Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Encryption. Show all posts
Ransomware
Cyber Crime Data Extortion Encryption Files RansomHouse Ransomware

RansomHouse Develops More Complex Encryption for Recent Attacks

 


The ransomware group known as RansomHouse has recently enhanced the encryption mechanism used in its attacks, moving away from a basic, single-step process to a more advanced, multi-layered approach. This change reflects a deliberate effort to strengthen the effectiveness of its ransomware operations.

Earlier versions of the encryptor relied on a linear method, where data was transformed in one continuous pass. The updated version introduces multiple stages of processing, which results in stronger encryption, improved execution speed, and greater stability across modern systems. These improvements increase the pressure on victims by making encrypted data harder to recover and negotiations more favorable for attackers after systems are locked.

RansomHouse first appeared in late 2021 as a cybercrime group focused on data extortion, where stolen information was used as leverage rather than encryption alone. Over time, the group expanded its tactics and began deploying ransomware encryptors during attacks. It also developed an automated tool, known as MrAgent, designed to simultaneously encrypt multiple VMware ESXi hypervisors, a technique that allows attackers to disrupt large virtualized environments efficiently.

In more recent activity, security analysts observed RansomHouse using more than one ransomware strain during attacks on a major Japanese e-commerce company. This suggests a flexible operational strategy rather than reliance on a single malware family.

Further insight into the group’s evolving capabilities comes from a new analysis by cybersecurity researchers, who examined RansomHouse’s latest encryptor, internally referred to as “Mario.” This version introduces a two-stage data transformation process that relies on two different encryption keys: one substantially longer than the other. Using multiple keys increases the randomness of the encrypted output, making partial file recovery or reconstruction far more challenging.

The updated encryptor also changes how files are handled during the encryption process. Instead of treating all files the same way, it adjusts its behavior based on file size. Large files are processed in dynamically sized chunks, with encryption applied intermittently rather than continuously. This irregular pattern makes the malware harder to analyze because it avoids predictable processing behavior.

Researchers also noted improvements in how the encryptor manages memory. The newer version separates tasks across multiple buffers, with each buffer assigned a specific role during encryption. This design increases operational complexity and reduces inefficiencies found in earlier variants.

Another visible change is the amount of internal information displayed during file processing. Unlike older versions, which only indicated when encryption was complete, the new encryptor provides more detailed status output as it operates.

Despite these changes, the ransomware continues to focus on virtual machine-related files, renaming encrypted data with a new extension and placing ransom instructions across affected directories.

Security researchers caution that these upgrades indicate a troubling direction in ransomware development. While RansomHouse does not carry out attacks at the scale of larger ransomware groups, its continued investment in advanced encryption techniques points to a strategy centered on precision, resilience, and evasion rather than volume.

Read more »
USB
Backup Cyber Security Data protection Encryption storage USB

USB Drives Are Handy, But Never For Your Only Backup

 

Storing important files on a USB drive offers convenience due to their ease of use and affordability, but there are significant considerations regarding both data preservation and security that users must address. USB drives, while widely used for backup, should not be solely relied upon for safeguarding crucial files, as various risks such as device failure, malware infection, and physical theft can compromise data integrity.

Data preservation challenges

USB drive longevity depends heavily on build quality, frequency of use, and storage conditions. Cheap flash drives carry a higher failure risk compared to rugged, high-grade SSDs, though even premium devices can malfunction unexpectedly. Relying on a single drive is risky; redundancy is the key to effective file preservation.

Users are encouraged to maintain multiple backups, ideally spanning different storage approaches—such as using several USB drives, local RAID setups, and cloud storage—for vital files. Each backup method has its trade-offs: local storage like RAID arrays provides resilience against hardware failure, while cloud storage via services such as Google Drive or Dropbox enables convenient access but introduces exposure to hacking or unauthorized access due to online vulnerabilities.

