The Last Watchdog

DECEMBER 13, 2023

We drilled down on a few significant developments expected to play out in 2024 and beyond. Each time we use a mobile app or website-hosted service, digital certificates and the Public Key Infrastructure ( PKI ) come into play — to assure authentication and encrypt sensitive data transfers.

Encryption 311

Encryption Technology CISO IoT 311

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

Security Affairs

NOVEMBER 9, 2024

A critical flaw, tracked as CVE-2024-40711, in Veeam Backup & Replication (VBR) was also recently exploited to deploy Frag ransomware. In mid-October, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 134

Backups Ransomware VPN Accountability 134

Security Affairs

OCTOBER 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft SharePoint Deserialization Vulnerability CVE-2024-38094 (CVSS v4 score: 7.2) “An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.”

Encryption 123

Encryption Authentication Cybersecurity Accountability 123

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. ShrinkLocker ransomware was first discovered in May 2024 by researchers from Kaspersky. Then, it re-encrypts the system using a randomly generated password.

Ransomware 124

Ransomware Encryption Passwords Backups 124

Google Security

MAY 23, 2025

Yesterday, we published a preprint demonstrating that 2048-bit RSA encryption could theoretically be broken by a quantum computer with 1 million noisy qubits running for one week. An algorithm for doing this, while using only small work registers, was discovered in 2024 by Chevignard and Fouque and Schrottenloher.

Encryption 122

Encryption Technology Engineering Authentication 122

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024 madhav Fri, 10/25/2024 - 06:09 The next major deadline for compliance with the updated cybersecurity rules from the New York State Department of Financial Services (NYDFS) is November 1, 2024.

Financial Services 62

Financial Services Cybersecurity CISO Backups 62

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

The Last Watchdog

AUGUST 12, 2024

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. After strolling the exhibits floor at Black Hat USA 2024 and speaking with the solution providers, I jotted down two categories of cybersecurity advancements: ‘coding level’ and ‘operational level.’

Software 290

Software Technology Mobile Cybersecurity 290

Krebs on Security

JANUARY 7, 2025

This domain was featured in a writeup from February 2024 by the security firm Lookout , which found it was one of dozens being used by a prolific and audacious voice phishing group it dubbed “ Crypto Chameleon.” Before we get to the Apple scam in detail, we need to revisit Tony’s case. “ Annie.” ”

Phishing 338

Phishing Cryptocurrency Accountability Social Engineering 338

Security Affairs

MARCH 10, 2025

In May 2024, Microsoft observed the North Korea-linked group “Moonstone Sleet” (Previously tracked as Storm-1789) using known and novel techniques like fake companies, trojanized tools, a malicious game, and custom ransomware for financial gain and espionage. ” Microsoft wrote on X.

Ransomware 120

Ransomware Healthcare VPN Malware 120

Security Affairs

MAY 22, 2024

GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication. GitHub has rolled out security fixes to address a critical authentication bypass issue, tracked as CVE-2024-4985 (CVSS score: 10.0), in the GitHub Enterprise Server (GHES).

Authentication 138

Authentication Encryption Hacking Information Security 138

Thales Cloud Protection & Licensing

OCTOBER 14, 2024

2024 Thales Global Data Threat Report: Trends in Financial Services madhav Tue, 10/15/2024 - 05:17 Financial services (FinServ) firms are key players in the global economy. The report also noted that the percentage of businesses experiencing breaches in the last year has dropped significantly, from 29% in 2021 to 14% in 2024.

Financial Services 62

Financial Services Threat Reports Authentication Banking 62

Security Affairs

APRIL 6, 2025

A threat actor using the moniker rose87168 claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including encrypted credentials. BleepingComputer reported that multiple companies confirmed the leaked Oracle data as authentic, including accurate LDAP names, emails, and other identifiers. This is not okay.

Data breaches 127

Data breaches Encryption Hacking Authentication 127

Security Affairs

JUNE 6, 2025

Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762 , and CVE-2024-55591. ” reads the report published by PRODAFT. .” through 7.0.16 through 7.0.19

Ransomware 78

Ransomware Authentication Healthcare Firewall 78

The Last Watchdog

SEPTEMBER 10, 2024

10, 2024, CyberNewsWire — Seventh Sense , a pioneer in advanced cybersecurity solutions, announces the launch of SenseCrypt , a revolutionary new platform that sets a new standard in secure, privacy-preserving identity verification. Singapore, Sept.

Computers and Electronics 278

Computers and Electronics Encryption Government Authentication 278

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Quantum computing advances are making traditional encryption obsolete, and adversaries are stockpiling data for future decryption.

Risk 173

Risk Threat Detection Technology Phishing 173

Centraleyes

DECEMBER 16, 2024

In 2024, human-centric security strategies will become increasingly important. Talent Shortage The cybersecurity talent shortage shows no signs of abating in 2024. By focusing on identity and access management (IAM), multi-factor authentication (MFA), and micro-segmentation, ZTA provides a robust defense against modern threats.

Cybersecurity 98

Cybersecurity Insurance Cyber Insurance Technology 98

Security Affairs

JULY 29, 2024

Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) The flaw is an authentication bypass vulnerability in VMware ESXi.

