Collecting Cyber-News from over 60 sources

Tag: encryption

Breakthrough Could Lead to Quantum Encryption in 10 Years

Apr 28, 2025 6:51 AM

Tags: encryption, Internet

This research might also help pave the way for the quantum internet and other quantum systems in perhaps 40-50 years. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-quantum-encryption-toshiba-europe/
Gamers Beware! New Attack Targets Gamers to Deploy AgeoStealer Malware

Apr 26, 2025 3:51 PM

Tags: attack, credentials, cyber, cybersecurity, data, encryption, exploit, intelligence, malware, threat

The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced infostealers targeting global gaming communities. Documented in Flashpoint’s 2025 Global Threat Intelligence Report, this malware strain exploits gaming enthusiasts’ trust through socially engineered distribution channels, leveraging double-layered encryption, sandbox evasion, and real-time data exfiltration to compromise credentials at scale. With infostealers…
Navigating Regulatory Shifts & AI Risks

Apr 24, 2025 5:50 PM

Tags: ai, compliance, encryption, risk

By proactively embracing emerging trends around encryption, AI security, and platform consolidation, organizations can turn compliance burdens into competitive advantage. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/navigating-regulatory-shifts-ai-risks
Veeam-Bericht zeigt dringenden Bedarf an robusten Strategien für die Daten-Ausfallsicherheit

Apr 24, 2025 12:50 PM

Tags: cyberattack, encryption, ransomware, strategy, veeam

Der Veeam 2025 Ransomware Trends and Proactive Strategies Report befragte 1.300 Unternehmen, von denen 900 in den letzten zwölf Monaten mindestens einen Ransomware-Angriff mit Verschlüsselung oder Exfiltration erlebt hatten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-bericht-zeigt-dringenden-bedarf-an-robusten-strategien-fuer-die-daten-ausfallsicherheit/a40566/
‘Globale Abhörsicherheit” in Reichweite – KIT-Forscher: Quantensichere Verschlüsselung mit gängiger Hardware erreicht

Apr 24, 2025 9:50 AM

Tags: encryption, Hardware

First seen on security-insider.de Jump to article: www.security-insider.de/kit-forscher-quantensichere-verschluesselung-mit-gaengiger-hardware-erreicht-a-52098e40f0a1830a74c174b41cfa91c7/
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators

Apr 18, 2025 6:28 PM

Tags: access, advisory, ai, attack, breach, china, cisa, cisco, ciso, cloud, computer, control, csf, cve, cyber, cyberattack, cybersecurity, data, defense, encryption, espionage, exploit, firmware, framework, governance, government, group, hacker, hacking, healthcare, identity, infrastructure, Internet, LLM, malicious, mfa, mitigation, mitre, network, nist, open-source, password, phishing, privacy, risk, risk-assessment, router, service, software, strategy, supply-chain, technology, threat, tool, update, vulnerability

Check out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on attacks against edge routers. Dive into five…
Building a Security First Culture Advice from Industry CISOs

Apr 18, 2025 4:28 PM

Tags: ciso, compliance, cyber, cybersecurity, encryption, firewall, threat

In today’s threat landscape, cybersecurity is no longer confined to firewalls and encryption it’s a cultural imperative. Chief Information Security Officers (CISOs) play a pivotal role in transforming organizations into security-first environments where every employee, from interns to executives, actively safeguards digital assets. This shift requires moving beyond compliance checklists to foster shared accountability, continuous…
Florida draft law mandating encryption backdoors for social media accounts billed ‘dangerous and dumb’

Apr 17, 2025 7:28 PM

Tags: backdoor, encryption, group, law

A digital rights group blasted the Florida bill, but lawmakers voted to advanced the draft law. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/17/florida-draft-law-mandating-encryption-backdoors-for-social-media-accounts-billed-dangerous-and-dumb/
Your Network Is Showing Time to Go Stealth

