Architecture, Encryption and Hacking - Cyber Security Informer

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

Ron Wyden said his office had learned that the attackers gained privileges that allow them to modify core programs in Treasury Department computers that verify federal payments, access encrypted keys that secure financial transactions, and alter audit logs that record system changes.

Government

Government Artificial Intelligence Banking Software

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November.

Malware

Malware Advertising Antivirus Cybercrime

Building a Ransomware Resilient Architecture

eSecurity Planet

DECEMBER 2, 2022

Servers are encrypted with “ locked” file extensions on files. You look for your cold replica in your DR site, but like your production servers, it has also been encrypted by ransomware. Your backups, the backup server, and all the backup storage — all encrypted by ransomware. Figure 1: Typical VLAN architecture.

Architecture

Architecture Ransomware Backups Firewall

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

FEBRUARY 18, 2020

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic used encryption.

Encryption

Encryption Firewall Risk IoT

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Every month, SquareXs research team releases a major web attack that focuses on architectural limitations of the browser and incumbent security solutions. Palo Alto, Calif.,

Antivirus

Antivirus Ransomware Social Engineering Engineering

Exfiltration Can Be Stopped With Data-in-Use Encryption, Company Says

eSecurity Planet

JULY 26, 2022

Even the most advanced and sophisticated security tools are failing to protect against ransomware and data exfiltration, according to a new report from data encryption vendor Titaniam. Raman says the emerging technology of choice to defend against data exfiltration and extortion attacks is encryption-in-use.

Encryption

Encryption Backups Ransomware Architecture

Experts warn of a surge in activity associated FICORA and Kaiten botnets

Security Affairs

DECEMBER 27, 2024

It first terminates processes with the same file extension as “FICORA” and then downloads and executes the malware targeting multiple Linux architectures. The malware’s configuration, including its C2 server domain and a unique string, is encrypted using the ChaCha20 algorithm.

Architecture

Architecture Malware DNS DDOS

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data

Security Affairs

AUGUST 17, 2022

Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak ( CVE-2022-21233 ) is the first architecturally CPU bug that could lead to the disclosure of sensitive data and impacts most 10th, 11th and 12th generation Intel CPUs.

Architecture

Architecture Firmware Software Information Security

LastPass revealed that encrypted password vaults were stolen

Security Affairs

DECEMBER 23, 2022

In an update published on Thursday, the company revealed that threat actors obtained personal information belonging to its customers, including encrypted password vaults. The threat actor also copied a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format. Pierluigi Paganini.

Encryption

Encryption Passwords Data breaches Backups

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults, as well as other personal information.

Cryptocurrency

Cryptocurrency Passwords Encryption Accountability

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Accountability Authentication

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

The Last Watchdog

JANUARY 4, 2022

A big reason why APIs haven’t gotten the attention they deserve may be that, from a security standpoint, they fall into a category of hacking tactics known as Living off the Land, or LotL. Legacy security architectures just don’t fit this massively complex, highly dynamic environment. Here are my key takeaways: Manipulating APIs.

Digital transformation

Digital transformation Hacking Architecture Cyber Risk

Processor Morphs Its Architecture to Make Hacking Really Hard

Dark Reading

JUNE 2, 2021

Researchers create a processor that uses encryption to modify its memory architecture during runtime, making it very difficult for hackers to exploit memory-based vulnerabilities.

Architecture

Architecture Hacking Encryption

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it.

Ransomware

Ransomware Encryption Antivirus VPN

BlackMatter ransomware group claims to be Darkside and REvil succesor

Security Affairs

JULY 28, 2021

Lile other ransomware operations, BlackMatter also set up its leak site where it will publish data exfiltrated from the victims before encrypting their system. “The group boasted about having the ability to encrypt different operating system versions and architectures. SecurityAffairs – hacking, ransomware).

Ransomware

Ransomware Encryption Architecture Healthcare

Ransomware Toolkit Cryptonite turning into an accidental wiper

Security Affairs

DECEMBER 6, 2022

The encryption and decryption are not robust and the ransomware lack features like Windows Shadow Copy removal, File unlocking for a more thorough impact, Anti-analysis, and Defensive evasion (AMSI bypass, disabling event logging, etc.). At this point in this ransomware, the encryption process has already finished. Pierluigi Paganini.

