Tag: encryption
-
What is an encryption backdoor?
Talk of backdoors in encrypted services is once again doing the rounds after reports emerged that the U.K. government is seeking to force Apple to open up iCloud’s end-to-end encrypted (E2EE) device backup offering. Officials were said to be leaning on Apple to create a >>backdoor
-
The Official DOGE Website Launch Was a Security Mess
Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire. First seen on wired.com Jump to article: www.wired.com/story/the-official-doge-website-launch-was-a-security-mess/
-
Trump Admin Sought To Counter UK-ordered iCloud Encryption Backdoor
First seen on scworld.com Jump to article: www.scworld.com/brief/trump-admin-sought-to-counter-uk-ordered-icloud-encryption-backdoor
-
Technical Analysis of Xloader Versions 6 and 7 – Part 2
Tags: cloud, communications, control, data, encryption, malware, network, reverse-engineering, threat, updateThis is Part 2 of our two-part technical analysis on Xloader versions 6 and 7. For details on how Xloader conceals its critical code and data, go to Part 1.IntroductionIn Part 2 of this blog series, we examine how Xloader obfuscates the command-and-control (C2) code and data to complicate analysis. We will also delve into…
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
‘Pssst”¦vertraulich!” – Cloud Computing mit Laufzeit-Verschlüsselung
First seen on security-insider.de Jump to article: www.security-insider.de/nis-2-richtlinie-it-sicherheit-cloud-computing-a-11bbfffa3cd1afbefecba15de879672f/
-
RedNote App Security Flaw Exposes User Files on iOS and Android Devices
Serious security vulnerabilities have been uncovered in the popular social media and content-sharing app, RedNote, compromising the privacy and security of millions of users globally. Researchers revealed critical flaws allowing attackers to intercept sensitive user data, access device files, and exploit insecure encryption mechanisms on iOS and Android platforms. The app’s use of inadequate cryptographic…
-
QuSecure CEO Rebecca Krauthamer on AI and Quantum Security
New CEO Emphasizes Cryptographic Agility, Aims to Simplify Post-Quantum Migration. Rebecca Krauthamer steps into the CEO role at QuSecure, leading the company’s efforts in post-quantum cryptography. With fresh funding from Two Bear Capital and Accenture, she focuses on cryptographic agility to help organizations transition to quantum-safe encryption and thwart AI-driven threats. First seen on govinfosecurity.com…
-
Ermittler zerschlagen Ransomware-Gruppierung 8Base
Die Gruppierung 8Base nutzte die Ransomware ‘Phobos” und agierte weltweit als höchst professionelle kriminelle Organisation. In Deutschland fanden 365 Phobos-Angriffe statt.Ermittlern aus Bayern ist es zusammen mit internationalen Partnern gelungen, mehrere mutmaßliche Mitglieder einer Gruppe von Cyberkriminellen festzunehmen. Vier führende Köpfe der Gruppierung mit dem Namen 8Base seien in Thailand festgenommen worden, teilte die Zentralstelle…
-
Hacker allegedly puts massive OmniGPT breach data for sale on the dark web
Tags: ai, breach, china, compliance, cybersecurity, dark-web, data, data-breach, encryption, GDPR, hacker, india, toolOmniGPT’s has yet to respond: OmniGPT has not publicly acknowledged the breach or any attack. CSO reached out to the company for comments but did not receive a response till the publishing of this article.If confirmed, OmniGPT stands to face more than reputational damage as the AI aggregator might be looking at some data compliance…
-
Daten-Verschlüsselung – ‘Da müssen wir uns schon sorgen” Gefahr durch Quantencomputer
Quantencomputer sind extrem schnell und können viel mehr als normale Computer. Der gewaltige Fortschritt birgt auch Risiken, etwa für die Finanzbranche. Ein Experte erklärt, wie sich weltweit die Verschlüsselung von wichtigen Daten verändert. First seen on welt.de Jump to article: www.welt.de/wissenschaft/article255369128/Daten-Verschluesselung-Da-muessen-wir-uns-schon-sorgen-Gefahr-durch-Quantencomputer.html
-
Reported UK-ordered iCloud encryption backdoor slammed
First seen on scworld.com Jump to article: www.scworld.com/brief/reported-uk-ordered-icloud-encryption-backdoor-slammed
-
US indicts 8Base ransomware operators for Phobos encryption attacks
The U.S. Justice Department announced the names of two Phobos ransomware affiliates arrested yesterday in Thailand, charging them on 11 counts due to their involvement in more than a thousand cyberattacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-indicts-8base-ransomware-operators-for-phobos-encryption-attacks/
-
AMD schließt schwere Microcode-Sicherheitslücke per Microcode-Update
