Global Post-Quantum Cryptography Market by Product Types, By Application, By End-user industry Outlook, and By Geography (Asia-Pacific, North America, Europe, South America, and the Middle East & Africa), Segments and Forecasts from 2022-2028

The key data supplied in this Post-Quantum Cryptography market research report makes it simple to improve product offerings. Changing company practices is critical for achieving large profits, and this is feasible owing to the supply chain and value supplied here. The competitor strategy offered here for the forecast period 2022-2028 enables businesses to make key business decisions. The major facts and insights offered here assist in strategic planning and achieving corporate objectives. With the help of the main methodologies presented in this Post-Quantum Cryptography market study report, it becomes simple to discover and use trends. By implementing the substantial proof and clearer understanding here, industry players can achieve high levels of success in their businesses. The research paper provides an in-depth understanding of many sectors as well as specializations. It also helps major players come up with the greatest marketing strategies for their items to be profitable and diversify their product line. The Post-Quantum Cryptography market research analysis is important when it comes to the launch of new products or the certification of a brand.

Get a Full PDF Sample Copy of the Report: (Including Full TOC, List of Tables and Figures, and Chart) at https://www.eonmarketresearch.com/sample/92398

Scope of the Global Post-Quantum Cryptography Market

This Post-Quantum Cryptography market study explains the company objectives to help major companies avoid potential competitors. Setting a purpose and creating a strong strategic plan will undoubtedly assist businesses in overcoming challenges and adjusting their operations accordingly. Post-Quantum Cryptography market research easy-to-understand language succeeds in achieving the goal of assisting various important participants at various stages of the business by facilitating communication. It also explains the primary strategies, gives important information, suggestions, and conclusions, and clarifies the goals. This thorough yet effective Post-Quantum Cryptography market report grabs the readers attention by providing precise facts in easy-to-understand language. As a result, it achieves the goal of leaving a lasting imprint on the readers mind.

Inquiry Post-Quantum Cryptography Market Report at https://www.eonmarketresearch.com/enquiry/92398

Post-Quantum Cryptography Market Outlook

Impact of COVID-19 on the Global Post-Quantum Cryptography Market

This section of the Post-Quantum Cryptography market report discusses the worldwide impact of the covid epidemic on business. This report details the impact on manufacturing activities, production, demand, logistics management, and distribution channels. Researchers have identified the steps or strategies that corporations are employing to combat the impact of COVID-19. Theyve also identified exciting possibilities that will emerge after COVID-19. This will allow players to take advantage of opportunities to recoup losses and stabilize their operations.

Post-Quantum Cryptography Market Segmentation

Post-Quantum Cryptography Market Competitor Outlook, this report covers ID Quantique, SeQureNet, Quintessence Labs, MagiQ Technologies, Toshiba, QuantumCTek, Qasky, QudoorThe market environment for the Post-Quantum Cryptography market contains information on each manufacturer. Corporate governance, profitability, income generated, potential growth, r and d investments, emerging market proposals, international presence, production sites, and infrastructure, business strengths and limitations, public offering, clinical research infrastructure, concepts, product approvals, patent applications, merchandise width and breadth, software dominance, and innovation lifeline curve are among the information included. The information presented herein is only about the organizations concentration on the global Post-Quantum Cryptography market.

Click Here to Download Free Sample Report (Get Detailed Analysis in PDF 151 Pages)

Product Type Outlook (Revenue, USD Billion; 2022 2028) Lattice-based Cryptography, Multivariate Cryptography, Hash-based Cryptography, Code-based Cryptography

Application/ End-user Industry Outlook (Revenue, USD Billion; 2022 2028) Financial, Government, Military & Defense, Others

Region Outlook (Revenue, USD Billion; 2022 2028) North Americao USo Canadao Mexico Europeo Germanyo UKo Franceo Italyo Spaino Beneluxo Rest of Europe Asia Pacifico Chinao Indiao Japano South Koreao Rest of Asia Pacific Latin Americao Brazilo Rest of Latin America Middle East and Africao Saudi Arabiao UAEo South Africao Rest of Middle East & Africa

Objectives of the Post-Quantum Cryptography market research report:

To identify the various subsegments of the Post-Quantum Cryptography market to better understand its dynamics. Identifies describes, and analyses the volume of sales, value, market dominance, Post-Quantum Cryptography market competitive landscape, PESTEL analysis, and development strategies for the major worldwide Post-Quantum Cryptography producers over the next several years. To examine the individual growth trends, career outlook, and proportion to the entire market for the Post-Quantum Cryptography market. To disseminate a precise overview of the most important aspects impacting Post-Quantum Cryptography market growth (growth potential, opportunities, drivers, industry-specific challenges, and risks). Analyze commercial movements in the Post-Quantum Cryptography market, such as market expansions, partnerships, new product launches, and acquisitions. To develop a strategic analysis of the prominent stakeholders and a thorough analysis of their business expansion.

Reasons to buy the global Post-Quantum Cryptography market

This research identifies the region and market sector that is likely to expand the fastest and dominate the Post-Quantum Cryptography industry. Market analysis of Post-Quantum Cryptography by region, covering the consumption of the manufacturer in each country as well as the factors that influence the market within each region. The market environment includes the top players market rankings, as well as new service/product announcements, collaborations, company growth, and acquisitions made by the companies profiled in the previous five years. For the top Post-Quantum Cryptography market players, extensive company profiles with business overviews, company insights, product evaluations, and SWOT analyses are available. The companys present and future outlook in light of recent changes (which include both advanced and developing regions growth possibilities and drivers, as well as difficulties and restraints).

Browse Complete Post-Quantum Cryptography Market Report Details with Table of contents and list of tables athttps://www.eonmarketresearch.com/post-quantum-cryptography-market-92398

About: Eon Market Research (EMR) is a specialized market research, analytics, and solutions company, offering strategic and tactical support to clients for making well-informed business decisions. We are a team of dedicated and impassioned individuals, who believe strongly in giving our very best to what we do and we never back down from any challenge. Eon Market Research offers services such as data mining, information management, and revenue enhancement solutions and suggestions. We cater to industries, individuals, and organizations across the globe, and deliver our offerings in the shortest possible turnaround time.

Contact: 8345 NW 66th St Miami, Florida, Zip 33195 United States Email: [emailprotected]

Read more:
Post-Quantum Cryptography Market by Competitive Vendors in Top Regions and Countries, Development Trends, Threats, Opportunities and Forecast to 2028-...

End-to-end Encryption is a popular term used by many big tech companies these days. We have seen big tech companies like Apple, Google, Meta, and Microsoft use this End-to-end Encryption in their apps or services or during a keynote of a major event. End-to-End Encryption is also sometimes referred to as E2EE.

It is a system of communication where only the sender and the receiver will be able to read the message and not any other third parties. Many popular apps and services use E2EE for communication over messages as well as calls. In this article, we will learn more about End-to-end Encryption starting from its definition and then we will take a look at how End-to-end Encryption works. Lastly, we will also take a look at how it protects and the advantages and disadvantages of this service. Lets get started.

Before we jump into the meaning of End-to-end Encryption, let us take a look at what data encryption means. Data encryption is the process of using an algorithm to transfer regular text characters into an unreadable format. This process uses encryption keys to scramble data so that only authorized users can read it.

End-to-end encryption uses this same process too, but it takes a step further by securing communications/messages from one endpoint to another. End-to-end encryption prevents any third parties from accessing data while its transferred from one user device or another device. End-to-end Encryption is also popularly known as E2EE.

Also Read: [Explained] What is Card Tokenization? How it Works, Benefits, Risks, and More

The End-to-end Encryption process starts with cryptography, which is a method for protecting information by transforming it into an unreadable format called ciphertext. Only users who possess a secret key can decrypt the message into plaintext. With E2EE, the sender or creator encrypts the data, and only the intended receiver or reader can decrypt it. Not even hackers or other third parties can access the encrypted data on the server, which makes the data extremely safe. E2EE provides the gold standard for protecting communication.

In End-to-end encryption, the encryption happens at the device level. Meaning, that the messages and files are encrypted before they leave the phone/computer and arent decrypted until it reaches their destination, which can be another phone/computer. This is one of the main reasons that hackers cannot access data on the server because they do not have the private keys to decrypt the data. The secret keys are stored with the individual user on their device which makes it much harder to access an individuals data as well.