Ransomware

Ransomware Encryption Malware Architecture

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The main reasons to rewrite malware in Rust is to have lower AV detection rates, compared to malware written in most common languages, and to target multiple architectures. The Rust variant has also been seen using intermittent encryption, one of the emerging tactics that threat actors use today for faster encryption and detection evasion.”

Ransomware

Ransomware Encryption Healthcare Education

Unknown FinSpy Mac and Linux versions found in Egypt

Security Affairs

SEPTEMBER 27, 2020

The new versions of FinSpy spyware were used by a new unknown hacking group, Amnesty International speculates the involvement of a nation-state actor that employed them since September 2019. It extracts the binary for the relevant architecture in /tmp/udev2 and executes it. SecurityAffairs – hacking, FinSpy). Pierluigi Paganini.

Spyware

Spyware Surveillance Advertising Mobile

New modular ModPipe POS Malware targets restaurants and hospitality sectors

Security Affairs

NOVEMBER 12, 2020

Although financial data, such as credit card numbers and expiration dates, are protected by encryption implemented in RES 3700 POS systems, threat actors could use another downloadable module to decrypt the contents of the database. SecurityAffairs – hacking, PoS malware). ” continues the analysis. Pierluigi Paganini.

Malware

Malware Architecture Passwords Software

BlackMatter and Haron, two new ransomware gangs in the threat landscape

Security Affairs

JULY 29, 2021

The group has also shut down its servers and deleted profiles on hacking forums, they also shut down their leak site. When infected with this ransomware, the extension of the encrypted file is changed to the victim’s name. The group boasted about having the ability to encrypt different operating system versions and architectures.

Ransomware

Ransomware Cybercrime Encryption Architecture

CDRThief Linux malware steals VoIP metadata from Linux softswitches

Security Affairs

SEPTEMBER 10, 2020

.” According to the experts, the attackers have good knowledge about the internal architecture of the targeted platform. To avoid detection of malicious functionalities, the authors encrypted all suspicious-looking strings with the Corrected Block TEA (XXTEA) cipher and then running Base64 encoding. Pierluigi Paganini.

Malware

Malware Encryption Advertising Passwords

RansomHub Responsible for Christie's Hack, Threatens Data Leak

SecureWorld News

MAY 30, 2024

In a Dark Web post earlier today, RansomHub said it had breached the Christie's corporate networks and encrypted servers containing terabytes of confidential data. Samples of stolen files were leaked as proof, including scanned passports, financial records, and details about high-value art and collectible purchases. "To

Identity Theft

Identity Theft Hacking Ransomware Data breaches

Lastpass discloses the second security breach this year

Security Affairs

NOVEMBER 30, 2022

Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.” The company pointed out that customers’ passwords were not compromised due to LastPass’s Zero Knowledge architecture. . SecurityAffairs – hacking, password). Pierluigi Paganini.

Architecture

Architecture Passwords Data breaches Password Management

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

Security Affairs

JULY 7, 2022

“SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.” SecurityAffairs – hacking, encryption). .” reads the advisory published by the Project Maintainers. Pierluigi Paganini.

Architecture

Architecture Encryption Hacking Software

The Evolving Landscape of Cybersecurity: Trends and Challenges

CyberSecurity Insiders

JUNE 1, 2023

The challenge lies in implementing robust security measures across the entire lifecycle of IoT devices, including secure development, strong authentication, encryption, and regular updates to patch vulnerabilities. Attackers leverage sophisticated techniques to infiltrate systems, encrypt valuable data, and demand ransom payments.

Cybersecurity

Cybersecurity IoT Architecture Artificial Intelligence

FBI warns of dual ransomware attacks

Security Affairs

SEPTEMBER 30, 2023

Dual ransomware attacks resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments. The government experts observed the threat actors using the following ransomware families: AvosLocker , Diamond, Hive , Karakurt , LockBit , Quantum , and Royal. ” continues the alert.

Ransomware

Ransomware Architecture Encryption Malware

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

The attack starts with a shell script that downloads binaries for various architectures (ARM, MIPS, X86), extracts a command-and-control (C2) server from an encrypted configuration, and connects to it. “Analysis of the script download URL’s telemetry reveals a concentrated pattern of infections. .

