Tag: encryption
-
Around 3.3 million POP3 and IMAP mail servers lack TLS encryption
Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol) are two protocols used to retrieve…
-
Top 10 surveillance, journalism and encryption stories of 2024
Revelations of covert and unlawful monitoring of journalists and their confidential sources by the Police Service of Northern Ireland and the Metropolitan Police attracted a huge amount of attention this year First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366617111/Top-10-surveillance-journalism-and-encryption-stories-of-2024
-
Over 3 million mail servers without encryption exposed to sniffing attacks
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-3-million-mail-servers-without-encryption-exposed-to-sniffing-attacks/
-
Patched BitLocker Flaw Still Susceptible to Hack
Researcher Demonstrates Bitpixie Attack Tactics to Extract Encryption Key. A previously patched flaw in Windows BitLocker disk encryption feature is susceptible to attacks allowing hackers to decrypt information, new research has found. Security researcher Thomas Lambertz extracted data from the system memory, including the master key. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/patched-bitlocker-flaw-still-susceptible-to-hack-a-27195
-
38C3: Bitlocker über Schwachstellen ausgehebelt (Dez. 2024)
Noch ein kleiner Nachtrag vom Wochenende auf dem 38C3-Kongress des Chaos Computer Clubs hat Thomas Lambertz, ein Sicherheitsexperte, gezeigt, wie sich Microsofts Bitlocker-Verschlüsselung über ein “Downgrade” einer gepatchten Schwachstelle aushebeln lässt. Der Weg, über den Geheimdienste oder Strafverfolger an … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/31/38c3-bitlocker-ueber-schwachstellen-ausgehebelt-dez-2024/
-
38C3: Kurzwellen-Funk der NATO mit Halfloop-Verschlüsselung ist unsicher
Der Halfloop-Verschlüsselungsalgorithmus, den das US-Militär und die NATO zum Schutz von Kurzwellen-Funkgeräten nutzen, enthält schwere Sicherheitsmängel. First seen on heise.de Jump to article: www.heise.de/news/38C3-Kurzwellen-Funk-der-NATO-mit-Halfloop-Verschluesselung-ist-unsicher-10221035.html
-
White House Clears HIPAA Security Rule Update
HHS Proposes Encryption, Security Standards for Healthcare Firms. The U.S. Department of Health and Human Services is proposing new rules for healthcare organizations that aim to bolster protections for Americans by requiring companies to encrypt sensitive patient data and conduct routine compliance evaluations amid increased threats targeting the sector. First seen on govinfosecurity.com Jump to…
-
A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs
Akamai researchers discovered a new Mirai botnet variant targeting a vulnerability in DigiEver DS-2105 Pro DVRs. Akamai researchers spotted a Mirai-based botnet that is exploiting an remote code execution vulnerability in DigiEver DS-2105 Pro NVRs. The experts pointed out that this Mirai variant has been modified to use improved encryption algorithms. The Mirai variant incorporates ChaCha20 and…
-
Why cryptography is important and how it’s continually evolving
Cryptography is fundamental to modern cybersecurity, forming the foundation for secure communication and data protection in a world increasingly reliant on digital technologies. Its importance cannot be overstated, as it safeguards sensitive information, preserves privacy, and builds trust in the digital world. As cyber threats evolve, cryptography continues to advance, addressing emerging challenges which have…
-
Raspberry-Robin Vielschichtige Verschlüsselung
Das Zscaler-ThreatLabz-Team entschlüsselte vor kurzem die umfangreichen Verschleierungstechniken von Raspberry-Robin (auch bekannt als Roshtyak). Die Malware befindet sich seit 2021 im Umlauf und verbreitet sich hauptsächlich über infizierte USB-Geräte, so dass nach wie vor eine Gefahr zur Infektion von Windows-Systemen davon ausgeht. Hauptaufgabe von Raspberry-Robin ist das Nachladen und Ausführen der Payload auf einem kompromittierten…
-
Raspberry Robin: Vielschichtige Verschlüsselung
Das Zscaler ThreatLabz-Team entschlüsselte vor kurzem die umfangreichen Verschleierungstechniken von Raspberry Robin (auch bekannt als Roshtyak). Die Malware befindet sich seit 2021 im Umlauf und verbreitet sich hauptsächlich über infizierte USB-Geräte, so dass nach wie vor eine Gefahr zur Infektion von Windows-Systemen davon ausgeht. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/raspberry-robin-vielschichtige-verschluesselung
-
2035 Quantum Encryption Deadline Still Achievable
CISA Says 2035 Quantum Deadline Remains Achievable Despite Recent Breakthroughs. The federal government’s 2035 mandate to adopt quantum-resistant encryption remains feasible despite technological advancements in quantum computing, a top official for the U.S. cyber defense agency told ISMG, but experts warn challenges such as bureaucratic delays and financial costs persist. First seen on govinfosecurity.com Jump…
-
CISA issues mobile security guidance following China hacks
Following the Salt Typhoon attacks, CISA offers advice to ‘highly targeted’ individuals, such as using end-to-end encryption and moving away from purely SMS-based MFA. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617459/CISA-issues-mobile-security-guidance-following-China-hacks
-
Die 10 häufigsten LLM-Schwachstellen
Tags: access, ai, api, application-security, awareness, breach, cloud, control, cyberattack, data, detection, dos, encryption, injection, least-privilege, LLM, ml, monitoring, privacy, RedTeam, remote-code-execution, risk, service, tool, update, vulnerability, zero-trust -
