Encryption - Information Management Today

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption

Encryption File names Phishing Authentication

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Security Affairs

JANUARY 15, 2025

The ransomware group Codefinger is using compromised AWS keys to encrypt S3 bucket data using SSE-C, Halcyon researchers warn. The ransomware group Codefinger has been spotted using compromised AWS keys to encrypt data in S3 buckets. The ransomware group Codefinger utilizes an AES-256 encryption key they generate and store locally.

Encryption

Encryption Ransomware Authentication Cloud

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Security Affairs

JANUARY 3, 2025

Over 3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks. ShadowServer researchers reported that around 3.3 We see around 3.3M It's time to retire those!

Encryption

Encryption Passwords Access Communications

Webinars

How to Start Virtual Care the Right Way: A Proven Roadmap for 2025 and Beyond

MORE WEBINARS

Bitdefender released a decryptor for the ShrinkLocker ransomware

Security Affairs

NOVEMBER 13, 2024

Bitdefender released a decryptor for the ShrinkLocker ransomware, which modifies BitLocker configurations to encrypt a system’s drives. Unlike modern ransomware it doesn’t rely on sophisticated encryption algorithms and modifies BitLocker configurations to encrypt a system’s drives.

Ransomware

Ransomware Encryption Passwords Authentication

The Modern Encryption Software Checklist: The Secret to Understanding Your Data Security Needs

The following checklist is built to help you evaluate the scope of services offered by various encryption solutions on the market and covers questions on the following topics: Encryption. Understanding your data security needs is tough enough, but what can be even more difficult is choosing the right software to fit your company.

Encryption

See How Much Faster a Quantum Computer Will Crack Encryption

WIRED Threat Level

JUNE 4, 2025

A quantum computer will likely one day be able to break the encryption protecting the world's secrets. See how much faster such a machine could decrypt a password compared to a present-day supercomputer.

Encryption

Encryption Passwords Security

A critical flaw in OpenPGP.js lets attackers spoof message signatures

Security Affairs

MAY 21, 2025

is an open-source JavaScript library that implements the OpenPGP standard for email and data encryption. It allows developers to integrate secure end-to-end encryption features directly into web applications, browser extensions, or server-side tools using JavaScript. allows spoofing of inline-signed or signed+encrypted messages.

Encryption

Encryption Libraries Security IT

European Police Disrupt Matrix Encrypted Service

Data Breach Today

DECEMBER 4, 2024

Platform Used for Drugs, Arms Trafficking and Money Laundering French and Dutch police led the takedown of an encrypted messaging platform used in international drug and arms trafficking. Dutch police discovered the app, named Matrix, on the phone of a criminal convicted in 2021 of murdering a journalist.

Encryption

ISMG Editors: How Arrest of Telegram CEO Affects Encryption

Data Breach Today

SEPTEMBER 6, 2024

Also: AI's Role in Cybersecurity; New Fraud Prevention Rules In the latest weekly update, ISMG editors discussed the implications of the recent arrest of Telegram's CEO in Paris for encrypted messaging services, the transformative impact of artificial intelligence in cybersecurity, and the latest regulations designed to curb fraud in electronic payments. (..)

Encryption

Encryption Artificial Intelligence Cybersecurity

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Trusted by millions of individuals and thousands of organizations, Keeper is the leader for best-in-class password and passkey management, secrets management, privileged access, secure remote access and encrypted messaging.

Passwords

AMD fixed a flaw that allowed to load malicious microcode

Security Affairs

FEBRUARY 4, 2025

Researchers from Google disclosed an improper signature verification vulnerability, tracked asCVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV). AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode.

Encryption

Encryption Security Access Information Security

WhatsApp Backs Apple Over Encryption Fight With UK

Data Breach Today

JUNE 12, 2025

government over end-to-end encryption. WhatsApp CEO Says UK Request Sets "Dangerous Precedent" Instant messaging app WhatsApp is seeking to join Apple's legal battle with the U.K. Apple is challenging a Home Office order requiring the device maker to provide law enforcement with unencrypted copies of customer data.

Encryption

Encryption Government

If you're not working on quantum-safe encryption now, it's already too late

Collaboration 2.0

FEBRUARY 6, 2025

Quantum computers could soon break today's strongest encryption, putting sensitive data at risk. Let's dive deep into what this all means for telecommunications, security, AI, and our future.