The security behind end-to-end encryption is enabled by the creation of a public-private key pair. This process is known as asymmetric cryptography. Asymmetric or public-key cryptography encrypts and decrypts the data using two separate cryptographic keys. The public key is used to encrypt a message and send it to the public keys owner. Thereafter, the message can only be decrypted using a corresponding private key, also known as a decryption key.

In end-to-end encryption, the system creates public and private cryptographic keys for each person who joins.

Also Read: Convert JSON File to Microsoft Excel File: How to Convert JSON File in Excel Using Inbuilt Tools and Third-Party Apps

Compared to other systems, End-to-end Encryption offers encrypting and decrypting of messages at endpoints only, which is on the senders and receivers devices. The usage of single-key/secret key encryption provides an unbroken layer of encryption from sender to recipient, but it uses only one key to encrypt messages. E2EE also makes sure that the messages are secure and safe from hacks. Since the E2EE messages cant be read on any servers, providers like Google, Apple, Microsoft, etc wont be able to look into your data.

These aforementioned additions make End-to-end Encryption different from any other type of encryption.

With E2EE, messages sent can only be read by the receiver who has the keys to decrypt the message. This means no one can read the messages even on the server because they do not have the private keys to decrypt the data. Only the recipient can read the message. Next, End-to-end encryption also protects against tampering with encrypted messages.

While the key exchange is considered unbreakable using known algorithms, there are certain things that E2EE doesnt protect from. The following can be considered as some of the weaknesses of E2EE.

Also Read: Telegram Channels: How to Find and Join Telegram Channels on Android, iOS Mobiles and PC

While E2EE protects the actual message, the metadata such as date, time, and participants in the exchange are not encrypted.

As said multiple times, E2EE only protects data between the endpoints, This means the endpoints themselves are vulnerable to attack. This is also one of the prime reasons for enterprises to implement endpoint security to prevent data misuse and protect data beyond in-transit.

Although a hacker cant read any message in transit, he/she can impersonate the intended recipient, swap the decryption key and forward the message to the actual recipient without being detected.

Also Read: SBI KYC Update Online: How to Submit State Bank of India KYC Documents Online to Update Your Account

Now that you are aware of what E2EE is and how it works, here are some of the popular apps and services that use E2EE.

Also Read: Masked Aadhaar Card: How to Create Masked Aadhaar Card Using Different Methods

Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page

More:
End-to-End Encryption: What is End-to-End Encryption, How Does it Work, What Does it Protect From, and More - MySmartPrice

Trove of Chinese Police Files Offered for Sale on the Dark Web

An unidentified hacker has listed a database for sale containing the records of over one billion Chinese citizens. The database was likely created by the Shanghai police department and contains informationfrom 1995 to 2019 such as citizens names, phone numbers, birthplaces, and national ID numbers. If the leak is legitimate, it would represent one of the largest disclosures of personal information ever. The hacker posted hundreds of thousands of entries online as proof of the existence and authenticity of the database, and reporters called several people listed in the database, who confirmed their information was correct. In a sign of the severity of the leak, Chinese social media platforms began censoring hashtags such as data leak and Shanghai national security database breach. Researchers speculated that the hacker may have gained access to the data after a developer inadvertently included the login information to the database in a blog post.

Canada's National Police Force Details Use of Spyware to Hack Phones

The Royal Canadian Mounted Police (RCMP) disclosed how they use spyware to infiltrate mobile devices to collect information on serious criminal cases. The agency has admitted to using spyware in ten investigations between 2018 and 2020. RCMP admitted it has previously used spyware to collect a wide range of data including text messages, calendar entries, financial records, and even audio recordings of private conversations or photographic images of surroundings within range of a targeted device. In justifying their use of the spyware, the RCMP noted that the increased use of encrypted communication requires police departments to update their tools to remain effective in the digital era. Spyware has become a major topic in the past year, especially the NSO Groups Pegasus spyware, which has been used improperly by numerous governments worldwide.

