Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. The ransomware group used an unsecured webcam to encrypt systems within atarget’s network, bypassing Endpoint Detection and Response (EDR). Akira successfully encrypted files across the network.

Ransomware 138

Ransomware IoT Encryption Passwords 138

SecureWorld News

MARCH 31, 2025

A critical business function, not just a checkbox "World Backup Day acts as a crucial reminder that data loss is inevitable, encouraging us to take proactive steps to protect our information," says Emilio Sepulveda , Manager of Information Security at Deepwatch.

Backups 97

Backups Mobile Encryption CISO 97

Security Affairs

FEBRUARY 4, 2025

AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked asCVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV).

Encryption 109

Encryption Firmware Hacking Information Security 109

Security Affairs

MAY 4, 2025

“The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware 128

Ransomware Encryption VPN Malware 128

Krebs on Security

APRIL 11, 2024

On April 10, Sisense Chief Information Security Officer Sangram Dash told customers the company had been made aware of reports that “certain Sisense company information may have been made available on what we have been advised is a restricted access server (not generally available on the internet.)”

CISO 328

CISO Encryption Telecommunications Financial Services 328

Security Affairs

DECEMBER 3, 2024

Securities and Exchange Commission (SEC), the company discovered the attack on November 25. The threat actors had access to the company’s information technology systems and encrypted some of its data files. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. .

Ransomware 132

Ransomware Encryption Technology Cybersecurity 132

Schneier on Security

AUGUST 8, 2022

The idea is to standardize on both a public-key encryption and digital signature algorithm that is resistant to quantum computing, well before anyone builds a useful quantum computer. Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force.

Encryption 360

Encryption Architecture Engineering Information Security 360

Security Affairs

NOVEMBER 18, 2024

The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. We secured our systems and began an investigation with the help of a cybersecurity firm. ” reads the notice of security incident published by the organization.

Ransomware 136

Ransomware Insurance Encryption Healthcare 136

Security Affairs

MARCH 15, 2025

The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques. It uses a configuration file with regex patterns to detect cryptocurrency wallet addresses and C2 addresses for downloading encrypted wallet lists (recovery.dat and recoverysol.dat).

Software 112

Software Cryptocurrency Malware Encryption 112

Security Affairs

JUNE 6, 2025

The report also provides information on a Play ransomware ESXi variant that shuts down all virtual machines and encrypts their files using randomly generated keys for each file. Each ransomware binary is recompiled, making detection harder. ” concludes the report.

Ransomware 97

Ransomware Encryption Antivirus Malware 97

Security Affairs

FEBRUARY 11, 2025

“They allegedly used the Phobos malware to encrypt information on the networks, blocking the companies from accessing the data unless a ransom was paid and a decryption key was provided by the gang. Generation of target list of extensions and folders to encrypt. ” reported the website Nation Thailand.

Ransomware 85

Ransomware Encryption Backups Malware 85

Security Affairs

APRIL 25, 2025

. “On April 12, 2025, DaVita became aware of a ransomware incident affecting and encrypting certain on-premises systems. The group claimed the theft of 1510 GB of sensitive data, including patient records, insurance, and financial information. The DaVita network was encrypted by InterLock Ransomware.

Ransomware 107

Ransomware Encryption Insurance Marketing 107

Joseph Steinberg

JANUARY 4, 2023

The term Zero Trust refers to a concept, an approach to information security that dramatically deviates from the common approach of yesteryear; Zero Trust states that no request for service is trusted, even if it is issued by a device owned by the resource’s owner, and is made from an internal, private network belonging to the same party.

Architecture 361

Architecture Artificial Intelligence Encryption Cybersecurity 361

Security Affairs

APRIL 30, 2025

The RAT supports advanced evasion techniques, including living-off-the-land ( LOTL ) tactics and encrypted command and control (C2) communications. opendnsapi.net), and uses IPFS to retrieve encrypted modules. Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft.

Encryption 107

Encryption Ransomware Malware Phishing 107

The Last Watchdog

DECEMBER 18, 2024

Part three of a four-part series In 2024, global pressure on companies to implement advanced data protection measures intensified, with new standards in encryption and software transparency raising the bar. CISA updated its Secure by Design guidance, and the EUs Cyber Resilience Act and NIS2 added new requirements.

