2016, Encryption and Information Security

Hackers penetrated NEC defense business division in 2016

Security Affairs

JANUARY 31, 2020

Japanese electronics and IT giant NEC confirmed a security breach suffered by its defense business division in December 2016. The IT giant NEC confirmed that the company defense business division has suffered a security breach back in December 2016. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Data breaches Antivirus Encryption

NIST’s Post-Quantum Cryptography Standards

Schneier on Security

AUGUST 8, 2022

Cryptographers hate being rushed into things, which is why NIST began a competition to create a post-quantum cryptographic standard in 2016. The idea is to standardize on both a public-key encryption and digital signature algorithm that is resistant to quantum computing, well before anyone builds a useful quantum computer.

Encryption

Encryption Architecture Engineering Information Security

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

Security Affairs

OCTOBER 2, 2019

Zendesk discloses a data breach that took place in 2016 when a hacker accessed data of 10,000 users, including passwords, emails, names, and phone numbers. In 2016, customer service software company Zendesk suffered a security breach that exposed data of 10,000 users, including passwords, emails, names, and phone numbers.

Data breaches

Data breaches Passwords Accountability Authentication

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Security Affairs

SEPTEMBER 13, 2021

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud. ” reads the announcement published by WhatsApp.

Backups

Backups Encryption Passwords Accountability

Crooks are reviving the Grandoreiro banking trojan

Security Affairs

MARCH 28, 2025

The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. Attackers also employ encrypted or password-protected files to evade security detection. Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns.

Banking

Banking Phishing Malware Passwords

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

Although most people think of ransomware as a dodgy application that encrypts data and holds it for ransom, the concept is much more heterogeneous than that. File encryption 2013 – 2015. It emerged in September 2013 and paved the way for hundreds of file-encrypting menaces that have splashed onto the scene ever since.

Ransomware

Ransomware Hacking Encryption Penetration Testing

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

Kaspersky first documented the operations of the group in 2016. Upon execution, the spyware retrieves an encrypted configuration from Firebase Firestore, controlling activation and the C2 server address. The configuration request, sent as an encrypted JSON, controls parameters like C2 ping frequency, plugin URLs, and victim messages.

Spyware

Spyware Surveillance Encryption Malware

CyberSecurity Hall of Fame

Adam Shostack

JANUARY 2, 2025

[no description provided] Congratulations to the 2016 winners ! Dan Geer, Chief Information Security Officer at In-Q-Tel; Lance J.

Cybersecurity

Cybersecurity Education Encryption Information Security

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

Those secrets collectively have a code name—ECI, for exceptionally compartmented information—and almost never appear in the documents. Chatting with Snowden on an encrypted IM connection, I joked that the NSA cafeteria menu probably has code names for menu items. Transferring files electronically is what encryption is for.

Surveillance

Surveillance Computers and Electronics Government Encryption

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Security Affairs

FEBRUARY 23, 2022

National Security Agency (NSA) Equation Group. The name “ Bvp47 ” comes form numerous references to the string “Bvp” and the numerical value “0x47” used in the encryption algorithm. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, backdoor).

Encryption

Encryption Hacking Government Engineering

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Security Affairs

FEBRUARY 13, 2020

. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on your Exchange (2013/2016/2019) server.” Please see this KB for more information. ” continues Microsoft.

Authentication

Authentication Malware Advertising Hacking

Linux variant of Cerber ransomware targets Atlassian servers

Security Affairs

APRIL 17, 2024

Cado Security Labs recently became aware that Cerber ransomware is being deployed into Confluence servers via the CVE-2023-22518 exploit. Cerber has been active since at least 2016, most recently it was involved in attacks against Confluence servers. ” continues the report. 0” at startup and “/tmp/log.1”

Ransomware

Ransomware Encryption Malware Accountability

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption Passwords Malware

OpenSSL to fix the second critical flaw ever

Security Affairs

OCTOBER 26, 2022

Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. is a security-fix release. SecurityAffairs – hacking, encryption ). The post OpenSSL to fix the second critical flaw ever appeared first on Security Affairs. ” reads the announcement. “OpenSSL 3.0.7

Encryption

Encryption Hacking Information Security

CyberSecurity Hall of Fame

Adam Shostack

AUGUST 5, 2018

Congratulations to the 2016 winners ! Dan Geer, Chief Information Security Officer at In-Q-Tel; Lance J.

