Document, Encryption and Information Security

Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers

Graham Cluley

MARCH 6, 2024

Ukraine claims its hackers have gained possession of "the information security and encryption software" used by Russia's Ministry of Defence , as well as secret documents, reports, and instructions exchanged between over 2,000 units of Russia's security services.

Encryption

Encryption Hacking Information Security Software

North Korea-linked Konni APT uses Russian-language weaponized documents

Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The Word document seems to be in the Russian language.

Encryption

Encryption Malware Phishing Hacking

Former NSA employee pleads guilty to attempted selling classified documents to Russia

Security Affairs

OCTOBER 24, 2023

The ex-NSA employee had Top Secret clearance that give him access to top secret documents. All three documents from which the excerpts were taken contain NDI, are classified as Top Secret//Sensitive Compartmented Information (SCI) and were obtained by Dalke during his employment with the NSA.”

Encryption

Encryption Hacking Accountability Information Security

Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document

Security Boulevard

DECEMBER 19, 2021

This week we discuss the Apache Log4j vulnerability and the impact it will have on organizations now and into the future, details on how Apple AirTags are being used by thieves to steal cars, and a FBI training document describes what data can be obtained by encrypted messaging apps. ** Links mentioned on the show […].

Encryption

Encryption Technology InfoSec Information Security

Understanding the Core Principles of Information Security

Centraleyes

NOVEMBER 1, 2023

To build a robust information security strategy, one must understand and apply the core principles of information security. This blog post will delve into the fundamental principles underpinning effective information security principles and practices. This helps maintain the integrity of information.

Information Security

Information Security Encryption Risk Authentication

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Accountability Authentication

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

AUGUST 31, 2021

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. Sophos researchers discovered that the group is now leveraging a new technique called “intermittent encryption” to speed up the encryption process.

Encryption

Encryption Ransomware Financial Services Antivirus

Court documents show FBI could use a tool to access private Signal messages on iPhones

Security Affairs

FEBRUARY 13, 2021

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. ” states Forbes.

Mobile

Mobile Encryption Software Hacking

Trojan Shield, the biggest ever police operation against encrypted communications

Security Affairs

JUNE 8, 2021

Trojan Shield operation: The FBI and Australian Federal Police ran an encrypted chat platform that was used by crime gangs and intercepted their communications. The FBI and Australian Federal Police (AFP) ran an encrypted chat platform that was used by crime gangs and intercepted their communications.

Encryption

Encryption Cryptocurrency Cybercrime Advertising

Ukraine’s GUR hacked the Russian Ministry of Defense

Security Affairs

MARCH 4, 2024

The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense announced it had breached the Russian Ministry of Defense servers as part of a special operation, and exfiltrated confidential documents. software used by the Russian Ministry of Defense to encrypt and protect its data.

Hacking

Hacking Data breaches Encryption Government

Encryption & Privacy Policy and Technology

Adam Shostack

DECEMBER 11, 2019

UK, and Australia: Weak Encryption Puts Billions of Internet Users at Risk. The Identity Project has extensive documentation , and I generally concur with their recommendations. The Open Technology Institute has an Open Letter to Law Enforcement in the U.S., press release , letter.) I am pleased to be one of the signers.

Technology

Technology Encryption Internet Internet

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. It’s a surreal experience, paging through hundreds of top-secret NSA documents. I didn’t know either of them, but I have been writing about cryptography, security, and privacy for decades.

Surveillance

Surveillance Computers and Electronics Encryption Government

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

The group uses social engineering techniques to persuade their targets to open documents or download malware. Once a relationship has been established, the target will receive a phishing link or a document containing such a link. These targets are approached in spear phishing attacks.

Social Engineering

Social Engineering Government Media DNS

Intel investigates security breach after the leak of 20GB of internal documents

Security Affairs

AUGUST 7, 2020

The stolen data includes source code and developer documents and tools, some documents are labeled as “confidential” or “restricted secret.” ” The hackers shared the documents on the file-sharing site MEGA. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Firmware

Firmware Advertising Engineering Hacking

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

JANUARY 23, 2024

uk @GossiTheDog @UK_Daniel_Card @SOSIntel @joetidy pic.twitter.com/erEvd0DtBT — Dominic Alvieri (@AlvieriD) January 22, 2024 The group claims to have stolen 750 gigabytes of sensitive data, including users’ personal documents and corporate documents. The position of the encrypted blocks is determined by the file size.