Apr 17, 2025 6:28 PM

Tags: access, ai, attack, authentication, backdoor, breach, china, cisco, cloud, computer, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, exploit, firewall, firmware, fortinet, group, Hardware, infrastructure, mfa, network, software, theft, threat, tool, update, vpn, vulnerability, zero-day
The FTC Is Watching: GoDaddy’s Settlement Sends a Clear Message on API Security

Apr 17, 2025 3:28 PM

Tags: access, api, attack, authentication, breach, business, communications, compliance, control, credentials, data, data-breach, detection, encryption, exploit, finance, framework, fraud, governance, government, incident response, law, mfa, monitoring, password, privacy, risk, service, theft, threat, tool, unauthorized, vulnerability, vulnerability-management

In today’s rapidly changing digital environment, APIs play a crucial role in modern business, facilitating smooth connectivity and data sharing. Yet, this interconnected nature brings significant security and privacy risks, as evidenced by the Federal Trade Commission’s (FTC) recent settlement with GoDaddy. This settlement serves as a stark reminder that strong API security is no…
Neue ResolverRAT-Malware zielt auf Gesundheitsbranche

Apr 17, 2025 12:28 PM

Tags: access, api, cisco, control, encryption, mail, malware, phishing, rat, tool

Der neue Remote Access Trojaner ResolverRAT nutzt DLL-Side-Loading-Probleme aus.Forscher von Morphisec haben einen neuen Remote Access Trojaner (RAT) mit dem Namen ResolverRAT entdeckt, der über Phishing-E-Mails mit bösartigen Anhängen verbreitet wird. Die Angreifer nutzen dabei als Köder Begriffe wie Urheberrechtsverletzungen, verschiedene Rechtsverstöße und laufende Ermittlungen. Die E-Mails sind in mehreren Sprachen verfasst, darunter Englisch, Hindi,…
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak – P2

Apr 16, 2025 6:28 PM

Tags: access, api, business, cloud, control, cryptography, data, defense, edr, encryption, exploit, framework, group, Hardware, kaspersky, malicious, malware, microsoft, mitre, monitoring, network, reverse-engineering, service, technology, threat, tool, update, windows

This is Part 2 of our two-part technical analysis on Mustang Panda’s new tools. For details on ToneShell and StarProxy, go to Part 1.IntroductionIn addition to the new ToneShell variants and StarProxy, Zscaler ThreatLabz discovered two new keyloggers used by Mustang Panda that we have named PAKLOG and CorKLOG as well as an EDR evasion…
Latest Mustang Panda Arsenal: ToneShell and StarProxy – P1

Apr 16, 2025 6:28 PM

Tags: access, api, backdoor, china, cloud, control, data, detection, edr, encryption, endpoint, espionage, github, government, group, injection, malicious, malware, military, network, threat, tool, windows

IntroductionThe Zscaler ThreatLabz team discovered new activity associated with Mustang Panda, originating from two machines from a targeted organization in Myanmar. This research led to the discovery of new ToneShell variants and several previously undocumented tools. Mustang Panda, a China-sponsored espionage group, traditionally targets government-related entities, military entities, minority groups, and non-governmental organizations (NGOs) primarily…
Chinese Hackers Unleash New BRICKSTORM Malware to Target Windows and Linux Systems

Apr 16, 2025 12:28 PM

Tags: backdoor, china, cloud, control, cyber, dns, encryption, espionage, hacker, infrastructure, linux, malware, vcenter, windows

A sophisticated cyber espionage campaign leveraging the newly identified BRICKSTORM malware variants has targeted European strategic industries since at least 2022. According to NVISO’s technical analysis, these backdoors previously confined to Linux vCenter servers now infect Windows environments, employing multi-tiered encryption, DNS-over-HTTPS (DoH) obfuscation, and cloud-based Command & Control (C2) infrastructure to evade detection. The…
Produkte und Services für aktuelle und künftigen Anforderungen im Auge – Colt beendet Test zur quantengesicherten Verschlüsselung in seinem optischen Netz

