Accountability, Backups and Encryption - Cyber Security Informer

Apple Is Finally Encrypting iCloud Backups

Schneier on Security

DECEMBER 12, 2022

After way too many years, Apple is finally encrypting iCloud backups : Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes.

Backups

Backups Encryption Accountability

Apple ordered to grant access to users’ encrypted data

Malwarebytes

FEBRUARY 11, 2025

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service. This will list the devices with iCloud Backup turned on.

Encryption

Encryption Backups Government Accountability

CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk

NetSpi Technical

MARCH 10, 2025

Last year, the NetSPI red team came across a backup file for Solar Winds Web Help Desk software. This led to an analysis of the software and how it stored encrypted passwords, giving the red team the ability to recover the stored passwords and use them to access other systems. Fixed in: Solar Winds Web Help Desk version 12.8.5

Encryption

Encryption Backups Passwords Software

WhatsApp starts offering password enabled encryption to user backups

CyberSecurity Insiders

OCTOBER 14, 2021

From now on, all WhatsApp backups will be protected by a password enabled encryption method offering an extra layer of security protection to users from spying eyes. In the year 2016, Facebook rolled out the encryption feature to its messaging features and seems to have now induced the feature into its subsidiaries one by one.

Backups

Backups Encryption Passwords Accountability

Apple finally adds encryption to iCloud backups

CSO Magazine

DECEMBER 7, 2022

Apple today introduced several new security features focused on fending off threats to user data in the cloud, including end-to-end encryption for backups for iCloud users. Apple also announced hardware Security Keys for Apple ID, giving users the choice to require two-factor authentication to sign into their Apple ID account.

Backups

Backups Encryption Authentication Accountability

LastPass Breach

Schneier on Security

DECEMBER 26, 2022

The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.

Passwords

Passwords Encryption Backups Password Management

How to protect backup servers from ransomware

CyberSecurity Insiders

FEBRUARY 16, 2023

We all know that backup servers are only the sole saviors to an organization when a ransomware incident strikes their IT infrastructure. Blocking a backup server from Lightweight directory access protocol (LDAP) also makes sense as it blocks hackers from accessing usernames and passwords fraudulently.

Backups

Backups Ransomware DNS Encryption

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

JANUARY 24, 2023

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups.” ” continues the notice.

Backups

Backups Encryption Data breaches Passwords

Are You One of the 533M People Who Got Facebooked?

Krebs on Security

APRIL 6, 2021

To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. The HaveIBeenPwned project, which collects and analyzes hundreds of database dumps containing information about billions of leaked accounts, has incorporated the data into his service. According to a Jan.

Mobile

Mobile Accountability Passwords Authentication

Technical Report of the Bezos Phone Hack

Schneier on Security

JANUARY 24, 2020

That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented "study of the code delivered along with the video.". That's where that state-sponsored malware is going to be found.

Hacking

Hacking Backups Spyware Encryption

Report: Brazil must do more to encrypt, back up data

Malwarebytes

JULY 8, 2022

One of the biggest problems in the cybercrime section of the report relates to backups. Specifically: The lack of backups when dealing with hacking incidents. Backups in Brazil: An uphill struggle. Backups are an essential backstop that can help against several forms of attack, as well as mistakes and mishaps.

Encryption

Encryption Backups Ransomware Cybercrime

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

JANUARY 6, 2025

Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000. This ransomware is known for employing double extortion tactics, which means they encrypt victims’ data while also threatening to release sensitive information unless a ransom is paid.

Data breaches

Data breaches Ransomware Passwords Insurance

No company too small for Phobos ransomware gang, indictment reveals

Malwarebytes

DECEMBER 2, 2024

That enormous sum represents a company’s downtime during a ransomware attack, any reputational damage it suffers, and the lengthy recovery process of rebuilding databases and reestablishing workplace accounts and permissions. Prevent intrusions and stop malicious encryption. Create offsite, offline backups.

Ransomware

Ransomware Backups Small Business Malware

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

First spotted in mid-August 2022 , Venus is known for hacking into victims’ publicly-exposed Remote Desktop services to encrypt Windows devices. Tripwire’s tips for all organizations on avoiding ransomware attacks include: Making secure offsite backups. Encrypting sensitive data wherever possible. ” .

Healthcare

Healthcare Backups Ransomware Insurance

Protecting Yourself from Identity Theft

Schneier on Security

MAY 6, 2019

Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections, and a host of other things -- but most of that doesn't matter anymore. Enable two-factor authentication for all important accounts whenever possible.

Identity Theft

Identity Theft Passwords Password Management Authentication

Is your whole digital life protected? 4 ways to address common vulnerabilities

Webroot

FEBRUARY 21, 2025

Its a top-end, true all-in-one offering based on a new platform that combines antivirus, password manager, identity protection, VPN, backup, and parental controls. ” Check which third-party apps have access to your account and remove those you no longer use. Check what data these devices collect and adjust accordingly.

Identity Theft

Identity Theft Backups Antivirus Encryption

Details on a New PGP Vulnerability

Schneier on Security

MAY 14, 2018

The EFAIL attacks exploit vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext of encrypted emails. The attacker changes an encrypted email in a particular way and sends this changed encrypted email to the victim. Why is anyone using encrypted e-mail anymore, anyway?

