Collecting Cyber-News from over 60 sources

Tag: encryption

DEF CON 32 Attacks On GenAI Data Using Vector Encryption To Stop Them

Jan 26, 2025 10:03 PM

Tags: ai, attack, conference, data, encryption

Authors/Presenters: Patrick Walsh, Bob Wall Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/def-con-32-attacks-on-genai-data-using-vector-encryption-to-stop-them/
Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques

Jan 23, 2025 3:22 PM

Tags: advisory, cyber, encryption, monitoring, ransomware, risk, threat, windows

CYFIRMA’s Research and Advisory team has identified a new strain of ransomware labeled >>Nnice,
10 top XDR tools and how to evaluate them

Jan 23, 2025 11:22 AM

Tags: ai, attack, automation, business, cloud, computing, container, corporate, credentials, data, defense, detection, edr, email, encryption, endpoint, finance, firewall, google, guide, Hardware, iam, ibm, identity, incident response, infrastructure, intelligence, malicious, malware, marketplace, microsoft, mitigation, network, office, okta, open-source, organized, risk, security-incident, service, siem, skills, soar, software, spam, technology, threat, tool, training, vulnerability, zero-day

Little in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat…
HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Jan 23, 2025 11:22 AM

Tags: access, authentication, breach, business, cloud, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, encryption, endpoint, hacker, healthcare, HIPAA, insurance, mfa, network, nist, office, privacy, regulation, risk, risk-assessment, service, software, strategy, threat, unauthorized, update, vulnerability

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA madhav Thu, 01/23/2025 – 06:25 Data Breaches in Healthcare: Why Stronger Regulations Matter A data breach involving personal health information isn’t just about stolen files”, it’s a gut punch to trust and a serious shake-up to people’s lives. Think about…
AES-XTS Encryption Targeted By Windows BitLocker Bug

Jan 22, 2025 9:24 PM

Tags: encryption, windows

First seen on scworld.com Jump to article: www.scworld.com/brief/aes-xts-encryption-targeted-by-windows-bitlocker-bug
Windows BitLocker bug exposes AES-XTS encryption

Jan 22, 2025 9:24 PM

Tags: encryption, windows

First seen on scworld.com Jump to article: www.scworld.com/news/windows-bitlocker-bug-exposes-aes-xts-encryption
25 on 2025: APAC security thought leaders share their predictions and aspirations

Jan 22, 2025 8:22 PM

Tags: access, advisory, ai, api, attack, authentication, awareness, best-practice, breach, business, ciso, cloud, compliance, control, cryptography, csf, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, data-breach, deep-fake, detection, disinformation, encryption, endpoint, exploit, extortion, finance, framework, fraud, government, group, hacking, Hardware, identity, incident, incident response, infrastructure, injection, intelligence, international, iot, malicious, malware, microsoft, monitoring, network, nist, phishing, privacy, ransomware, regulation, resilience, risk, risk-management, scam, service, skills, social-engineering, software, spear-phishing, strategy, supply-chain, tactics, technology, threat, tool, training, update, vulnerability, warfare, zero-trust

As threat actors and security teams harness the growing potential of artificial intelligence (AI), who will prevail? From generative AI (GenAI) to agentic AI, we look through the lens of 25 of Asia-Pacific’s thought leaders in security and dive into their predictions and goals for the year. src=”https://b2b-contenthub.com/wp-content/uploads/2025/01/Athikom.jpg?quality=50&strip=all” alt=”athikom” loading=”lazy” width=”400px”>Athikom Kanchanavibhu Chief Information Security…
The Quiet Rise of the ‘API Tsunami’

Jan 22, 2025 8:22 PM

Tags: access, api, attack, authentication, breach, business, cloud, compliance, control, data, data-breach, encryption, endpoint, finance, GDPR, healthcare, HIPAA, infrastructure, law, leak, mail, malicious, mfa, mobile, monitoring, network, privacy, programming, regulation, risk, security-incident, service, threat, tool, unauthorized, update, vulnerability

As enterprises increasingly adopt cloud-native architectures, microservices, and third-party integrations, the number of Application Programming Interfaces (APIs) has surged, creating an “API tsunami” in an organization’s infrastructure that threatens to overwhelm traditional management practices. As digital services proliferate, so does the development of APIs, which allow various applications to communicate or integrate with each other…
45 Schulen von Cyberangriff betroffen

Jan 22, 2025 5:22 PM

Tags: cyberattack, encryption
Europol seeks evidence of encryption on crime enforcement as it steps-up pressure on Big Tech

Jan 22, 2025 1:22 PM

Tags: access, crime, encryption, law

Europol wants examples of police investigations hampered by end-to-end encryption as it pressures tech companies to provide law enforcement access to encrypted messages First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366618230/Europol-seeks-evidence-of-encryption-on-crime-enforcement-as-it-steps-up-pressure-on-Big-Tech
Three Keys to Modernizing Data Security: DSPM, AI, and Encryption

