encryption | Breaking Cybersecurity News | The Hacker News

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting  X25519Kyber768  for establishing symmetric secrets in  TLS , starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien  said  in a post published Thursday. Kyber was  chosen  by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) as the candidate for general encryption in a bid to tackle future cyber attacks posed by the advent of quantum computing.  Kyber-768  is roughly the security equivalent of  AES-192 . The encryption algorithm has already been adopted by  Cloudflare ,  Amazon Web Services , and IBM. X25519Kyber768 is a hybrid algorithm that combines the output of  X25519 , an elliptic curve algorithm widely used for key agreement in TLS, and Kyber-768 to create a strong session key to encrypt TLS connections. "Hybrid mechanism

A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input Method , an app that has over 455 million monthly active users across Windows, Android, and iOS. The vulnerabilities are rooted in EncryptWall, the service's custom encryption system, allowing network eavesdroppers to extract the textual content and access sensitive data. "The Windows and Android versions of Sogou Input Method contain vulnerabilities in this encryption system, including a vulnerability to a CBC  padding oracle attack , which allow network eavesdroppers to recover the plaintext of encrypted network transmissions, revealing sensitive information including what users have typed," the researchers  said . CBC, s

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

A new security vulnerability has been discovered in AMD's Zen 2 architecture-based processors that could be exploited to extract sensitive data such as encryption keys and passwords. Discovered by Google Project Zero researcher Tavis Ormandy, the flaw – codenamed  Zenbleed  and tracked as  CVE-2023-20593  (CVSS score: 6.5) – allows data exfiltration at the rate of 30 kb per core, per second. The issue is part of a broader category of weaknesses called  speculative execution attacks , in which the optimization technique widely used in modern CPUs is abused to access cryptographic keys from CPU registers. "Under specific microarchitectural circumstances, a register in 'Zen 2' CPUs may not be written to 0 correctly," AMD  explained  in an advisory. "This may cause data from another process and/or thread to be stored in the YMM register , which may allow an attacker to potentially access sensitive information." Web infrastructure company Cloudflare note

Google has announced that it intends to add support for Message Layer Security ( MLS ) to its Messages service for Android and open source an implementation of the specification. "Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform," Giles Hogben, privacy engineering director at Google,  said . "This is why Google is strongly supportive of regulatory efforts that require interoperability for large end-to-end messaging platforms." The development comes as the Internet Engineering Task Force (IETF)  released  the core specification of the Messaging Layer Security (MLS) protocol as a Request for Comments ( RFC 9420 ). Some of the other major companies that have thrown their weight behind the protocol are Amazon Web Services (AWS) Wickr, Cisco, Cloudflare, The Matrix.org Foundation, Mozilla, Phoenix R&D, and Wire. Notably missing f

Apple has warned that it would rather stop offering iMessage and FaceTime services in the U.K. than bowing down to government pressure in response to new proposals that seek to expand digital surveillance powers available to state intelligence agencies. The development, first  reported  by BBC News, makes the iPhone maker the latest to join the chorus of voices protesting against forthcoming legislative changes to the  Investigatory Powers Act  ( IPA ) 2016 in a manner that would effectively render encryption protections ineffective. Specifically, the  Online Safety Bill  requires companies to install technology to scan for child sex exploitation and abuse (CSEA) material and terrorism content in encrypted messaging apps and other services. It also mandates that messaging services clear security features with the Home Office before releasing them and take immediate action to disable them if required without informing the public. While the fact does not explicitly call out for the r

A ransomware threat called 8Base that has been operating under the radar for over a year has been attributed to a "massive spike in activity" in May and June 2023. "The group utilizes encryption paired with 'name-and-shame' techniques to compel their victims to pay their ransoms," VMware Carbon Black researchers Deborah Snyder and Fae Carlisle  said  in a report shared with The Hacker News. "8Base has an opportunistic pattern of compromise with recent victims spanning across varied industries." 8Base, according to statistics gathered by  Malwarebytes  and  NCC Group , has been linked to 67 attacks as of May 2023, with about 50% of the victims  operating  in the business services, manufacturing, and construction sectors. A majority of the targeted companies are located in the U.S. and Brazil. With very little known about the operators of the ransomware, its origins remain something of a cipher. What's evident is that it has been active sinc

In what's an ingenious  side-channel attack , a group of academics has found that it's possible to recover secret keys from a device by analyzing video footage of its power LED. "Cryptographic computations performed by the CPU change the power consumption of the device which affects the brightness of the device's power LED," researchers from the Ben-Gurion University of the Negev and Cornell University  said  in a study. By taking advantage of this observation, it's possible for threat actors to leverage video camera devices such as an iPhone 13 or an internet-connected surveillance camera to extract the cryptographic keys from a smart card reader­. Specifically, video-based cryptanalysis is accomplished by obtaining video footage of rapid changes in an LED's brightness and exploiting the video camera's  rolling shutter  effect to capture the physical emanations. "This is caused by the fact that the power LED is connected directly to the pow

