#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

encryption | Breaking Cybersecurity News | The Hacker News

Category — encryption
FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites

FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites

Feb 11, 2025 Cybercrime / Ransomware
Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor General in Bamberg." The takedown involved the U.K. National Crime Agency (NCA), the U.S. Federal Bureau of Investigation (FBI), Europol, as well as agencies from Bavaria, Belgium, Czechia, France, Germany, Japan, Romania, Spain, Switzerland, and Thailand. Thai media reports have revealed that four European nationals – two men and two women – were arrested across four different locations on Monday as part of an effort codenamed Operation Phobos Aetor. The identities of the suspects were not disclosed. Authorities are said to have seized more than 40 pieces of evidence, including ...
DeepSeek App Transmits Sensitive User and Device Data Without Encryption

DeepSeek App Transmits Sensitive User and Device Data Without Encryption

Feb 07, 2025 Mobile Security / Artificial Intelligence
A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and device data. "The DeepSeek iOS app sends some mobile app registration and device data over the Internet without encryption," the company said . "This exposes any data in the internet traffic to both passive and active attacks." The teardown also revealed several implementation weaknesses when it comes to applying encryption on user data. This includes the use of an insecure symmetric encryption algorithm ( 3DES ), a hard-coded encryption key, and the reuse of initialization vectors . What's more, the data is sent to servers that are managed by a cloud compute a...
4 Ways to Keep MFA From Becoming too Much of a Good Thing

4 Ways to Keep MFA From Becoming too Much of a Good Thing

Feb 11, 2025IT Security / Threat Protection
Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it's undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels like too much of a good thing. Here are a few reasons why MFA isn't implemented more universally. 1. Businesses see MFA as a cost center MFA for businesses isn't free, and the costs of MFA can add up over time. Third-party MFA solutions come with subscription costs, typically charged per user. Even built-in options like Microsoft 365's MFA features can cost extra depending on your Microsoft Entra license. Plus, there's the cost of training employees to use MFA and the time IT takes to enroll them. If MFA increases help desk calls, support costs go up too. While these expenses are far less t...
Top 3 Ransomware Threats Active in 2025

Top 3 Ransomware Threats Active in 2025

Feb 06, 2025 Malware Analysis / Threat Detection
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there's no guarantee you'll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get hit again. This isn't a rare case. Ransomware attacks are crippling businesses worldwide, from hospitals and banks to small companies. The only way to stop the damage is by proactively analyzing suspicious files and links before they can be executed. Below, we break down the top three ransomware families active in 2025: LockBit, Lynx, and Virlock, and find out how interactive analysis helps businesses detect and stop them before it's too late. LockBit: Teasing a Comeback in 2025 LockBit is one of the most notorious ransomware groups, known for its highly efficient encryption, do...
cyber security

Level Up Your Cyber Skills at SANS 2025

websiteSANS InstituteCyber Security / Training
Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!
Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

Feb 01, 2025 Privacy / Surveillance
Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024. In a statement to The Guardian, the encrypted messaging app said it has reached out to affected users, stating it had "high confidence" that the users were targeted and "possibly compromised." It's currently not known who is behind the campaign and for how long it took place. The attack chain is said to be zero-click, meaning the deployment of the spyware occurs without requiring any user interaction. It's suspected to involve the distribution of a specially-crafted PDF file sent to individuals who were added to group chats on WhatsApp. The company noted the targets were spread across over two dozen countries, including several in Europe, ...
How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

Jan 28, 2025 Cybersecurity / Encryption
While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them from being completely exposed in the event of a data breach – and never stored in plaintext. This article examines how today's cyber attackers attempt to crack hashed passwords, explores common hashing algorithms and their limitations, and discusses measures you can take to protect your hashed passwords, regardless of which algorithm you are using. Modern password cracking techniques Malicious actors have an array of tools and methods at their disposal for cracking hashed passwords. Some of the more widely used methods include brute force attacks, password dictionary attacks, hybrid attacks...
Expert Insights / Articles Videos
Cybersecurity Resources