Daniel Miessler

DECEMBER 24, 2022

If you follow Information Security at all you are surely aware of the LastPass breach situation. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults. So basically: Minor incident, but no customer data or vaults were lost.

Password Management 364

Password Management Passwords Encryption Backups 364

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. The ransomware group used an unsecured webcam to encrypt systems within atarget’s network, bypassing Endpoint Detection and Response (EDR). Akira successfully encrypted files across the network.

Ransomware 130

Ransomware IoT Encryption Passwords 130

Schneier on Security

AUGUST 8, 2022

The idea is to standardize on both a public-key encryption and digital signature algorithm that is resistant to quantum computing, well before anyone builds a useful quantum computer. Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force.

Encryption 361

Encryption Architecture Engineering Information Security 361

Krebs on Security

APRIL 11, 2024

On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

CISO 310

CISO Encryption Telecommunications Financial Services 310

Security Affairs

DECEMBER 3, 2024

Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. .

Ransomware 119

Ransomware Encryption Technology Cybersecurity 119

Security Affairs

MARCH 15, 2025

The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques. It uses a configuration file with regex patterns to detect cryptocurrency wallet addresses and C2 addresses for downloading encrypted wallet lists (recovery.dat and recoverysol.dat).

Software 106

Software Cryptocurrency Malware Encryption 106

Security Affairs

FEBRUARY 4, 2025

AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked asCVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV).

Encryption 92

Encryption Firmware Hacking Information Security 92

Security Affairs

NOVEMBER 18, 2024

The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. We secured our systems and began an investigation with the help of a cybersecurity firm. ” reads the notice of security incident published by the organization.

Ransomware 125

Ransomware Insurance Encryption Healthcare 125

Joseph Steinberg

JANUARY 4, 2023

The term Zero Trust refers to a concept, an approach to information security that dramatically deviates from the common approach of yesteryear; Zero Trust states that no request for service is trusted, even if it is issued by a device owned by the resource’s owner, and is made from an internal, private network belonging to the same party.

Architecture 361

Architecture Artificial Intelligence Encryption Cybersecurity 361

Security Affairs

APRIL 6, 2025

Oracle confirms a data breach and started informing customers while downplaying the impact of the incident. A threat actor using the moniker rose87168 claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including encrypted credentials. Oracle has since taken the server offline. “Oracle Corp.

Data breaches 126

Data breaches Encryption Hacking Passwords 126

The Last Watchdog

DECEMBER 18, 2024

Part three of a four-part series In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in encryption and software transparency raising the bar. CISA updated its Secure by Design guidance, and the EUs Cyber Resilience Act and NIS2 added new requirements.

Cybersecurity 130

Cybersecurity CISO Risk Government 130

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware 72

Ransomware Encryption Backups Malware 72

Security Affairs

APRIL 17, 2025

Rolling XOR Key: Utilized for encrypting communications with the command-and-control (C2) server, with key sizes varying among variants. Once active, it proxies traffic between infected devices and command-and-control servers using TCP sockets and FakeTLS, encrypting data with a custom XOR-based algorithm. ” concludes the report.

Encryption 109

Encryption Government Malware Internet 109

Security Affairs

OCTOBER 22, 2024

The security breach exposed low-sensitivity performance monitoring data, including customer usernames, account info, and encrypted internal credentials. A threat actor exploited a zero-day vulnerability in a non-Rackspace utility bundled with the ScienceLogic application. Rackspace helped ScienceLogic address this issue.

Encryption 123

Encryption Hacking Accountability Cybersecurity 123

Security Affairs

MARCH 25, 2025

It evades detection using multi-stage dynamic loading, encrypting and loading its malicious payload in three steps. The malware also manipulates AndroidManifest.xml with excessive permissions to disrupt analysis and uses encrypted socket communication to hide stolen data. This initial file acts as a loader for the next stage.

Malware 74

Malware Encryption Banking Cyber threats 74

Security Affairs

APRIL 10, 2025

No OCI service has been interrupted or compromised in any way,” Last week, Oracle confirmed a data breach and started informing customers while downplaying the impact of the incident. The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack.

Hacking 119

Hacking Data breaches Encryption Passwords 119

Security Affairs

OCTOBER 20, 2024

Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates FASTCash for Linux Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Technical Analysis of DarkVision RAT Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service (..)

Malware 125

Malware Ransomware Encryption Phishing 125

Security Affairs

APRIL 13, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. Cell C has also shared fraud prevention resources, including guidance on registering with SAFPS for extra protection. RansomHouse is a data extortion group that has been active since Dec 2021. Victims include AMD and Keralty.

Data breaches 129

Data breaches Unstructured Data Identity Theft Healthcare 129

Krebs on Security

OCTOBER 28, 2020

Ransomware attackers often spend weeks or months inside of a target’s network before attempting to deploy malware across the network that encrypts servers and desktop systems unless and until a ransom demand is met. “The harsh and unfortunate reality is the security of a number of security companies is s**t,” Arena said.

Hacking 357

Hacking Ransomware Banking Accountability 357

Security Affairs

MARCH 17, 2025

The tool doesn’t work like traditional decryptors but instead brute-forces encryption keys using timestamp-based methods. Nugroho’s decryptor brute-forces encryption keys by exploiting Akira ransomwares use of timestamp-based seeds. The malware encrypts files using KCipher2 and Chacha8. Instead, RunPod and Vast.ai

Ransomware 69

Ransomware Encryption Malware Hacking 69

Schneier on Security

JANUARY 3, 2023

“ Factoring integers with sublinear resources on a superconducting quantum processor ” Abstract: Shor’s algorithm has seriously challenged information security based on public key cryptosystems. But…wow…maybe…and yikes!