Hacking

Hacking Encryption Ransomware Insurance

Understanding the Different Types of Audit Evidence

Centraleyes

APRIL 18, 2024

The Vital Role of Audit Evidence Audit evidence is the backbone of any audit process, offering tangible documentation and proof of an organization’s adherence to established cybersecurity measures. The audit ensures that the organization has implemented a robust ISMS and is committed to managing information security risks effectively.

Risk

Risk Penetration Testing Encryption Cybersecurity

8Base ransomware operators use a new variant of the Phobos ransomware

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. 8base” file extension for encrypted documents, a circumstance that suggested a possible link to the 8Base group or the use of the same code-base for their ransomware.

Ransomware

Ransomware Encryption Backups Manufacturing

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Security Affairs

JANUARY 8, 2024

Documents belonging to the Swiss Air Force were leaked on the dark web as a result of cyberattack on a US security provider. Documents belonging to the Swiss Air Force were leaked on the dark web after the US security company Ultra Intelligence & Communications suffered a data breach.

Hacking

Hacking Data breaches Ransomware Manufacturing

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

OCTOBER 20, 2022

The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) The malicious document was uploaded from Jordan on August 25, 2022. . Upon opening the document and enabling the embedded macro, a PowerShell script is dropped on the victim’s machine. . The command is encrypted using AES-256 CBC.

Encryption

Encryption Phishing Hacking Cybersecurity

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

The Last Watchdog

MAY 19, 2022

Chances are strong that your corporate website uses a CMS, and perhaps you have a separate CMS for documents and other files shared by your employees, partners, and suppliers. Security is essential for a CMS. percent of CMS users worry about the security of their CMS—while 46.4 What can you do about it?

Data breaches

Data breaches Encryption Mobile Technology

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

Public Wi-Fi users are prime targets for MITM attacks because the information they send is often not encrypted, meaning it’s easy for hackers to access your data. Look for the “https” in the website’s URL—it means there’s some level of encryption.

DNS

DNS VPN Encryption Passwords

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Security Affairs

APRIL 16, 2024

LightSpy can steal files from multiple popular applications like Telegram, QQ, and WeChat, as well as personal documents and media stored on the device. “The Loader initiates the process by loading both the encrypted and subsequently decrypted LightSpy kernel. ” reads the report published by BlackBerry.

Spyware

Spyware Mobile Malware Encryption

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

Security Affairs

JUNE 17, 2022

Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive and target cloud infrastructure. Researchers from Proofpoint reported that a feature in the in Microsoft 365 suite could be abused to encrypt files stored on SharePoint and OneDrive. ” continues the report.

Encryption

Encryption Backups Ransomware Accountability

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

The malware StrelaStealer is an email credential stealer that DCSO_CyTec first documented in November 2022. “The JScript file then drops a Base64-encrypted file and a batch file. The Base64-encrypted file is decoded with the certutil -f decode command, resulting in the creation of a Portable Executable (PE) DLL file.”

Malware

Malware Encryption Manufacturing Phishing

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking

Hacking Ransomware Banking Accountability

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

The gang also published several pictures of passports and company documents as proof of the hack. Cactus uses the Rclone tool for data exfiltration and used a PowerShell script called TotalExec, which was used in the past by BlackBasta ransomware operators, to automate the deployment of the encryption process.

Ransomware

Ransomware Digital transformation Retail Antivirus

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

Security Affairs

DECEMBER 14, 2021

The attackers exploited the Log4Shell remote code execution vulnerability to download a.NET binary from a remote server that encrypts the files on the target machine and adds the extension.khonsari to each file. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES. NOT MODIFY OR DELETE THIS FILE OR ANY ENCRYPTED FILES.

