encryption | Breaking Cybersecurity News | The Hacker News

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings. "In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and ...

The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol via what's called the RCS Universal Profile 3.0 . "The new specifications define how to apply MLS within the context of RCS," Tom Van Pelt, technical director of GSMA, said . "These procedures ensure that messages and other content such as files remain confidential and secure as they travel between clients." This also means that RCS will be the first "large-scale messaging service" to have support for interoperable E2EE between different client implementations from different providers in the near future. It's worth noting that Google's own implemen...

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You're not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That's why we're excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both worlds by connecting your code insights with real-time runtime data. This means you get a clear, holistic view of your application's security. Instead of reacting to threats, ASPM helps you prevent them. Imagine reducing costly retrofits and emergency patches with a proactive, shift-left strategy—saving you time, money, and stress. Join Amir Kaushansky, Director of Product Management at Palo Alto Networks, as he walks you through how ASPM is changing the game. In this free webinar , you'll learn to: Close the Security Gaps: Understand why traditional AppSec tools fall short and how ASPM fills ...

Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold—from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea's Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration , he will break down every technical step of a ransomware attack, showing you how hackers exploit vulnerabilities and encrypt data—in clear, simple language. What You Will Learn Attack Initiation: Understand how hackers exploit software bugs and weak passwords to breach your network. Hacker Tactics: See the technical methods hackers use to move laterally, encrypt files, and create backdoors. Identifying Vulnerabilities: Discover common weaknesses like outdated software, misconfigured servers, and unprotected endpoints, plus actionable tips to fix them. Live Simulation: Watch a step-by-step live demo of a ransomware attack—from breach to ransom demand. Expert Analysi...

Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said . "Without updating to Firefox version 128 or higher (or ESR 115.13 + for ESR users, including Windows 7/8/8.1 and macOS 10.12-10.14 users), this expiration may cause significant issues with add-ons, content signing, and DRM-protected media playback." Mozilla said the latest version of Firefox includes a new root certificate that will prevent this from happening. The update is crucial for all users of Firefox running a version prior to 128, or Extended Support Release (ESR) versions before 115.13, both of which were released on July 9, 2024. This includes all versions of Firefox for Windows, macOS, Linux, and Android...

Cyber threats today don't just evolve—they mutate rapidly, testing the resilience of everything from global financial systems to critical infrastructure. As cybersecurity confronts new battlegrounds—ranging from nation-state espionage and ransomware to manipulated AI chatbots—the landscape becomes increasingly complex, prompting vital questions: How secure are our cloud environments? Can our IoT devices be weaponized unnoticed? What happens when cybercriminals leverage traditional mail for digital ransom? This week's events reveal a sobering reality: state-sponsored groups are infiltrating IT supply chains, new ransomware connections are emerging, and attackers are creatively targeting industries previously untouched. Moreover, global law enforcement actions highlight both progress and persistent challenges in countering cybercrime networks. Dive into this edition to understand the deeper context behind these developments and stay informed about threats that continue reshap...

Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," Swiss cybersecurity company PRODAFT said in a statement shared with The Hacker News. "While it's linked to the Ragnar Locker group, it's unclear if they own it or just rent it out to others. What we do know is that its developers are constantly adding new features, making it more modular and harder to detect." Ragnar Loader, also referred to as Sardonic, was first documented by Bitdefender in August 2021 in connection with an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. It's said to have been put to use ...

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d . The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries and regions. As of February 25, 2025, India has experienced a notable surge in infection rate, increasing from less than 1% (3,901) to 18.17% (217,771).  "Vo1d has evolved to enhance its stealth, resilience, and anti-detection capabilities," QiAnXin XLab said . "RSA encryption secures network communication, preventing [command-and-control] takeover even if [the Domain Generation Algorithm] domains are registered by researchers. Each payload uses a unique Downloader, with XXTEA encryption and RSA-protected keys, making analysis harder." The malware was first documented by Doctor Web in September 2024 as affecting Androi...

The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously undocumented malware called LuckyStrike Agent. The activity was detected in November 2024 by Solar, the cybersecurity arm of Russian state-owned telecom company Rostelecom. It's tracking the activity under the name Erudite Mogwai. The attacks are also characterized by the use of other tools like Deed RAT , also called ShadowPad Light, and a customized version of proxy utility named Stowaway , which has been previously used by other China-linked hacking groups. "Erudite Mogwai is one of the active APT groups specializing in the theft of confidential information and espionage," Solar researchers said . "Since at least 2017, the group has been attacking government agencies, IT departments of various organizations, as well as enterprises related to high-tech industries such as aerospace and electric power....

Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques for cracking passwords and how to defend against them. Brute force attack Brute force attacks are straightforward yet highly effective techniques for cracking passwords. These attacks involve malicious actors using automated tools to systematically try every possible password combination through repeated login attempts. While such tools have existed for years, the advent of affordable computing power and storage has made them even more efficient today, especially when weak passwords are used. How it works When it comes to brute force attacks, malicious actors employ a range of tactics—from simple brute force attacks that test ev...

Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service ( Cloud KMS ) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers. The feature, currently in preview, coexists with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC) standards, the final versions of which were formalized in August 2024. "Our Cloud KMS PQC roadmap includes support for the NIST post-quantum cryptography standards (FIPS 203, FIPS 204, FIPS 205, and future standards), in both software (Cloud KMS) and hardware (Cloud HSM)," the company's cloud division noted . "This can help customers perform quantum-safe key import and key exchange, encryption and decryption operations, and digital signature creation." The tech giant said its underlying software implementations of these standards – FIPS 203 (aka ML-KEM), FIPS 204 ...

Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its cloud. This includes iCloud Backup, Photos, Notes, Reminders, Safari Bookmarks, voice memos, and data associated with its own apps. "We are gravely disappointed that the protections provided by ADP will not be available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy," the company was quoted as saying to Bloomberg. "ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices." Customers who are already using ADP ...

Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg." The takedown involved the U.K. National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), Europol, as well as agencies from Bavaria, Belgium, Czechia, France, Germany, Japan, Romania, Spain, Switzerland, and Thailand. Thai media reports have revealed that four European nationals – two men and two women – were arrested across four different locations on Monday as part of an effort codenamed Operation Phobos Aetor. The identities of the suspects were not disclosed. Authorities are said to have seized more than 40 pieces of evidence, including ...

A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and device data. "The DeepSeek iOS app sends some mobile app registration and device data over the Internet without encryption," the company said . "This exposes any data in the internet traffic to both passive and active attacks." The teardown also revealed several implementation weaknesses when it comes to applying encryption on user data. This includes the use of an insecure symmetric encryption algorithm ( 3DES ), a hard-coded encryption key, and the reuse of initialization vectors . What's more, the data is sent to servers that are managed by a cloud compute a...