Encryption 364

Encryption Government Information Security 364

Security Affairs

JANUARY 4, 2025

Attackers steal sensitive data like mnemonics and private keys from Hardhat, encrypt it with AES, and exfiltrate it to endpoints under their control. .” Threat actors behind this campaign mimicked the names of legitimate packages and organizations to trick developed into using them. ” continues the report.

Encryption 134

Encryption Hacking Cybercrime Information Security 134

Security Affairs

MARCH 30, 2025

It creates secure tunnels for threat actors via SSH, proxies, and encrypted keys, enabling covert system access. It acts as a rootkit, dropper, backdoor, bootkit, proxy, and tunneler. RESURGE modifies files, manipulates integrity checks, and installs a persistent web shell. that is a SPAWNSLOTH variant used for log tampering.

Malware 122

Malware Authentication Cybersecurity Encryption 122

Security Affairs

APRIL 2, 2025

The backdoor, targeting Windows, uses AES-CBC encryption with base64 encoding and loads the payload via the exec function. The researchers noted that a Python script with ~30 lines serves as the main entry point, decrypting and executing the real payload.

Antivirus 125

Antivirus Cybercrime Malware Encryption 125

Security Affairs

NOVEMBER 26, 2024

The ZIP file is then XOR encrypted, base64 encoded, and sent via a POST request to a specified URL using the built-in cURL command. Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger. concludes the report.

Malware 144

Malware Cryptocurrency Encryption Passwords 144

Security Affairs

MARCH 10, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. @chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o — Dominic Alvieri (@AlvieriD) March 10, 2025 RansomHouse is a data extortion group that has been active since Dec 2021. Victims include AMD and Keralty.

Hacking 117

Hacking Healthcare Backups Ransomware 117

The Last Watchdog

MAY 19, 2022

percent of CMS users worry about the security of their CMS—while 46.4 percent actually had a CMS security issue affect their content. The best practices for securing your CMS begin with these five low-hanging-fruit steps: •Make sure that your CMS platform’s access control and encryption features are turned on and configured correctly.

Data breaches 262

Data breaches Encryption Mobile Technology 262

SecureWorld News

MARCH 13, 2025

Similarly, the AI-assisted ransomware provided a high-level approach to encrypting files but lacked complete execution. Instead, security teams should prioritize behavioral analysismonitoring for unusual patterns such as unexpected file encryption, unauthorized persistence mechanisms, or anomalous network traffic.

Malware 113

Malware Cybersecurity Cyber threats Threat Detection 113

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches 117

Data breaches Cybercrime Cyber Insurance Marketing 117

The Last Watchdog

MARCH 21, 2022

Become familiar with the standards that affect your industry, such as GDPR, CCPA, SOX, HIPAA, the Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard (PCI-DSS), Federal Information Security Management Act (FISMA) and Children’s Online Privacy Protection Rule (COPPA). Assign roles and responsibilities.

Encryption 214

Encryption Data privacy Cloud Migration Risk 214

Security Affairs

JANUARY 10, 2025

A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November. Elastic researchers noticed that regarding Safari, only the cookies are collected by the AppleScript script for the current version.

Malware 121

Malware Advertising Antivirus Cybercrime 121

Security Affairs

JANUARY 24, 2025

The reverse shell issued a challenge by sending an encrypted string using a hard-coded certificate. When a magic packet was detected, the agent spawned a reverse shell to the IP address and port specified by the packet. If the remote user returned the correct string, they were granted a command shell; otherwise, the connection was closed.

Malware 122

Malware VPN Encryption Hacking 122

Security Affairs

APRIL 7, 2025

In Dark Web environments as well as on specialized forums, sellers are posting synthetic ads inviting potential buyers to contact them privately, often via Telegram, Session, and other encrypted messaging apps. Payments are mostly made in Bitcoin or Monero, to ensure confidentiality and irreversibility.

Cybercrime 138

Cybercrime Social Engineering Accountability Government 138

Thales Cloud Protection & Licensing

JANUARY 16, 2025

Here is a quick summary of the most relevant regulations: Gramm-Leach-Bliley Act (GLBA) The GLBA mandates that a broad range of financial institutions based or operating in the United States, from banks and brokerage firms to payday and tax preparers, protect consumers personal financial information.

Financial Services 62

Financial Services Encryption Insurance Government 62

Security Affairs

FEBRUARY 20, 2025

The NailaoLocker ransomware does not scan network shares, cannot stop services or processes that could prevent the encryption of certain important files, and does not control if it is being debugged. locked extension to the filenames of encrypted files. The malware uses asymmetric encryption algorithm AES-256-CTR.

Healthcare 82

Healthcare Ransomware VPN Malware 82

Security Affairs

MARCH 13, 2025

Medusa operators leverage legitimate remote access tools like AnyDesk, Atera, and Splashtop, alongside RDP and PsExec, to move laterally and locate files for exfiltration and encryption. Encryption is executed using gaze.exe , which disables security tools, deletes backups, and encrypts files with AES-256 before dropping a ransom note.

Ransomware 70

Ransomware Encryption Cryptocurrency Insurance 70

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency 112

Cryptocurrency Malware Hacking Ransomware 112