Tech Republic Security

SEPTEMBER 21, 2023

The attestation service is designed to allow data in confidential computing environments to interact with AI safely, as well as provide policy enforcements and audits.

Encryption 193

Encryption Artificial Intelligence Big data Software 193

The Hacker News

NOVEMBER 14, 2023

A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation.

Encryption 134

Encryption Technology Information Security Software 134

SecureWorld News

JUNE 12, 2025

A new report from Symantec and the Carbon Black Threat Hunter team reveals a concerning evolution in the Fog ransomware operation, which now leverages a rare mix of legitimate software, open-source tools, and stealthy delivery mechanisms to compromise organizations. This significantly reduces their chances of detection.

Software 60

Software Ransomware VPN Surveillance 60

Malwarebytes

JANUARY 6, 2025

This ransomware is known for employing double extortion tactics, which means they encrypt victims’ data while also threatening to release sensitive information unless a ransom is paid. The company provided no HIPAA training for employees prior to November 2023. This investigation revealed extensive HIPAA violations.

Data breaches 145

Data breaches Ransomware Passwords Insurance 145

SecureWorld News

JUNE 9, 2025

Global data reveals that cyberattacks rose by 131% between 2022 and 2023 across the aviation industry, with a 74 percent increase since 2020, underscoring the profundity of this threat. In the first half of 2023 alone, aviation cyberattacks surged by 24% worldwide, fueling disruptions from flight-planning systems to passenger services.

Cybersecurity 118

Cybersecurity Social Engineering Computers and Electronics Risk 118

Security Affairs

MAY 4, 2025

“According to the indictment, from March 2021 to June 2023, Ahmed and others infected computer networks of several U.S.-based “The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. The man demanded ransom payments of $10,000 in Bitcoin from the victims.

Ransomware 115

Ransomware Encryption VPN Malware 115

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE. ” reads the advisory published by the IT giant.

VPN 135

VPN Software Encryption Authentication 135

SecureList

OCTOBER 21, 2024

According to Kaspersky Digital Footprint Intelligence, almost 10 million devices, both personal and corporate, were attacked by information stealers in 2023. Kral In mid-2023, we discovered the Kral downloader which, back then, downloaded the notorious Aurora stealer. Also, they both use the same key for string encryption.

Passwords 127

Passwords Malware Encryption Cryptocurrency 127

eSecurity Planet

OCTOBER 6, 2023

That makes email security software a worthwhile investment for organizations of all sizes. We analyzed the market for email security tools and software to arrive at this list of 7 top email security solutions, including their standout features, limitations and ideal use cases, followed by issues prospective buyers should consider.

Software 131

Software Phishing Mobile Threat Detection 131

SecureList

APRIL 23, 2025

We have been tracking the latest attack campaign by the Lazarus group since last November, as it targeted organizations in South Korea with a sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean software. We found that the malware was running in the memory of a legitimate SyncHost.

Malware 143

Malware Software Encryption Internet 143

Zero Day

JUNE 6, 2025

The hackers say that the dates of birth and social security numbers were originally encrypted but have since been decrypted and are now visible in plain text. Based on an analysis by cybersecurity news platform Hackread , the data contains dates of birth, phone numbers, email addresses, street addresses, and even social security numbers.

Password Management 128

Password Management Passwords Artificial Intelligence Software 128

Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. If they’re going for data ransoming, they’re encrypting the data itself — not the machines.”

Firmware 340

Firmware Malware Software Ransomware 340

Malwarebytes

JANUARY 2, 2024

The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Basta Buster, exploits a flaw in the encryption algorithm used in older versions of the Black Basta group’s ransomware. Stop malicious encryption. Detect intrusions.

Encryption 129

Encryption Ransomware Backups Malware 129

Security Affairs

NOVEMBER 9, 2024

Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. Some of these VPNs were running unsupported software versions.” reads the advisory.

