Document, Encryption and Information Security

FBI training document shows lawful access to multiple encrypted messaging apps

Security Affairs

DECEMBER 1, 2021

Which are the most secure encrypted messaging apps? An FBI document shows what data can be obtained from them. The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. Pierluigi Paganini.

Encryption

Encryption Surveillance Hacking Information Security

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

The auto-reboot feature returns devices to a “Before First Unlock” restricting app access to encryption keys. 404 Media recently reported that law enforcement warned that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock. Three iPhones running iOS 18.0

Media

Media Wireless Mobile Encryption

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Antivirus

North Korea-linked Konni APT uses Russian-language weaponized documents

Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The Word document seems to be in the Russian language.

Encryption

Encryption Malware Phishing Hacking

Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers

Graham Cluley

MARCH 6, 2024

Ukraine claims its hackers have gained possession of "the information security and encryption software" used by Russia's Ministry of Defence , as well as secret documents, reports, and instructions exchanged between over 2,000 units of Russia's security services.

Encryption

Encryption Hacking Information Security Software

Court documents show FBI could use a tool to access private Signal messages on iPhones

Security Affairs

FEBRUARY 13, 2021

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. ” states Forbes.

Mobile

Mobile Encryption Software Hacking

Former NSA employee pleads guilty to attempted selling classified documents to Russia

Security Affairs

OCTOBER 24, 2023

The ex-NSA employee had Top Secret clearance that give him access to top secret documents. All three documents from which the excerpts were taken contain NDI, are classified as Top Secret//Sensitive Compartmented Information (SCI) and were obtained by Dalke during his employment with the NSA.”

Encryption

Encryption Hacking Accountability Information Security

US authorities have indicted Black Kingdom ransomware admin

Security Affairs

MAY 4, 2025

“The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware

Ransomware Encryption VPN Cryptocurrency

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking

Hacking Ransomware Banking Accountability

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption

Encryption Cryptocurrency Cybercrime Advertising

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

In Dark Web environments as well as on specialized forums, sellers are posting synthetic ads inviting potential buyers to contact them privately, often via Telegram, Session, and other encrypted messaging apps. Payments are mostly made in Bitcoin or Monero, to ensure confidentiality and irreversibility.

Cybercrime

Cybercrime Social Engineering Accountability Government

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

“In at least two cases Amnesty International documented, the Cellebrite UFED product and associated exploits were used to covertly bypass phone security features, enabling Serbian authorities to infect the devices with NoviSpy spyware. ” reads the report published by Amnesty. ” reported the Associated Press.

Spyware

Spyware Surveillance Technology Mobile

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Security Affairs

MAY 29, 2025

The ZIP pretended to be a document about export declarations and included a disguised LNK file and images of arthropods. Two of the images were fake, one of them contained an encrypted payload, the other a DLL used to decrypt and launch the malicious code when the victim clicked the link. ” continues the report.

Malware

Malware Government Encryption Hacking

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Chances are strong that your corporate website uses a CMS, and perhaps you have a separate CMS for documents and other files shared by your employees, partners, and suppliers. Security is essential for a CMS. percent of CMS users worry about the security of their CMS—while 46.4 What can you do about it?

Data breaches

Data breaches Encryption Mobile Technology

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware

Ransomware Encryption Backups Malware

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Accountability Authentication

China-linked APTs’ tool employed in RA World Ransomware attack

Security Affairs

FEBRUARY 13, 2025

It also resembles Trend Micros documented PlugX type 2 variant, also linked to Fireant. Both variants use the same RC4 encryption key (qwedfgx202211) and have similar configuration structures, reinforcing their connection to the espionage group. Evidence suggests the attacker may have prior ransomware involvement.

Ransomware

Ransomware Software Cybercrime Encryption

Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

Security Affairs

MARCH 2, 2025

3 cyberattack led to unauthorized access, file withdrawals, and encryption of critical applications. “Preliminary investigations indicate that threat actors unlawfully accessed the Companys network, encrypted critical applications, and exfiltrated certain files. The company reported to the SEC that a Feb.

Ransomware

Ransomware Cybercrime Encryption Healthcare

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. The malware was found inside of a document that offered an employment contract at the multinational bank HSBC.

Malware

Malware Software Technology Accountability

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Security Affairs

MARCH 31, 2025

” Threat actor distributes LNK files compressed inside ZIP archives as part of the recent phishing campaign, usually disguising the file as an Office document and uses names related to the military invasion. This DLL acts as a loader, decrypting and executing the final Remcos payload from encrypted files within the ZIP.