Cybersecurity

Cybersecurity Education Encryption Information Security

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Security Affairs

DECEMBER 12, 2024

The tool encrypts data before exfiltrate it to a command-and-control server. The IP address of one of the C2 servers used by the surveillance tool has been linked to Wuhan Chinasoft Token Information Technology Co., a Chinese tech company founded in 2016 with fewer than 50 employees.

Surveillance

Surveillance Mobile Spyware Malware

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

DECEMBER 4, 2021

The ransomware encrypts files on the targeted systems using the “ cuba” extension. The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. The FBI discourages paying the ransom because there is no guarantee to recover the encrypted files.

Ransomware

Ransomware Hacking Malware Encryption

No More Ransom helped ransomware victims to save almost €1B

Security Affairs

JULY 26, 2021

The “No More Ransom” website is an initiative launched in 2016 by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee to help victims of ransomware retrieve their encrypted data without having to pay the criminals. ” reads the post published by the EUROPOL.

Ransomware

Ransomware Encryption Cybercrime Hacking

Source code of Dharma ransomware now surfacing on public hacking forums

Security Affairs

MARCH 29, 2020

The Dharma ransomware first appeared on the threat landscape in February 2016, at the time experts dubbed it Crysis. In November 2016, the master decryption keys for Crysis were released online, victims of CrySis versions 2 and 3 were able to recover their files.

Ransomware

Ransomware Hacking Advertising Malware

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

Security Affairs

JUNE 10, 2022

The ransomware encrypts files on the targeted systems using the “.cuba” The Hancitor downloader has been active since at least 2016 for dropping Pony and Vawtrak. .” Its operators have a data leak site, where they post exfiltrated data from their victims who refused to pay the ransom. cuba” extension.

Ransomware

Ransomware Malware Encryption Hacking

Post-quantum cryptographic standards to be finalized later this year

SC Magazine

MAY 25, 2021

Most cryptographers believe that the sheer power of quantum computing will be capable of tearing through many of the existing public key encryption algorithms, like RSA or Diffie-Hellman, that underpin most computer hardware and software today. It could also threaten some symmetric key algorithms, though not to nearly the same extent.

Technology

Technology Government Encryption Backups

FBI links the Diavol ransomware to the TrickBot gang

Security Affairs

JANUARY 20, 2022

Diavol encrypts files solely using an RSA encryption key, and its code is capable of prioritizing file types to encrypt based on a pre-configured list of extensions defined by the attacker. “The FBI has not yet observed Diavol leak victim data, despite ransom notes including threats to leak stolen information.”

Ransomware

Ransomware Banking Malware Encryption

Yahoo proposes $117.5 million for the settlement of data breach

Security Affairs

APRIL 9, 2019

Yahoo is continuously trying to settle a lawsuit on the massive data breach over the period of 2013 to 2016. million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history”. This time Yahoo could pay $117.5

Data breaches

Data breaches Small Business Advertising Cryptocurrency

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Security Affairs

JULY 4, 2019

In October, Kaspersky revealed that the CVE-2018-8453 vulnerability has been exploited by the APT group tracked as FruityArmor , a cyber-espionage group that was first observed in 2016 while targeting activists, researchers, and individuals related to government organizations. Further details, including IoCs, are reported in the analysis.

Ransomware

Ransomware Encryption Advertising Malware

Emsisoft releases free decryptor for the victims of the Diavol ransomware

Security Affairs

MARCH 19, 2022

TrickBot is a popular banking Trojan that has been around since October 2016, its authors have continuously upgraded it by implementing new features. In January, the FBI officially linked the Diavol ransomware operation to the infamous TrickBot gang , the group that is behind the TrickBot banking trojan.

