The Last Watchdog

AUGUST 29, 2023

Related: Pushing the fly-by-wire envelope This is especially true because systems are more interconnected and use more complex commercial software than ever before, meaning a vulnerability in one system could lead to a malicious actor gaining access to more important systems. Risks delineated Still, there have been many other incidents since.

Software 264

Software Risk Artificial Intelligence Cyber Attacks 264

Schneier on Security

JULY 26, 2024

The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text.

Firmware 344

Firmware Encryption Manufacturing Passwords 344

Malwarebytes

FEBRUARY 11, 2025

The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service. The main goal for the Home Office is an optional feature that turns on end-to-end encryption for backups and other data stored in iCloud. Since then, privacy focused groups have uttered their objections.

Encryption 127

Encryption Backups Government Accountability 127

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. Federal Bureau of Investigation (FBI). Image: Wikipedia.

Antivirus 326

Antivirus VPN Encryption Malware 326

Schneier on Security

JANUARY 10, 2023

…within a few weeks of ChatGPT going live, participants in cybercrime forums—­some with little or no coding experience­—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks.

Malware 66

Malware Encryption Cybercrime Passwords 66

Adam Shostack

JANUARY 2, 2025

Ransomware works by going through files, one by one, and replacing their content with an encrypted version. Software on Microsoft Windows uses an application programming interface (API) called "CreateFile" to access files. Because you can't encrypt a file until you can open it, this would have a dramatic impact on ransomware.

Ransomware 246

Ransomware Encryption Software 246

Joseph Steinberg

JULY 20, 2022

There is little doubt that quantum computing will ultimately undermine the security of most of today’s encryption systems , and, thereby, render vulnerable to exposure nearly every piece of data that is presently protected through the use of encryption. Such an attitude is not alarmist – it is reality, whether we like it or not.

Risk 339

Risk Encryption Government Artificial Intelligence 339

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

Schneier on Security

JANUARY 21, 2022

Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Citizen Lab examined the app and found it riddled with security holes.

Surveillance 362

Surveillance Encryption Wireless Government 362

Schneier on Security

NOVEMBER 15, 2022

Even messages shared via encrypted services like WhatsApp are vulnerable, according to POLITICO’s technical review of the application, and two of the outside experts. This month, it’s Egypt’s COP27 Summit app : The app is being promoted as a tool to help attendees navigate the event.

Spyware 343

Spyware Technology Encryption Government 343

Krebs on Security

NOVEMBER 17, 2022

He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. “We’ve found someone who can crack the encryption.” “You want to use your own software or someone else who’s trusted to do it.”

Ransomware 349

Ransomware Encryption Backups Manufacturing 349

Schneier on Security

FEBRUARY 13, 2025

DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

Government 363

Government Artificial Intelligence Banking Software 363

NetSpi Technical

MARCH 10, 2025

Last year, the NetSPI red team came across a backup file for Solar Winds Web Help Desk software. This led to an analysis of the software and how it stored encrypted passwords, giving the red team the ability to recover the stored passwords and use them to access other systems. Fixed in: Solar Winds Web Help Desk version 12.8.5

Encryption 95

Encryption Backups Passwords Software 95

Schneier on Security

FEBRUARY 6, 2023

And there is a lesson in that similarity: the complex mathematical attacks make for good academic papers, but we mustn’t lose sight of the fact that insecure software will be the likely attack vector for most ML systems. Systems can only match images with human-provided labels, so the software would never notice the switch.

Encryption 277

Encryption Hacking Software Social Engineering 277

Security Affairs

SEPTEMBER 29, 2024

Progress Software addresses six new security vulnerabilities affecting its WhatsUp Gold, two of them are rated as critical severity. Progress Software has addressed six new security vulnerabilities in its IT infrastructure monitoring product WhatsUp Gold. The flaw impacts WhatsUp Gold versions released before 2024.0.0.

Software 123

Software Encryption Passwords Hacking 123

Krebs on Security

OCTOBER 26, 2020

The latest cracks in Widevine concern the encryption technology’s protection for L3 streams, which is used for low-quality video and audio streams only. “It’s not a bug but an inevitable flaw because of the use of software, which is also why L3 does not offer the best quality,” Hadad wrote in an email.

Software 312

Software Technology Mobile Media 312

Schneier on Security

MARCH 31, 2024

I know I was at the Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. Pulling an old first-edition of Applied Cryptography down from the shelf, I see his name in the acknowledgments.

Surveillance 351

Surveillance Engineering Encryption Government 351

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Taylor Monahan is founder and CEO of MetaMask , a popular software cryptocurrency wallet used to interact with the Ethereum blockchain.

Cryptocurrency 360

Cryptocurrency Passwords Encryption Accountability 360

Krebs on Security

JULY 19, 2021

” Wosar said the next most-common scenario involves victims that have off-site, encrypted backups of their data but discover that the digital key needed to decrypt their backups was stored on the same local file-sharing network that got encrypted by the ransomware. “That is still somewhat rare,” Wosar said.