Phishing

Phishing Antivirus Encryption Hacking

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

The Last Watchdog

MARCH 21, 2022

Become familiar with the standards that affect your industry, such as GDPR, CCPA, SOX, HIPAA, the Gramm-Leach-Bliley Act, Payment Card Industry Data Security Standard (PCI-DSS), Federal Information Security Management Act (FISMA) and Children’s Online Privacy Protection Rule (COPPA). Assign roles and responsibilities.

Encryption

Encryption Data privacy Cloud Migration Risk

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs

APRIL 20, 2025

BPFDoors Hidden Controller Used Against Asia, Middle East Targets Gorilla, a newly discovered Android malware Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia Unmasking the new XorDDoS controller and infrastructure Byte Bandits: How (..)

Malware

Malware Cryptocurrency Encryption Phishing

Ukraine’s GUR hacked the Russian Ministry of Defense

Security Affairs

MARCH 4, 2024

The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense announced it had breached the Russian Ministry of Defense servers as part of a special operation, and exfiltrated confidential documents. software used by the Russian Ministry of Defense to encrypt and protect its data.

Hacking

Hacking Data breaches Encryption Government

Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations

SecureList

DECEMBER 18, 2024

To implement effective anti-attack measures, it is vital to perform regular testing, updating and integration of security systems. A key factor in securing infrastructure is compliance with password-protection policies for access to the information security systems. In one of the incidents, C.A.S In the majority of C.A.S

Encryption

Encryption Passwords Accountability Ransomware

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

Kaspersky first documented the operations of the group in 2016. Upon execution, the spyware retrieves an encrypted configuration from Firebase Firestore, controlling activation and the C2 server address. The configuration request, sent as an encrypted JSON, controls parameters like C2 ping frequency, plugin URLs, and victim messages.

Spyware

Spyware Surveillance Encryption Malware

The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey

Centraleyes

MAY 5, 2025

This guide offers a comprehensive, step-by-step breakdown of the process, providing the depth and clarity youre looking for to build a rock-solid Information Security Management System (ISMS). ISO 27001 is a globally recognized standard for managing information security. What is ISO 27001? Why is ISO 27001 Important?

Risk

Risk Information Security Firewall Education

GitHub addressed a critical vulnerability in Enterprise Server

Security Affairs

OCTOBER 15, 2024

To exploit this vulnerability, the attacker needed GitHub Enterprise Server’s encrypted assertions feature enabled, direct network access, and a signed SAML response or metadata document. “Please note that encrypted assertions are not enabled by default. The flaw affects all versions of Enterprise Server prior to 3.15

Encryption

Encryption Phishing Authentication Hacking

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

OCTOBER 20, 2022

The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) The malicious document was uploaded from Jordan on August 25, 2022. . Upon opening the document and enabling the embedded macro, a PowerShell script is dropped on the victim’s machine. . The command is encrypted using AES-256 CBC.

Encryption

Encryption Phishing Hacking Accountability

REvil ransomware gang hacked gaming firm Gaming Partners International

Security Affairs

OCTOBER 31, 2020

The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. The hackers claim to have stolen 540Gb of technical and financial documents stolen form the company. “Absolutely all servers and working computers of the company are hacked and encrypted.

Hacking

Hacking Ransomware Advertising Encryption

PCI DSS v4.0 Evidence and documentation requirements checklist

Pen Test Partners

FEBRUARY 12, 2025

With 12 top level controls ranging from securing the CDE, to keeping eyes on your third parties, theres a lot to think about. When it comes to compliance, the list of documentation and evidence pieces is broad. How to use this checklist Maintain organisation : Categorise documents by control group for easy access during assessments.

Penetration Testing

Penetration Testing Encryption Architecture Authentication

Maze ransomware operators stole data from US military contractor Westech

Security Affairs

JUNE 6, 2020

Hackers have stolen confidential documents from the US military contractor Westech, which provides critical support for US Minuteman III nuclear deterrent. Threat actors first compromised the Westech’s network, then stole the documents before encrypting them. The LGM-30 Minuteman is a U.S.

Ransomware

Ransomware Advertising Encryption Banking

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Security Affairs

DECEMBER 12, 2024

The researchers analyzed multiple samples of the malware and gained access to internal documents obtained from open directories on attacker infrastructure. These documents suggest the existence of an iOS conversion of the spyware that has yet to be uncovered. The tool encrypts data before exfiltrate it to a command-and-control server.

Surveillance

Surveillance Mobile Spyware Malware

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Krebs on Security

OCTOBER 8, 2020

There’s an old adage in information security: “Every company gets penetration tested, whether or not they pay someone for the pleasure.” ” Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in.

