The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: encryption

Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service

Researchers Uncover Ways to Break the Encryption of 'MEGA' Cloud Storage Service
June 22, 2022Ravie Lakshmanan
A new piece of research from academics at ETH Zurich has identified a number of critical security issues in the MEGA cloud storage service that could be leveraged to break the confidentiality and integrity of user data. In a paper titled " MEGA: Malleable Encryption Goes Awry ," the researchers point out how MEGA's system does not protect its users against a malicious server, thereby enabling a rogue actor to fully compromise the privacy of the uploaded files. "Additionally, the integrity of user data is damaged to the extent that an attacker can insert malicious files of their choice which pass all authenticity checks of the client," ETH Zurich's Matilda Backendal, Miro Haller, and Kenneth G. Paterson said in an analysis of the service's cryptographic architecture. MEGA, which  advertises  itself as the "privacy company" and claims to provide user-controlled end-to-end encrypted cloud storage, has more than 10 million daily active users, w

New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers

New XLoader Botnet Version Using Probability Theory to Hide its C&C Servers
June 01, 2022Ravie Lakshmanan
An enhanced version of the XLoader malware has been spotted adopting a probability-based approach to camouflage its command-and-control (C&C) infrastructure, according to the latest research. "Now it is significantly harder to separate the wheat from the chaff and discover the real C&C servers among thousands of legitimate domains used by Xloader as a smokescreen," Israeli cybersecurity company Check Point  said . First spotted in the wild in October 2020, XLoader is a successor to Formbook and a  cross-platform information stealer  that's capable of plundering credentials from web browsers, capturing keystrokes and screenshots, and executing arbitrary commands and payloads. More recently, the  ongoing geopolitical conflict  between Russia and Ukraine has proved to be a lucrative fodder for  distributing XLoader  by means of  phishing emails  aimed at high-ranking government officials in Ukraine. The latest findings from Check Point build on a previous repor

New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw

New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
March 16, 2022Ravie Lakshmanan
A previously undocumented backdoor has been observed targeting Linux systems with the goal of corralling the machines into a botnet and acting as a conduit for downloading and installing rootkits. Qihoo 360's Netlab security team called it  B1txor20  "based on its propagation using the file name 'b1t,' the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes." First observed propagating through the  Log4j vulnerability  on February 9, 2022, the malware leverages a technique called DNS tunneling to build communication channels with command-and-control (C2) servers by encoding data in DNS queries and responses. B1txor20, while also buggy in some ways, currently supports the ability to obtain a shell, execute arbitrary commands, install a rootkit, open a  SOCKS5 proxy , and functions to upload sensitive information back to the C2 server. Once a machine is successfully compromised, the malware utilizes the DNS tunnel to retrieve and execute co

Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption

Researchers Demonstrate New Side-Channel Attack on Homomorphic Encryption
March 03, 2022Ravie Lakshmanan
A group of academics from the North Carolina State University and Dokuz Eylul University have demonstrated what they say is the "first side-channel attack" on homomorphic encryption that could be exploited to leak data as the encryption process is underway. "Basically, by monitoring power consumption in a device that is encoding data for homomorphic encryption, we are able to read the data as it is being encrypted," Aydin Aysu, one of the authors of the study,  said . "This demonstrates that even next generation encryption technologies need protection against side-channel attacks." Homomorphic Encryption is a  form of encryption  that allows certain types of computation to be performed directly on encrypted data without having to decrypt it in the first place. It's also meant to be privacy-preserving in that it allows sharing of sensitive data with other third-party services, such as data analytics firms, for further processing while the underlyin

100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature

100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature
February 28, 2022Ravie Lakshmanan
A group of academics from Tel Aviv University have disclosed details of now-patched "severe" design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys. The shortcomings are the result of an analysis of the cryptographic design and implementation of Android's hardware-backed Keystore in Samsung's Galaxy S8, S9, S10, S20, and S21 flagship devices, researchers Alon Shakevsky, Eyal Ronen, and Avishai Wool  said . Trusted Execution Environments ( TEEs ) are a secure zone that provide an isolated environment for the execution of Trusted Applications (TAs) to carry out security critical tasks to ensure confidentiality and integrity. On Android, the hardware-backed  Keystore  is a system that facilitates the creation and storage of cryptographic keys within the TEE, making them more difficult to be extracted from the device in a manner that prevents the underlying operating system fr

Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?

Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?
January 27, 2022The Hacker News
There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving  CentOS 8  users at major risk of a severe attack – and with no support from CentOS. You'd think that this issue no longer affects a significant number of organizations because by now, companies would have migrated away from CentOS 8 to an OS that is actively supported by vendors. After all, vendor support is critical for security and compliance. But as it always is with these things, you can count on the fact that a big chunk of CentOS 8 users are soldiering on with an unsupported OS, despite being aware of the risks. With that risk now crystallizing we're using this article to examine  CVE-2021-4122 , the newly discovered vulnerability in LUKS encryption, and to discuss your options for mitigating it. Wait, wha

Critical Bug in Mozilla's NSS Crypto Library Potentially Affects Several Other Software

Critical Bug in Mozilla’s NSS Crypto Library Potentially Affects Several Other Software
December 01, 2021Ravie Lakshmanan
Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services ( NSS ) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a  heap overflow  vulnerability when verifying digital signatures such as  DSA  and  RSA-PSS  algorithms that are encoded using the  DER  binary format. Credited with reporting the issue is Tavis Ormandy of Google Project Zero, who codenamed it " BigSig ." "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures," Mozilla  said  in an advisory published Wednesday. "Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted." NSS is a

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption
August 28, 2021Ravie Lakshmanan
A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption." Called  LockFile , the operators of the ransomware have been found exploiting recently disclosed flaws such as  ProxyShell  and  PetitPotam  to compromise Windows servers and deploy file-encrypting malware that scrambles only every alternate 16 bytes of a file, thereby giving it the ability to evade ransomware defences. "Partial encryption is generally used by ransomware operators to speed up the encryption process and we've seen it implemented by BlackMatter, DarkSide and LockBit 2.0 ransomware," Mark Loman, Sophos director of engineering, said in a statement. "What sets LockFile apart is that, unlike the others, it doesn't encrypt the first few blocks. Instead, LockFile encrypts every other 16 bytes of a document." "This means that a file such as a text documen

Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients

Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients
August 16, 2021Ravie Lakshmanan
Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were  detailed  by a group of researchers Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel at the 30th USENIX Security Symposium. In an Internet-wide scan conducted during the study, 320,000 email servers were found vulnerable to what's called a command injection attack. Some of the popular clients affected by the bugs include Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Samsung Email, Yandex, and KMail. The attacks require that the malicious party can tamper connections established between an email client and the email server of a provider and has login cr

Users Can Be Just As Dangerous As Hackers

Users Can Be Just As Dangerous As Hackers
August 09, 2021The Hacker News
Among the problems stemming from our systemic failure with cybersecurity, which ranges from decades-old software-development practices to Chinese and Russian cyber-attacks, one problem gets far less attention than it should—the insider threat. But the reality is that most organizations should be at least as worried about user management as they are about Bond villain-type hackers launching compromises from abroad. Most organizations have deployed single sign-on and modern identity-management solutions. These generally allow easy on-boarding, user management, and off-boarding. However, on mobile devices, these solutions have been less effective. Examples include mobile applications such as WhatsApp, Signal, Telegram, or even SMS-which are common in the workforce. All of these tools allow for low-friction, agile communication in an increasingly mobile business environment. Today, many of these tools offer end-to-end encryption (e2ee), which is a boon when viewed through the lens of

Google Workspace Now Offers Client-side Encryption For Drive and Docs

Google Workspace Now Offers Client-side Encryption For Drive and Docs
June 14, 2021Ravie Lakshmanan
Google on Monday announced that it's rolling out client-side encryption to Google Workspace (formerly G Suite), thereby giving its enterprise customers direct control of encryption keys and the identity service they choose to access those keys. "With client-side encryption, customer data is indecipherable to Google, while users can continue to take advantage of Google's native web-based collaboration, access content on mobile devices, and share encrypted files externally," the search giant  said .  "When combined with our other encryption capabilities, customers can add new levels of data protection for their Google Workspace data." The development coincides with the Google Workspace and Google Chat's  broader availability to all users  with a Google account. Workspace is the company's enterprise offering consisting of Gmail, Chat, Calendar, Drive, Docs, Sheets, Slides, Meet, and other tools. Businesses using Google Workspace have the choice o

Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals

Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals
June 08, 2021Ravie Lakshmanan
In an unprecedented sting operation, the U.S. Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP) ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally. Dubbed Operation Ironside (AFP), Operation Greenlight (Europol), and Operation Trojan Shield (FBI), the long-term covert probe into transnational and serious organized crime culminated in the arrests of 224 offenders on 526 charges in Australia, with 55 luxury vehicles, eight tons of cocaine, 22 tons of cannabis and cannabis resin, 250 firearms, and more than $48 million in various currencies and cryptocurrencies seized in raids around the world.  A total of more than 800 arrests have been reported across 18 countries, including New Zealand, Germany, and Sweden. Europol  called  it the "biggest ever law enforcement operation against encrypted communication." The communications allegedly involved plots to kil

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping

Agora SDK Bug Left Several Video Calling Apps Vulnerable to Snooping
February 17, 2021Ravie Lakshmanan
A severe security vulnerability in a popular video calling software development kit (SDK) could have allowed an attacker to spy on ongoing private video and audio calls. That's according to new research published by the McAfee Advanced Threat Research (ATR) team today, which found the aforementioned flaw in Agora.io's SDK used by several social apps such as eHarmony, Plenty of Fish, MeetMe, and Skout; healthcare apps like Talkspace, Practo, and Dr. First's Backline; and in the Android app that's paired with "temi" personal robot. California-based Agora is a video, voice, and live interactive streaming platform, allowing developers to embed voice and video chat, real-time recording, interactive live streaming, and real-time messaging into their apps. The company's SDKs are estimated to be embedded into mobile, web, and desktop applications across more than 1.7 billion devices globally. McAfee disclosed the flaw (CVE-2020-25605) to Agora.io on April 20

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects
January 31, 2021Ravie Lakshmanan
A "severe" vulnerability in GNU Privacy Guard (GnuPG)'s Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis Ormandy of Project Zero, a security research unit within Google dedicated to finding zero-day bugs in hardware and software systems. No other versions of Libgcrypt are affected by the vulnerability. "There is a  heap buffer overflow  in libgcrypt due to an incorrect assumption in the block buffer management code," Ormandy  said . "Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs." GnuPG addressed the weakness almost immediately within a day after disclosure, while urging users to  stop using  the vulnerable version. The latest version can be dow

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers
January 15, 2021Ravie Lakshmanan
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "DNS over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), often referred to as DNS over HTTPS (DoH), encrypts DNS requests by using HTTPS to provide privacy, integrity, and 'last mile' source authentication with a client's DNS resolver," according to the NSA's  new guidance . Proposed in 2018,  DoH  is a protocol for performing remote Domain Name System resolution via the HTTPS protocol. One of the major shortcomings with current DNS lookups is that even when someone visits a site that uses HTTPS, the DNS query and its response is sent over an unencrypted connection, thus allowing third-party eavesdropping on the network to track every website a user is visiting. Even worse, the

This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years
March 06, 2020Wang Wei
All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised. The vulnerability, tracked as CVE-2019-0090 , resides in the hard-coded firmware running on the ROM ("read-only memory") of the Intel's Converged Security and Management Engine (CSME), which can't be patched without replacing the silicon. Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features

Researchers Find New Hack to Read Content Of Password Protected PDF Files

Researchers Find New Hack to Read Content Of Password Protected PDF Files
October 01, 2019Mohit Kumar
Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some specific circumstances. Dubbed PDFex , the new set of techniques includes two classes of attacks that take advantage of security weaknesses in the standard encryption protection built into the Portable Document Format, better known as PDF. To be noted, the PDFex attacks don't allow an attacker to know or remove the password for an encrypted PDF; instead, enable attackers to remotely exfiltrate content once a legitimate user opens that document. In other words, PDFex allows attackers to modify a protected PDF document, without having the corresponding password, in a way that when opened by someone with the right password, the file will automatically send out a copy of the decry

Google Created Faster Storage Encryption for All Low-End Devices

Google Created Faster Storage Encryption for All Low-End Devices
February 08, 2019Swati Khandelwal
Google has launched a new encryption algorithm that has been built specifically to run on mobile phones and smart IoT devices that don't have the specialized hardware to use current encryption methods to encrypt locally stored data efficiently. Encryption has already become an integral part of our everyday digital activities. However, it has long been known that encryption is expensive, as it causes performance issues, especially for low-end devices that don't have hardware support for making the encryption and decryption process faster. Since data security concerns have recently become very important, not using encryption is no more a wise tradeoff, and at the same time, using a secure but slow device on which apps take much longer to launch is also not a great idea. Currently Android OS supports AES-128-CBC-ESSIV for full-disk encryption and AES-256-XTS for file-based encryption, and Google has already made it mandatory for device manufacturers to include AES encry
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.