Encryption

Encryption IT Risk Security

Akira ransomware gang used an unsecured webcam to bypass EDR

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. The ransomware group used an unsecured webcam to encrypt systems within atarget’s network, bypassing Endpoint Detection and Response (EDR). Akira successfully encrypted files across the network.

Ransomware

Ransomware IoT Encryption Passwords

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Security Affairs

DECEMBER 3, 2024

The threat actors had access to the company’s information technology systems and encrypted some of its data files. The preliminary investigation has revealed that a threat actor illegally accessed the Company’s information technology (“IT”) system and encrypted some of its data files.” ” reads the report filed with SEC.

Ransomware

Ransomware Encryption Cybersecurity Access

A New Era of Attacks on Encryption Is Starting to Heat Up

WIRED Threat Level

MARCH 14, 2025

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more crude than those in recent years, experts say.

Encryption

Encryption Privacy Security

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Security Affairs

MAY 29, 2025

Two of the images were fake, one of them contained an encrypted payload, the other a DLL used to decrypt and launch the malicious code when the victim clicked the link. The malware encrypts both data and commands using XOR keys and compresses messages with LZNT1. A decoy PDF was shown to avoid suspicion. ” continues the report.

IT

IT Encryption Government Communications

Oracle privately notifies Cloud data breach to customers

Security Affairs

APRIL 6, 2025

A threat actor using the moniker rose87168 claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including encrypted credentials. Oracle is privately notifying customers of a breach affecting usernames, passkeys, and encrypted passwords, with the FBI and CrowdStrike investigating the incident.

Data breaches

Data breaches Cloud Encryption Communications

The U.S. House banned WhatsApp on government devices due to security concerns

Security Affairs

JUNE 24, 2025

“nuto has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use,” reads an email sent by Chief Administrative Officer and obtained by Axios. ” continues the email.

Government

Government Security Encryption Risk

China-linked APT Mustang Panda upgrades tools in its arsenal

Security Affairs

APRIL 17, 2025

Rolling XOR Key: Utilized for encrypting communications with the command-and-control (C2) server, with key sizes varying among variants. Once active, it proxies traffic between infected devices and command-and-control servers using TCP sockets and FakeTLS, encrypting data with a custom XOR-based algorithm. ” concludes the report.

IT

IT Archiving Encryption Communications

Play ransomware group hit 900 organizations since 2022

Security Affairs

JUNE 6, 2025

The report also provides information on a Play ransomware ESXi variant that shuts down all virtual machines and encrypts their files using randomly generated keys for each file. Each ransomware binary is recompiled, making detection harder. ” concludes the report.

Ransomware

Ransomware Encryption Cybersecurity Cloud

184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach

Collaboration 2.0

JUNE 20, 2025

The file was completely exposed - no encryption, no password protection, no security - just a plain text document containing millions of sensitive data entries.

Passwords

Passwords Data breaches Encryption Security

Save 20% on this encrypted Kingston portable SSD to lock down your data

Collaboration 2.0

MAY 29, 2025

The Kingston IronKey Vault Privacy 80 features real-time AES-256 bit encryption, dual read-only modes, and password protection. The 2TB version is on sale right now at Amazon.

Encryption

Encryption Sales Passwords Privacy

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Security Affairs

JUNE 24, 2025

SLIMAGENT captures screenshots using Windows APIs, encrypts them with AES and RSA, and stores them locally with timestamped filenames. Both tools are stealthy, use strong encryption, and exploit legitimate cloud services to avoid detection, highlighting modern APT tactics.

Phishing

Phishing Encryption Military Communications

Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer

Security Affairs

JUNE 13, 2025

Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. Trend Micro address remote code execution and authentication bypass vulnerabilities impacting its Endpoint Encryption (TMEE) PolicyServer and Apex Central solutions. ” reads the advisory.

Encryption

Encryption Authentication Security Cybersecurity

Indian Court ordered to block email service Proton Mail

Security Affairs

APRIL 30, 2025

Proton Mail is a Swiss-based email service offering end-to-end encryption to ensure that only the sender and recipient can read the messages. The company employs client-side encryption, meaning emails are encrypted on the user’s device before being sent to Proton’s servers, enhancing user privacy and security.

Encryption

Encryption Privacy Communications Government

US authorities have indicted Black Kingdom ransomware admin

Security Affairs

MAY 4, 2025

“The ransomware either encrypted data from victims computer networks or claimed to take that data from the networks. Black Kingdom ransomware was first spotted in late February 2020 by security researcher GrujaRS , the ransomware encrypts files and appends the.DEMON extension to filenames of the encrypted documents.