Cybersecurity 130

Cybersecurity CISO Risk Government 130

Security Affairs

MAY 18, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape PupkinStealer : A.NET-Based Info-Stealer Interlock ransomware evolving under the radar Technical Analysis of TransferLoader Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2 Horabot Unleashed: (..)

Malware 116

Malware Encryption Phishing Hacking 116

Security Affairs

APRIL 6, 2025

Oracle confirms a data breach and started informing customers while downplaying the impact of the incident. A threat actor using the moniker rose87168 claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including encrypted credentials. Oracle has since taken the server offline. “Oracle Corp.

Data breaches 136

Data breaches Encryption Hacking Passwords 136

Security Affairs

OCTOBER 22, 2024

The security breach exposed low-sensitivity performance monitoring data, including customer usernames, account info, and encrypted internal credentials. A threat actor exploited a zero-day vulnerability in a non-Rackspace utility bundled with the ScienceLogic application. Rackspace helped ScienceLogic address this issue.

Encryption 135

Encryption Hacking Accountability Cybersecurity 135

Security Affairs

MARCH 17, 2025

The tool doesn’t work like traditional decryptors but instead brute-forces encryption keys using timestamp-based methods. Nugroho’s decryptor brute-forces encryption keys by exploiting Akira ransomwares use of timestamp-based seeds. The malware encrypts files using KCipher2 and Chacha8. Instead, RunPod and Vast.ai

Ransomware 83

Ransomware Encryption Malware Hacking 83

Security Affairs

NOVEMBER 17, 2024

New Campaign Uses Remcos RAT to Exploit Victims Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign Ymir: new stealthy ransomware in the wild ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again Stealthy Attributes of APT Lazarus: Evading Detection with Extended Attributes Glove Stealer: Leveraging IElevator (..)

Malware 129

Malware Antivirus Encryption Education 129

Security Affairs

NOVEMBER 25, 2024

XOR encryption) and persists via scheduled tasks with mshta.exe. CHERRYSPY, a Python backdoor, enables encrypted data exfiltration using RSA and AES. The APT used HATVIBE loader to deliver malware like CHERRYSPY, threat actors often rely on malicious emails or exploited web vulnerabilities. HATVIBE uses obfuscation (e.g.,

Malware 133

Malware Encryption Phishing Government 133

Security Affairs

MAY 29, 2025

Two of the images were fake, one of them contained an encrypted payload, the other a DLL used to decrypt and launch the malicious code when the victim clicked the link. The malware encrypts both data and commands using XOR keys and compresses messages with LZNT1. A decoy PDF was shown to avoid suspicion. ” continues the report.

Malware 128

Malware Government Encryption Hacking 128

Security Affairs

OCTOBER 20, 2024

Expanding the Investigation: Deep Dive into Latest TrickMo Samples HijackLoader evolution: abusing genuine signing certificates FASTCash for Linux Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Technical Analysis of DarkVision RAT Encrypted Symphony: Infiltrating the Cicada3301 Ransomware-as-a-Service (..)

Malware 136

Malware Ransomware Encryption Phishing 136

SecureList

DECEMBER 18, 2024

To implement effective anti-attack measures, it is vital to perform regular testing, updating and integration of security systems. A key factor in securing infrastructure is compliance with password-protection policies for access to the information security systems. In one of the incidents, C.A.S In the majority of C.A.S

Encryption 92

Encryption Passwords Accountability Ransomware 92

Security Affairs

MARCH 25, 2025

It evades detection using multi-stage dynamic loading, encrypting and loading its malicious payload in three steps. The malware also manipulates AndroidManifest.xml with excessive permissions to disrupt analysis and uses encrypted socket communication to hide stolen data. This initial file acts as a loader for the next stage.

Malware 86

Malware Encryption Banking Cyber threats 86

Security Affairs

APRIL 17, 2025

Rolling XOR Key: Utilized for encrypting communications with the command-and-control (C2) server, with key sizes varying among variants. Once active, it proxies traffic between infected devices and command-and-control servers using TCP sockets and FakeTLS, encrypting data with a custom XOR-based algorithm. ” concludes the report.