The United States Reveals Four Cryptographic Algorithms to Withstand Quantum Computing

More on:

Cybersecurity

China

European Union

The U.S. Department of Commerces National Institute of Standards and Technology (NIST) has revealed the first group of encryption tools that will be used to protect against quantum computers. Quantum computing has the potential to crack the encryption widely used in vital systems such as online banking and email software. While full-scale quantum computers are likely at least five years away, China has reportedly begun stockpiling encrypted communications in the event that quantum computers are able to decode them later. The four encryption algorithms NIST selected will become part of their post-quantum cryptographic standard that will be released in 2024. Despite the two-year timeline NIST has proposed, the agency strongly recommends that organizations start preparing for the transition immediately by following the Post-Quantum Cryptography Roadmap. Amongst other detailed recommendations, the roadmap suggests organizations take inventory of current cryptographic practices, create a plan for the transition, and alert the organizations IT department of the upcoming transition.

European Union Passes Two Major Technology Regulations

Net Politics

CFR experts investigate the impact of information and communication technologies on security, privacy, and international affairs.2-4 times weekly.

Digital and Cyberspace Policy program updates on cybersecurity, digital trade, internet governance, and online privacy.Bimonthly.

A summary of global news developments with CFR analysis delivered to your inbox each morning.Most weekdays.

A weekly digest of the latestfrom CFR on the biggest foreign policy stories of the week, featuring briefs, opinions, and explainers. Every Friday.

The European Parliament formally passed two major pieces of digital policy earlier this week, the Digital Services Act, which forces the platforms to take down illegal content more aggressively, and the Digital Markets Act, which bans companies from self preferencing their own apps or services. The two acts are aimed specifically at companies the European Union has termed gatekeepers, large technology companies including Apple, Google, Facebook, and Microsoft, that could stifle competition and deter smaller rivals. Gatekeepers are defined several ways, including both qualitative and quantitative measures such as either 65 billion in global market capitalization, or at least 45 million active monthly users in the EU. T. The acts will also levy fines of up to 10% total worldwide revenue for the previous year, or 20% for companies that repeatedly violate either act. While some internet advocacy groups hailed the passage of the legislation, others said that the agencies tasked with enforcing the laws are still under resourced, which could blunt the effectiveness of the laws.

United States Asks Dutch Semiconductor Equipment Manager to Stop Selling to China

In an effort to thwart the growth of the Chinese microchip manufacturing industry, the U.S. government asked the Dutch government to stop ASML, one of the most prominent manufacturers of photolithographic equipment, from selling machinery to China. Photolithographic systems are essential to the production of newer microchips, and China has struggled to develop a domestic alternative to ASMLs products. ASML is already banned from selling its most advanced equipment to Chinese firms, but U.S. officials are now trying to prevent ASML from selling older generation photolithography systems to China. While restricting sales of photolithographic equipment further would deal a major blow to the Chinese microchip industry, some have argued that the Dutch are unlikely to agree to such an aggressive step, especially given the fact that sales in China account for 15 percent of ASMLs revenue and the damage such a move would do to relations between the Netherlands and China.

More on:

Cybersecurity

China

European Union

Excerpt from:
Cyber Week in Review: July 7, 2022 - Council on Foreign Relations

At a glance.

Sunday afternoon the British Ministry of Defence Press Officetweeteda terse announcement that the MoD was aware of a cyber incident: "We are aware of a breach of the Armys Twitter and YouTube accounts and an investigation is underway.The Army takes information security extremely seriously and is resolving the issue. Until their investigation is complete it would be inappropriate to comment further." The Army'sown feedtook an apologetic line towards any disappointed followers: "Apologies for the temporary interruption to our feed. We will conduct a full investigation and learn from this incident. Thanks for following us and normal service will now resume." It took the British Army about five hours to wrest back control of its Twitter account, the Telegraphreports.

It's unknown who hijacked the accounts or why, and the MoD isn't saying anything until it understands what happened. The Telegram, quick to suspect the worst of the Russians, asked if the incident was a Russian operation, but the MoD had no comment--as they've said, they're not jumping to conclusions until they know more. Bitdefendernotesthat many have jumped to the conclusion that the incident must have been the work of a nation-state's espionage services, but it has an alternative explanation, arguably more probable: it was possibly crypto bros working an NFT scam. They note that the hijacked YouTube account featured an NFT come-on with the inevitable bogus Elon Musk attribution.

