Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The Word document seems to be in the Russian language.

Encryption 133

Encryption Malware Phishing Hacking 133

Adam Shostack

FEBRUARY 12, 2025

This is a big, complex document. The apparent complexity is exacerbated by the intermingling of how to conduct with sample output and perhaps the document might be improved by breaking it into two: a how to guide and a sample output document or documents. What makes this level of detail right for this document?

Risk 147

Risk Manufacturing Encryption Surveillance 147

Security Affairs

NOVEMBER 12, 2024

The auto-reboot feature returns devices to a “Before First Unlock” restricting app access to encryption keys. Law enforcement warned that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. Three iPhones running iOS 18.0

Media 127

Media Wireless Mobile Encryption 127

Schneier on Security

JULY 6, 2022

It announced the first four algorithms: For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. NIST has not chosen a public-key encryption standard.

Encryption 286

Encryption Backups 286

Adam Shostack

JANUARY 2, 2025

UK, and Australia: Weak Encryption Puts Billions of Internet Users at Risk. The Identity Project has extensive documentation , and I generally concur with their recommendations. A few tidbits in recent news. The Open Technology Institute has an Open Letter to Law Enforcement in the U.S., press release , letter.)

Technology 130

Technology Encryption Internet Internet 130

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Citizen Lab examined the app and found it riddled with security holes.

Surveillance 362

Surveillance Encryption Wireless Government 362

Schneier on Security

JUNE 4, 2020

And now we have this : Corporate clients will get access to Zoom's end-to-end encryption service now being developed, but Yuan said free users won't enjoy that level of privacy, which makes it impossible for third parties to decipher communications. And note that Stamos said "encrypted" and not "end-to-end encrypted."

Encryption 278

Encryption 278

Penetration Testing

JANUARY 25, 2024

This malicious software, designed to encrypt files on a victim’s computer, demands a ransom in exchange for the decryption key,... The post FAUST Ransomware Strikes: The Hidden Dangers Inside Office Documents appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing Ransomware Encryption Software 119

SecureWorld News

JULY 29, 2024

Internal documents from Leidos Holdings Inc., According to a Bloomberg News report on July 23, the documents are believed to have been exfiltrated during a breach of a system operated by Diligent Corp., Graham continued, "For example, if project plans or classified documents are compromised, adversaries might gain insights into U.S.

Government 115

Government Risk Encryption Authentication 115

Troy Hunt

SEPTEMBER 25, 2021

Sponsored by: Boxcryptor cloud security: Free end-to-end encryption for your files. Check out the seamless encryption solution, Made in Germany!

Encryption 319

Encryption Phishing Government 319

Schneier on Security

SEPTEMBER 24, 2020

It looks like the standard technique of getting the victim to open a document or application. Both are popular messaging tools in Iran. The hackers also have created malware disguised as Android applications, the reports said.

Government 282

Government Hacking Mobile Encryption 282

Security Affairs

MAY 1, 2024

NSA employee has been sentenced to nearly 22 years in prison for attempting to sell classified documents to Russia. Dalke pleaded guilty to six counts of attempting to transmit classified documents to a foreign agent while he was working at the NSA. A former U.S.

Accountability 130

Accountability Encryption Government Hacking 130

Security Affairs

APRIL 7, 2025

In Dark Web environments as well as on specialized forums, sellers are posting synthetic ads inviting potential buyers to contact them privately, often via Telegram, Session, and other encrypted messaging apps. Payments are mostly made in Bitcoin or Monero, to ensure confidentiality and irreversibility.

Cybercrime 138

Cybercrime Social Engineering Accountability Government 138

Krebs on Security

MAY 22, 2019

Our {legal team | legal council | legal departement} has prepared a document explaining the {litigation | legal dispute | legal contset}. Please download and read the attached encrypted document carefully. Note: The password for the document is 123456. Yes, the spelling/grammar is poor and awkward (e.g.,

Phishing 279

Phishing Antivirus Scams Malware 279

Tech Republic Security

SEPTEMBER 27, 2024

Learn about encryption, HIPAA, and records management for better document protection. Explore cloud fax security and compliance.

Encryption 167

Encryption Software Network Security 167

Centraleyes

FEBRUARY 17, 2025

This document should outline governance structures, approval workflows, and ownership responsibilities to maintain consistency across the board. Example : A tech company with high data privacy concerns might prioritize policies on data security and encryption over other operational areas.

Architecture 52

Architecture Government Risk Technology 52

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking 356

Hacking Ransomware Banking Accountability 356

Security Affairs

DECEMBER 16, 2024

“In at least two cases Amnesty International documented, the Cellebrite UFED product and associated exploits were used to covertly bypass phone security features, enabling Serbian authorities to infect the devices with NoviSpy spyware. ” reads the report published by Amnesty. ” reported the Associated Press.

Spyware 105

Spyware Surveillance Technology Mobile 105

Schneier on Security

FEBRUARY 11, 2020

These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages. This isn't really news. We have long known that Crypto AG was backdooring crypto equipment for the Americans.