Backups 134

Backups Ransomware VPN Accountability 134

Malwarebytes

OCTOBER 11, 2023

In other news, both LockBit and the Akira ransomware gang, the latter of which has tallied 125 victims since we first began tracking them in April 2023, were confirmed last month to be exploiting a specific zero-day flaw ( CVE-2023-20269 ) in Cisco VPN appliances. Stop malicious encryption. Detect intrusions.

Ransomware 143

Ransomware Social Engineering Backups Engineering 143

Malwarebytes

DECEMBER 2, 2024

In 2023, ThreatDown discovered that, unlike other ransomware gangs that demanded up to $1 million or more from each victim , Phobos operators demanded an average of $1,719 from victims, with a median demand of just $300. Prevent intrusions and stop malicious encryption.

Ransomware 137

Ransomware Backups Small Business Malware 137

The Last Watchdog

DECEMBER 13, 2023

Notable progress was made in 2023 in the quest to elevate Digital Trust. We met at DigiCert Trust Summit 2023. Each time we use a mobile app or website-hosted service, digital certificates and the Public Key Infrastructure ( PKI ) come into play — to assure authentication and encrypt sensitive data transfers.

Encryption 311

Encryption Technology CISO IoT 311

Security Affairs

NOVEMBER 2, 2023

Rapid7 researchers warn of the suspected exploitation of a recently disclosed critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity researchers at Rapid7 are warning of the suspected exploitation of the recently disclosed critical vulnerability CVE-2023-46604 in the Apache ActiveMQ. before 5.18.3 before 5.17.6

Ransomware 134

Ransomware Cybercrime Software Encryption 134

Krebs on Security

JUNE 15, 2024

— and charged him with stealing at least $800,000 from five victims between August 2022 and March 2023. Among those was the encrypted messaging app Signal , which said the breach could have let attackers re-register the phone number on another device for about 1,900 users. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Malwarebytes

SEPTEMBER 12, 2023

Before this sudden increase in attacks, we had been observing an average decrease of 20 attacks a month from the group since April 2023. From April 2023 to July 2023, their median number of attacks was actually slightly higher than this at 69 attacks a month, making the decline seem less substantial. Stop malicious encryption.

Ransomware 135

Ransomware Backups Data breaches Malware 135

Malwarebytes

FEBRUARY 6, 2024

Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both. The report reveals that, awash with money, the number of known Big Game attacks surged by 68% in 2023, thanks to Ransomware-as-a-Service groups like LockBit and ALPHV.

Ransomware 136

Ransomware Cybercrime Malware Social Engineering 136

Security Affairs

APRIL 25, 2025

The campaign has been active since at least November 2024, Lazarus Group is targeting South Korean organizations using watering hole tactics and exploiting software vulnerabilities. ThreatNeedle was split into Loader and Core components, using advanced encryption (ChaCha20 with Curve25519) and system persistence techniques.

Malware 94

Malware Software Encryption Hacking 94

eSecurity Planet

MAY 19, 2023

Application security tools and software solutions are designed to identify and mitigate vulnerabilities and threats in software applications. Their main purpose is to protect applications from unauthorized access, data breaches, and malicious attacks.

Software 104

Software Risk Encryption Marketing 104

Webroot

OCTOBER 25, 2023

We ranked these six malware groups accordingly: Cl0p, a RaaS platform, became famous following a series of cyberattacks that exploited a zero-day vulnerability in the MOVEit file transfer software developed by Progress Software. Black Cat made headlines for taking down MGM Casino Resorts. Lockbit 3.0,

Malware 124

Malware Artificial Intelligence Ransomware Penetration Testing 124

Malwarebytes

NOVEMBER 15, 2023

Formed around 2016 to defend Ukraine’s cyberspace against Russian interference, the UCA used a public exploit for CVE-2023-22515 to gain access to Trigona infrastructure. Use endpoint security software that can prevent exploits and malware used to deliver ransomware. Stop malicious encryption. Detect intrusions.

Ransomware 134

Ransomware Education Backups Cyber Insurance 134

Krebs on Security

SEPTEMBER 5, 2023

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Taylor Monahan is founder and CEO of MetaMask , a popular software cryptocurrency wallet used to interact with the Ethereum blockchain.