Jan 21, 2025 10:22 PM

Tags: access, ai, automation, best-practice, business, cloud, compliance, container, control, cyber, cybercrime, data, data-breach, detection, encryption, GDPR, incident response, infrastructure, privacy, regulation, risk, saas, security-incident, skills, software, strategy, threat, tool, vulnerability

Three Keys to Modernizing Data Security: DSPM, AI, and Encryption andrew.gertz@t“¦ Tue, 01/21/2025 – 14:56 Organizations worldwide face a “perfect storm” of increasing and ever-evolving cyber threats. Internal and external factors are at play, elevating cyber risks and their consequences and mandating new approaches to safeguard data. A recent study based on responses from over…
BSI zertfiziert erste quantensichere Smartcard

Jan 21, 2025 4:22 PM

Tags: bsi, encryption

Das BSI hat die erste quantensichere Smartcard zertifiziert. Quantencomputer können die Verschlüsselung von Daten damit nicht knacken. First seen on heise.de Jump to article: www.heise.de/news/BSI-zertifiziert-erste-Smartcard-mit-Post-Quanten-kryptografischem-Algorithmus-10250779.html
BSI zertifiziert erste Smartcard mit Post-Quanten-kryptografischem Algorithmus

Jan 21, 2025 3:22 PM

Tags: bsi, encryption

Das BSI hat die erste quantensichere Smartcard zertifiziert. Quantencomputer können die Verschlüsselung von Daten damit nicht knacken. First seen on heise.de Jump to article: www.heise.de/news/BSI-zertifiziert-erste-Smartcard-mit-Post-Quanten-kryptografischem-Algorithmus-10250779.html
7 top cybersecurity projects for 2025

Jan 21, 2025 12:22 PM

Tags: access, advisory, ai, backup, best-practice, breach, business, cio, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, encryption, framework, google, governance, infrastructure, intelligence, law, mitigation, monitoring, network, resilience, risk, risk-management, service, strategy, technology, threat, tool, vulnerability

As 2025 dawns, CISOs face the grim reality that the battle against cyberattackers never ends. Strong and carefully planned cybersecurity projects are the best way to stay a step ahead of attackers and prevent them gaining the upper hand.”Urgency is the mantra for 2025,” says Greg Sullivan, founding partner of cybersecurity services firm CIOSO Global.…
OpenVPN Easy-rsa Vulnerability Allows Attacker to Bruteforce Private CA key

Jan 21, 2025 8:22 AM

Tags: cve, cyber, encryption, flaw, password, tool, vulnerability

A significant security vulnerability, designated as CVE-2024-13454, has been discovered in the OpenVPN Easy-RSA tool, specifically affecting versions from 3.0.5 to 3.2.0 that utilize OpenSSL 3. This flaw pertains to the incorrect encryption of password-protected Certificate Authority (CA) private keys when using the easyrsa build-ca command. Instead of employing the secureaes-256-cbccipher as intended, Easy-RSA incorrectly defaults to…
Ridding your network of NTLM

Jan 21, 2025 5:22 AM

Tags: attack, authentication, cloud, crowdstrike, cve, email, encryption, exploit, group, hacker, ibm, Internet, jobs, malicious, microsoft, network, ntlm, password, service, technology, tool, update, vulnerability, windows

Microsoft has hinted at a possible end to NTLM a few times, but with quite a few Windows 95 or 98 in use that do not support the alternative, Kerberos, it won’t be an easy job to do. There is the option to disable NTLM when using Azure Active Directory but that may not always…
Amazon Details Measures to Counter S3 Encryption Hacks

Jan 20, 2025 11:22 PM

Tags: attack, credentials, encryption, hacker, mitigation, ransomware

Hackers Using Valid Customer Credentials to Re-Encrypt S3 Objects. Amazon is urging its customers to deploy additional security measures to secure S3 buckets following reports of ransomware attacks targeting the platform. The company said mitigations prevented a high percentage of attempts from succeeding. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/amazon-details-measures-to-counter-s3-encryption-hacks-a-27339
Researchers Accessed Windows BitLocker Encrypted Files Disassembling the Laptop

Jan 20, 2025 8:22 AM

Tags: access, cyber, cybersecurity, data, encryption, exploit, flaw, microsoft, windows

Cybersecurity researchers have uncovered a major flaw in the Windows BitLocker encryption system, allowing attackers to access encrypted data without requiring physical disassembly of the target laptop. The exploit, named >>bitpixie
Biden ordnet für US-Behörden Verschlüsselung von E-Mail, DNS und BGP an

Jan 17, 2025 11:57 AM

Tags: ai, dns, encryption, mail, passkey, software

Ende-zu-Ende-Verschlüsselung, bessere Software und Abwehr, Post-Quanten, Aufsicht über Lieferanten, Passkeys, Erforschung von KI Biden verordnet gute Medizin. First seen on heise.de Jump to article: www.heise.de/news/Biden-ordnet-Verschluesselung-von-E-Mail-DNS-und-BGP-an-10246150.html
Perfide Ransomware-Attacke gegen AWS-Nutzer

