#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

encryption | Breaking Cybersecurity News | The Hacker News

Category — encryption
Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

Jan 23, 2025 Threat Intelligence / Data Breach
An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are identical except for victim specific data and the attacker contact details," security researcher Jim Walter said in a new report shared with The Hacker News. Both HellCat and Morpheus are nascent entrants to the ransomware ecosystem, having emerged in October and December 2024, respectively. A deeper examination of the Morpheus/HellCat payload, a 64-bit portable executable, has revealed that both samples require a path to be specified as an input argument. They are both configured to exclude the \Windows\System32 folder, as well as a hard-coded list of extensions from the encryp...
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

Jan 17, 2025 Threat Detection / Zero Trust
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access, protecting data, maintaining compliance across all geographies, and ensuring business continuity. Evolved security solutions now combine zero-trust architecture with cloud-based captive portals to enhance network protection. These systems enable organizations to implement strict access controls, verify every device's security status, and maintain network separation. Through advanced features like conditional access and device registration, businesses can now offer secure guest Wi-Fi access while maintaining complete visibility and control over their network resources. Challenges in Wi-Fi Se...
The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

Jan 16, 2025Identity Protection / SaaS Security
You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the #1 attacker action in 2023/24, and the breach vector for 80% of web app attacks . (Source: Verizon). Cybersecurity budgets grew again in 2024, with organizations now spending almost $1,100 per user (Source: Forrester).  Stolen credentials on criminal forums cost as little as $10 (Source: Verizon). Something doesn't add up. So, what's going on? In this article, we'll cover: What's contributing to the huge rise in account compromises linked to stolen creds and why existing approaches aren't working.  The world of murky intelligence on stolen credentials, and how to cut through the noise to find the true positives. Recommendations for security teams to stop attackers from using stolen creds to achieve account takeover. Stolen credential-based attacks are on the rise There's clear evidence that identity attacks are now the #1 cyber threat f...
Ransomware on ESXi: The Mechanization of Virtualized Attacks

Ransomware on ESXi: The Mechanization of Virtualized Attacks

Jan 13, 2025 Threat Detection / Network Security
In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the infamous Babuk ransomware, adapted to avoid detection of security tools. Moreover, accessibility is becoming more widespread, as attackers monetize their entry points by selling Initial Access to other threat actors, including ransomware groups. As organizations are dealing with compounded threats on an ever-expanding front: new vulnerabilities, new entry points, monetized cyber-crime networks, and more, there is ever-growing urgency for enhanced security measures and vigilance. The architecture of ESXi Understanding how an attacker can gain control of the ESXi host begins with understanding the ...
cyber security

2024: A year of identity attacks | Get the new ebook

websitePush SecurityIdentity Security
Identity attacks were the leading cause of breaches in 2024. Learn how tooling and techniques are evolving.
New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption

New Banshee Stealer Variant Bypasses Antivirus with Apple's XProtect-Inspired Encryption

Jan 09, 2025
Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer . "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. "This development allows it to bypass antivirus systems, posing a significant risk to over 100 million macOS users globally." The cybersecurity company said it detected the new version in late September 2024, with the malware distributed using phishing websites and fake GitHub repositories under the guise of popular software such as Google Chrome, TradingView, Zegent, Parallels, Solara, CryptoNews, MediaKIT, and Telegram. Banshee Stealer was first documented in August 2024 by Elastic Security Labs. Offered under a malware-as-a-service (MaaS) model to other cybercriminals for $3,000 a month, it'...
Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Jan 09, 2025 Data Protection / Encryption
Ransomware isn't slowing down—it's getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection. The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join Emily Laufer , Director of Product Marketing at Zscaler, for an eye-opening session, " Preparing for Ransomware and Encrypted Attacks in 2025 " filled with practical insights and cutting-edge strategies to outsmart these evolving threats. What You'll Learn: ThreatLabz Insights: Get the latest findings from Zscaler's experts on ransomware and encrypted attacks, including the trends making the biggest impact. 2025 Predictions: Find out how ransomware groups are refining their tactics to stay one step ahead—and what you can do to stop them. Encrypted DNS Attacks: Learn how cyb...
New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits

Dec 30, 2024 Cybersecurity / Compliance
The United States Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the cybersecurity of critical infrastructure, the OCR said. The rule is designed to strengthen protections for electronic protected health information (ePHI) by updating the HIPAA Security Rule's standards to "better address ever-increasing cybersecurity threats to the healthcare sector." To that end, the proposal, among other things, requires organizations to conduct a review of the technology asset inventory and network map, identify potential vulnerabilities that could pose a threat to electronic information systems, and establish procedures to restore the loss of certa...
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01