Encryption 127

Encryption Government Malware Hacking 127

Security Affairs

MAY 23, 2025

The suspects made thousands of illicit sales using encryption and crypto. .” The police identified 270 suspects through intelligence from dark web market takedowns, including Nemesis , Bohemia , Kingdom Markets, and Tor2Door. Most of the arrested individuals are in the U.S., Germany, and the U.K., targeting dark web vendors.

Cybercrime 131

Cybercrime Marketing Scams Encryption 131

Security Affairs

NOVEMBER 12, 2024

Attackers initially accessed systems remotely, installed tools like Process Hacker and Advanced IP Scanner, then weakened security before launching the ransomware. The ransomware uses the stream cipher ChaCha20 algorithm to encrypt files, then appends the extension “ 6C5oy2dVr6” to the filenames of the encrypted files.

Ransomware 133

Ransomware Malware Encryption Hacking 133

Security Affairs

APRIL 30, 2025

Proton Mail is a Swiss-based email service offering end-to-end encryption to ensure that only the sender and recipient can read the messages. The company employs client-side encryption, meaning emails are encrypted on the user’s device before being sent to Proton’s servers, enhancing user privacy and security.

Encryption 85

Encryption Government Media Hacking 85

Security Boulevard

APRIL 25, 2025

One of the most critical elements of modern information security is encryption. Encryption is a complex field based solely on the arms race between people seeking secure ways to encode and encrypt data at rest and in transit and those seeking to break that encryption.

Encryption 52

Encryption Information Security Network Security 52

Security Affairs

MARCH 10, 2025

Unlike other extortion group, the gang doesnt encrypt data, but focuses on data theft to speed up its activity. @chicagotribune @ABC7Chicago pic.twitter.com/bwRCHqCS9o — Dominic Alvieri (@AlvieriD) March 10, 2025 RansomHouse is a data extortion group that has been active since Dec 2021. Victims include AMD and Keralty.

Hacking 131

Hacking Healthcare Backups Ransomware 131

Security Affairs

MARCH 13, 2025

Medusa operators leverage legitimate remote access tools like AnyDesk, Atera, and Splashtop, alongside RDP and PsExec, to move laterally and locate files for exfiltration and encryption. Encryption is executed using gaze.exe , which disables security tools, deletes backups, and encrypts files with AES-256 before dropping a ransom note.

Ransomware 84

Ransomware Encryption Cryptocurrency Insurance 84

Security Affairs

OCTOBER 20, 2024

CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog Nation-state actor exploited three Ivanti CSA zero-days Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’ macOS HM Surf flaw in TCC allows bypass Safari privacy settings Iran-linked actors target critical infrastructure organizations (..)

Data breaches 131

Data breaches Cybercrime Cyber Insurance Marketing 131

Security Affairs

APRIL 10, 2025

No OCI service has been interrupted or compromised in any way,” Last week, Oracle confirmed a data breach and started informing customers while downplaying the impact of the incident. The hacker has published 10,000 customer records, a file showing Oracle Cloud access, user credentials, and an internal video as proof of the hack.

Hacking 132

Hacking Data breaches Encryption Passwords 132

Security Affairs

JUNE 2, 2025

Department of Justice has dismantled an online cybercrime syndicate that provided encryption services to help malware evade detection. On May 27, 2025, authorities seized crypting service sites (including AvCheck, Cryptor, and Crypt.guru) used by vxers to test malware evasion capabilities. net, Cryptor[.]biz, biz, and Crypt[.]guru.

Antivirus 123

Antivirus Cybercrime Malware Firewall 123

Security Affairs

JANUARY 4, 2025

Attackers steal sensitive data like mnemonics and private keys from Hardhat, encrypt it with AES, and exfiltrate it to endpoints under their control. .” Threat actors behind this campaign mimicked the names of legitimate packages and organizations to trick developed into using them. ” continues the report.

Encryption 140

Encryption Hacking Cybercrime Information Security 140

Security Affairs

JANUARY 10, 2025

A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November. Elastic researchers noticed that regarding Safari, only the cookies are collected by the AppleScript script for the current version.

Malware 133

Malware Advertising Antivirus Cybercrime 133