Cybercrime

Cybercrime Malware Ransomware VPN

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Security Affairs

DECEMBER 14, 2021

The attackers exploited the Log4Shell remote code execution vulnerability to download a.NET binary from a remote server that encrypts the files on the target machine and adds the extension.khonsari to each file. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES.

Ransomware

Ransomware Encryption Engineering Malware

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle. The RTF documents were uncovered by Cybereason Nocturnus Team while investigating recent developments in the RoyalRoad weaponizer, also known as the 8.t t Dropper/RTF exploit builder.

Phishing

Phishing Malware Encryption Antivirus

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

JANUARY 23, 2024

uk @GossiTheDog @UK_Daniel_Card @SOSIntel @joetidy pic.twitter.com/erEvd0DtBT — Dominic Alvieri (@AlvieriD) January 22, 2024 The group claims to have stolen 750 gigabytes of sensitive data, including users’ personal documents and corporate documents. The position of the encrypted blocks is determined by the file size.

Hacking

Hacking Encryption Ransomware Insurance

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021.

Ransomware

Ransomware Encryption VPN Malware

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. Once a relationship has been established, the target will receive a phishing link or a document containing such a link. These targets are approached in spear phishing attacks.

Social Engineering

Social Engineering Government Media DNS

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach.

Hacking

Hacking Ransomware Data breaches Manufacturing

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

JANUARY 18, 2024

Recently, TAG has observed COLDRIVER delivering custom malware via phishing campaigns using PDFs as lure documents. In November 2022, TAG spotted COLDRIVER sending targets benign PDF documents from impersonation accounts. When the victims opens the PDF, an encrypted text is displayed. ” concludes the report.

Phishing

Phishing Malware Encryption Accountability

A new variant of Cicada ransomware targets VMware ESXi systems

Security Affairs

SEPTEMBER 2, 2024

ui : Displays real-time progress and statistics of the encryption process, such as the number of files encrypted. no_vm_ss : Encrypts files on ESXi hosts without shutting down running virtual machines, using the esxicli terminal and deleting snapshots. The ransomware uses a function called encrypt_file to handle file encryption.

Ransomware

Ransomware Encryption Malware Cybercrime

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware

Ransomware Encryption Backups Manufacturing

Swiss army asks its personnel to use the Threema instant-messaging app

Security Affairs

JANUARY 9, 2022

All communication is end-to-end encrypted, and the app is open source. In future, the army will forbid its relatives from exchanging information with one another via Whats app, signal or telegram and from disseminating official instructions via these channels.” Source Property of the People.

Computers and Electronics

Computers and Electronics Encryption Surveillance Cybercrime

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Security Affairs

JUNE 17, 2022

Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive and target cloud infrastructure. Researchers from Proofpoint reported that a feature in the in Microsoft 365 suite could be abused to encrypt files stored on SharePoint and OneDrive. ” continues the report.

Encryption

Encryption Backups Ransomware Accountability

FBI training document shows lawful access to multiple encrypted messaging apps

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Trending Sources

LockFile Ransomware uses a new intermittent encryption technique

North Korea-linked Konni APT uses Russian-language weaponized documents

Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers

Court documents show FBI could use a tool to access private Signal messages on iPhones

Former NSA employee pleads guilty to attempted selling classified documents to Russia

US authorities have indicted Black Kingdom ransomware admin

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Trojan Shield, the biggest ever police operation against encrypted communications

EDR-as-a-Service makes the headlines in the cybercrime landscape

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

Operation Phobos Aetor: Police dismantled 8Base ransomware gang

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

China-linked APTs’ tool employed in RA World Ransomware attack

Qilin ransomware gang claimed responsibility for the Lee Enterprises attack

3CX Breach Was a Double Supply Chain Compromise

Russia-linked Gamaredon targets Ukraine with Remcos RAT

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Ukraine’s GUR hacked the Russian Ministry of Defense

Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey

GitHub addressed a critical vulnerability in Enterprise Server

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

REvil ransomware gang hacked gaming firm Gaming Partners International

PCI DSS v4.0 Evidence and documentation requirements checklist

Maze ransomware operators stole data from US military contractor Westech

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Black Basta gang claims the hack of the UK water utility Southern Water

Black Kingdom ransomware is targeting Microsoft Exchange servers

Coldriver threat group targets high-ranking officials to obtain credentials

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

A new variant of Cicada ransomware targets VMware ESXi systems

8Base ransomware operators use a new variant of the Phobos ransomware

Swiss army asks its personnel to use the Threema instant-messaging app

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Stay Connected