Encryption

Encryption Backups Accountability Software

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

This data reportedly includes everything from names and addresses to Social Security numbers and bank account details. The stolen data reportedly includes highly personal information — names, dates of birth, Social Security numbers, bank account details, and even records of residents’ interactions with city services. With over 6.5

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware

Ransomware Encryption Backups Malware

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

FEBRUARY 4, 2024

They sent me a file with 207k scraped records and a URL that looked like this: [link] But they didn't send me my account, in fact I didn't even have an account at the time and if I'm honest, I had to go and look up exactly what Spoutible was. And the 2FA backup code? nZNQcqsEYki", Oh wow!

Passwords

Passwords Accountability Backups Data breaches

LastPass revealed that encrypted password vaults were stolen

Security Affairs

DECEMBER 23, 2022

In August password management software firm LastPass disclosed a security breach, threat actors had access to portions of the company development environment through a single compromised developer account and stole portions of source code and some proprietary technical information. The backup contains both unencrypted data (i.e.

Encryption

Encryption Passwords Data breaches Backups

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

That transaction included credentials to a Remote Desktop Protocol (RDP) account apparently set up by a Gunnebo Group employee who wished to access the company’s internal network remotely. Five months later, Gunnebo disclosed it had suffered a cyber attack targeting its IT systems that forced the shutdown of internal servers. .”

Hacking

Hacking Ransomware Banking Accountability

4 Ways to Store Backup Codes, Keys, and Seed phrases

Security Boulevard

APRIL 26, 2023

Backup codes, keys, and seed phrases are important if you lose access to multifactor authentication (MFA) methods or are otherwise completely locked out of your accounts. There are many methods to store backup codes, keys, and seed phrases. TABLE OF CONTENTS Importance of backup codes, keys, seed phrases 1.

Backups

Backups Accountability Encryption Authentication

Google will add End-to-End encryption to Google Authenticator

Bleeping Computer

APRIL 26, 2023

Google is bringing end-to-end encryption to Google Authenticator cloud backups after researchers warned users against synchronizing 2FA codes with their Google accounts. [.]

Authentication

Authentication Encryption Backups Accountability

Google Authenticator WILL get end-to-end encryption. Eventually.

Malwarebytes

MAY 3, 2023

Following criticism, Google has decided to bring end-to-end encryption (E2EE) to its Google Authenticator cloud backups. The search giant recently introduced a feature that allows users back up two-factor authentication ( 2FA ) tokens to the cloud, but the lack of encryption caused some commentators to warn people off using it.

Authentication

Authentication Encryption Backups Accountability

iNSYNQ Ransom Attack Began With Phishing Email

Krebs on Security

AUGUST 9, 2019

A great many iNSYNQ’s customers are accountants, and when the company took its network offline on July 16 in response to the ransomware outbreak, some of those customers took to social media to complain that iNSYNQ was stonewalling them. “For these infections hackers take sometimes days, weeks, or even months to encrypt your data.”

Phishing

Phishing Backups Ransomware Encryption

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

IRS Will Soon Require Selfies for Online Access

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. account and share the experience here. account). We take a defense-in-depth approach, with partitioned networks, and use very sophisticated encryption scheme so that when and if there is a breach, this stuff is firewalled,” Hall said.

Mobile

Mobile Accountability Insurance Government

World Backup Day on March 31 Seeks to Protect Data Before It's Gone

SecureWorld News

MARCH 30, 2023

However, data is as vulnerable as it is valuable, and World Backup Day on Friday, March 31st, is a welcome reminder of the need to have a well thought out data protection strategy in place. The campaign began in 2011 as World Backup Month and was changed to World Backup Day later.

Backups

Backups Insurance Cyber Attacks CISO

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

This includes pivoting from or converting a single compromised Microsoft Windows user account to an administrator account with greater privileges on the target network; the ability to sidestep and/or disable any security software; and gaining the access needed to disrupt or corrupt any data backup systems the victim firm may have.

Cybercrime

Cybercrime Malware VPN Ransomware

What Is Encryption? Definition, How it Works, & Examples

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption

Encryption Passwords IoT Firewall

The Rise of Non-Ransomware Attacks on AWS S3 Data

Thales Cloud Protection & Licensing

FEBRUARY 12, 2025

The Rise of Non-Ransomware Attacks on AWS S3 Data madhav Thu, 02/13/2025 - 04:39 A sophisticated ransomware gang, Codefinger, has a cunning new technique for encrypting data stored in AWS S3 buckets without traditional ransomware tools. Instilling a Sense of Urgency As a result, the company loses access to its data unless it has a backup.

Ransomware

Ransomware Encryption Digital transformation Risk

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Krebs on Security

NOVEMBER 11, 2019

Data backup services. Microsoft Active Directory accounts and passwords. Battery backup systems. Battery backup systems. Encryption certificates. By all accounts, this was a comprehensive goof: The Orvis credentials file even contained the combination to a locked safe in the company’ server room.