Ransomware

Ransomware Encryption Engineering Malware

New Woody RAT used in attacks aimed at Russian entities

Security Affairs

AUGUST 4, 2022

The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw ( CVE-2022-30190 ). “The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware

Malware Information Security Encryption Phishing

Group Health Cooperative data breach impacted 530,000 individuals

Security Affairs

APRIL 10, 2024

“The attacker attempted to encrypt GHC-SCW’s system but was unsuccessful.” “On February 9, 2024, during our investigation, we discovered indications that the attacker had copied some of GHC-SCW’s data, which included protected health information (PHI).”

Data breaches

Data breaches Ransomware Insurance Encryption

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle. The RTF documents were uncovered by Cybereason Nocturnus Team while investigating recent developments in the RoyalRoad weaponizer, also known as the 8.t t Dropper/RTF exploit builder.

Phishing

Phishing Malware Antivirus Encryption

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

Mandiant concluded that the 3CX attack was orchestrated by the North Korean state-sponsored hacking group known as Lazarus , a determination that was independently reached earlier by researchers at Kaspersky Lab and Elastic Security. The malware was found inside of a document that offered an employment contract at the multinational bank HSBC.

Malware

Malware Software Technology Accountability

Black Kingdom ransomware is targeting Microsoft Exchange servers

Security Affairs

MARCH 24, 2021

Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents. It does indeed encrypt files. pic.twitter.com/POYlPYGjsz — MalwareTech (@MalwareTechBlog) March 21, 2021.

Ransomware

Ransomware Encryption VPN Malware

REvil ransomware gang hacked gaming firm Gaming Partners International

Security Affairs

OCTOBER 31, 2020

The REvil ransomware gang (aka Sodinokibi) claims to have stolen info from the systems at the company before encrypting them. The hackers claim to have stolen 540Gb of technical and financial documents stolen form the company. “Absolutely all servers and working computers of the company are hacked and encrypted.

Hacking

Hacking Ransomware Advertising Encryption

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Security Affairs

JANUARY 16, 2023

Security experts noticed that the Go-based ransomware was able to encrypt files at high speeds. Upon its execution, BianLian searches all available disk drives (from A: to Z:) and all files to encrypt. Once encrypted a file, the ransomware appends the.bianlian extension and drops a ransom note (instruction.txt) into each folder.

Ransomware

Ransomware Malware Antivirus Encryption

Saudi Ministry exposed sensitive data for 15 months

Security Affairs

JANUARY 8, 2024

They could try to encrypt critical government data, demanding a ransom for its release or threatening to leak sensitive information publicly,” our researchers said. file leaked several types of database credentials, mail credentials, and data encryption keys. What MIM data was exposed? The exposed env. The now closed env.

Government

Government Identity Theft Social Engineering Encryption

SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies

Security Affairs

JULY 3, 2023

. “The campaign leverages HTML Smuggling, a technique in which attackers hide malicious payloads inside HTML documents.” Opening these malicious HTML documents the embedded payload within the code is decoded and saved to a JavaScript blob. Additional countries referenced in lure documents are France and Sweden.

Encryption

Encryption Government Malware Phishing

How Secure Are Your Business’s Communication Methods?

CyberSecurity Insiders

NOVEMBER 19, 2022

To prevent unauthorized users from getting into a vital call, ensure the video conferencing tool has end-to-end encryption. This feature will protect video conferences and guarantee those conversations are secure. The key is ensuring workers use a solution that provides enhanced security. The key is end-to-end encryption.

Encryption

Encryption Risk Data breaches Technology

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

MAY 2, 2024

“According to court documents, Yaroslav Vasinskyi, also known as Rabotnik, 24, conducted thousands of ransomware attacks using the ransomware variant known as Sodinokibi/REvil.” Vasinskyi is a REvil ransomware affiliate since at least March 1st, 2019. ” reads the press release published by DoJ.

Ransomware

Ransomware Cryptocurrency Cybercrime Encryption

FBI: Ransomware actors abuse third parties and legitimate system tools for initial access

Security Affairs

NOVEMBER 8, 2023

The attacks frequently targeted small and tribal casinos, encrypting servers and the personally identifying information (PII) of employees and patrons.” The FBI also recommends reviewing the security posture of third-party vendors. ” reported the PIN.

