#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

encryption | Breaking Cybersecurity News | The Hacker News

Category — encryption
New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

New Qilin.B Ransomware Variant Emerges with Improved Encryption and Evasion Tactics

Oct 24, 2024 Ransomware / Cybercrime
Cybersecurity researchers have discovered an advanced version of the Qilin ransomware sporting increased sophistication and tactics to evade detection. The new variant is being tracked by cybersecurity firm Halcyon under the moniker Qilin.B. "Notably, Qilin.B now supports AES-256-CTR encryption for systems with AESNI capabilities, while still retaining Chacha20 for systems that lack this support," the Halcyon Research Team said in a report shared with The Hacker News. "Additionally, RSA-4096 with OAEP padding is used to safeguard encryption keys, making file decryption without the attacker's private key or captured seed values impossible." Qilin, also known as Agenda , first came to the attention of the cybersecurity community in July/August 2022, with initial versions written in Golang before switching to Rust. A May 2023 report from Group-IB revealed that the ransomware-as-a-service (RaaS) scheme allows its affiliates to anywhere between 80% to 85% of
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Oct 21, 2024 Encryption / Data Protection
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext," ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong said . "Remarkably, many of our attacks affect multiple providers in the same way, revealing common failure patterns in independent cryptographic designs." The identified weaknesses are the result of an analysis of five major providers such as Sync, pCloud, Icedrive, Seafile, and Tresorit. The devised attack techniques hinge on a malicious server that's under an adversary's control, which could then be used to target the service providers' users. A brief description of the flaws uncovered in the cloud storage systems is as follows - Sync, in which a maliciou
Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes

Oct 28, 2024Operational Technology / Cybersecurity
Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done remotely, often by third-party vendor technicians. This highlights the importance of proper secure remote access management for industrial control systems (ICS).  Learn more in our Buyer's Guide for Secure Remote Access Lifecycle Management .  We at SSH Communications Security (SSH) have been pioneering security solutions that bridge the gap between IT and OT in privileged access management . Let's investigate how we helped two customers solve their critical access control needs with us. Secure Remote Access Around the Globe to 1000s of Ships  In the maritime industry, ensuring secure and e
Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Oct 17, 2024 Ransomware / Network Security
Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service (RaaS) called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301 persona on the RAMP cybercrime forum via the Tox messaging service after the latter put out an advertisement, calling for new partners into its affiliate program. "Within the dashboard of the Affiliates' panel of Cicada3301 ransomware group contained sections such as Dashboard, News, Companies, Chat Companies, Chat Support, Account, an FAQ section, and Log Out," researchers Nikolay Kichatov and Sharmine Low said in a new analysis published today. Cicada3301 first came to light in June 2024, with the cybersecurity community uncovering strong source code similarities with the now-defunct BlackCat ransomware group. The RaaS scheme is estimated to have compromised no less th
cyber security

AWS EKS Security Best Practices [Cheat Sheet]

websiteWiz.ioCloud Security / Kubernetes
Unlock this one-stop resource for mastering EKS security best practices and safeguarding your cloud-native applications.
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance

Oct 11, 2024 Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who is behind the activity, or what the end goals of the campaign are. "A malicious cyber actor could leverage the information gathered from unencrypted persistence cookies to infer or identify additional network resources and potentially exploit vulnerabilities found in other devices present on the network," CISA said in an advisory. It has also recommended organizations encrypt persistent cookies employed in F5 BIG-IP devices by configuring cookie encryption within the HTTP profile. Furthermore, it's urging users to verify the protection of their systems by running a diagnostic
Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls

Sep 23, 2024 Encryption / Data Protection
Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted (E2EE) protocol to secure audio and video calls. The protocol has been dubbed DAVE , short for Discord's audio and video end-to-end encryption ("E2EE A/V"). As part of the change introduced last week, voice and video in DMs, Group DMs, voice channels, and Go Live streams are expected to be migrated to use DAVE. That said, it's worth noting that messages on Discord will remain unencrypted and are subject to its content moderation approach. "When we consider adding new privacy features like E2EE A/V, we do not do so in isolation from safety," Discord said . "That is why safety is integrated across our product and policies, and why messages on Discord are unencrypted." "Messages will still be subject to our content moderation approach, allowing us to continue offering additional safety protections." DAVE is publicly au
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature

Sep 20, 2024 Encryption / Digital Security
Google on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices. "This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can't be accessed by anyone, not even Google," Chrome product manager Chirag Desai said . The PIN is a six-digit code by default, although it's also possible to create a longer alpha-numeric PIN by selecting "PIN options." This marks a change from the previous status quo where users could only save passkeys to save passkeys to Google Password Manager on Android. While the passkeys could be used on other platforms, it was necessary to scan a QR code using the device where they were generated. The latest change removes that step, making it a lot easier for users to sign in to online services using passkeys by simply scanning their biometrics. Google noted that support for iOS is expected to arrive soon
GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