Ransomware

Ransomware Encryption Malware Banking

PhantomLance, a four-year-long cyberespionage spying campaign

Security Affairs

APRIL 28, 2020

“We found dozens of related samples that had been appearing in the wild since 2016 and had been deployed in various application marketplaces including Google Play.” Experts observed around 300 infection attacks on Android devices in India, Vietnam, Bangladesh, Indonesia since 2016. Android version, installed apps). .

Malware

Malware Advertising Marketing Hacking

A member of the FIN7 group was sentenced to 10 years in prison

Security Affairs

APRIL 18, 2021

Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak. Starting from 2016 the group developed a new custom malware using Cobalt Strike, a legitimate penetration testing framework. Hladyr also controlled the organization’s encrypted channels of communication.”

System Administration

System Administration Penetration Testing Malware Hacking

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

JULY 22, 2019

Bad news for citizens of Kazakhstan, the government is beginning to intercept all the encrypted traffic, and to do it, it is forcing them to install a certificate. The Kazakhstan government is beginning to intercept all the encrypted traffic and to do it is forcing users in the country to install a certificate. ” states Tele2.

Internet

Internet Internet Encryption Government

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

According to the researchers, the Smominru botnet has been active at least since 2016 and at the time of its discovery infected more than 526,000 Windows computers. “For protection against quick analysis and against static extraction with regular expressions, the substitute values are encrypted. ” continues the analysis.

Cryptocurrency

Cryptocurrency Encryption Malware Hacking

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Malwarebytes

MAY 28, 2021

The files are then held for ransom and the victim is threatened by data loss, because of the encryption, and leaking of the exfiltrated data. Files are encrypted with a combination of AES-256 and RSA-4096 via the Microsoft CryptoAPI , as per CrowdStrike. Earlier versions appended the.CONTI extension to encrypted files.

Healthcare

Healthcare Ransomware Encryption Passwords

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. The emails sent in the April campaign contain ZIP attachments and were sent by the same addresses, “JennyBrown3422[@]gmail[.]com,” com,” and “Jenny[@]gsd[.]com.”

Phishing

Phishing Ransomware Security Awareness Authentication

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

SEPTEMBER 4, 2019

Table 1: Information about JSWorm 4.0.2 JSWorm encrypts all the user files appending a new extension to their name. Unlike other ransomware, the extension is composed by many fields, reporting the information the user needs to move on the ransom payment phase. Figure 3: Extensions excluded from encryption.

Ransomware

Ransomware Encryption Malware Backups

Leafly Cannabis information platform suffered a data leak

Security Affairs

OCTOBER 12, 2019

The company discovered on September 30 that a secondary database was exposing customer information from July 2, 2016. Exposed records include user’s email addresses, usernames and encrypted passwords, fortunately, no financial data was collected by the company.

Passwords

Passwords Advertising Mobile Encryption

The Mystery of Fbot

Security Affairs

JANUARY 21, 2020

In a few days back, the MalwareMustDie team’s security researcher unixfreaxjp has published a new Linux malware analysis of Fbot that has focused on the decryption of the last encryption logic used by its bot client. And will discuss the mysteries that can be seen after Fbot has been detected. The background before Fbot Mirai variant.

DDOS

DDOS IoT Malware Advertising

Microsoft publishes mitigations for the PetitPotam attack

Security Affairs

JULY 26, 2021

The attack abuses the Encrypting File System Remote (EFSRPC) protocol, which is used to perform maintenance and management operations on encrypted data that is stored remotely and accessed over a network.

Authentication

Authentication Passwords Encryption Hacking

UK ICO proposes a $123 million fine for Marriott 2014 data breach

Security Affairs

JULY 9, 2019

Marriott International has bought Starwood Hotels and Resorts Worldwide in 2016 for $13 billion. According to the company, hackers accessed to the Starwood’s guest reservation system since 2014 and copied and encrypted the information. The brand includes St. ” reads the statement published by the ICO.

Data breaches

Data breaches Data privacy Advertising Encryption

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

In 2016, researchers from the non-profit organization CitizenLab published a report that describes a campaign of targeted spyware attacks carried out by the Stealth Falcon. The remaining components are encrypted and stored within a binary registry value.”

