A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a microarchitectural side-channel attack that takes advantage of a feature known as data memory-dependent prefetcher (DMP) to target constant-time cryptographic implementations and capture sensitive data from the CPU cache. […]
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows “threat actors to terminate antivirus processes and services for the deployment of […]
Ransomware groups are increasingly switching to remote encryption in their attacks, marking a new escalation in tactics adopted by financially motivated actors to ensure the success of their campaigns. “Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network,” […]
Following a buyer on a hackers’ forum offering stolen data for US$100,000 (S$134,898) in bitcoin on Saturday, it is believed that gaming gear manufacturer Razer has had a data breach.The company said in a statement on Twitter that it is looking into the possibility of a data breach and is aware that one may have […]
WhatsApp, owned by Meta, has threatened to quit the United Kingdom in the event that the government adopts the Online Safety Bill, claiming that the bill would effectively remove its encryption mechanisms. The firm, along with its competitor company Signal and five other applications, said that, in the event that the bill is signed into […]
Researchers from Checkpoint found a new and previously unknown ransomware variant dubbed “Rorschach” with highly sophisticated features that target U.S. companies. Rorschach ransomware carries technically unique and customized features and one of the fastest ransomware observed by the speed of encryption that was never found in ransomware history. Interestingly, Threat actors behind the ransomware implemented […]
The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. “The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying the ransom,” SentinelOne researcher Antonis Terefos said in […]
The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. “This ransomware variant, dubbed ‘PolyVice,’ implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms,” SentinelOne researcher Antonio Cocomazzi said in an analysis. Vice Society, which is tracked by Microsoft under the […]
The message encryption system employed by Microsoft in Office 365 has a system vulnerabilities, according to a warning from the Finnish cybersecurity company WithSecure. According to WithSecure’s alert, the Office 365 Message Encryption (OME) security technique is defective, which makes it possible for the Microsoft 365 security vulnerability to be used to infer message contents. […]
New research has disclosed what’s being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. “The [Office 365 Message Encryption] messages are encrypted in insecure Electronic Codebook (ECB) mode of operation,” Finnish cybersecurity company WithSecure said in a report published […]
The operators of the Hive ransomware-as-a-service (RaaS) scheme have overhauled their file-encrypting software to fully migrate to Rust and adopt a more sophisticated encryption method. “With its latest variant carrying several major upgrades, Hive also proves it’s one of the fastest evolving ransomware families, exemplifying the continuously changing ransomware ecosystem,” Microsoft Threat Intelligence Center (MSTIC) […]
Two bugs in the web interface of a Fujitsu cloud storage system would allow authenticated threat actors to read, write, and even destroy backed up files. According to the report, these flaws reside in the enterprise-grade Fujitsu Eternus CS800 V8.1 solution. These problems were found by researchers at NCC Group, who mention that the flaws […]
A cyber-attack is a malicious attack undertaken by cybercriminals against single or numerous computers, computer systems, networks, or infrastructures utilizing one or more computers. The goal is to interrupt the victim’s business operations or steal important information. Individuals, corporations, governments, and critical infrastructure are potential cyber-attack targets. To breach a company, ransomware attackers utilize a […]
A researcher has detected a critical vulnerability in some of the most common malware and ransomware variants today and whose exploitation would allow interrupting file encryption on infected systems, preventing successful attacks. Among the ransomware strains affected by this flaw are dangerous variants such as AvosLocker, Conti, LockBit, REvil, and the recently detected Black Basta. […]
Cybersecurity specialists report the detection of a critical vulnerability in homomorphic encryption, one of the most advanced security technologies today. According to the report, the flaw would allow threat actors to steal data even during the encryption process. This variant of encryption allows data to be encrypted so that third parties cannot read it, although […]
A bug in the Hive ransomware encryption algorithm would allow victims to recover their information without having to negotiate with hackers. This is a ransomware-as-a-service (RaaS) operation that resorts to the double extortion method, encrypting information and demanding a ransom in exchange for not leaking this sensitive data. This operation experienced an excessive growth in […]
Recently, an Indian IT company that is specialized in the Banking and Financial Services sector, Nucleus Software has suffered a security breach on May 30, 2021, as reported by the cybersecurity experts at Cyble. However, Nucleus Software has already reported the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI) about this […]
Bitdefender’s cybersecurity specialists have released a free tool to remove the encryption provoked by the DarkSide ransomware, allowing victims to recover their blocked information without paying a ransom to attackers. This variant of encryption malware has been active for just a few months, although it already has thousands of victims worldwide. As can be seen […]
The videoconferencing platform is making the feature available to users of both free and paid tiers
Here’s how encryption can help keep your data safe from prying eyes – even if your device is stolen or your cloud account is hacked
Cybersecurity researchers today discovered a new high-risk hardware vulnerability named kr00k or Kr00k Attack that is present in widely used Wi-Fi chips made by Broadcom and Cypress, apparently providing more than a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets. Called “Kr00k” and monitored as CVE-2019-15126, this flaw can allow nearby remote attackers […]