Apr 16, 2025 9:28 AM

Tags: encryption, service

First seen on security-insider.de Jump to article: www.security-insider.de/colt-beendet-test-zur-quantengesicherten-verschluesselung-in-seinem-optischen-netz-a-a839d2f959af27c66ebdbea9bea3b156/
New ResolverRAT malware targets healthcare and pharma orgs worldwide

Apr 16, 2025 1:28 AM

Tags: authentication, control, data, encryption, group, healthcare, infrastructure, malware, monitoring, network, organized, rat, strategy, threat, tool

Persistence and stealthy C2 communication: The new RAT employs multiple persistence strategies, including more than 20 obfuscated registry entries and files dropped in multiple folders on disk. The malware keeps a record of which persistence techniques were successful to use them as a fallback mechanism.Communication with the command-and-control (C2) server uses TLS encryption with a…
Top Four Considerations for Zero Trust in Critical Infrastructure

Apr 15, 2025 11:28 AM

Tags: access, ai, attack, authentication, automation, best-practice, breach, business, cctv, ceo, cloud, communications, compliance, corporate, cyber, cybersecurity, data, defense, email, encryption, exploit, finance, group, hacker, healthcare, identity, infrastructure, iot, law, malicious, mfa, nis-2, privacy, regulation, risk, saas, service, software, strategy, threat, tool, vulnerability, zero-trust

Top Four Considerations for Zero Trust in Critical Infrastructure madhav Tue, 04/15/2025 – 06:43 TL;DR Increased efficiency = increased risk. Critical infrastructure organizations are using nearly 100 SaaS apps on average and 60% of their most sensitive data is stored in the cloud. Threat actors aren’t naive to this, leading to a whopping 93% of…
HelloKitty Ransomware Returns, Launching Attacks on Windows, Linux, and ESXi Environments

Apr 12, 2025 11:02 AM

Tags: attack, cyber, cybersecurity, encryption, linux, ransomware, windows

Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware, signaling its resurgence with attacks targeting Windows, Linux, and ESXi environments. HelloKitty ransomware, initially appearing in October 2020 as a fork of DeathRansom, has evolved significantly in its encryption methods. The ransomware now embeds an RSA-2048 public key, which is…
PCI DSS Tokenization vs Encryption: Key Differences to Protect Payment Data

Apr 10, 2025 3:06 PM

Tags: data, encryption, finance, PCI

If your organization handles sensitive financial information, you must implement security measures that fulfill the Payment Card Industry Data Security Standard (PCI DSS) requirements. The most commonly used methods for securing cardholder data are tokenization and encryption. These techniques aim to protect sensitive payment information, but they work in fundamentally different ways. This blog will……
Top 16 OffSec, pen-testing, and ethical hacking certifications

Apr 10, 2025 1:05 PM

Tags: access, android, antivirus, application-security, attack, authentication, blockchain, bug-bounty, business, cisco, cloud, computing, credentials, crypto, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, guide, hacker, hacking, incident response, injection, iot, jobs, kali, linux, malware, microsoft, mitigation, mobile, network, penetration-testing, RedTeam, remote-code-execution, reverse-engineering, risk, risk-assessment, sap, skills, sql, technology, threat, tool, training, update, vulnerability, windows

Experiential learning Offensive security can’t be fully mastered through lectures alone. Candidates need hands-on training in lab environments to develop practical skills. Ideally, certification exams should include a practical assessment, such as developing an exploit to compromise a system.Because individuals learn OffSec techniques, such as penetration testing, in different ways, the most effective certifications offer…
Linux Firewall IPFire 2.29 Launches with Post-Quantum Encryption and System Enhancements

Apr 10, 2025 9:05 AM

Tags: cryptography, cyber, encryption, firewall, Hardware, linux, open-source, update