Malware and physical risks

All USB drives are susceptible to malware, especially when connected to compromised computers. Such infections can propagate, and in some cases, lead to ransomware attacks where files are held hostage. Additionally, used or secondhand USB drives pose heightened malware risks and should typically be avoided. Physical security is another concern; although USB drives are inaccessible remotely when unplugged, they are unprotected if stolen unless properly encrypted.

Encryption significantly improves USB drive security. Tools like BitLocker (Windows) and Disk Utility (MacOS) enable password protection, making it more difficult for thieves or unauthorized users to access files even if they obtain the physical device. Secure physical storage—such as safes or safety deposit boxes—further limits theft risk.

Recommended backup strategy

Most users should keep at least two backups: one local (such as a USB drive) and one cloud-based. This dual approach ensures data recovery if either the cloud service is compromised or the physical drive is lost or damaged. For extremely sensitive data, robust local systems with advanced encryption are preferable. Regularly simulating data loss scenarios and confirming your ability to restore lost files provides confidence and peace of mind in your backup strategy.
Read more »
X
AI Cloud Data Encryption Privacy Signal WhatsApp X

User Privacy:Is WhatsApp Not Safe to Use?


WhatsApp allegedly collects data

The mega-messenger from Meta is allegedly collecting user data to generate ad money, according to recent attacks on WhatsApp. WhatsApp strongly opposes these fresh accusations, but it didn't help that a message of its own appeared to imply the same.  

The allegations 

There are two prominent origins of the recent attacks. Few experts are as well-known as Elon Musk, particularly when it occurs on X, the platform he owns. Musk asserted on the Joe Rogan Experience that "WhatsApp knows enough about what you're texting to know what ads to show you." "That is a serious security flaw."

These so-called "hooks for advertising" are typically thought to rely on metadata, which includes information on who messages whom, when, and how frequently, as well as other information from other sources that is included in a user's profile.  

End-to-end encryption 

The message content itself is shielded by end-to-end encryption, which is the default setting for all 3 billion WhatsApp users. Signal's open-source encryption protocol, which the Meta platform adopted and modified for its own use, is the foundation of WhatsApp's security. So, in light of these new attacks, do you suddenly need to stop using WhatsApp?

In reality, WhatsApp's content is completely encrypted. There has never been any proof that Meta, WhatsApp, or anybody else can read the content itself. However, the platform you are utilizing is controlled by Meta, and it is aware of your identity. It does gather information on how you use the platform.  

How user data is used 

Additionally, it shares information with Meta so that it can "show relevant offers/ads." Signal has a small portion of WhatsApp's user base, but it does not gather metadata in the same manner. Think about using Signal instead for sensitive content. Steer clear of Telegram since it is not end-to-end encrypted and RCS because it is not yet cross-platform encrypted.

Remember that end-to-end encryption only safeguards your data while it is in transit. It has no effect on the security of your content on the device. I can read all of your messages, whether or not they are end-to-end encrypted, if I have control over your iPhone or Android.

Read more »
spatial data
Cyber Security Encryption GPS Spoofing Location spatial data

Why Cybersecurity is Critical for Protecting Spatial Data



In a world where almost every service depends on digital connections, one type of information underpins much of our daily lives: spatial data. This data links activities to a place and time, revealing not just “where” something happens, but also “when,” “how,” and sometimes even “why.” Its importance spans a wide range of fields, including transportation, agriculture, climate science, disaster management, urban planning, and national security.


The power of spatial data

Spatial data is collected constantly by satellites, GPS receivers, drones, advanced sensors, and connected devices. Combined with 5G networks, cloud platforms, and artificial intelligence, this information is transformed from raw coordinates into actionable insights. It enables predictive models, smart city planning, and digital twins, virtual copies of physical systems that simulate real-world conditions. In short, spatial data is no longer static; it drives decisions in real time.


The security challenges

Its value, however, makes it a prime target for cyber threats. Three major risks stand out:

Loss of confidentiality: Unauthorized access to location data can expose sensitive details, from an individual’s daily routine to the supply routes of critical industries. This creates openings for stalking, fraud, corporate espionage, and even threats to national security.

