encryption Archives

Royal Ransomware uses a unique “partial encryption approach” to evade detection

Cybersecurity Attacks, Malware, Phishing, Ransomware / Frank Crast / March 3, 2023 / CISA, Cobalt Strike, encryption, FBI, Ransomware, RMM, Royal, SysInternals, Zeon

CISA and FBI have published a joint cybersecurity alert on Royal ransomware used in recent cyberattacks as recently as January 2023. The ransomware uses a unique “partial encryption approach” to evade detection.

Royal Ransomware uses a unique “partial encryption approach” to evade detection Read More »

Microsoft report highlights Mac ransomware threats and techniques

Cybersecurity Articles, Cybersecurity Attacks, Malware / Frank Crast / January 7, 2023 / Defender, encryption, EvilQuest, FileCoder, KeRanger, macOS, MacRansom, malware, Microsoft, OSX, Ransomware

Microsoft has released new details on Mac ransomware threats, techniques and provided guidance on how to protect networks and systems from ransomware attacks.

Microsoft report highlights Mac ransomware threats and techniques Read More »

FBI releases Lockbit 2.0 ransomware-as-a-service IoCs

Cybersecurity Attacks, Malware / Frank Crast / February 11, 2022 / BlackCat, encryption, ESXi, LockBit, LockBit 2.0, RaaS, Ransomware, ransomware-as-a-service, VMware

The Federal Bureau of Investigation (FBI) has released new Indicators of Compromise (IoC) details on Lockbit ransomware-as-a-service (RaaS).

FBI releases Lockbit 2.0 ransomware-as-a-service IoCs Read More »

NSA: New guidance to eliminate obsolete TLS protocols

Authentication, Configuration Management, Cryptography, Cybersecurity Articles, Vulnerabilities & Exploits / Frank Crast / January 9, 2021 / CNSA, DES, DHE, ECDH, ECDH/ECDHE, encryption, IDEA, NIST SP 800-52, NSA, NULL, RC2, RC4, SSL, TDES/3DES, TLS, TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3

The National Security Agency (NSA) has issued new guidance to eliminate obsolete Transport Layer Security (TLS) protocol configurations (such as TLS 1.0, TLS 1.1, SSLv2, SSLv3 and weak ciphers).

NSA: New guidance to eliminate obsolete TLS protocols Read More »

Kr00k: Wi-Fi encryption vulnerability impacts billion+ devices

Cryptography, Network Security, Vulnerabilities & Exploits / Frank Crast / February 27, 2020 / CVE-2019-15126, encryption, ESET, Kr00k, KRACK, KrØØk, RSA, WiFi, WPA2

Security researchers have discovered a new vulnerability dubbed Kr00k (or “KrØØk”) that impacts devices with Broadcom and Cypress Wi-Fi chips.

Kr00k: Wi-Fi encryption vulnerability impacts billion+ devices Read More »

NSA: Guidance to mitigate cloud vulnerabilities

Cloud Security, Configuration Management, Cybersecurity Articles, Third-Party Security / Frank Crast / February 10, 2020 / Cloud, CSP, encryption, IAM, Key Management, least privilege, NSA, third party

The National Security Agency (NSA) has released guidelines to help organizations mitigate cloud vulnerabilities. The NSA document includes four classes of vulnerabilities at most risk to threat actors.

NSA: Guidance to mitigate cloud vulnerabilities Read More »

WannaCry, Petya and Copycat Ransomware Expose Good History Lessons for Small Business and Enterprise Security

Business Continuity & Resiliency, Cybersecurity Articles, Cybersecurity Attacks, Malware / Frank Crast / January 14, 2020 / Backup, encryption, MS17-010, Petya, Ransomware, WannaCry, Windows 7, Windows Server 2008, Windows XP

On May 12, 2017, the now infamous WannaCry ransomware burst onto the worldwide scene. WannaCry infected over 200,000 systems and 150 countries in just 3 days.

WannaCry, Petya and Copycat Ransomware Expose Good History Lessons for Small Business and Enterprise Security Read More »

Bluetooth BR/EDR supported devices vulnerable to cyber attacks

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / August 17, 2019 / bluetooth, BR/EDR, encryption, KNOB

Security researchers have identified a security vulnerability related to encryption on Bluetooth BR/EDR connections. As a result, an unauthenticated attacker near the vulnerable device could exploit the issue and escalate privileges or steal information.

Bluetooth BR/EDR supported devices vulnerable to cyber attacks Read More »

WordPress 5.2 “Jaco” comes with new security features

Cryptography, Security Updates & Patches / Frank Crast / May 10, 2019 / Cryptography, ED25519, encryption, Jaco, WordPress

WordPress version 5.2 dubbed “Jaco” is available for download and includes a number of new security features and improvements, such as digitally-signed updates, Site Health Check, and PHP error protection.

WordPress 5.2 “Jaco” comes with new security features Read More »

NIST SP 800-177 Revision 1: “Trustworthy Email”

Cryptography, Cybersecurity Articles, Messaging Security, Standards & Guidelines / Frank Crast / February 26, 2019 / 800-177, authentication, DKIM, DMARC, email, encryption, Messaging, NIST, SPF, TLS

The National Institute of Standards and Technology (NIST) has releases its Security Publication (SP) 800-177 Revision 1, that include security guidelines and recommendations for achieving “trustworthy email”.

NIST SP 800-177 Revision 1: “Trustworthy Email” Read More »