An analysis of the Linux variant of a new ransomware strain called BlackSuit has covered significant similarities with another ransomware family called  Royal . Trend Micro, which examined an x64 VMware ESXi version targeting Linux machines, said it identified an "extremely high degree of similarity" between Royal and BlackSuit. "In fact, they're nearly identical, with 98% similarities in functions, 99.5% similarities in blocks, and 98.9% similarities in jumps based on BinDiff, a comparison tool for binary files," Trend Micro researchers  noted . A comparison of the Windows artifacts has identified 93.2% similarity in functions, 99.3% in basic blocks, and 98.4% in jumps based on BinDiff. BlackSuit  first came to light  in early  May 2023  when Palo Alto Networks Unit 42 drew attention to its ability to target both Windows and Linux hosts. In line with other ransomware groups, it runs a double extortion scheme that steals and encrypts sensitive data in a c

In today's interconnected world, where organisations regularly exchange sensitive information with customers, partners and employees, secure collaboration has become increasingly vital. However, collaboration can pose a security risk if not managed properly. To ensure that collaboration remains secure, organisations need to take steps to protect their data. Since collaborating is essential for almost any team to succeed, shouldn't you be able to do it securely? Whether you're sharing a Wi-Fi password, a social media account, or the passwords to a financial account, you deserve peace of mind. The risks of not protecting your sensitive data can be disastrous, from data breaches and reputational damage to legal ramifications and financial loss. But let's face it: Secure collaboration can be a real nightmare. Challenges of Secure Collaboration and Password Sharing It's another day in the office, and your team needs to share a ridiculous amount of sensitive informati

Twitter is officially beginning to roll out support for  encrypted direct messages (DMs)  on the platform, more than five months after its chief executive Elon Musk  confirmed  plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existing direct messages on users' inboxes. Encrypted chats carry a lock icon badge to visually differentiate them. That said, the opt-in feature is currently limited to verified users or affiliates to a verified organization. It's also essential both the sender and recipient are on the latest versions of the Twitter apps across Android, iOS, and desktop web. Another criteria to send and receive encrypted messages is that the recipient must follow the sender, has sent a message to the sender in the past, or has accepted a direct message request from the sender at some point. While Twitter did not disclose the exact method it uses to secure the conversations, the company s

Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware. To that end, the tech giant's Digital Crimes Unit (DCU) revealed that it secured a  court order  in the U.S. to "remove illegal, legacy copies of Cobalt Strike so they can no longer be used by cybercriminals." While Cobalt Strike, developed and maintained by Fortra (formerly HelpSystems), is a legitimate post-exploitation tool used for adversary simulation, illegal cracked versions of the software have been weaponized by threat actors over the years. Ransomware groups, in particular, have leveraged Cobalt Strike after obtaining initial access to a target environment to escalate privileges, lateral move across the network, and deploy file-encrypting malware. "The ransomware families associated with or deployed by cracked copies of Cobalt Strike have been link

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called  Rorschach  that's both sophisticated and fast. "What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware," Check Point Research  said  in a new report. "In fact, Rorschach is one of the  fastest ransomware strains  ever observed, in terms of the speed of its encryption." The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors. However, further analysis of Rorschach's source code reveals similarities to  Babuk ransomware , which suffered a leak in September 2021, and  LockBit 2.0 . On top of that, the ransom notes sent out to the victims appear to be inspired by that of  Yanluowang  and  DarkSi

Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. "Multi-cloud by design," and its companion the supercloud, is an ecosystem in which several cloud systems work together to provide many organizational benefits, including increased scale and overall resiliency. And now, even security teams who have long been the holdout on wide-scale cloud adoption, may find a reason to rejoice. Born out of the multi-cloud approach, cyberstorage enables companies to not only enjoy the benefits that multi-cloud brings but also eliminate the risk of data exposure at the same time, marking the beginning of the multi-cloud maturity era. What Is The Supercloud? While many organizations ended up with multiple cloud services as a byproduct of interdepartmental needs, today organizations are intentionally building multi-cloud environments. And rather than manage the various cloud services individually, many are implementin

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious  LockBit 3.0 ransomware . "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.0, and LockBit," the authorities  said . The alert comes courtesy of the U.S. Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing & Analysis Center (MS-ISAC). Since emerging in late 2019, the  LockBit actors  have invested significant  technical efforts  to develop and fine-tune its malware, issuing two major updates — LockBit 2.0, released in mid-2021, and  LockBit 3.0 , released in June 2022. The two versions are also known as LockBit Red and LockBit Black, respectively. "LockBit 3.0 accepts addition

A group of researchers has revealed what it says is a vulnerability in a specific implementation of  CRYSTALS-Kyber , one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year. The exploit relates to "side-channel attacks on up to the fifth-order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU," Elena Dubrova, Kalle Ngo, and Joel Gärtner of KTH Royal Institute of Technology  said  in a paper. CRYSTALS-Kyber is one of four post-quantum algorithms  selected  by the U.S. National Institute of Standards and Technology (NIST) after a rigorous multi-year effort to identify a set of next-generation encryption standards that can withstand huge leaps in computing power. A side-channel attack, as the name implies, involves extracting secrets from a cryptosystem through measurement and analysis of physical parameters. Some examples of such parameters include supply current, execution time, and electromagnetic emission. The underlyi