Ransomware

Ransomware Backups Encryption Phishing

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

Security Affairs

OCTOBER 2, 2023

On September 24th, researchers discovered that the NLP platform was exposing sensitive credentials, secrets, and encryption keys via publicly available JS files. The buckets contained the personal data of workers, marine crew, invoices, and internal documents. This poses a grave danger of ransomware attacks. Image by SecurityDiscovery.

Encryption

Encryption Risk Hacking Ransomware

RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE

Security Affairs

AUGUST 6, 2021

“GIGABYTE released a major message stating that the information security team has cooperated with technical experts from a number of external information security companies to jointly handle this cyber attack on a small number of servers of GIGABYTE, and has notified the abnormal network conditions it has detected.”

Manufacturing

Manufacturing Ransomware Information Security Security Defenses

The Rise of Passkeys

Duo's Security Blog

FEBRUARY 13, 2024

WebAuthn Public Key Cryptography allows a merchant or customer to send a 'secret' encrypted message using a public key and only the owner of that public key can decrypt it with their private key. Using concepts from Public Key Cryptography WebAuthn was born to verify identity securely. So, we began with the use of passwords.

eCommerce

eCommerce Authentication Encryption Passwords

Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users

Security Affairs

AUGUST 12, 2021

The attackers used invoice-themed XLS.HTML attachments, Microsoft reported that they changed obfuscation and encryption mechanisms every 37 days on average, a circumstance that demonstrates high motivation and the threat actors’ abilities to constantly evade detection. com , or api[.]statvoo[.]com

Phishing

Phishing Passwords Encryption Cybercrime

Russia-linked APT28 used new malware in a recent phishing campaign

Security Affairs

DECEMBER 29, 2023

The phishing emails attempt to trick recipients into clicking on an embedded link to view a document. Once the file is opened, a PowerShell command downloads a decoy document from a remote server, along with the Python programming language interpreter and the Client.py file classified as MASEPIE. file classified as MASEPIE.

Phishing

Phishing Malware Computers and Electronics Internet

Ukraine claims it hacked Russian Ministry of Defence, stole secrets and encryption ciphers

North Korea-linked Konni APT uses Russian-language weaponized documents

Trending Sources

Former NSA employee pleads guilty to attempted selling classified documents to Russia

Log4j Vulnerability, Apple AirTags Used by Thieves, FBI’s Encrypted Messaging App Document

Understanding the Core Principles of Information Security

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

LockFile Ransomware uses a new intermittent encryption technique

Court documents show FBI could use a tool to access private Signal messages on iPhones

Trojan Shield, the biggest ever police operation against encrypted communications

Ukraine’s GUR hacked the Russian Ministry of Defense

Encryption & Privacy Policy and Technology

Snowden Ten Years Later

Coldriver threat group targets high-ranking officials to obtain credentials

Intel investigates security breach after the leak of 20GB of internal documents

Black Basta gang claims the hack of the UK water utility Southern Water

Understanding the Different Types of Audit Evidence

8Base ransomware operators use a new variant of the Phobos ransomware

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

GUEST ESSAY: A primer on content management systems (CMS) — and how to secure them

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

StrelaStealer targeted over 100 organizations across the EU and US

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Hackers exploit Log4Shell to drop Khonsari Ransomware on Windows systems

New Woody RAT used in attacks aimed at Russian entities

Group Health Cooperative data breach impacted 530,000 individuals

China-linked APT uses a new backdoor in attacks at Russian defense contractor

3CX Breach Was a Double Supply Chain Compromise

Black Kingdom ransomware is targeting Microsoft Exchange servers

REvil ransomware gang hacked gaming firm Gaming Partners International

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Saudi Ministry exposed sensitive data for 15 months

SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies

How Secure Are Your Business’s Communication Methods?

Ukrainian REvil gang member sentenced to 13 years in prison

FBI: Ransomware actors abuse third parties and legitimate system tools for initial access

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE

The Rise of Passkeys

Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users

Russia-linked APT28 used new malware in a recent phishing campaign

Stay Connected