Collecting Cyber-News from over 60 sources

Tag: encryption

A New Era of Attacks on Encryption Is Starting to Heat Up

Mar 15, 2025 7:52 AM

Tags: attack, encryption

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent years, experts say. First seen on wired.com Jump to article: www.wired.com/story/a-new-era-of-attacks-on-encryption-is-starting-to-heat-up/
Apple-UK Encryption Saga Continues: British Officials’ Clarification US Officials’ Warning

Mar 14, 2025 11:52 PM

Tags: access, apple, data, encryption

The British side reportedly said they would have to produce warrants for each individual data access request, so they will always have to be made as part of an investigation into serious crime. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-icloud-encryption-uk-us-privacy/
Apple Fights UK Over Encryption Backdoors as US Officials Warn of Privacy Violations

Mar 14, 2025 10:52 PM

Tags: access, apple, backdoor, data, encryption, privacy

The British side reportedly said they would have to produce warrants for each individual data access request, so they will always have to be made as part of an investigation into serious crime. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-icloud-encryption-uk-us-privacy/
US Congress demands UK lifts gag on Apple encryption order

Mar 14, 2025 6:52 PM

Tags: apple, encryption, google

Apple and Google have told US lawmakers that they cannot tell Congress whether they have received technical capability notices from the UK First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620601/US-Congress-demands-UK-lifts-gag-on-Apple-encryption-order
Beyond Checkboxes: The Essential Need for Robust API Compliance

Mar 14, 2025 6:52 PM

Tags: access, api, attack, authentication, automation, banking, breach, business, cloud, compliance, control, credentials, cyber, cybersecurity, data, detection, encryption, exploit, finance, framework, fraud, GDPR, governance, government, HIPAA, infrastructure, injection, insurance, least-privilege, malicious, mfa, mitre, monitoring, nist, PCI, privacy, regulation, risk, service, tactics, technology, theft, threat, tool, unauthorized, vulnerability, zero-trust

APIs serve as essential links in today’s digital infrastructure, enabling data sharing and application integration. However, their widespread use has made them prime targets for attackers. Hence, strict compliance with security regulations is not just optional; it is imperative for business success. The increasing frequency of data breaches and the sophistication of cyber threats highlight…
RCS: Ende-zu-Ende-Verschlüsselung zwischen iOS und Android

Mar 14, 2025 5:52 PM

Tags: android, encryption

Mit RCS Universal Profile 3.0 ist E2EE Teil des RCS-Standards. Ein wichtiger Schritt für die Sicherheit plattformübergreifender Nachrichten. First seen on golem.de Jump to article: www.golem.de/news/rcs-ende-zu-ende-verschluesselung-zwischen-ios-und-android-2503-194325.html
GSMA Confirms EndEnd Encryption for RCS, Enabling Secure Cross-Platform Messaging

Mar 14, 2025 4:52 PM

Tags: android, communications, encryption, service

The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms.To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol First…
Apple’s alleged UK encryption battle sparks political and privacy backlash

Mar 14, 2025 2:52 PM

Tags: apple, defense, encryption, privacy

National security defense being used to keep appeal behind closed doors First seen on theregister.com Jump to article: www.theregister.com/2025/03/14/apple_uk_encryption_hearing/
Google refuses to deny it received encryption order from UK government

Mar 14, 2025 1:52 PM

Tags: access, apple, encryption, google, government

U.S. lawmakers say Google has refused to deny that it received a Technical Capability Notice from the U.K., a mechanism to access encrypted messages that Apple reportedly received. First seen on therecord.media Jump to article: therecord.media/google-refuses-to-deny-it-received-uk-tcn
The most notorious and damaging ransomware of all time

Mar 14, 2025 9:52 AM

Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windows

Conti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
Decrypting Akira Ransomware on Linux/ESXi Without Paying Hackers

Mar 14, 2025 7:52 AM

Tags: cyber, cybersecurity, encryption, hacker, ransomware, vulnerability

A team successfully decrypted an instance of the Akira ransomware on Linux/ESXi systems without succumbing to the hackers’ demands. This achievement not only underscores the ingenuity of cybersecurity experts but also serves as a powerful message to those who rely on extorting from vulnerable businesses and individuals. The Akira ransomware, known for its complex encryption…
DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware

Mar 13, 2025 7:52 PM

Tags: ai, antivirus, api, chatgpt, china, cloud, computer, cryptography, cybercrime, cybersecurity, data, detection, encryption, google, guide, injection, intelligence, law, LLM, malicious, malware, monitoring, network, north-korea, open-source, openai, privacy, programming, ransomware, service, software, strategy, threat, tool, training, unauthorized, vulnerability, windows

Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but requires additional prompting and debugging. Background As generative artificial intelligence (GenAI) has increased in popularity since the launch of ChatGPT, cybercriminals have become quite fond of GenAI tools to…
Calls grow for UK to move secret Apple encryption court hearing to public session

Mar 13, 2025 4:52 PM

Tags: apple, encryption, group

In a joint letter on Thursday to Lord Justice Singh, a collection of British civil liberties groups asked him to use his discretion to open the hearing to the public, arguing that doing so would not prejudice national security. First seen on therecord.media Jump to article: therecord.media/calls-grow-uk-secret-apple-court-encryption-public
Sophos X-Ops verzeichnet rasante Zunahme von Remote-Ransomware

Mar 13, 2025 3:52 PM

Tags: encryption, ransomware, sophos

Remote-Verschlüsselung gehört mittlerweile zu den bevorzugten Methoden vieler Ransomware-Gruppen. Fast jedes Unternehmen hat blinde Flecken in seiner IT-Sicherheit First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-x-ops-verzeichnet-rasante-zunahme-von-remote-ransomware/a40128/
Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key

Mar 13, 2025 1:52 PM

Tags: access, authentication, cloud, compliance, control, credentials, data, defense, encryption, fido, framework, government, healthcare, identity, infrastructure, mobile, nfc, password, phishing, regulation, service, software, strategy, technology, windows

Breaking the Barriers to a Password-Free Life in Enterprise: Meet SafeNet eToken Fusion NFC PIV security key madhav Thu, 03/13/2025 – 06:46 As large organizations increasingly shift towards passwordless solutions, the benefits are clear: enhanced user experience, improved security, and significant cost savings. The FIDO (Fast Identity Online) standard has emerged as the gold standard…
Legislative push for child online safety runs afoul of encryption advocates (again)

Mar 12, 2025 11:56 PM

Tags: encryption, service

The Stop CSAM Act would compel companies to curb online child sexual abuse material, but critics argue it would also weaken encrypted services for all users. First seen on cyberscoop.com Jump to article: cyberscoop.com/stop-csam-act-senate-judiciary-hawley-durbin-encryption/
Chinese cyberespionage group deploys custom backdoors on Juniper routers

Mar 12, 2025 4:52 PM

Tags: access, attack, authentication, backdoor, backup, botnet, china, control, credentials, cyberespionage, ddos, detection, encryption, endpoint, espionage, exploit, google, group, identity, infrastructure, injection, intelligence, malicious, malware, mandiant, mitigation, monitoring, network, risk, router, software, switch, tactics, threat, tool, unauthorized, update, vulnerability, zero-day

File integrity protections were bypassed: Attackers’ initial access to the Juniper MX routers analyzed by Mandiant seems to have been achieved with legitimate credentials. While UNC3886 has developed and used zero-day exploits to compromise network-edge devices in the past, the group actively performs credential collection on compromised networks for lateral movement to support its goal…
NIST selects HQC as backup algorithm for post-quantum encryption

Mar 12, 2025 4:52 PM

Tags: backup, cyberattack, data, encryption, nist

Last year, NIST standardized a set of encryption algorithms that can keep data secure from a cyberattack by a future quantum computer. Now, NIST has selected a backup … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/12/nist-hqc-post-quantum-encryption-algorithm/
Secret London tribunal to hear appeal in Apple vs government battle over encryption

Mar 11, 2025 5:54 PM

Tags: apple, backdoor, encryption, government, service

Campaigners call for High Court hearing to be held in public as tech giant appeals against UK government order to open a backdoor into its encrypted iCloud service First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620363/Secret-London-tribunal-to-hear-appeal-in-Apple-vs-government-battle-over-encryption
Ebyte Ransomware Targets Windows Users with Advanced Encryption Techniques

Mar 11, 2025 5:54 PM

Tags: cyber, encryption, programming, ransom, ransomware, threat, windows

A new ransomware variant, known as Ebyte Ransomware, has emerged as a significant threat to Windows users. Developed in the Go programming language, this ransomware employs sophisticated encryption techniques, including ChaCha20 and Elliptic Curve Integrated Encryption Scheme (ECIES), to lock user files and demand ransom payments. The ransomware, inspired by Prince Ransomware, adds a unique…
PoC Released for SolarWinds Web Help Desk Vulnerability Exposing Passwords