Manipulation of data: One of the most dangerous scenarios is GPS spoofing, where attackers send fake signals to alter a device’s calculated position. If navigation systems on ships, aircraft, or autonomous vehicles are misled, the consequences can be catastrophic.

Denial of access: When spatial services are disrupted through jamming signals or cyberattacks: emergency responders, airlines, and logistics companies may be forced to halt operations. In some cases, entire networks have been shut down for days to contain breaches.

Securing spatial data requires a mix of governance, technical safeguards, and intelligence-led defences. Organizations must classify datasets by their sensitivity, since the location of a retail outlet carries far less risk than the coordinates of critical infrastructure. Training specialists to handle spatial data responsibly is equally important.

On the technical front, strong encryption, strict access controls, and continuous monitoring are basic necessities. Integrity checks and tamper detection can ensure that location records remain accurate, while well-tested recovery plans help reduce downtime in case of an incident.

Finally, intelligence-driven security shifts the focus from reacting to threats to anticipating them. By analysing attacker behaviour and emerging vulnerabilities, organizations can strengthen weak points in advance. Privacy-preserving techniques such as masking or differential privacy allow data to be used without exposing individuals. At the same time, technologies like blockchain add tamper resistance, and AI tools help detect anomalies at scale.

Spatial data has the power to make societies more efficient, resilient, and sustainable. But without strong cybersecurity, its benefits can quickly turn into risks. Recognizing its vulnerabilities and implementing layered protections is no longer optional, it is the only way to ensure that this valuable resource continues to serve people safely.



Read more »
Quantum
Cryptography Cyber Security Cybersecurity Encryption Q Day Quantum

Q Day: The Quantum Threat Businesses Must Prepare For

 

Q Day represents the theoretical moment when quantum computers become powerful enough to break current cryptographic methods and render existing encryption obsolete. While experts estimate this could occur within 10-15 years, the exact timing remains uncertain since quantum computers haven't yet reached their theoretical potential. 

The growing threat 

Major companies including IBM and Google, along with governments and startups, are rapidly advancing quantum computing technology. These machines have already evolved from handling a few quantum bits to managing hundreds, becoming increasingly sophisticated at solving complex problems. Though current quantum computers cannot yet break internet encryption protocols, the consensus among experts points to Q Day's eventual arrival. 

Government agencies are taking this threat seriously. The National Institute of Standards and Technology (NIST) has standardized post-quantum cryptographic algorithms, while Europe's ENISA focuses on implementation and certification schemes. The UK National Cyber Security Centre (NCSC) has established a three-phase timeline: discovery and planning by 2028, early migration by 2031, and full migration by 2035. 

Business preparation strategy 

Organizations should avoid panic while taking proactive steps. The preparation process begins with comprehensive IT asset auditing to identify what systems exist and which assets face the highest risk, particularly those dependent on public-key encryption or requiring long-term data confidentiality. 

Following the audit, businesses must prioritize assets for migration and determine what should be retired. This inventory process provides security benefits beyond quantum preparation. 

Current standards and timing 

NIST has published three post-quantum cryptographic standards (FIPS 203, 204, and 205) with additional standards in development. However, integration into protocols and widely-used technologies remains incomplete. Industry experts recommend following ETSI's Quantum Safe Cryptography Working Group and the IETF's PQUIP group for practical implementation guidance. 

The timing challenge follows what the author calls the "Goldilocks Theory" - preparing too early risks adopting immature technologies that increase vulnerabilities, while waiting too long leaves critical systems exposed. The key involves maintaining preparedness through proper asset inventory while staying current with post-quantum standards. 

