encryption | Breaking Cybersecurity News | The Hacker News

The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022. In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the agencies said the threat actors encrypted and stole data from at least 12 out of 16 critical infrastructure sectors. "Black Basta affiliates use common initial access techniques — such as phishing and exploiting known vulnerabilities — and then employ a double-extortion model, both encrypting systems and exfiltrating data," the bulletin  read . Unlike other ransomware groups, the ransom notes dropped at the end of the attack do not contain an initial ransom demand or payment instructions. Rather, the note

Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed  TunnelVision  that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking"  method  has been assigned the CVE identifier  CVE-2024-3661  (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has support for DHCP option 121 routes. At its core, TunnelVision involves the routing of traffic without encryption through a VPN by means of an attacker-configured DHCP server using the  classless static route option 121  to set a route on the VPN user's  routing table . It also stems from the fact the DHCP protocol, by design, does not authenticate such option messages, thus exposing them to manipulation. DHCP is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway 

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm. The techniques have been collectively dubbed  Pathfinder  by a group of academics from the University of California San Diego, Purdue University, UNC Chapel Hill, Georgia Institute of Technology, and Google. "Pathfinder allows attackers to read and manipulate key components of the branch predictor, enabling two main types of attacks: reconstructing program control flow history and launching high-resolution Spectre attacks," Hosein Yavarzadeh, the lead author of the  paper , said in a statement shared with The Hacker News. "This includes extracting secret images from libraries like libjpeg and recovering encryption keys from AES through intermediate value extraction." Spectre is the name given to a  class of side-channel attacks  that exploit  branch prediction

A newer version of a malware loader called  Hijack Loader  has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the malware's stealthiness, thereby remaining undetected for longer periods of time," Zscaler ThreatLabz researcher Muhammed Irfan V A  said  in a technical report. "Hijack Loader now includes modules to add an exclusion for Windows Defender Antivirus, bypass User Account Control (UAC), evade inline API hooking that is often used by security software for detection, and employ process hollowing." Hijack Loader, also called IDAT Loader, is a malware loader that was  first documented  by the cybersecurity company in September 2023. In the intervening months, the tool has been used as a conduit to deliver various malware families. This includes Amadey, Lumma Stealer (aka LummaC2), Meta Stealer, Racoon Stealer V2, Remcos RAT, and Rhadamanthys. What makes the latest vers

The U.K. National Crime Agency (NCA) has unmasked the administrator and developer of the LockBit ransomware operation, revealing it to be a 31-year-old Russian national named  Dmitry Yuryevich Khoroshev . In addition, Khoroshev has been sanctioned  by the U.K. Foreign, Commonwealth and Development Office (FCD), the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), and the Australian Department of Foreign Affairs. Europol, in a  press statement , said authorities are in possession of over 2,500 decryption keys and are continuing to contact LockBit victims to offer support. Khoroshev, who went by the monikers LockBitSupp and putinkrab, has also become the subject of asset freezes and travel bans, with the U.S. Department of State offering a reward of up to $10 million for information leading to his arrest and/or conviction. Previously, the agency had  announced  reward offers of up to $15 million seeking information leading to the identity and location of k