Security News

A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate...

One of the requirements of eIDAS 2.0 is that browser makers trust government-approved Certificate Authorities and do not implement security controls beyond those specified by the European Telecommunications Standards Institute. When a browser visits that site, the website presents a public portion of its CA-issued certificate to the browser, and the browser checks the cert was indeed issued by one of the CAs it trusts, using the root certificate, and is correct for that site.

Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. Without DNR support, users must manually enter the info of encrypted DNS servers on their local area network within the network settings.

An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.

An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.

Comment Sanity appears to have prevailed in the debate over the UK Online Safety bill after the government agreed to ditch proposals - at least for the time being - to legislate the scanning of encrypted messages. In response to questions regarding the technical feasibility of scanning messages and the assessments that Ofcom must make, Lord Parkinson, a Digital, Culture, Media and Sport minister, said: "If the appropriate technology does not exist that meets these requirements, then Ofcom will not be able to use Clause 122 to require its use."

Only 22% of IT professionals reported that more than 60% of their sensitive data in the cloud is encrypted. According to the findings, on average, only 45% of cloud data is currently encrypted.

Phishers are using encrypted restricted-permission messages attached in phishing emails to steal Microsoft 365 account credentials. "The initial emails are sent from compromised Microsoft 365 accounts and appear to be targeted towards recipient addresses where the sender might be familiar."

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. RPMSG files are encrypted email message attachments created using Microsoft's Rights Management Services and offer an extra layer of protection to sensitive info by restricting access to authorized recipients.

Twitter has launched its 'Encrypted Direct Messages' feature allowing paid Twitter Blue subscribers to send end-to-end encrypted messages to other users on the platform. End-to-end encrypted DMs on Twitter have been a sought-after and massively requested feature that was teased and retracted in 2018.