Sep 18, 2024 Mobile Security / Encryption
The GSM Association (GSMA), the governing body that oversees the development of the Rich Communications Services (RCS) protocol, on Tuesday, said it's working towards implementing end-to-end encryption (E2EE) to secure messages sent between the Android and iOS ecosystems. "The next major milestone is for the RCS Universal Profile to add important user protections such as interoperable end-to-end encryption," Tom Van Pelt, technical director of GSMA, said . "This will be the first deployment of standardized, interoperable messaging encryption between different computing platforms, addressing significant technical challenges such as key federation and cryptographically-enforced group membership." The development comes a day after Apple officially rolled out iOS 18 with support for RCS in its Messages app, which comes with advanced features like message reactions, typing indications, read receipts, and high-quality media sharing, among others. RCS, an impro
Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Sep 17, 2024 Browser Security / Quantum Computing
Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers ( CRQCs ). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said . "The PostQuantumKeyAgreementEnabled flag and enterprise policy will apply to both Kyber and ML-KEM." The changes are expected to take effect in Chrome version 131, which is on track for release in early November 2024. Google noted that the two hybrid post-quantum key exchange approaches are essentially incompatible with each other, prompting it to abandon KYBER. "The changes to the final version of ML-KEM make it incompatible with the previously deployed version of Kyber," the company said. "As a result, the codepoint in TLS for hybrid post-quantum key exchange is ch
New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

Sep 09, 2024 Vulnerability / Hardware Security
A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO (short for "Radiation of Air-gapped Memory Bus for Offense") by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software and Information Systems Engineering at the Ben Gurion University of the Negev in Israel. "Using software-generated radio signals, malware can encode sensitive information such as files, images, keylogging, biometric information, and encryption keys," Dr. Guri said in a newly published research paper. "With software-defined radio (SDR) hardware, and a simple off-the-shelf antenna, an attacker can intercept transmitted raw radio signals from a distance. The signals can then be decoded and translated back into binary information." Over the years, Dr. Guri has conco
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Sep 06, 2024 Privacy / Data Security
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed by third-parties on the platform he manages is a misguided approach." Durov was charged late last month for enabling various forms of criminal activity on Telegram, including drug trafficking and money laundering, following a probe into an unnamed person's distribution of child sexual abuse material on the messaging service. He also highlighted the struggles to balance both privacy and security, noting that Telegram is ready to exit markets that aren't compatible with its mission to "protect our users in authoritarian regimes." Durov also blamed &q
New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems

Sep 03, 2024 Endpoint Security / Malware
Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. "It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector," cybersecurity company Morphisec said in a technical report shared with The Hacker News. Written in Rust and capable of targeting both Windows and Linux/ESXi hosts, Cicada3301 first emerged in June 2024, inviting potential affiliates to join their ransomware-as-a-service (RaaS) platform via an advertisement on the RAMP underground forum. A notable aspect of the ransomware is that the executable embeds the compromised user's credentials, which are then used to run PsExec , a legitimate tool that makes it possible to run programs remotely. Cicada3301's similarities with BlackCat also extend t
French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

French Authorities Charge Telegram CEO with Facilitating Criminal Activities on Platform

Aug 29, 2024 Online Crime / Privacy
French prosecutors on Wednesday formally charged Telegram CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material (CSAM) as well as enabling organized crime, illicit transactions, drug trafficking, and fraud. Durov has also been charged with a "refusal to communicate, at the request of competent authorities, information or documents necessary for carrying out and operating interceptions allowed by law," according to an English translation of the press release. The 39-year-old was detained at Le Bourget airport north of Paris at 8 p.m. local time on Saturday after disembarking from a private jet. To avoid pretrial detention, Durov has been ordered to pay a €5 million bail, but he is barred from leaving the country and must rep
Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

Aug 26, 2024 Data Security / Compliance
Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got hold of over 1.2 terabytes of data from Disney's internal Slack messaging channels. The breach exposed sensitive information, including: details about unreleased projects, computer code, login details and passwords, and Intellectual Property (IP) and corporate secrets. Slack breaches have also impacted companies like Uber, Rockstar, and Electronic Arts (EA). Cisco Webex used by the German Bundeswehr leaked data from hundreds of meetings, some classified. Outlook was breached by Chinese hackers last year. We have nothing against any of the tools above. They are all great collaboration tools. However, just like companies don't allow developers to use just any old tool to push code to p
Obfuscation: There Are Two Sides To Everything

Obfuscation: There Are Two Sides To Everything

Aug 01, 2024 Software Security / Threat Detection
How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation? Obfuscation is the technique of intentionally making information difficult to read, especially in computer coding. An important use case is data obfuscation, in which sensitive data is made unrecognizable to protect it from unauthorized access. Various methods are used for this.  For example, only the last four digits of a credit card number are often displayed, while the remaining digits are replaced by Xs or asterisks. In contrast, encryption involves converting data into an unreadable form that can only be decrypted using a special key. Obfuscation In Code When computer code is obfuscated, complex language and redundant logic are used to make the code difficult to understand. The aim?
Expert Insights / Articles Videos
Cybersecurity Resources