Ransomware

Ransomware Encryption Security IT

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

JANUARY 10, 2025

A version discovered by Check Point in September relied on Apple’s XProtect encryption algorithm for obfuscation, allowing it to evade antivirus detection until its source code leak in November. Elastic researchers noticed that regarding Safari, only the cookies are collected by the AppleScript script for the current version.

Archiving

Archiving Phishing Encryption Passwords

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs

MAY 18, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape PupkinStealer : A.NET-Based Info-Stealer Interlock ransomware evolving under the radar Technical Analysis of TransferLoader Sophisticated NPM Attack Leveraging Unicode Steganography and Google Calendar C2 Horabot Unleashed: (..)

Security

Security Mining Phishing Encryption

NailaoLocker ransomware targets EU healthcare-related entities

Security Affairs

FEBRUARY 20, 2025

The NailaoLocker ransomware does not scan network shares, cannot stop services or processes that could prevent the encryption of certain important files, and does not control if it is being debugged. locked extension to the filenames of encrypted files. The malware uses asymmetric encryption algorithm AES-256-CTR.

Ransomware

Ransomware Healthcare Encryption Access

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Security Affairs

APRIL 30, 2025

The RAT supports advanced evasion techniques, including living-off-the-land ( LOTL ) tactics and encrypted command and control (C2) communications. opendnsapi.net), and uses IPFS to retrieve encrypted modules. Since mid-2022, theyve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft.

Encryption

Encryption Ransomware Phishing Communications

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

Security Affairs

NOVEMBER 18, 2024

The healthcare center discovered that a threat actor accessed and encrypted files on their systems between September 5, 2024 and September 8, 2024. This investigation showed that an unknown person accessed and encrypted files on our systems between September 5, 2024 and September 8, 2024.”

Ransomware

Ransomware Encryption Insurance Personal data

New MassJacker clipper targets pirated software seekers

Security Affairs

MARCH 15, 2025

The malware, dubbed PackerE, downloads an encrypted DLL (PackerD1) that employs multiple anti-analysis techniques. It uses a configuration file with regex patterns to detect cryptocurrency wallet addresses and C2 addresses for downloading encrypted wallet lists (recovery.dat and recoverysol.dat).

Encryption

Encryption File names Communications Ransomware

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

Security Affairs

JULY 5, 2025

NimDoor is written in Nim, uses encrypted communications, and steals data like browser history and Keychain credentials. “Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss , the TLS-encrypted version of the WebSocket protocol.”

Encryption

Encryption Communications Phishing IT

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 22, 2024

The security breach exposed low-sensitivity performance monitoring data, including customer usernames, account info, and encrypted internal credentials. A threat actor exploited a zero-day vulnerability in a non-Rackspace utility bundled with the ScienceLogic application. Rackspace helped ScienceLogic address this issue.

IT

IT Cybersecurity Encryption Cloud

Russia-linked APT TAG-110 uses targets Europe and Asia

Security Affairs

NOVEMBER 25, 2024

XOR encryption) and persists via scheduled tasks with mshta.exe. CHERRYSPY, a Python backdoor, enables encrypted data exfiltration using RSA and AES. The APT used HATVIBE loader to deliver malware like CHERRYSPY, threat actors often rely on malicious emails or exploited web vulnerabilities. HATVIBE uses obfuscation (e.g.,

Military

Military Phishing Encryption Education

J-magic malware campaign targets Juniper routers

Security Affairs

JANUARY 24, 2025

The reverse shell issued a challenge by sending an encrypted string using a hard-coded certificate. When a magic packet was detected, the agent spawned a reverse shell to the IP address and port specified by the packet. If the remote user returned the correct string, they were granted a command shell; otherwise, the connection was closed.

Encryption

Encryption Access Security IT

With Threats to Encryption Looming, Signal’s Meredith Whittaker Says ‘We’re Not Changing’

WIRED Threat Level

DECEMBER 3, 2024

At WIRED’s The Big Interview event, the president of the Signal Foundation talked about secure communications as critical infrastructure and the need for a new funding paradigm for tech.

Encryption

Encryption Communications Security Privacy

A ransomware attack pushed the German napkin firm Fasana into insolvency

Security Affairs

JUNE 20, 2025

” Fasana suffered a fast-spreading ransomware attack by a known group, locking systems and encrypting files. This is malware that can lock computers and encrypt files.” An employee who arrived at the company in the morning even found extortion notes in the printers.” No gang claimed responsibility.