Ransomware 137

Ransomware Encryption Engineering Authentication 137

eSecurity Planet

DECEMBER 4, 2024

During the Ignite 2024 conference, Microsoft announced the Windows Resiliency Initiative to address these security concerns. This includes strengthening password policies, implementing multi-factor authentication, and leveraging advanced threat detection techniques.

Encryption 107

Encryption Phishing Authentication Passwords 107

Malwarebytes

OCTOBER 8, 2021

Despite advance warnings that a root certificate provided by Let’s Encrypt would expire on September 30, users reported issues with a variety of services and websites once that deadline hit. An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. So what happened?

Encryption 128

Encryption Authentication IoT Passwords 128

eSecurity Planet

MAY 25, 2022

Encryption and the development of cryptography have been a cornerstone of IT security for decades and remain critical for data protection against evolving threats. While cryptology is thousands of years old, modern cryptography took off in the 1970s with the help of the Diffie-Hellman-Merkle and RSA encryption algorithms.

Encryption 138

Encryption Computers and Electronics Password Management Passwords 138

IT Security Guru

JANUARY 9, 2025

As we begin the New Year, it offers a chance for reflection on 2024 and to consider what we can do as security professionals and business leaders in 2025 that will keep us relevant and in the best position to counter cyber threats going forward.

Cybersecurity 113

Cybersecurity Cyber threats Architecture Digital transformation 113

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. In January 2024, U.S.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Security Affairs

AUGUST 28, 2024

Cisco Talos observed the BlackByte ransomware group exploiting the recently patched security flaw CVE-2024-37085 in VMware ESXi hypervisors in recent attacks. The flaw CVE-2024-37085 (CVSS score of 6.8) is an authentication bypass vulnerability in VMware ESXi. ” reads the report published by Talos.

Ransomware 128

Ransomware Authentication Encryption Manufacturing 128

eSecurity Planet

NOVEMBER 4, 2024

October 26, 2024 Windows 11 Downgrade Vulnerability Is Still Wide Open Type of vulnerability: Admin code execution privileges leading to operating system downgrades. He demonstrated the downgrade at Black Hat 2024, reverting fully patched Windows machines back to previous vulnerable states. ThinManager: Versions 12.0.0

Software 101

Software Authentication Manufacturing Encryption 101

SecureWorld News

FEBRUARY 20, 2025

Ghost ransomware actors, identified as operating from China, have been targeting unpatched systems and stolen credentials to infiltrate networks, encrypt data, and demand ransom payments. Stolen credentials remain the top breach factor, responsible for 24% of incidents in 2024.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

SecureList

MAY 28, 2025

The threat actors behind Zanubis continue to refine its code adding features, switching between encryption algorithms, shifting targets, and tweaking social engineering techniques to accelerate infection rates. It copied both the name and icon of the legitimate app, making it appear authentic to unsuspecting users.

Banking 107

Banking Malware Energy and Utilities Encryption 107

Thales Cloud Protection & Licensing

OCTOBER 16, 2024

Solid Data Security: The Foundation of a Safe Digital World madhav Thu, 10/17/2024 - 04:58 It’s that time of year again. The State of Data Security in 2024 However, not only individuals must protect their digital assets; organizations do, too. The answer is three-fold: data encryption, strong access controls, and application security.

DDOS 62

DDOS Encryption Data breaches Identity Theft 62

SecureWorld News

JANUARY 16, 2025

Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels. Hackers used compromised credentials to gain access to Colonial Pipeline's network, deploying ransomware that encrypted critical systems.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

The Last Watchdog

JULY 11, 2024

Related: Passwordless workpace long way off However, as users engage with more applications across multiple devices, the digital security landscape is shifting from passwords and password managers towards including passwordless authentication, such as multi-factor authentication (MFA), biometrics, and, as of late, passkeys.

Authentication 124

Authentication Passwords Malware Accountability 124

eSecurity Planet

NOVEMBER 6, 2024

In this video, our expert delves into what cookies are and their function in web browsing, explores the techniques hackers use to steal them — such as session hijacking and cross-site scripting (XSS) — and shares effective strategies and tools to protect your cookies and personal data in 2024. Check out our links below for more info.

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing Manufacturing 126

Security Affairs

APRIL 10, 2025

A threat actor using the moniker rose87168 claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including encrypted credentials. ” BleepingComputer also reported that multiple companies confirmed the leaked Oracle data as authentic, including accurate LDAP names, emails, and other identifiers.

Hacking 122

Hacking Data breaches Encryption Authentication 122

SecureList

DECEMBER 19, 2024

The first payload turned out to be RollMid, which was described in detail in an Avast report published in April 2024. Next, CookiePlus encodes the RSA-encrypted data using Base64. This cookie data is used in the follow up communication, possibly for authentication. The second was identified as a new LPEClient variant.

Malware 140

Malware Encryption Software Cryptocurrency 140

Jane Frankland

FEBRUARY 7, 2025

According to Microsoft’s Digital Dfense Report 2024 , 37% of the 600 million attacks they face daily can be attributed to nation-state threat actors. For one, they often lack control over user access and authentication, leaving the door open for anyone to join group conversationsor worse, impersonate someone else.

Cyber Risk 130

Cyber Risk CISO Risk Encryption 130

The Hacker News

OCTOBER 15, 2024

The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing out of a maximum of 10.0 "An

Encryption 134

Encryption Authentication 134