Cryptocurrency 361

Cryptocurrency Passwords Encryption Accountability 361

SecureWorld News

JANUARY 16, 2025

A report from 2023 revealed that 67% of energy and utility companies faced ransomware attacks, with many incidents exploiting unpatched vulnerabilities. Strategies for protecting oil and gas infrastructure Regular updates and patching: Outdated software and hardware are the most common entry points for cyberattacks.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

Joseph Steinberg

JANUARY 4, 2023

Zero Trust Network Architecture, on the other hand, is not conceptual; it refers to an actual information technology architecture – including hardware, software, data, and workflow – that employs the principles of Zero Trust in its design so as to enforce a Zero Trust model. This post is sponsored by Perimeter 81.

Architecture 361

Architecture Artificial Intelligence Encryption Cybersecurity 361

SecureList

DECEMBER 1, 2023

Analysis of samples exploiting CVE-2023-23397 vulnerability On March 14, Microsoft reported a critical Elevation of Privilege (EoP) vulnerability (CVE-2023-23397) in the Outlook client. This feature bypass vulnerability (CVE-2023-29324) was itself patched in May. We discovered that the domain in question has a deb.fdmpkg[.]org

Malware 139

Malware Ransomware Encryption Energy and Utilities 139

Krebs on Security

APRIL 20, 2023

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. “This is the first time Mandiant has seen a software supply chain attack lead to another software supply chain attack,” reads the April 20 Mandiant report.

Malware 331

Malware Software Technology Accountability 331

SecureList

MAY 11, 2023

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. Finally, other groups like Clop ramped up their activities over the course of last year, reaching their peak in early 2023 as they claimed to have hacked 130 organizations using a single zero-day vulnerability.

Ransomware 139

Ransomware Malware Architecture Telecommunications 139

eSecurity Planet

DECEMBER 7, 2022

But for 2023, cybersecurity will be a “key pillar” of the company’s focus – particularly data compliance and protection. The startup manages an open source project for key management, authorization enforcement policies, and end-to-end encryption. An area that Kakran is bullish on for 2023 is Kubernetes security and observability.

Cybersecurity 145

Cybersecurity Risk Technology Ransomware 145

Krebs on Security

AUGUST 5, 2024

For starters, he said, Dark Angels does not employ the typical ransomware affiliate model, which relies on hackers-for-hire to install malicious software that locks up infected systems. But the Dark Angels didn’t even have a victim shaming site until April 2023. The Dark Angels victim shaming site, Dunghill Leak.

Ransomware 285

Ransomware Insurance Healthcare Cybercrime 285

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. SQL Injection Most high-risk vulnerabilities in 2021–2023 were associated with SQL Injection. More than a third (39%) used the microservice architecture.

Passwords 140

Passwords Authentication Architecture Risk 140

CyberSecurity Insiders

DECEMBER 18, 2022

A look ahead to 2023 we can expect to see changes in MFA, continued Hactivism from non-state actors, CISOs lean in on more proactive security and crypto-jackers will get more savvy. In 2023, crypto-jackers will get more savvy and we might start to see the detrimental effects of what is usually considered inevitable or negligible.

Cybersecurity 125

Cybersecurity CISO Insurance Ransomware 125

SecureList

DECEMBER 6, 2024

Total number of registered vulnerabilities and number of critical ones, Q3 2023 and Q3 2024 ( download ) Q3 2024 preserved the upward trend in the number of vulnerabilities detected and registered. Most PoCs appear within a week of the developers of vulnerable software releasing a patch. The data is taken from cve.org.

Authentication 109

Authentication Software Wireless Internet 109

eSecurity Planet

DECEMBER 7, 2023

Encryption uses mathematical algorithms to transform and encode data so that only authorized parties can access it. What Encryption Is and How It Relates to Cryptology The science of cryptography studies codes, how to create them, and how to solve them. How Does Encryption Process Data? How Does Encryption Process Data?

Encryption 113

Encryption Passwords IoT Firewall 113