows attackers to decrypt private messages and hijack nodes across LoRa mesh networks. This flaw stems from duplicated encryption keys and insufficient randomness during key generation. The issue affects multiple hardware platforms and poses significant risks to users relying on Meshtastic for secure off-grid communication…
Aflac: ‘Cybercrime Campaign’ Is Targeting Insurance Industry

Jun 21, 2025 12:35 AM

Tags: cyber, cybercrime, encryption, incident, insurance, ransomware

Experts Suspect Scattered Spider Is Behind Rash of Recent Insurer Breaches. Aflac is the latest insurance company dealing with a cyberattack. The company is investigating a cyber incident that did not involve ransomware encryption of its IT systems, but did potentially compromise data. Experts suspect Scattered Spider is behind the recent rash of insurance incidents.…
Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds

Jun 20, 2025 7:35 PM

Tags: access, advisory, ai, api, apple, attack, authentication, best-practice, business, cisa, cisco, cloud, conference, container, control, credentials, cve, cyber, cybersecurity, data, data-breach, detection, email, encryption, endpoint, exploit, google, governance, government, group, guide, hacker, Hardware, identity, infrastructure, intelligence, Internet, kubernetes, linux, macOS, microsoft, mitigation, mobile, monitoring, network, oracle, password, phishing, ransomware, risk, russia, service, social-engineering, software, sql, strategy, tactics, technology, threat, tool, update, vmware, vulnerability, windows

Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system security, just-in-time access, CIS Benchmarks and more! Dive into six things that are top…
Two Insurers Say Ongoing Outages Not Ransomware-Based

Jun 20, 2025 3:35 PM

Tags: encryption, insurance, network, ransomware

Erie Insurance and Philadelphia Insurance Still Recovering From Separate Attacks. Statements by Erie Indemnity Co. and Philadelphia Insurance Companies indicate that voluntary decisions to disconnect their systems from the network – not ransomware encryption – have disrupted operations over the past 10 days since the carriers were hit with separate cyberattacks. First seen on govinfosecurity.com…
Sicherheit von Embedded-Systemen: Anforderungen und Regularien Lösungsansatz für Nachrüstbarkeit

Jun 20, 2025 7:36 AM

Tags: encryption, iot

Embedded-Systeme haben ihre eigenen, ganz spezifischen Sicherheitsanforderungen. Im Interview erklärt Roland Marx, Senior Product Manager Embedded IoT Solutions, Swissbit AG warum Security by Design für IoT-Geräte von den Entwicklern gefordert werden muss und wie bestehende (unsichere) Systeme mit einem Secure Element als digitalen Ausweis, mit eindeutiger Identifikation und Verschlüsselung, nachgerüstet werden können. First seen on…
Two Insurers Say Ongoing Outages Are Not Caused by Ransomware

Jun 19, 2025 11:35 PM

Tags: encryption, insurance, network, ransomware

Erie Insurance and Philadelphia Insurance Still Recovering From Separate Attacks. Statements by Erie Indemnity Co. and Philadelphia Insurance Companies indicate that voluntary decisions to disconnect their systems from the network – not ransomware encryption – have disrupted operations over the past 10 days since the carriers were hit with separate cyberattacks. First seen on govinfosecurity.com…
Foreign aircraft, domestic risks

Jun 19, 2025 5:36 PM

Tags: access, attack, authentication, best-practice, blueteam, breach, computer, control, cyber, cybersecurity, data, defense, detection, encryption, firmware, framework, government, Hardware, injection, leak, malicious, malware, monitoring, network, nist, phone, risk, software, supply-chain, technology, threat, update, vulnerability

Condensed threat matrix Legacy protocols create new attack surfaces : One of the banes of the OT world is the reliance on legacy technology that cannot easily be patched or upgraded without causing major disruptions. Similarly, the Boeing 747-8 employs a hybrid bus architecture. While it integrates modern flight management technologies like the Thales TopFlight Flight…
Secure your data throughout its lifecycle with EndEnd Data Protection

Jun 19, 2025 11:03 AM

Tags: access, ai, business, cloud, compliance, computing, control, data, dora, encryption, finance, fraud, healthcare, intelligence, nist, privacy, software, strategy, training, unauthorized, vulnerability, zero-trust

Secure your data throughout its lifecycle with End-to-End Data Protection madhav Thu, 06/19/2025 – 04:53 To most of us, perhaps unknowingly, data is everything. Whether it is a groundbreaking idea, sensitive health records, or confidential business strategies, data underpins both our personal and professional lives. That is why protecting it at every stage (at rest,…
Security, risk and compliance in the world of AI agents