According toreportslast weekend, the group Ghiam Sarnegouni ("Uprising till Overthrow," apparently a group of anti-Tehran hacktivists), conducted a large operation against Iran's Islamic Culture and Communication Organization (ICCO). Six sites were hijacked and fifteen others were defaced with pictures of Iranian Resistance leaders Massoud Rajaivi and Maryam Rajavi. Forty-four servers, a large number of endpoints, and at least thirty-five ICCO databases were wiped. Before the systems were wiped, the hacktivists are believed to have obtained ICCO data that include information about money laundering, front groups, and espionage and terrorist networks. The operation is said to have begun in the last week of January.

In an apparent response to recent nominally hacktivist actions, not only those by Uprising till Overthrow, but also operations attributed last week to Predatory Sparrow, Iran Wirereportsthat Tehran has temporarily suspended Iranians' ability to access bank accounts from abroad. It's a measure whose purpose, the authorities say, is preventing cyber attacks.

Last Sunday, Binance's threat research teamfounda very large database of personally identifiable information exposed in the dark web. "Our threat intelligence detected 1 billion resident records for [sale] in the dark web, including name, address, national id, mobile, police and medical records from one Asian country. Likely due to a bug in an Elasticsearch deployment by a gov agency. This has [an] impact on hacker detection/prevention measures, mobile numbers used for account take overs, etc.It is important for all platforms to enhance their security measures in this area.@Binancehas already stepped upverifications for users potentially affected."

Binance is reticent about the source of the data, but others say it came from the Shanghai National Police. It's not clear who's obtained the information, butaccordingto Bloomberg the data are being offered for ten bitcoin, roughly $200,000. HackReadreportsthat the data include the following kinds of information:

As Binance's tweet suggests, the data exposure appears to be traceable to a misconfiguration, and not a compromise or a breach proper. Reutersputthe total number of people affected by the data exposure at about one billion, but this is in any case based on the claims of someone offering the data for sale. Someone using the nom-de-hack "ChinaDan" posted this message to Breach Forums late last week: "In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen. Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details. [sic]" Reuters sensibly points out that these claims are so far unverified. The data offered for sale are said to amount in the aggregate to some twenty-three terabytes. It's obviously difficult to confirm the legitimacy of the sample data "China Dan" posted to show that he had the goods, but the Wall Street Journalspot-checkeda few of the items by calling some people whose phone numbers appeared in the tease. The Journal found that in that tiny fraction of a billion or so people, the data were indeed genuine. Chinese authorities have issued no statement so far on the incident.

HackerOnedisclosedlast Friday that a rogue insider, "a then-employee," as the company puts it, had been improperly accessing the bug-bounty platform's vulnerability disclosures with the aim of collecting "additional bounties" from HackerOne customers. Alerted to the problem by a customer (who reported an implausible disclosure, offered with uncharacteristically threatening language), HackerOne investigated and found that an employee had "improperly accessed security reports for personal gain." The improper access ran from April 4th through June 23rd of this year. HackerOne fired the employee, upgraded its security, and is considering referring the former employee for criminal prosecution.

Vade hasobserveda phishing scam consisting of a wave of more than 50,000 emails sent from a malicious Zendesk account. In one campaign, the hacker is seen to be impersonating TrustWallet, an ethereum wallet and cryptocurrency wallet store. The email contains the TrustWallet official logo along with a support link, as well as Zendesks legitimate footer. The email says that an NFT update requires the wallet to be verified and that inaction will result in account suspension. The link provided says Verify your wallet, and is shortened with s.id., which hides the malicious link and provides the phisher with a dashboard of analytics. The page, when opened, displays a 10-second countdown to open their secure internet environment, in order to intentionally appear as a legitimate safety precaution, but rather, leads to the malicious site. The victim is then tasked with entering their recovery phrase to unlock the wallet, accepting both 12 and 24-word variations. The phishing email isnt marred by extensive grammatical errors, as many phishing emails are, but its also not perfect.

The US Cybersecurity and Infrastructure agency (CISA), the FBI, and the US Department of the Treasury have issued a joint alert, "North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector," warning of a North Korean ransomware campaign that's been in progress since at least May of 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare servicesincluding electronic health records services, diagnostics services, imaging services, and intranet services. In some cases, these incidents disrupted the services provided by the targeted HPH Sector organizations for prolonged periods." How the threat actor obtained initial access is unclear, but the warning recommends that organizations pay particular attention to the dangers of phishing, and that they train their personnel to recognize it, which suggests that social engineering has played a significant role in the Maui campaign.