Malware

Malware Telecommunications Encryption DDOS

New variant of Necro Trojan infected more than 11 million devices

Security Affairs

SEPTEMBER 25, 2024

These apps activate the Coral SDK, which sends an encrypted POST request to a command-and-control (C2) server, containing details about the compromised device and the host app. The analysis of Happy SDK likely revealed a different variant of Necro that doesn’t have a modular architecture. ” concludes the report.

Architecture

Architecture Malware Mobile Advertising

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

Security Affairs

MARCH 11, 2025

The lack of encryption standards across different jurisdictions further complicates this issue, as some countries mandate strong encryption protocols while others impose restrictions on cryptographic techniques. Privacy-enhancing technologies are designed to minimize exposure to sensitive data while ensuring regulatory adherence.

Cybersecurity

Cybersecurity Artificial Intelligence Encryption Technology

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

Security Affairs

AUGUST 18, 2024

This extortion campaign involved several security failures, including exposing environment variables, using long-lived credentials, and the lack of a least privilege architecture. This indicates that these threat actor groups are both skilled and knowledgeable in advanced cloud architectural processes and techniques.”

Architecture

Architecture Internet Internet Media

XCSSET malware now targets macOS 11 and M1-based Macs

Security Affairs

APRIL 19, 2021

The malware also implements ransomware behavior, it is able to encrypt files and display a ransom note. For example, a sample with the MD5 hash sum 914e49921c19fffd7443deee6ee161a4 contains two architectures: x86_64 and ARM64.” SecurityAffairs – hacking, XCSSET). states the report published by Kaspersky. Pierluigi Paganini.

Malware

Malware Cryptocurrency Architecture Engineering

US CISA warns of Ransomware attacks impacting pipeline operations

Security Affairs

FEBRUARY 18, 2020

“The threat actor then deployed commodity ransomware to Encrypt Data for Impact [T1486] on both networks. Then the attackers deployed ransomware that encrypted files on both IT and OT networks causing the “loss of availability” of human-machine interfaces (HMIs), data historians, and polling servers.

Ransomware

Ransomware Advertising Encryption Architecture

Decrypting TLS connections with new Raccoon Attack

Security Affairs

SEPTEMBER 11, 2020

“Raccoon allows attackers under certain conditions to break the encryption and read sensitive communications.” If ephemeral keys get reused in either variant, they could lead to micro-architectural side channels, which could be exploited, although leading zero bytes are preserved. SecurityAffairs – hacking, Raccoon).

Encryption

Encryption Advertising Architecture Hacking

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. The second stage installs itself and loads the third stage using an encrypted, hardcoded path. The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware.

Malware

Malware Advertising Telecommunications Encryption

Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

Security Affairs

AUGUST 16, 2024

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The ZIP file is then XOR encrypted, base64 encoded, and sent via a POST request to a specified URL using the built-in cURL command. ” concludes the report.

Malware

Malware Cryptocurrency Advertising Architecture

How Website Localization Strengthens Cybersecurity in Global Markets

SecureWorld News

FEBRUARY 4, 2025

Technical components: Website architecture must be reconfigured to ensure that search engines see multiple language versions of your website properlyas different subsets, not as duplicates. For example, encrypt transaction details and add verification steps to secure and approve the exchange between your platform and the customer.

Marketing

Marketing Cybersecurity eCommerce Data breaches

Maastricht University finally paid a 30 bitcoin ransom to crooks

Security Affairs

FEBRUARY 9, 2020

It is unclear if the attackers have exfiltrated data from the systems before encrypting them. The attacker focused on encrypting data files in the Windows domain. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors. ” read a management summary of the Fox-IT report and UM’s response.

Ransomware

Ransomware Cyber Attacks Backups Architecture

Could this 'Unhackable' Chip Be a Security Moonshot?

SecureWorld News

APRIL 8, 2021

MORPHEUS chip: unhackable because of 'encryption churn'? Austin calls this encryption churn and says it prevents reverse engineering, which sophisticated hackers sometimes use. Undefined semantics are nooks and crannies of the computing architecture—for example the location, format, and content of program code.

CISO

CISO Encryption Engineering Telecommunications

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

The Last Watchdog

NOVEMBER 30, 2021

API hacking escapades. Over the past couple of years, good-guy researchers and malicious hackers alike have steadily scaled up their hacking activities to flush them out. Over the past couple of years, good-guy researchers and malicious hackers alike have steadily scaled up their hacking activities to flush them out.