Dec 19, 2024 Cloud Security / Encryption
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines. "Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls, which attackers can use to gain unauthorized access, exfiltrate data, or disrupt services," the agency said , adding the directive "will further reduce the attack surface of the federal government networks." As part of 25-01, agencies are also recommended to deploy CISA-developed automated configuration assessment tools to measure against the baselines, integrate with the agency's continuous monitoring infrastructure, and address any deviations from the secure configuration baselines. While the baselines are currently limited to Microsoft 365 (Azure Active Directory / ...
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Dec 04, 2024 Encryption / Cybercrime
Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower , comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted for the murder of a Dutch journalist Peter R. de Vries . This allowed authorities to intercept messages being sent via the service for a period of three months, amassing a total of more than 2.3 million messages in 33 languages. The messages, Europol said, are associated with serious crimes such as international drug trafficking, arms trafficking, and money laundering.  It's worth noting at this stage that MATRIX is different from the open-source, decentralized messaging app of the same name ("matrix[.]org"). Also known by other names such as Mactrix, Totalsec, X-quantum...
Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Nov 18, 2024 Privacy / Email Security
Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android. The idea is to create unique, single-use email addresses that forward the messages to the associated primary account, thereby preventing the need for providing the real email address when filling out forms or registering for new services online. The idea of email aliases for improved privacy is not new. Back in 2021, Apple introduced a similar feature called Hide My Email that allows iCloud+ subscribers to generate random burner email addresses. It can also be used to set up new ones in Safari, Mail, and Apple Pay wherever email addresses are required. Other providers like Bitwarden and DuckDuckGo have since also released an analogous feature. It's worth noting that...
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

Oct 24, 2024 Ransomware / Cybercrime
Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support," the Halcyon Research Team said in a report shared with The Hacker News. "Additionally, RSA-4096 with OAEP padding is used to safeguard encryption keys, making file decryption without the attacker's private key or captured seed values impossible." Qilin, also known as Agenda , first came to the attention of the cybersecurity community in July/August 2022, with initial versions written in Golang before switching to Rust. A May 2023 report from Group-IB revealed that the ransomware-as-a-service (RaaS) scheme allows its affiliates to anywhere between 80% to 85% of ...
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Oct 21, 2024 Encryption / Data Protection
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext," ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong said . "Remarkably, many of our attacks affect multiple providers in the same way, revealing common failure patterns in independent cryptographic designs." The identified weaknesses are the result of an analysis of five major providers such as Sync, pCloud, Icedrive, Seafile, and Tresorit. The devised attack techniques hinge on a malicious server that's under an adversary's control, which could then be used to target the service providers' users. A brief description of the flaws uncovered in the cloud storage systems is as follows - Sync, in which a maliciou...
Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Oct 17, 2024 Ransomware / Network Security
Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an advertisement, calling for new partners into its affiliate program. "Within the dashboard of the Affiliates' panel of Cicada3301 ransomware group contained sections such as Dashboard, News, Companies, Chat Companies, Chat Support, Account, an FAQ section, and Log Out," researchers Nikolay Kichatov and Sharmine Low said in a new analysis published today. Cicada3301 first came to light in June 2024, with the cybersecurity community uncovering strong source code similarities with the now-defunct BlackCat ransomware group. The RaaS scheme is estimated to have compromised no less th...
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

Oct 11, 2024 Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who is behind the activity, or what the end goals of the campaign are. "A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network," CISA said in an advisory. It has also recommended organizations encrypt persistent cookies employed in F5 BIG-IP devices by configuring cookie encryption within the HTTP profile. Furthermore, it's urging users to verify the protection of their systems by running a diagnostic...
Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Sep 23, 2024 Encryption / Data Protection
Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls. The protocol has been dubbed DAVE , short for Discord's audio and video end-to-end encryption ("E2EE A/V"). As part of the change introduced last week, voice and video in DMs, Group DMs, voice channels, and Go Live streams are expected to be migrated to use DAVE. That said, it's worth noting that messages on Discord will remain unencrypted and are subject to its content moderation approach. "When we consider adding new privacy features like E2EE A/V, we do not do so in isolation from safety," Discord said . "That is why safety is integrated across our product and policies, and why messages on Discord are unencrypted." "Messages will still be subject to our content moderation approach, allowing us to continue offering additional safety protections." DAVE is publicly au...
Expert Insights / Articles Videos
Cybersecurity Resources