Retail

Retail Passwords Wireless Backups

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running. ru account and posted as him.

Ransomware

Ransomware Accountability Cybercrime Backups

Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more

Malwarebytes

DECEMBER 1, 2021

A recently disclosed FBI training document shows how much access to the content of encrypted messages from secure messaging services US law enforcement can gain and what they can learn about your usage of the apps. All of them are messaging apps that promise end-to-end encryption for their users. Pen Register: No capability.

Encryption

Encryption Computers and Electronics Accountability Backups

How Did Authorities Identify the Alleged Lockbit Boss?

Krebs on Security

MAY 13, 2024

According to Constella, this email address was used in 2010 to register an account for a Dmitry Yurievich Khoroshev from Voronezh, Russia at the hosting provider firstvds.ru. Pin was active on Opensc around March 2012, and authored 13 posts that mostly concerned data encryption issues, or how to fix bugs in code. Image: Shutterstock.

Ransomware

Ransomware Cybercrime Accountability Malware

Payroll/HR Giant PrismHR Hit by Ransomware?

Krebs on Security

MARCH 2, 2021

” Jacob Cloran is co-founder of Decimal , a company that does accounting for small businesses, many of whom rely on PEOs affected by the PrismHR outage. A notice from the PEO working with some of Cloran’s clients stated that PrismHR was in the process of rebuilding its entire system from data backups in a new environment.

Ransomware

Ransomware Small Business Insurance Software

Protect yourself from tax season scams

Webroot

APRIL 11, 2025

Scammers send messages to try to trick you into sharing sensitive information like W-2 forms, usernames, passwords, and account details. Back up your tax records: Make digital and physical backups of your tax documents. Store electronic copies in an encrypted cloud storage service and keep printed copies in a secure location.

Scams

Scams Identity Theft Backups Phishing

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware

Ransomware Encryption Backups Malware

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

The Last Watchdog

JUNE 12, 2023

Think about your bank account, it is very important for you to know that when you deposit a check into your account the right amount is deposited. Ransomware uses encryption (typically a good thing) to make your business information un-available. still available for you to use.

Information Security

Information Security Data breaches CISO Encryption

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 13, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Cryptocurrency Artificial Intelligence Cybercrime

Rorschach ransomware has the fastest file-encrypting routine to date

Security Affairs

APRIL 4, 2023

A new ransomware strain named Rorschach ransomware supports the fastest file-encrypting routine observed to date. The researchers conducted five separate encryption speed tests in a controlled environment (with 6 CPUs, 8192MB RAM, SSD, and 220000 files to be encrypted), limited to local drive encryption only.

Encryption

Encryption Ransomware Malware Backups

FBI: Ransomware actors abuse third parties and legitimate system tools for initial access

Security Affairs

NOVEMBER 8, 2023

The attacks frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons.” The threat actors sent victims a phone number in a phishing attempt, often related to pending charges on their accounts. ” reported the PIN.

Ransomware

Ransomware Backups Encryption Phishing

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

It is essential to ensure that all accounts are protected with strong passwords. To this day, a significant amount of people still use the password across multiple accounts, which makes it much simpler for a cybercriminal to compromise a password and take over accounts. Keep an eye out for phishing emails.

VPN

VPN Passwords Firewall Risk

Apple Is Finally Encrypting iCloud Backups

Apple ordered to grant access to users’ encrypted data

Trending Sources

CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk

WhatsApp starts offering password enabled encryption to user backups

Apple finally adds encryption to iCloud backups

LastPass Breach

How to protect backup servers from ransomware

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Are You One of the 533M People Who Got Facebooked?

Technical Report of the Bezos Phone Hack

Report: Brazil must do more to encrypt, back up data

Dental group lied through teeth about data breach, fined $350,000

No company too small for Phobos ransomware gang, indictment reveals

New Ransom Payment Schemes Target Executives, Telemedicine

Protecting Yourself from Identity Theft

Is your whole digital life protected? 4 ways to address common vulnerabilities

Details on a New PGP Vulnerability

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

LastPass revealed that encrypted password vaults were stolen

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

4 Ways to Store Backup Codes, Keys, and Seed phrases

Google will add End-to-End encryption to Google Authenticator

Google Authenticator WILL get end-to-end encryption. Eventually.

iNSYNQ Ransom Attack Began With Phishing Email

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

IRS Will Soon Require Selfies for Online Access

World Backup Day on March 31 Seeks to Protect Data Before It's Gone

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

What Is Encryption? Definition, How it Works, & Examples

The Rise of Non-Ransomware Attacks on AWS S3 Data

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

A Closer Look at the Snatch Data Ransom Group

Here’s what data the FBI can get from WhatsApp, iMessage, Signal, Telegram, and more

How Did Authorities Identify the Alleged Lockbit Boss?

Payroll/HR Giant PrismHR Hit by Ransomware?

Protect yourself from tax season scams

8Base ransomware operators use a new variant of the Phobos ransomware

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Rorschach ransomware has the fastest file-encrypting routine to date

FBI: Ransomware actors abuse third parties and legitimate system tools for initial access

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

Stay Connected