Mar 11, 2025 2:54 PM

Tags: cyber, encryption, password, vulnerability

A Proof-of-Concept (PoC) has been released for a significant vulnerability discovered in SolarWinds Web Help Desk, exposing encrypted passwords and other sensitive data. This vulnerability arises from the predictable encryption keys used in the application and the misuse of AES-GCM encryption, a widely respected cryptographic standard. The issue highlights the importance of secure key management…
Sicherheit für Unternehmensdaten, Teil 1 – Storage-Security: Replikation und Verschlüsselung

Mar 11, 2025 12:54 PM

Tags: encryption

First seen on security-insider.de Jump to article: www.security-insider.de/storage-security-replikation-und-verschluesselung-a-34e8008772cc67581284df78d40cca0e/
Quantum leap: Passwords in the new era of computing security

Mar 10, 2025 3:54 PM

Tags: computing, data, encryption, password, risk, software

Quantum computing threatens to break traditional encryption, putting sensitive data at risk. Learn more from Specops Software about the risks of quantum computing and how to prepare for them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/quantum-leap-passwords-in-the-new-era-of-computing-security/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 36

Mar 9, 2025 1:53 PM

Tags: cyberattack, encryption, exploit, group, international, malware, phone, ransomware, zero-day

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Cellebrite zero-day exploit used to target phone of Serbian student activist One in Four Cyberattacks in 2024 Traced to Infostealers, Huntress Reports Uncovering .NET Malware Obfuscated by Encryption and Virtualization Black Basta and Cactus Ransomware Groups…
Akira ransomware gang used an unsecured webcam to bypass EDR

Mar 8, 2025 11:53 PM

Tags: attack, cybersecurity, detection, edr, encryption, endpoint, exploit, group, network, ransomware

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. Cybersecurity researchers at S-RM team discovered a novel attack technique used by the Akira ransomware gang. The ransomware group used an unsecured webcam to encrypt systems within a target’s network, bypassing Endpoint Detection and Response (EDR). The…
UK cyber security damaged by ‘clumsy Home Office political censorship’

Mar 7, 2025 12:54 PM

Tags: computer, cyber, encryption, office

Britain’s National Cyber Security Centre secretly censors computer security guidance and drops references to encryption First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620475/UK-cyber-security-damaged-by-clumsy-Home-Office-political-censorship
11 ruinöse Ransomware-Bedrohungen

Mar 7, 2025 6:53 AM

Tags: ai, apt, cloud, cyberattack, cybercrime, encryption, exploit, extortion, fortinet, healthcare, kritis, leak, linux, lockbit, malware, moveIT, phishing, ransomware, service, social-engineering, supply-chain, usa, vmware, vpn, vulnerability, windows, zero-day

Für Unternehmen ist Ransomware weiterhin eine existenzielle Bedrohung, für Kriminelle ein immer einträglicheres (Service)geschäft.Ransomware bleibt branchenübergreifend auf dem Vormarsch und entwickelt sich beständig weiter vereinzelten behördlichen Erfolgen zum Trotz. Das ist unter anderem auch folgenden Trends zuzuschreiben:Ransomware-as-a-Service (RaaS)-Angebote senken die Zugangsbarrieren.Neue Erpressungstaktiken versprechen noch mehr kriminelle Gewinne.Künstliche Intelligenz (KI) wird bei Cyberkriminellen immer beliebter.Davon abgesehen,…
Ransomware gang encrypted network from a webcam to bypass EDR

Mar 6, 2025 10:53 PM

Tags: attack, detection, edr, encryption, endpoint, network, ransomware

The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/akira-ransomware-encrypted-network-from-a-webcam-to-bypass-edr/
Breach Roundup: US Sanctions Iran-Based Nemesis Admin

Mar 6, 2025 9:54 PM

Tags: apple, botnet, breach, encryption, hacker, iran, ransomware, rat, scam, usa

Also, BianLian Ransomware Hackers Aren’t Really Mailing You. This week, the U.S. sanctioned the Nemesis admin, Poco RAT spotted in Latin America, Apple challenged a British order to weaken encryption and the FBI warned against scam letters purportedly from BianLian. Also, a Nigerian tax scammer extradited to the U.S., a new botnet and a Webex…
Akira ransomware encrypted network from a webcam to bypass EDR

Mar 6, 2025 9:54 PM

Tags: attack, detection, edr, encryption, endpoint, network, ransomware

The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim’s network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/akira-ransomware-encrypted-network-from-a-webcam-to-bypass-edr/