Jun 17, 2025 4:54 PM

Tags: access, ai, api, attack, automation, business, compliance, control, credentials, data, encryption, finance, framework, governance, grc, identity, infection, injection, ISO-27001, jobs, LLM, monitoring, password, privacy, regulation, resilience, risk, service, tool, training

Understand and interpret natural language Access internal and external data sources dynamically Invoke tools (like APIs, databases, search engines) Carry memory to recall prior interactions or results Chain logic to reason through complex multi-step tasks They may be deployed through: Open-source frameworks like LangChain or Semantic Kernel Custom-built agent stacks powered by internal LLM APIs Hybrid orchestration models integrated across business platforms Real-world examples…
Securing the Future Together: Why Thales and HPE are the Partners You Can Trust

Jun 17, 2025 2:54 PM

Tags: access, ai, application-security, banking, business, cloud, compliance, computing, control, cryptography, cyber, cyberattack, data, dora, encryption, GDPR, government, Hardware, healthcare, infrastructure, network, nis-2, PCI, resilience, risk, service, software, strategy, threat

Securing the Future Together: Why Thales and HPE are the Partners You Can Trust madhav Tue, 06/17/2025 – 05:15 Across every industry, data drives decisions, innovation, and growth. As organizations modernize with hybrid cloud and AI, the risks to that data scale are just as fast. From sophisticated cyberattacks to increasingly stringent compliance demands, the…
New Anubis RaaS includes a wiper module

Jun 16, 2025 2:54 PM

Tags: encryption, ransom

Anubis RaaS now includes a wiper module, permanently deleting files. Active since Dec 2024, it launched an affiliate program in Feb 2025. Anubis is a new RaaS that combines file encryption capability with a rare “wipe mode,” permanently deleting files and preventing recovery even after ransom payment. Anubis operates a flexible affiliate program that has…
Anubis Ransomware Introduces Irreversible File Destruction Feature

Jun 16, 2025 12:54 PM

Tags: cyber, cybercrime, encryption, ransomware, service

A new and menacing player has emerged in the cybercrime landscape with the introduction of Anubis, a Ransomware-as-a-Service (RaaS) operation that blends traditional file encryption with a devastating file destruction capability. Active since December 2024, Anubis has quickly gained notoriety in 2025 for its unique >>wipe mode
Salesforce Industry Cloud riddled with configuration risks

Jun 16, 2025 11:54 AM

Tags: access, api, attack, authentication, cloud, control, cve, data, defense, encryption, mitigation, password, risk, unauthorized

Low-code components that do not enforce access control checks or respect encrypted data fields by defaultWorkflow code that is executable by external or unauthenticated usersCaching mechanisms that can lead to bypassed access controlsPoorly developed off-platform applications that can result in API token theftSensitive API keys and other data embedded directly into components that can be…
Trend Micro patches four 9.8 bugs in encryption PolicyServer products

Jun 13, 2025 10:54 PM

Tags: encryption

First seen on scworld.com Jump to article: www.scworld.com/news/trend-micro-patches-four-98-bugs-in-encryption-policyserver-products
Cybersecurity Snapshot: NIST Offers Zero Trust Implementation Advice, While OpenAI Shares ChatGPT Misuse Incidents

Jun 13, 2025 7:54 PM

Tags: access, ai, attack, best-practice, breach, chatgpt, china, cloud, computer, computing, control, credentials, crime, cyber, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, encryption, endpoint, exploit, finance, fraud, government, guide, Hardware, identity, infrastructure, intelligence, Internet, iot, korea, law, least-privilege, linkedin, malicious, malware, military, ml, mobile, monitoring, network, nist, north-korea, openai, phishing, phone, programming, ransomware, risk, russia, scam, service, social-engineering, software, supply-chain, technology, theft, threat, tool, update, vulnerability, zero-trust

Check out NIST best practices for adopting a zero trust architecture. Plus, learn how OpenAI disrupted various attempts to abuse ChatGPT. In addition, find out what Tenable webinar attendees said about their exposure management experiences. And get the latest on cyber crime trends, a new cybersecurity executive order and more! Dive into six things that…
Fog ransomware gang abuses employee monitoring tool in unusual multi-stage attack

Jun 13, 2025 3:54 PM

Tags: attack, china, cloud, control, corporate, encryption, espionage, exploit, google, group, intelligence, microsoft, monitoring, network, open-source, penetration-testing, ransomware, service, threat, tool

Open-source pen testers for executing commands: Another peculiarity observed in the attack was the use of open-source penetration testing tools, like GC2 and Adaptix C2, rarely seen with ransomware attacks.Google Command and Control (GC2) is an open-source post-exploitation tool that allows attackers to control compromised systems using legitimate cloud services like Google Sheets and Google…
Apple encryption row: Does law enforcement need to use Technical Capability Notices?