Jan 15, 2025 5:02 PM

Tags: bug, cyberattack, encryption, iam, ransomware, service

srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?quality=50&strip=all 4750w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_2390933631.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Hacker haben kompromittierte AWS-Zugangsdaten genutzt, um S3-Buckets zu verschlüsseln. gguy Shutterstock.comForscher des Sicherheitsanbieters Halcyon haben kürzlich entdeckt, dass Cyberkriminelle den Speicherdienst S3 von Amazon Web Services (AWS) verschlüsseln…
CISA unveils ‘Secure by Demand’ guidelines to bolster OT security

Jan 15, 2025 2:02 PM

Tags: attack, authentication, breach, ceo, cisa, compliance, cyber, cybersecurity, encryption, flaw, framework, infrastructure, international, network, office, resilience, risk, service, software, strategy, technology, threat, update, vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA), along with its international cybersecurity allies, has unveiled the “Secure by Demand” guidelines to safeguard operational technology (OT) environments. The framework provides a blueprint for OT owners and operators to prioritize cybersecurity when procuring digital products.This initiative addresses growing concerns about vulnerabilities in critical infrastructure, including energy…
Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Jan 15, 2025 2:02 PM

Tags: data, encryption, group, ransomware, threat

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The threat actor used AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) for encryption, then demanded the payment of…
Ransomware Campaign Targets Amazon S3 Buckets

Jan 15, 2025 1:02 AM

Tags: cloud, data, data-breach, encryption, exploit, group, ransom, ransomware, threat

Threat Actor ‘Codefinger’ Targets Cloud Environments. A ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS’s server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials. First seen on govinfosecurity.com…
AWS S3 Buckets Subjected to Codefinger Encryption Attacks

Jan 14, 2025 9:04 PM

Tags: attack, encryption

First seen on scworld.com Jump to article: www.scworld.com/brief/aws-s3-buckets-subjected-to-codefinger-encryption-attacks
Beware cybersecurity tech that’s past its prime, 5 areas to check or retire

Jan 14, 2025 6:43 PM

Tags: access, advisory, ai, antivirus, attack, authentication, breach, bug-bounty, ciso, cloud, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, firewall, Hardware, network, password, penetration-testing, risk, router, siem, software, strategy, switch, threat, tool, vpn, vulnerability, waf, zero-trust

Cybersecurity leaders can choose from an ever-expanding list of digital tools to help them ward off attacks and, based on market projections, they’re implementing plenty of those options.Gartner predicts a 15% increase in cybersecurity spending for 2025, with global expenditures expected to reach $212 billion in the upcoming year. The research and consulting firm says…
Fifteen Best Practices to Navigate the Data Sovereignty Waters

Jan 14, 2025 9:46 AM

Tags: access, attack, automation, awareness, backup, best-practice, breach, cloud, compliance, computer, computing, container, control, country, crypto, cybersecurity, data, encryption, governance, iam, identity, international, law, least-privilege, monitoring, network, privacy, ransomware, regulation, resilience, risk, security-incident, service, software, strategy, threat, tool, unauthorized, update, zero-trust

Fifteen Best Practices to Navigate the Data Sovereignty Waters josh.pearson@t“¦ Tue, 01/14/2025 – 08:04 Data sovereignty”, the idea that data is subject to the laws and regulations of the country it is collected or stored in”, is a fundamental consideration for businesses attempting to balance harnessing the power of data analytics, ensuring compliance with increasingly…
Act fast to blunt a new ransomware attack on AWS S3 buckets

Jan 14, 2025 8:46 AM

Tags: access, ai, api, attack, authentication, breach, ciso, cloud, control, credentials, data, data-breach, encryption, exploit, extortion, github, iam, infosec, infrastructure, login, network, password, ransom, ransomware, risk, service, software, threat, unauthorized, vulnerability

CISOs are being warned to make sure employees take extra steps to protect their AWS access keys after word that a threat actor is using stolen login passwords for ransomware attacks.In a report issued today, researchers at Halcyon said the target is Amazon S3 buckets and the attack uses AWS’ own encryption to make data…
Attackers are encrypting AWS S3 data without using ransomware

Jan 14, 2025 8:46 AM

Tags: data, encryption, ransomware

A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/13/codefinger-encrypting-aws-s3-data-without-ransomware-sse-c/
Ransomware abuses Amazon AWS feature to encrypt S3 buckets

Jan 14, 2025 8:46 AM

Tags: encryption, ransom, ransomware, threat

A new ransomware campaign encrypts Amazon S3 buckets using AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomware-abuses-amazon-aws-feature-to-encrypt-s3-buckets/
Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

Jan 13, 2025 3:26 PM

Tags: data, encryption, ransomware

‘Codefinger’ crims on the hunt for compromised keys First seen on theregister.com Jump to article: www.theregister.com/2025/01/13/ransomware_crew_abuses_compromised_aws/