Backups 359

Backups Ransomware Encryption Insurance 359

Schneier on Security

FEBRUARY 11, 2022

Antivirus software triggered numerous alerts after detecting Cobalt Strike activity but these were not escalated. The antivirus server was later encrypted in the attack).

Antivirus 350

Antivirus Hacking Ransomware CISO 350

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. Citrix’s letter was prompted by laws in virtually all U.S.

VPN 363

VPN Passwords Software Telecommunications 363

Krebs on Security

MARCH 25, 2020

Specifically, it says, “The [link] ensures that you are connecting to the official website… ” Here’s the deal: The [link] part of an address (also called “Secure Sockets Layer” or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and cannot be read by third parties.

Government 325

Government Phishing Encryption Scams 325

SecureList

NOVEMBER 6, 2024

It spreads via forums posts, torrent trackers and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. These posts refer to the SteelFox dropper as an efficient way to activate a legitimate software product for free. Its parameters are also encrypted — they are decrypted once dropped by the first stage.

Software 122

Software Cryptocurrency Malware DNS 122

Schneier on Security

JULY 26, 2023

An attacker who followed this step would then be able to decrypt intercepted traffic with consumer-level hardware and a cheap software defined radio dongle. Looks like the encryption algorithm was intentionally weakened by intelligence agencies to facilitate easy eavesdropping. It’s just not a good idea.

Telecommunications 246

Telecommunications Encryption Technology Software 246

The Last Watchdog

DECEMBER 13, 2023

Each time we use a mobile app or website-hosted service, digital certificates and the Public Key Infrastructure ( PKI ) come into play — to assure authentication and encrypt sensitive data transfers. This is a fundamental component of Digital Trust – and the foundation for securing next-gen digital connections.

Encryption 311

Encryption Technology CISO IoT 311

Schneier on Security

NOVEMBER 8, 2023

The second is functional decoupling: splitting information among layers of software. To verify that decoupling has been done right, we can learn from how we think about encryption: you’ve encrypted properly if you’re comfortable sending your message with your adversary’s communications system.

Encryption 331

Encryption Authentication Government Software 331

The Last Watchdog

MAY 23, 2022

They require integrity, authentication, trusted identity and encryption. Software-defined-everything is the order of the day. We simply must attain — and sustain — a high bar of confidence in the computing devices, software applications and data that make up he interconnected world we occupy.

Digital transformation 214

Digital transformation Cybersecurity Computers and Electronics Encryption 214

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report.

Malware 321

Malware Software Technology Accountability 321

Tech Republic Security

SEPTEMBER 21, 2023

The attestation service is designed to allow data in confidential computing environments to interact with AI safely, as well as provide policy enforcements and audits.

Encryption 182

Encryption Artificial Intelligence Big data Software 182

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. If they’re going for data ransoming, they’re encrypting the data itself — not the machines.”

Firmware 336

Firmware Malware Software Ransomware 336

Joseph Steinberg

OCTOBER 4, 2023

While some messaging systems now offer end-to-end encryption that prevents the providers of such services from decrypting messages , metadata – including who communicated with whom and when and where – is still available to governments. Of course, no encryption method is perfect.

Encryption 223

Encryption Artificial Intelligence Government Media 223

Joseph Steinberg

JANUARY 4, 2023

Zero Trust Network Architecture, on the other hand, is not conceptual; it refers to an actual information technology architecture – including hardware, software, data, and workflow – that employs the principles of Zero Trust in its design so as to enforce a Zero Trust model.

Architecture 361

Architecture Artificial Intelligence Encryption Cybersecurity 361

Krebs on Security

JANUARY 10, 2023

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S.

Software 288

Software Encryption Engineering Internet 288

Krebs on Security

JUNE 15, 2024

Among those was the encrypted messaging app Signal , which said the breach could have let attackers re-register the phone number on another device for about 1,900 users. LastPass said criminal hackers had stolen encrypted copies of some password vaults, as well as other personal information.

Hacking 323

Hacking Phishing Cybercrime Passwords 323

Tech Republic Security

DECEMBER 23, 2024

Trend Micro guards desktop and mobile devices from ransomware, phishing schemes, spam, and more for one year.

Software 155

Software Mobile Phishing Ransomware 155

Troy Hunt

SEPTEMBER 17, 2020

I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them. Now let's try the mobile app: What's the encryption story there?

VPN 358

VPN Phishing DNS Encryption 358

The Last Watchdog

JANUARY 10, 2022

Related: The dangers of normalizing encryption for government use. Encryption. Encrypting data in storage and while it is being transferred can also significantly de-risk work scenarios revolving around the use of personal data. Encrypting data can be done cheaply. This can include: Security contours.

Risk 240

Risk Encryption Data privacy CISO 240