Bei Cloud-Servern mit Epyc-Prozessoren lässt sich die RAM-Verschlüsselung zur Abschottung virtueller Maschinen aushebeln. Erste Updates stehen bereit. First seen on heise.de Jump to article: www.heise.de/news/AMD-schliesst-schwere-Microcode-Sicherheitsluecke-per-Microcode-Update-10278175.html
-
Security Researchers Warn of New Risks in DeepSeek AI App
Weak Encryption, Data Transfers to China, Hidden ByteDance Links Found. Security researchers found DeepSeek AI has weak encryption, SQL injection flaws and sends user data to Chinese state-linked entities. Its AI model failed jailbreak tests, making it prone to manipulation. Regulators in Europe, South Korea, and Australia are investigating, with bans and warnings issued over…
-
Privacy Roundup: Week 6 of Year 2025
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
âš¡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket”, each one seems minor until it becomes the entry point for an attack.This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system…
-
BSI und DsiN räumen mit Mythen zu ESicherheit auf
Von Phishing-Mails bis E-Mail-Verschlüsselung untersucht das BSI auf seiner Webseite bekannte Mythen rund um die Sicherheit von E-Mail-Kommunikation genauer und gibt Verbraucherinnen und Verbrauchern niedrigschwellige Handlungsempfehlungen zur Prävention. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/bsi-und-dsin-raeumen-mit-mythen-zu-e-mail-sicherheit-auf/a39726/
-
UK Is Ordering Apple to Break Its Own Encryption
The Washington Post is reporting that the UK government has served Apple with a “technical capability notice” as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and something we in the security community have…
-
UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access
United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all encrypted content stored in its iCloud service. The demand, issued under the U.K.’s controversial Investigatory Powers Act of 2016, has raised alarm among privacy advocates and tech experts. If implemented, this order would allow British authorities to bypass encryption protections not…
-
UK Home Office silent on alleged Apple backdoor order
Blighty’s latest stab at encryption? A secret order to pry open iCloud, sources claim First seen on theregister.com Jump to article: www.theregister.com/2025/02/07/home_office_apple_backdoor_order/
-
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
A new audit of DeepSeek’s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.The assessment comes from NowSecure, which also found that the app fails to adhere to best security…
-
Encryption Debate: Britain Reportedly Demands Apple Backdoor
Secret Order Seeks to Compel Apple to Weaken Encryption, Washington Post Reports. The British government has unexpectedly reignited the long-running encryption debate, reportedly issuing a secret order to Apple requiring that it provide direct access to global users’ fully encrypted cloud backups and prohibited the technology giant from alerting any targeted accountholders. First seen on…
-
DeepSeek iOS App Leaks Data to ByteDance Servers Without Encryption
DeepSeek iOS app”, a highly popular AI assistant recently crowned as the top iOS app since its January 25 release”, has been discovered to transmit sensitive user data to ByteDance servers without encryption. The security flaws, uncovered by mobile app security firm NowSecure, have prompted swift reactions from governments, enterprises, and cybersecurity experts worldwide. The…
-
Funktionserhaltende Verschlüsselung schützt sensible Daten vor dem Datenhunger der Institutionen
Tags: encryptionWerden bald noch mehr persönliche Daten beispielsweise bei Behörden, Forschungseinrichtungen oder Krankenkassen gespeichert? Wenn es nach den jüngsten Ideen von Friedrich Merz geht, schon. Denn er schlägt vor, dass die Krankenkassen ihren Mitgliedern einen Rabatt gewähren, wenn diese ihre Patientendaten elektronisch zur Verfügung stellen. Dies ist nur ein Beispiel von vielen, es gibt zahlreiche Bestrebungen…
-
What 2025 HIPAA Changes Mean to You
Tags: access, application-security, authentication, breach, business, cloud, compliance, control, cybersecurity, data, encryption, healthcare, HIPAA, identity, incident response, insurance, law, mfa, monitoring, nist, office, penetration-testing, privacy, risk, risk-analysis, service, strategy, threat, tool, vulnerabilityWhat 2025 HIPAA Changes Mean to You madhav Tue, 02/04/2025 – 04:49 Thales comprehensive Data Security Platform helps you be compliant with 2025 HIPAA changes. You are going about your normal day, following routine process at your healthcare organization, following the same business process you’ve followed for the last twelve years. You expect Personal Health…