Organizations have approximately six years maximum to plan and migrate critical assets according to NCSC timelines, though Q Day could arrive sooner, later, or potentially never materialize. The emphasis should be on preparation through foresight rather than fear.
Read more »
WhatsApp
Chats Encryption EU Privacy Social Media WhatsApp

EU's Chat Control Bill faces backlashes, will access encrypted chats

EU's Chat Control Bill faces backlashes, will access encrypted chats

The EU recently proposed a child sexual abuse (CSAM) scanning bill that is facing backlashes from the opposition. The controversial bill is amid controversy just a few days before the important meeting.

On 12 September, the EU Council will share its final assessment of the Danish version of what is known as “Chat Control.” The proposal has faced strong backlash, as it aims to introduce new mandates for all messaging apps based in Europe to scan users’ chats, including encrypted ones. 

Who is opposing?

Belgium and the Czech Republic are now opposing the proposed law, with the former calling it "a monster that invades your privacy and cannot be tamed." The other countries that have opposed the bill so far include Poland, Austria, and the Netherlands. 

Who is supporting?

But the list of supporters is longer, including important member states: Ireland, Cyprus, Spain, Sweden, France, Lithuania, Italy, and Ireland. 

Germany may consider abstaining from voting. This weakens the Danish mandate.

Impact on encrypted communications in the EU

Initially proposed in 2022, the Chat Control Proposal is now close to becoming an act. The vote will take place on 14 October 2025. Currently, the majority of member states are in support. If successful, it will mean that the EU can scan chats of users by October 2025, even the encrypted ones. 

The debate is around encryption provisions- apps like Signal, WhatsApp, ProtonMail, etc., use encryption to maintain user privacy and prevent chats from unauthorized access. 

Who will be affected?

If the proposed bill is passed, the files and things you share through these apps can be scanned to check for any CSAM materials. However, military and government accounts are exempt from scanning. This can damage user privacy and data security. 

Although the proposal ensures that encryption will be “protected fully,” which promotes cybersecurity, tech experts and digital rights activists have warned that scanning can’t be done without compromising encryption. This can also expose users to cyberattacks by threat actors. 

Read more »
Technology
AI Cryptography Encryption Identity Theft Policy Quantum computing Technology

Why Policy-Driven Cryptography Matters in the AI Era

 



In this modern-day digital world, companies are under constant pressure to keep their networks secure. Traditionally, encryption systems were deeply built into applications and devices, making them hard to change or update. When a flaw was found, either in the encryption method itself or because hackers became smarter, fixing it took time, effort, and risk. Most companies chose to live with the risk because they didn’t have an easy way to fix the problem or even fully understand where it existed.

Now, with data moving across various platforms, for instance cloud servers, edge devices, and personal gadgets — it’s no longer practical to depend on rigid security setups. Businesses need flexible systems that can quickly respond to new threats, government rules, and technological changes.

According to the IBM X‑Force 2025 Threat Intelligence Index, nearly one-third (30 %) of all intrusions in 2024 began with valid account credential abuse, making identity theft a top pathway for attackers.

This is where policy-driven cryptography comes in.


What Is Policy-Driven Crypto Agility?

It means building systems where encryption tools and rules can be easily updated or swapped out based on pre-defined policies, rather than making changes manually in every application or device. Think of it like setting rules in a central dashboard: when updates are needed, the changes apply across the network with a few clicks.

This method helps businesses react quickly to new security threats without affecting ongoing services. It also supports easier compliance with laws like GDPR, HIPAA, or PCI DSS, as rules can be built directly into the system and leave behind an audit trail for review.


Why Is This Important Today?

Artificial intelligence is making cyber threats more powerful. AI tools can now scan massive amounts of encrypted data, detect patterns, and even speed up the process of cracking codes. At the same time, quantum computing; a new kind of computing still in development, may soon be able to break the encryption methods we rely on today.

If organizations start preparing now by using policy-based encryption systems, they’ll be better positioned to add future-proof encryption methods like post-quantum cryptography without having to rebuild everything from scratch.


How Can Organizations Start?

To make this work, businesses need a strong key management system: one that handles the creation, rotation, and deactivation of encryption keys. On top of that, there must be a smart control layer that reads the rules (policies) and makes changes across the network automatically.