Axon still in possession of Police Scotland encryption keys
Supplier’s possession of encryption keys for Police Scotland data sharing system opens potential for access and transfer of sensitive data without the knowledge or consent of the force First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366617285/Axon-still-in-possession-of-Police-Scotland-encryption-keys
-
Australia to Phase Out Weak Encryption Algorithms by 2030
Regulators Say NIST’s 2035 Deadline for Insecure Encryption Could Be Too Late. Australia has rolled out an ambitious roadmap to prepare for future quantum-enabled cyberattacks. Regulators are ready to set an end date for several existing encryption algorithms in 2030 – five years earlier than the deadline set by National Institute of Standards and Technology…
-
Technical Analysis of RiseLoader
IntroductionIn October 2024, Zscaler ThreatLabz came across malware samples that use a network communication protocol that is similar to RisePro. However, unlike RisePro which has primarily been used for information stealing, this new malware specializes in downloading and executing second-stage payloads. Due its distinctive focus and similarities with RisePro’s communication protocol, we named this new…
-
HackHire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption
In Episode 359 of the Shared Security Podcast, the team examines a shocking hack-for-hire operation alleged to target over 500 climate activists and journalists, potentially involving corporate sponsorship by ExxonMobil. They explore the intricate layers of this multifaceted campaign and the broader implications on security risk assessments. Additionally, Scott discusses the massive Salt Typhoon hacking……
-
The Hidden Risks of Mobile Calls and Messages: Why EndEnd Encryption is Just the Starting Line
Tags: access, android, breach, business, communications, control, cybercrime, cybersecurity, data, encryption, endpoint, espionage, government, identity, intelligence, mobile, network, risk, service, startup, technology, threat, tool, update, vulnerabilityThe recent breaches of sovereign telecom networks in the United States, underscores how highly connected but fragmented public networks are increasingly vulnerable to sophisticated attacks. Another rising concern is the blind trust organizations and individuals put into consumer-grade messaging apps such as WhatsApp to share government and commercially-sensitive information. Some of the biggest risks concerning these…
-
The Simple Math Behind Public Key Cryptography
The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure. First seen on wired.com Jump to article: www.wired.com/story/how-public-key-cryptography-really-works-using-only-simple-math/
-
Why the Recent Telecom Hack Underscores the Need for EndEnd Encryption
The recent massive telecom hack by the Chinese state-sponsored group Salt Typhoon has highlighted critical vulnerabilities in traditional communication systems. The breach targeted major U.S. telecom providers, including Verizon, AT&T, and T-Mobile, compromising sensitive communications of government officials, political entities, and businesses. Attackers accessed call records, unencrypted text messages, and even live call audio by……
-
Thales and Imperva Win Big in 2024
Tags: access, api, application-security, attack, authentication, banking, business, ciso, cloud, communications, compliance, conference, control, cyber, cybersecurity, data, ddos, defense, encryption, firewall, gartner, group, guide, iam, identity, infosec, insurance, intelligence, malicious, mfa, microsoft, monitoring, privacy, risk, saas, service, software, strategy, threat, usaThales and Imperva Win Big in 2024 madhav Fri, 12/13/2024 – 09:36 At Thales and Imperva, we are driven by our commitment to make the world safer, and nothing brings us more satisfaction than protecting our customers from daily cybersecurity threats. But that doesn’t mean we don’t appreciate winning the occasional award. In the year…
-
Schutzmechanismen gegen Datenlecks und Angriffe – Datensicherheit in der Cloud Verschlüsselung, Zugriffskontrolle und Compliance
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheit-compliance-cloud-optimierung-a-289717c72e17848b632639ca9434a4ab/
-
AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack
Tags: access, advisory, attack, best-practice, cloud, cve, data, encryption, exploit, finance, firmware, flaw, germany, Hardware, mitigation, monitoring, reverse-engineering, software, update, vulnerabilityAMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed.Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium, and…
-
US sanctions Chinese cybersecurity firm over global malware campaign
Tags: attack, breach, china, computer, control, corporate, credentials, cve, cyber, cyberattack, cybersecurity, email, encryption, exploit, finance, firewall, fraud, government, group, healthcare, identity, infection, infrastructure, intelligence, international, malicious, malware, monitoring, network, office, password, ransomware, risk, service, software, sophos, technology, terrorism, threat, tool, vulnerability, zero-dayThe US government has imposed sanctions on Chinese cybersecurity firm Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, for their alleged involvement in a 2020 global cyberattack that exploited zero day vulnerabilities in firewalls.The actions were announced by the US Department of the Treasury and the Department of Justice (DOJ), which also…