Malware

Malware Spyware Architecture Encryption

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

Security Affairs

MAY 9, 2020

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack. The Mac version uses the same AES key and IV as the Linux variant to encrypt and decrypt the config file. It was the first malware linked to the Lazarus group that targets Linux systems.

Malware

Malware Advertising Encryption Hacking

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

JULY 23, 2019

Experts discovered that since December 2016, the APT15 group has been using the previously undocumented backdoor dubbed Okrum. We first detected Okrum, through ESET telemetry, in December 2016; it targeted diplomatic missions in Slovakia, Belgium, Chile, Guatemala and Brazil throughout 2017.” ” continues the report.

DNS

DNS Malware Advertising Manufacturing

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

Attackers employed a custom tunneling tool to achieve this, it forwards client traffic to the server, the malware encrypts the traffic using trivial binary encryption. The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFT attacks in 2016, and the Sony Pictures hack.

Malware

Malware Cryptocurrency Password Management Encryption

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

Members of the ExCobalt group have been active since at least 2016, the researchers believe that the group is linked to the notorious Cobalt Gang. The backdoor serializes, encrypts, archives, and sends the collected data to a designated server that stores compromised data.

Cybercrime

Cybercrime Telecommunications DNS Technology

North Korea-linked APT37 targets South with RokRat Trojan

Security Affairs

JANUARY 7, 2021

” The VBA self-decoding technique is not a novelty, the threat actor is using it since 2016. The shellcode injected into Notepad.exe process downloads an encrypted payload from [link] which is a link to a Google Drive containing RokRat. A malicious macro is encoded within another that is dynamically decoded and executed.

Government

Government Phishing Encryption Malware

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Security Affairs

FEBRUARY 2, 2024

According to his LinkedIn profile , Schulte worked for the NSA for five months in 2010 as a systems engineer, after this experience, he joined the CIA as a software engineer and he left the CIA in November 2016. Schulte was identified a few days after WikiLeaks started leaking the precious dumps.

Computers and Electronics

Computers and Electronics Engineering Hacking Data breaches

Experts found many similarities between the new Karma Ransomware and Nemty variants

Security Affairs

OCTOBER 19, 2021

Karma ransomware is a new threat that was first spotted in June of 2021, it is important to distinguish it from a different threat with the same name that is active since 2016. Sentinel Labs experts have analyzed the new Karma ransomware and speculate it represents an evolution of the Nemty ransomware operation.

Ransomware

Ransomware Encryption Malware Hacking

Hackers penetrated NEC defense business division in 2016

NIST’s Post-Quantum Cryptography Standards

Trending Sources

Zendesk 2016 security breach may impact Uber, Slack, and other organizations

Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Crooks are reviving the Grandoreiro banking trojan

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

CyberSecurity Hall of Fame

Snowden Ten Years Later

Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Linux variant of Cerber ransomware targets Atlassian servers

FBI published a flash alert on Mamba Ransomware attacks

OpenSSL to fix the second critical flaw ever

CyberSecurity Hall of Fame

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Cuba ransomware gang hacked 49 US critical infrastructure organizations

No More Ransom helped ransomware victims to save almost €1B

Source code of Dharma ransomware now surfacing on public hacking forums

Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques

Post-quantum cryptographic standards to be finalized later this year

FBI links the Diavol ransomware to the TrickBot gang

Yahoo proposes $117.5 million for the settlement of data breach

Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug

Emsisoft releases free decryptor for the victims of the Diavol ransomware

PhantomLance, a four-year-long cyberespionage spying campaign

A member of the FIN7 group was sentenced to 10 years in prison

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

MyKings botnet operators already amassed at least $24 million

Threat spotlight: Conti, the ransomware used in the HSE healthcare attack

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

JSWorm: The 4th Version of the Infamous Ransomware

Leafly Cannabis information platform suffered a data leak

The Mystery of Fbot

Microsoft publishes mitigations for the PetitPotam attack

UK ICO proposes a $123 million fine for Marriott 2014 data breach

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT

China-Linked APT15 group is using a previously undocumented backdoor

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

North Korea-linked APT37 targets South with RokRat Trojan

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Experts found many similarities between the new Karma Ransomware and Nemty variants

Stay Connected