Encryption 279

Encryption Government Accountability 279

Schneier on Security

JANUARY 13, 2022

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? New documents received by Motherboard show that over 100 of those phones were shipped to users in the US, far more than previously believed. They arrested 800 people in 2021 based on that operation.

Surveillance 358

Surveillance Encryption Government 358

Schneier on Security

OCTOBER 23, 2020

This report documents the widespread adoption of MDFTs by law enforcement in the United States. Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia.

Mobile 335

Mobile Engineering Encryption 335

The Last Watchdog

SEPTEMBER 10, 2024

Instead of traditional methods that rely on storing and matching biometrics, SenseCrypt eID utilizes acts of encryption and decryption for registration and authentication, with no public/private keys stored anywhere. A user can have any number of Face Certificates, each with a unique public key for specific purposes.

Computers and Electronics 278

Computers and Electronics Encryption Government Authentication 278

The Last Watchdog

DECEMBER 13, 2023

Each time we use a mobile app or website-hosted service, digital certificates and the Public Key Infrastructure ( PKI ) come into play — to assure authentication and encrypt sensitive data transfers. This is a fundamental component of Digital Trust – and the foundation for securing next-gen digital connections.

Encryption 311

Encryption Technology CISO IoT 311

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. Federal Bureau of Investigation (FBI). Image: Wikipedia.

Antivirus 327

Antivirus VPN Encryption Malware 327

Malwarebytes

JANUARY 6, 2025

This ransomware is known for employing double extortion tactics, which means they encrypt victims’ data while also threatening to release sensitive information unless a ransom is paid. No physical safeguards were implemented to limit access to servers containing patient data.

Data breaches 144

Data breaches Ransomware Passwords Insurance 144

Malwarebytes

DECEMBER 6, 2024

Earlier this week the German police shut down the servers and arrested one of the administrators of the countrys largest German-speaking online marketplaces for illegal goods and services, including stolen data, drugs, and forged documents.

Marketing 112

Marketing Banking Encryption Phishing 112

Krebs on Security

JULY 1, 2020

Usually, the blog posts that appear on ransom sites are little more than a teaser — screenshots of claimed access to computers, or a handful of documents that expose proprietary or financial information.

Ransomware 349

Ransomware Cybercrime Encryption Malware 349

Malwarebytes

APRIL 3, 2025

That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world.

VPN 136

VPN Mobile Government Technology 136

Schneier on Security

AUGUST 28, 2023

Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as $30 of off-the-shelf radio equipment can broadcast the command to a Polish train­—sending a series of three acoustic tones at a 150.100 megahertz frequency­—and trigger their emergency stop function.

Encryption 242

Encryption Authentication Cybersecurity 242

Schneier on Security

MAY 20, 2020

This was just after Greenwald's partner was detained in the UK trying to ferry some documents from Laura Poitras in Berlin back to Greenwald. It was an opsec disaster; they would have been much more secure if they'd emailed the encrypted files. In fact, I told them to do that, every single day.

Surveillance 270

Surveillance Encryption Government Media 270

Krebs on Security

JANUARY 19, 2022

The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me , an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device. If your documents get accepted, ID.me McLean, Va.-based

Mobile 363

Mobile Accountability Insurance Government 363

Krebs on Security

JUNE 16, 2021

First debuting in early 2019, CLOP is one of several ransomware groups that hack into organizations, launch ransomware that encrypts files and servers, and then demand an extortion payment in return for a digital key needed to unlock access. ? /.

Ransomware 357

Ransomware Cybercrime Malware Encryption 357

Security Affairs

MARCH 31, 2025

” Threat actor distributes LNK files compressed inside ZIP archives as part of the recent phishing campaign, usually disguising the file as an Office document and uses names related to the military invasion. This DLL acts as a loader, decrypting and executing the final Remcos payload from encrypted files within the ZIP.

Phishing 111

Phishing Antivirus Encryption Hacking 111

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware 70

Ransomware Encryption Backups Malware 70

SecureList

APRIL 23, 2025

Finally, the generated private key and the attacker’s public key are scalar-operated to create a shared key, which is then used as the key for the ChaCha20 algorithm to encrypt the data ( T1573.001 ). We disclosed that this tool had been loaded by SIGNBT when we first documented SIGNBT malware. exe c : Programdata intel util.

Malware 144

Malware Software Encryption Internet 144

Schneier on Security

JULY 3, 2020

French police hacked EncroChat secure phones, which are widely used by criminals: Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents.

Hacking 279

Hacking Telecommunications Encryption Firewall 279

SecureList

FEBRUARY 5, 2025

It encrypts data with AES-256 in CBC mode before sending and decrypts server responses with AES-128 in CBC mode. The process of sending data to “rust” consists of three stages: Data is encrypted with AES-256 in CBC mode using the same key as in the case of the “http” server.

Malware 144

Malware Encryption Mobile Cryptocurrency 144