April 10, 2024 at 07:58AM A hacker known as “ShopifyGUY” leaked 2GB of personal info from boAt customers in India. The company controls 26% of the wearables market and 40% of earbud sales. Despite selling for $2, the info appears genuine. Companies are advised to invest in anti-exfiltration tools and encrypt their databases to safeguard … Read more
March 18, 2024 at 03:56PM Microsoft will soon deprecate RSA keys shorter than 2048 bits in Windows TLS to enhance security. With 2048-bit keys offering greater strength, Microsoft’s decision aims to protect organizations from weak encryption. The move may affect older software and devices, but a grace period is likely before formal deprecation begins. Organizations … Read more
March 15, 2024 at 09:55AM A new variant of StopCrypt ransomware spotted utilizing multi-stage execution and evading security tools. STOP Djvu, a widely distributed ransomware, targets consumers for small ransom payments. Distributed via malvertising and adware bundles, it infects users with various malware. The new variant employs intricate execution mechanisms, posing a significant threat despite … Read more
March 13, 2024 at 03:32PM Nissan’s Oceania-region corporate and finance offices experienced a ransomware attack on Dec. 5, compromising sensitive data of around 100,000 individuals in Australia and New Zealand. The breach includes government IDs and other personal information of Renault-Nissan-Mitsubishi Alliance customers. The nature of the attack and the perpetrators have not been disclosed, … Read more
March 7, 2024 at 11:39AM France-based Zama, an open source cryptography company, raised $73 million in a Series A funding round, led by Multicoin Capital and Protocol Labs. Zama focuses on fully homomorphic encryption (FHE), allowing processing of encrypted data without decryption. It aims to make FHE accessible to developers, with solutions for blockchain and … Read more
February 7, 2024 at 10:40AM A recent YouTube video demonstrated how a Raspberry Pi Pico can exploit a vulnerability to access a BitLocker-secured device in under a minute. The technique involves intercepting the unencrypted key passed between the TPM and CPU, using affordable components. While Microsoft acknowledges such attacks, mitigations can be implemented through the … Read more
January 9, 2024 at 11:47AM Researchers from Cisco Talos and the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware, leading to the arrest of the operator. This variant emerged after the original malware leaked. The threat actor targeted Microsoft Exchange servers using ProxyShell exploits. Avast released a decrypter for Babuk … Read more
December 3, 2023 at 04:11PM Security researchers discovered an advanced Linux encryptor made by the Qilin ransomware gang targeting VMware ESXi servers. This customizable encryptor focuses on virtual machine encryption and snapshot deletion while offering a wide range of command-line options for operational flexibility. Qilin, which emerged from the “Agenda” operation, conducts double-extortion attacks and … Read more
November 29, 2023 at 04:39AM The Reading Borough Council apologized after recommending users to disable browser HTTPS to access its planning portal, which had faced a month-long outage due to technical issues. The council has since repaired the portal and restored secure access, while the decision-making behind the poor security advice remains unexplained. **Meeting Takeaways: … Read more
November 27, 2023 at 03:12PM Last Friday, a ransomware attack hit the “Ethyrial: Echoes of Yore” MMORPG, resulting in the loss of 17,000 player accounts and their in-game progress. The developers have decided not to pay the attackers and will manually restore the affected systems. Impacted players will receive their lost items and progress, along … Read more