Big data

Big data Digital transformation Accountability Hacking

US CISA and NSA publish guidance to secure Kubernetes deployments

Security Affairs

AUGUST 4, 2021

US CISA and NSA released new guidance that provides recommendations on how to harden Kubernetes deployments and minimize the risk of hack. Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality. SecurityAffairs – hacking, LockBit 2.0). ” states the guidance. Pierluigi Paganini.

System Administration

System Administration Architecture Firewall Risk

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The Raccoon stealer is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. SecurityAffairs – hacking, malware).

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Security Affairs

MARCH 7, 2020

Like all security architectures, Intel’s had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys.” SecurityAffairs – hacking, CVE-2019-0090). “Unfortunately, no security system is perfect.

Firmware

Firmware Technology Advertising Authentication

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Security Affairs

MAY 22, 2020

The Winnti hacking group continues to target gaming industry, recently it used a new malware named PipeMon and a new method to achieve persistence. Winnti hacking group is using a new malware dubbed PipeMon and a novel method to achieve persistence in attacks aimed at video game companies. SecurityAffairs – Winnti, hacking).

Malware

Malware Hacking Advertising Architecture

Recently discovered IceFire Ransomware now also targets Linux systems

Security Affairs

MARCH 9, 2023

MB in size, while the 64-bit ELF binary is compiled with gcc for the AMD64 architecture. In an attack observed by the experts, the ransomware successfully encrypted a CentOS host running a vulnerable version of IBM Aspera Faspex file server software. The ransomware encrypts files and appends the “.ifire” It is 2.18

Ransomware

Ransomware Encryption Media Phishing

DOGE as a National Cyberattack

Banshee macOS stealer supports new evasion mechanisms

Webinars

Trending Sources

Building a Ransomware Resilient Architecture

Webinars

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

Exfiltration Can Be Stopped With Data-in-Use Encryption, Company Says

Experts warn of a surge in activity associated FICORA and Kaiten botnets

ÆPIC Leak is the first CPU flaw able to architecturally disclose sensitive data

LastPass revealed that encrypted password vaults were stolen

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

MY TAKE: Why companies had better start taking the security pitfalls of API proliferation seriously

Processor Morphs Its Architecture to Make Hacking Really Hard

Akira ransomware received $42M in ransom payments from over 250 victims

BlackMatter ransomware group claims to be Darkside and REvil succesor

Ransomware Toolkit Cryptonite turning into an accidental wiper

Experts spotted a variant of the Agenda Ransomware written in Rust

Unknown FinSpy Mac and Linux versions found in Egypt

New modular ModPipe POS Malware targets restaurants and hospitality sectors

BlackMatter and Haron, two new ransomware gangs in the threat landscape

CDRThief Linux malware steals VoIP metadata from Linux softswitches

RansomHub Responsible for Christie's Hack, Threatens Data Leak

Lastpass discloses the second security breach this year

OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

The Evolving Landscape of Cybersecurity: Trends and Challenges

FBI warns of dual ransomware attacks

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

New variant of Necro Trojan infected more than 11 million devices

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

Large-scale extortion campaign targets publicly accessible environment variable files (.env)

XCSSET malware now targets macOS 11 and M1-based Macs

US CISA warns of Ransomware attacks impacting pipeline operations

Decrypting TLS connections with new Raccoon Attack

DePriMon downloader uses a never seen installation technique

Banshee Stealer, a new macOS malware with a monthly subscription price of $3,000

How Website Localization Strengthens Cybersecurity in Global Markets

Maastricht University finally paid a 30 bitcoin ransom to crooks

Could this 'Unhackable' Chip Be a Security Moonshot?

SHARING INTEL: Here’s why it has become so vital to prioritize the security-proofing of APIs

US CISA and NSA publish guidance to secure Kubernetes deployments

Raccoon Malware, a success case in the cybercrime ecosystem

CVE-2019-0090 flaw affects Intel Chips released in the last 5 years

Winnti uses a new PipeMon backdoor in attacks aimed at the gaming industry

Recently discovered IceFire Ransomware now also targets Linux systems

Stay Connected