Tag: encryption
-
Neue und verbesserte Version des Banshee-Stealers nimmt MacOS-Nutzer ins Visier
Check Point Software Technologies warnt vor einer neuen und verbesserten Version des Banshee-Stealers. Er nimmt MacOS-Nutzer ins Visier, was bedeutet, dass über 100 Millionen Anwender bedroht sind. Banshee tauchte mitten im Jahr 2024 als Stealer-as-a-Service für 3.000 US-Dollar als Mietmodell auf. Die Malware nutzte ab September sogar die Funktion String-Encryption aus Apples eigenem Programm XProtect,…
-
5 Cybersicherheitsprognosen von Zscaler für 2025
Tags: encryptionDie Cybersicherheitslage hat sich in diesem Jahr weiter angespannt, denn Organisationen müssen mit deutlich professionellerem Vorgehen von Cyberkriminellen rechnen. Ein Indikator ist die Anzahl der Attacken, die hinter Verschlüsselung verborgen transportiert werden. 87 Prozent aller Bedrohungen wurden zwischen Oktober 2023 und September 2024 über verschlüsselte Kanäle übertragen, wie die Ergebnisse eines ThreatLabZ-Reports zeigen. Die folgenden…
-
Meloni Says Italy Is Exploring Deals on Telecoms Security, but Denies Private Talks With Musk
If the deal is sealed, SpaceX would provide encryption services for the Italian government and communications infrastructure for the military and emergency services. The post Meloni Says Italy Is Exploring Deals on Telecoms Security, but Denies Private Talks With Musk appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/meloni-says-italy-is-exploring-deals-on-telecoms-security-but-denies-private-talks-with-musk/
-
AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Tags: ai, cybersecurity, data, encryption, extortion, group, hacker, intelligence, ransom, ransomware, tactics, theftCybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date.”The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms,” Check Point Research said in a new report…
-
Malware targets Mac users by using Apple’s security tool
A variant of the Banshee macOS infostealer was seen duping detection systems with new string encryption copied from Apple’s in-house algorithm.A Check Point research, which caught the variant after two months of successful evasion, said threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Google Chrome, Telegram, and…
-
Ransomware Gets Smarter: HexaLocker V2 Introduces Powerful New Mechanisms
HexaLocker V2 has arrived on the market. This new version of the notorious HexaLocker ransomware has brought with it a series of improvements, including a new persistence mechanism, enhanced encryption algorithms, and an open-source stealer known as Skuld. These changes reflect the ongoing sophistication of cybercriminal groups and their ability to circumvent traditional cybersecurity defenses.…
-
Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs
The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple’s own antivirus product. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/banshee-malware-steals-apple-encryption-macs
-
Banshee stealer evades detection using Apple XProtect encryption algo
A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple’s XProtect. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/banshee-stealer-evades-detection-using-apple-xprotect-encryption-algo/
-
New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption
Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer.”Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple’s XProtect,” Check Point Research said in a new analysis shared with The Hacker News. “This development allows it to…
-
Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions
Ransomware isn’t slowing down”, it’s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom…
-
HHS Proposes Mandating MFA, Data Encryption in HIPAA
First seen on scworld.com Jump to article: www.scworld.com/news/hhs-proposes-mandating-mfa-data-encryption-in-hipaa
-
Six Tech Trends Shaping the Future of Brand Experiences
Six Tech Trends Shaping the Future of Brand Experiences madhav Wed, 01/08/2025 – 12:38 Business success relies on balancing positive brand experiences and maintaining consumer trust. Consumers want efficiency”, 2024 research from Thales found that 22% of consumers will give up after less than a minute if they’re having a frustrating customer experience”, but they…
-
Millions of Email Servers Exposed Due to Missing TLS Encryption
Millions of email servers worldwide remain alarmingly vulnerable to cyberattacks due to a critical security oversight: the absence of Transport Layer Security (TLS) encryption. First seen on hackread.com Jump to article: hackread.com/millions-email-servers-exposed-missing-tls-encryption/
-
Securing the Quantum Era: What NIST’s New Encryption Standards Mean for Cybersecurity
First seen on scworld.com Jump to article: www.scworld.com/perspective/securing-the-quantum-era-what-nists-new-encryption-standards-mean-for-cybersecurity
-
Windows 11 BitLocker Bypassed to Extract Encryption Keys