Policies should reflect real needs, such as what kind of data is being protected, where it’s going, and what device is using it. Teams across IT, security, and compliance must work together to keep these rules updated. Developers and staff should also be trained to understand how the system works.

As more companies shift toward cloud-based networks and edge computing, policy-driven cryptography offers a smarter, faster, and safer way to manage security. It reduces the chance of human error, keeps up with fast-moving threats, and ensures compliance with strict data regulations.

In a time when hackers use AI and quantum computing is fast approaching, flexible and policy-based encryption may be the key to keeping tomorrow’s networks safe.

Read more »
Vulnerability
AI Cybersecurity Data Encryption Hacking Passwords penetration redteam SharePoint Vulnerabilities and Exploits Vulnerability

Pen Test Partners Uncovers Major Vulnerability in Microsoft Copilot AI for SharePoint

 

Pen Test Partners, a renowned cybersecurity and penetration testing firm, recently exposed a critical vulnerability in Microsoft’s Copilot AI for SharePoint. Known for simulating real-world hacking scenarios, the company’s redteam specialists investigate how systems can be breached just like skilled threatactors would attempt in real-time. With attackers increasingly leveraging AI, ethical hackers are now adopting similar methods—and the outcomes are raising eyebrows.

In a recent test, the Pen Test Partners team explored how Microsoft Copilot AI integrated into SharePoint could be manipulated. They encountered a significant issue when a seemingly secure encrypted spreadsheet was exposed—simply by instructing Copilot to retrieve it. Despite SharePoint’s robust access controls preventing file access through conventional means, the AI assistant was able to bypass those protections.

“The agent then successfully printed the contents,” said Jack Barradell-Johns, a red team security consultant at Pen Test Partners, “including the passwords allowing us to access the encrypted spreadsheet.”

This alarming outcome underlines the dual-nature of AI in informationsecurity—it can enhance defenses, but also inadvertently open doors to attackers if not properly governed.

Barradell-Johns further detailed the engagement, explaining how the red team encountered a file labeled passwords.txt, placed near the encrypted spreadsheet. When traditional methods failed due to browser-based restrictions, the hackers used their red team expertise and simply asked the Copilot AI agent to fetch it.

“Notably,” Barradell-Johns added, “in this case, all methods of opening the file in the browser had been restricted.”

Still, those download limitations were sidestepped. The AI agent output the full contents, including sensitive credentials, and allowed the team to easily copy the chat thread, revealing a potential weak point in AI-assisted collaborationtools.

This case serves as a powerful reminder: as AItools become more embedded in enterprise workflows, their securitytesting must evolve in step. It's not just about protecting the front door—it’s about teaching your digital assistant not to hold it open for strangers.

For those interested in the full technical breakdown, the complete Pen Test Partners report dives into the step-by-step methods used and broader securityimplications of Copilot’s current design.

Davey Winder reached out to Microsoft, and a spokesperson said:

“SharePoint information protection principles ensure that content is secured at the storage level through user-specific permissions and that access is audited. This means that if a user does not have permission to access specific content, they will not be able to view it through Copilot or any other agent. Additionally, any access to content through Copilot or an agent is logged and monitored for compliance and security.”

Further, Davey Winder then contacted Ken Munro, founder of Pen Test Partners, who issued the following statement addressing the points made in the one provided by Microsoft.

“Microsoft are technically correct about user permissions, but that’s not what we are exploiting here. They are also correct about logging, but again it comes down to configuration. In many cases, organisations aren’t typically logging the activities that we’re taking advantage of here. Having more granular user permissions would mitigate this, but in many organisations data on SharePoint isn’t as well managed as it could be. That’s exactly what we’re exploiting. These agents are enabled per user, based on licenses, and organisations we have spoken to do not always understand the implications of adding those licenses to their users.”
Read more »
Subscribe to: Comments (Atom)