The open-source Linux firewall solution, IPFire, has officially released its latest version, IPFire 2.29 Core Update 193. This landmark update introduces cutting-edge post-quantum encryption capabilities for IPsec tunnels, along with extensive system upgrades to bolster security, performance, and hardware optimization for the long term. Post-Quantum Cryptography for a More Secure Future In a major step forward […]…
FREAK: Sicherheitslücke gefährdet iOS- und Android-Nutzer

Apr 9, 2025 5:55 PM

Tags: android, bug, encryption, vulnerability

Laut einem Bericht der Washington Post haben Forscher eine Sicherheitslücke namens FREAK entdeckt, die iOS- und Android-Browser betrifft. Die Schwachstelle ermöglicht potenziellen Angreifern, die vermeintlich sichere Verschlüsselung von einigen Webseiten zu knacken und anschließend auf sensible Daten zuzugreifen. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/03/04/freak-sicherheitslucke-gefahrdet-ios-und-android-nutzer/
Gmail EndEnd Email Encryption Explained: A Guide for Enterprise Users

Apr 9, 2025 5:55 PM

Tags: email, encryption, google, guide

Google is rolling out end-to-end encrypted (E2EE) email for Gmail enterprise users using Client-Side Encryption (CSE). First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/gmail-end-to-end-email-encryption-explained-a-guide-for-enterprise-users/
Premierminister David Cameron will Verschlüsselung verbieten

Apr 9, 2025 5:55 PM

Tags: encryption

Nach dem Attentat auf die Redaktion des französischen Satiremagazins Charlie Hebdo fordern einige Politiker nun neue Gesetze zur Verbesserung des Schutzes vor Terroristen. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/01/14/premierminister-david-cameron-will-verschlusselung-verbieten/
The SQL Server Crypto Detour

Apr 8, 2025 10:43 PM

Tags: access, api, backup, credentials, crypto, cryptography, data, encryption, jobs, microsoft, password, service, sql, tool, update, vulnerability, windows

As part of my role as Service Architect here at SpecterOps, one of the things I’m tasked with is exploring all kinds of technologies to help those on assessments with advancing their engagement. Not long after starting this new role, I was approached with an interesting problem. A SQL Server database backup for a ManageEngine’s…
Court rejects Home Office bid for blanket secrecy in hearings over Apple encryption case

Apr 8, 2025 12:42 AM

Tags: apple, encryption, office

Investigatory Powers Tribunal rejects Home Office arguments that identifying the ‘bare details’ of legal action by Apple would damage national security, leaving open possibility of future open court hearings First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622253/Court-rejects-Home-Office-bid-for-blanket-secrecy-in-hearings-over-Apple-encryption-case
UK court lifts secrecy veil, confirms Apple is suing British government over ‘backdoor’ request

Apr 7, 2025 4:42 PM

Tags: apple, backdoor, encryption, government

A UK court confirmed Apple is suing the British government over a legal order regarding the company’s encryption of iCloud accounts. First seen on therecord.media Jump to article: therecord.media/uk-court-confirms-apple-suing-over-backdoor-request
Gmail Is Not a Secure Way to Send Sensitive Comms: A Friendly Reminder

Apr 7, 2025 4:42 PM

Tags: data, encryption

New end-to-end Gmail encryption alone isn’t secure enough for an enterprise’s most sensitive and prized data, experts say. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/gmail-not-secure-way-send-sensitive-comms
DeepSeek Breach Yet Again Sheds Light on Dangers of AI

Apr 7, 2025 12:42 PM

Tags: ai, breach, data-breach, encryption, vulnerability

AI isn’t waiting for security teams to catch up. It’s running full steam ahead, without any regard for what may stand in its way. The recent security debacle surrounding DeepSeek, where Wiz researchers uncovered extensive vulnerabilities, including exposed databases, weak encryption and susceptibility to AI-model jailbreaking, serves as a stark warning for organizations.. First seen…
Secure Communications Evolve Beyond EndEnd Encryption

Apr 4, 2025 5:42 PM

Tags: communications, encryption, privacy

Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/secure-communications-evolve-beyond-end-to-end-encryption