Ransomware

Ransomware Encryption Manufacturing Paper

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

The ZIP file is then XOR encrypted, base64 encoded, and sent via a POST request to a specified URL using the built-in cURL command. Banshee Stealer can also steal cryptocurrency from different wallets, including Exodus, Electrum, Coinomi, Guarda, Wasabi Wallet, Atomic and Ledger. concludes the report.

Archiving

Archiving Encryption Passwords IT

A new variant of Cicada ransomware targets VMware ESXi systems

Security Affairs

SEPTEMBER 2, 2024

ui : Displays real-time progress and statistics of the encryption process, such as the number of files encrypted. no_vm_ss : Encrypts files on ESXi hosts without shutting down running virtual machines, using the esxicli terminal and deleting snapshots. The ransomware uses a function called encrypt_file to handle file encryption.

Ransomware

Ransomware Encryption Libraries IT

DoNot APT is expanding scope targeting European foreign ministries

Security Affairs

JULY 9, 2025

It gathers system info, encrypts it with AES, and communicates with a C2 server over HTTPS, possibly downloading and executing a second-stage payload (“socker.dll”) via further scheduled tasks. Once executed, it creates a mutex to prevent multiple instances, drops a batch file for persistence via scheduled tasks.

Phishing

Phishing Passwords Archiving Cybersecurity

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

TIM.exe then loads a malicious launcher DLL libcurl.dll whichwilldecrypt and load the PLAYFULGHOST payload from an encrypted file named Debug.log.” . “Then, the LNK file launches QQLaunch.exe , a legitimate binary from Tencent QQ, which launches another legitimate binary TIM.exe which is a renamed version of the program CURL.

File names

File names Archiving Phishing Encryption

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

Security Affairs

JUNE 9, 2025

The latest DVR-focused variant is also built on Mirai’s foundation but introduces new features like RC4 string encryption, anti-virtual machine checks, and anti-emulation tactics. .” The Mirai botnet’s source code , made public nearly a decade ago, has since been widely reused and modified by cybercriminals to power large-scale botnets.

Honeypots

Honeypots IoT Encryption Cybersecurity

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Codefinger ransomware gang uses compromised AWS keys to encrypt S3 bucket

Webinars

Trending Sources

Around 3.3 million POP3 and IMAP mail servers lack TLS encryption

Webinars

Bitdefender released a decryptor for the ShrinkLocker ransomware

The Modern Encryption Software Checklist: The Secret to Understanding Your Data Security Needs

See How Much Faster a Quantum Computer Will Crack Encryption

A critical flaw in OpenPGP.js lets attackers spoof message signatures

European Police Disrupt Matrix Encrypted Service

ISMG Editors: How Arrest of Telegram CEO Affects Encryption

Prevent Data Breaches With Zero-Trust Enterprise Password Management

AMD fixed a flaw that allowed to load malicious microcode

WhatsApp Backs Apple Over Encryption Fight With UK

If you're not working on quantum-safe encryption now, it's already too late

Akira ransomware gang used an unsecured webcam to bypass EDR

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

A New Era of Attacks on Encryption Is Starting to Heat Up

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Oracle privately notifies Cloud data breach to customers

The U.S. House banned WhatsApp on government devices due to security concerns

China-linked APT Mustang Panda upgrades tools in its arsenal

Play ransomware group hit 900 organizations since 2022

184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach

Save 20% on this encrypted Kingston portable SSD to lock down your data

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer

Indian Court ordered to block email service Proton Mail

US authorities have indicted Black Kingdom ransomware admin

Banshee macOS stealer supports new evasion mechanisms

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

NailaoLocker ransomware targets EU healthcare-related entities

Russia-linked group Nebulous Mantis targets NATO-related defense organizations

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

New MassJacker clipper targets pirated software seekers

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

U.S. CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog

Russia-linked APT TAG-110 uses targets Europe and Asia

J-magic malware campaign targets Juniper routers

With Threats to Encryption Looming, Signal’s Meredith Whittaker Says ‘We’re Not Changing’

A ransomware attack pushed the German napkin firm Fasana into insolvency

The source code of Banshee Stealer leaked online

A new variant of Cicada ransomware targets VMware ESXi systems

DoNot APT is expanding scope targeting European foreign ministries

PLAYFULGHOST backdoor supports multiple information stealing features

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

Stay Connected