An attacker with physical access can abruptly restart the device and dump RAM, as analysis of this memory may reveal FVEK keys from recently running Windows instances, compromising data encryption. The effectiveness of this attack is, however, limited because the data stored in RAM degrades rapidly after the power is cut off. The script flashimage.sh…
-
Privacy Roundup: Week 1 of Year 2025
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
Around 3.3 million POP3 and IMAP mail servers lack TLS encryption
Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol) are two protocols used to retrieve…
-
Top 10 surveillance, journalism and encryption stories of 2024
Revelations of covert and unlawful monitoring of journalists and their confidential sources by the Police Service of Northern Ireland and the Metropolitan Police attracted a huge amount of attention this year First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366617111/Top-10-surveillance-journalism-and-encryption-stories-of-2024
-
Over 3 million mail servers without encryption exposed to sniffing attacks
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-3-million-mail-servers-without-encryption-exposed-to-sniffing-attacks/
-
Patched BitLocker Flaw Still Susceptible to Hack
Researcher Demonstrates Bitpixie Attack Tactics to Extract Encryption Key. A previously patched flaw in Windows BitLocker disk encryption feature is susceptible to attacks allowing hackers to decrypt information, new research has found. Security researcher Thomas Lambertz extracted data from the system memory, including the master key. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/patched-bitlocker-flaw-still-susceptible-to-hack-a-27195
-
38C3: Bitlocker über Schwachstellen ausgehebelt (Dez. 2024)
Noch ein kleiner Nachtrag vom Wochenende auf dem 38C3-Kongress des Chaos Computer Clubs hat Thomas Lambertz, ein Sicherheitsexperte, gezeigt, wie sich Microsofts Bitlocker-Verschlüsselung über ein “Downgrade” einer gepatchten Schwachstelle aushebeln lässt. Der Weg, über den Geheimdienste oder Strafverfolger an … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/31/38c3-bitlocker-ueber-schwachstellen-ausgehebelt-dez-2024/
-
38C3: Kurzwellen-Funk der NATO mit Halfloop-Verschlüsselung ist unsicher
Der Halfloop-Verschlüsselungsalgorithmus, den das US-Militär und die NATO zum Schutz von Kurzwellen-Funkgeräten nutzen, enthält schwere Sicherheitsmängel. First seen on heise.de Jump to article: www.heise.de/news/38C3-Kurzwellen-Funk-der-NATO-mit-Halfloop-Verschluesselung-ist-unsicher-10221035.html
-
White House Clears HIPAA Security Rule Update
HHS Proposes Encryption, Security Standards for Healthcare Firms. The U.S. Department of Health and Human Services is proposing new rules for healthcare organizations that aim to bolster protections for Americans by requiring companies to encrypt sensitive patient data and conduct routine compliance evaluations amid increased threats targeting the sector. First seen on govinfosecurity.com Jump to…
-
A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs
Akamai researchers discovered a new Mirai botnet variant targeting a vulnerability in DigiEver DS-2105 Pro DVRs. Akamai researchers spotted a Mirai-based botnet that is exploiting an remote code execution vulnerability in DigiEver DS-2105 Pro NVRs. The experts pointed out that this Mirai variant has been modified to use improved encryption algorithms. The Mirai variant incorporates ChaCha20 and…
-
Why cryptography is important and how it’s continually evolving
Cryptography is fundamental to modern cybersecurity, forming the foundation for secure communication and data protection in a world increasingly reliant on digital technologies. Its importance cannot be overstated, as it safeguards sensitive information, preserves privacy, and builds trust in the digital world. As cyber threats evolve, cryptography continues to advance, addressing emerging challenges which have…
-
Raspberry-Robin Vielschichtige Verschlüsselung
Das Zscaler-ThreatLabz-Team entschlüsselte vor kurzem die umfangreichen Verschleierungstechniken von Raspberry-Robin (auch bekannt als Roshtyak). Die Malware befindet sich seit 2021 im Umlauf und verbreitet sich hauptsächlich über infizierte USB-Geräte, so dass nach wie vor eine Gefahr zur Infektion von Windows-Systemen davon ausgeht. Hauptaufgabe von Raspberry-Robin ist das Nachladen und Ausführen der Payload auf einem kompromittierten…
-
Raspberry Robin: Vielschichtige Verschlüsselung
Das Zscaler ThreatLabz-Team entschlüsselte vor kurzem die umfangreichen Verschleierungstechniken von Raspberry Robin (auch bekannt als Roshtyak). Die Malware befindet sich seit 2021 im Umlauf und verbreitet sich hauptsächlich über infizierte USB-Geräte, so dass nach wie vor eine Gefahr zur Infektion von Windows-Systemen davon ausgeht. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/raspberry-robin-vielschichtige-verschluesselung