Jun 13, 2025 12:54 PM

Tags: apple, backdoor, encryption, law, office

History shows that law enforcement can bring successful prosecutions without the need for the Home Office to introduce ‘backdoors’ into end-to-end encryption First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625826/Apple-encryption-row-Does-law-enforcement-need-to-use-Technical-Capability-Notices
Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer

Jun 13, 2025 10:54 AM

Tags: authentication, encryption, endpoint, remote-code-execution, vulnerability

Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. Trend Micro address remote code execution and authentication bypass vulnerabilities impacting its Endpoint Encryption (TMEE) PolicyServer and Apex Central solutions. Trend Micro Endpoint Encryption PolicyServer is a centralized management server used in Trend Micro’s Endpoint Encryption solution. It acts…
WhatsApp Backs Apple Over Encryption Fight With UK

Jun 13, 2025 12:54 AM

Tags: apple, ceo, encryption, government, law, office

WhatsApp CEO Says UK Request Sets Dangerous Precedent. Instant messaging app WhatsApp is seeking to join Apple’s legal battle with the U.K. government over end-to-end encryption. Apple is challenging a Home Office order requiring the device maker to provide law enforcement with unencrypted copies of customer data. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/whatsapp-backs-apple-over-encryption-fight-uk-a-28685
Trend Micro fixes critical vulnerabilities in multiple products

Jun 12, 2025 9:54 PM

Tags: authentication, encryption, endpoint, remote-code-execution, update, vulnerability

Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserver/
New Cybersecurity Executive Order: What You Need To Know

Jun 11, 2025 8:55 PM

Tags: ai, cisa, cloud, communications, compliance, computing, control, cyber, cybersecurity, data, defense, detection, encryption, exploit, fedramp, framework, government, identity, incident response, infrastructure, Internet, iot, network, office, privacy, programming, resilience, risk, service, software, supply-chain, technology, threat, update, vulnerability, vulnerability-management, zero-trust

A new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development. On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces…
Government using national security as ‘smokescreen’ in Apple encryption row

Jun 11, 2025 5:55 PM

Tags: apple, encryption, government, Internet, office

Senior conservative MP David Davis says the Home Office should disclose how many secret orders it has issued against telecoms and internet companies to Parliament First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625724/Government-using-national-security-as-smokescreen-in-Apple-encryption-row
WhatsApp moves to join Apple’s encryption fight with UK government

Jun 11, 2025 3:55 PM

Tags: access, apple, encryption, government

Apple could have a new ally in its fight with the British government over whether it can be forced to retain access to the content of people’s iCloud accounts in order to comply with legal warrants. First seen on therecord.media Jump to article: therecord.media/whatsapp-uk-encryption-fight-apple
Encryption and decryption: The foundation of data protection

Jun 9, 2025 10:54 PM

Tags: data, encryption

First seen on scworld.com Jump to article: www.scworld.com/native/encryption-and-decryption-the-foundation-of-data-protection
Commvault Expands Post-Quantum Encryption to Counter ‘Harvest Now, Decrypt Later’ Threats

Jun 9, 2025 10:54 PM

Tags: encryption, threat

First seen on scworld.com Jump to article: www.scworld.com/news/commvault-expands-post-quantum-encryption-to-counter-harvest-now-decrypt-later-threats
Can Online Casino Accounts Be Hacked?

Jun 9, 2025 9:55 PM

Tags: attack, breach, credentials, data-breach, encryption, exploit, hacker, risk

Online casino platforms are not immune to compromise, but the most successful breaches don’t happen through the front door. They happen when users bring bad habits to high-risk environments. For hackers, it’s rarely about breaking encryption, it’s about exploiting behavior. Exposed Credentials Still Drive Most Attacks The majority of online casino account breaches don’t start…
US lawmakers say UK has ‘gone too far’ by attacking Apple’s encryption

Jun 9, 2025 4:54 PM

Tags: apple, backdoor, cloud, encryption

US politicians are calling for Congress to rewrite the US Cloud Act to prevent the UK issuing orders to require US tech companies to introduce ‘backdoors’ in end-to-end encrypted messaging and storage First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625614/US-lawmakers-say-UK-has-gone-too-far-by-attacking-Apples-encryption
CISOs reposition their roles for business leadership

Jun 9, 2025 12:54 PM

Tags: access, business, cio, ciso, cyber, cybersecurity, encryption, finance, framework, group, incident response, intelligence, international, risk, service, strategy, technology, unauthorized, vulnerability, vulnerability-management, zero-trust

Amit Basu, VP, CIO, and CISO, International Seaways International SeawaysIt’s up to the CISO to gain the trust of the management team and the board so they understand that security is not an IT issue or a technical problem, Basu stresses. It requires “emotional intelligence,” as well as some boldness and visionary leadership, he says.Basu’s…