The US National Institute of Standards and Technology (NIST), at the end of a six-year competitive search, hasannouncedthe four winners in its program to develop "quantum-resistant encryption algorithms." This represents a milestone en route to NIST's publication of standards for post-quantum cryptography, expected in 2024. The algorithms are:

"For general encryption,used when we access secure websites, NIST has selected theCRYSTALS-Kyberalgorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.

"For digital signatures,often used when we need to verify identities during a digital transaction or to sign a document remotely, NIST has selected the three algorithmsCRYSTALS-Dilithium,FALCONandSPHINCS+(read as Sphincs plus). Reviewers noted the high efficiency of the first two, and NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide. The third, SPHINCS+, is somewhat larger and slower than the other two, but it is valuable as a backup for one chief reason: It is based on a different math approach than all three of NISTs other selections."

Taking note of NIST's announcement, the US Cybersecurity and Infrastructure Security Agency (CISA)outlinessome steps organizations can take now, as they prepare for developments over the next two years:

"Although NIST will not publish the new post-quantum cryptographic standard for use by commercial products until 2024, CISA and NIST strongly recommend organizations start preparing for the transition now by following thePost-Quantum Cryptography Roadmap, which includes:

MoodysInvestors Service released a report detailing the credit implications of Contis early April ransomware attack on the government of Costa Rica. The attack impacted the governments two largest revenue streamsincome taxes and customs duties, and impacted the international trade and healthcare sectors most heavily. The report notes that this attack provides insights on the governments strength, saying that while the attacks werent prevented, they were handled with effective solutions. Moodys anticipates the fiscal deficit to remain close to 4.8% GDP, and expects to see GDP growth of 4% in 2022.

In another report,Moodysdiscusses the recent cyberattack on Clarion Housing Group in the United Kingdom, and its implications for housing associations as a whole. On June 23, Clarionreporteda cyberattack on their IT systems that impacted IT operations, such as scheduling repairs and maintenance. This attack comes on the heels of a number of other cyberattacks on housing associations in the past few years, and highlights the need for cyber risk mitigation. According to a recent cyber survey conducted by Moodys, cyber risk remains small in the housing sector, but is growing strongly, with 25% spending growth from 2018 to 2020.

In a joint appearance Wednesday at the London headquarters of MI-5, the British counterintelligence organization, the directors of MI-5 and the US FBI issued an unusually direct and bluntly worded warning about the threat of Chinese industrial espionage, much of it cyberespionage. The effort is extensive, focused, and marked by both close attention to detail and an unusually wide net.The Chinese government is set on stealing your technologywhatever it is that makes your industry tickand using it to undercut your business and dominate your market, FBI Director Wray told an audience the Wall Street Journaldescribedas composed of "business people." Theyre set on using every tool at their disposal to do it. China disagrees. A representative of Beijing's embassy in Washington, Liu Pengyu, complained of U.S. politicians who have been tarnishing Chinas image and painting China as a threat with false accusations.

CobaltStrike is often mentioned in dispatches as a penetration testing tool that threat actors often turn to malign use. Other such tools are also susceptible to abuse. Palo Alto Networks' Unit 42reportsthat Cozy Bear, generally regarded as a unit of Russia's SVR, is deploying Brute Ratel C4, a pentesting tool in use since December 2020, in a range of cyberespionage campaigns. Unit 42 doesn't formally attribute the campaign to Cozy Bear or even Russia, but it does offer circumstantial evidence that points in that direction:

"This unique sample was packaged in a manner consistent with knownAPT29techniques and their recent campaigns, which leveraged well-known cloud storage and online collaboration applications. Specifically, this sample was packaged as a self-contained ISO. Included in the ISO was a Windows shortcut (LNK) file, a malicious payload DLL and a legitimate copy of Microsoft OneDrive Updater. Attempts to execute the benign application from the ISO-mounted folder resulted in the loading of the malicious payload as a dependency through a technique known as DLL search order hijacking. However, while packaging techniques alone are not enough to definitively attribute this sample to APT29, these techniques demonstrate that users of the tool are now applying nation-state tradecraft to deploy BRc4."

The tools used in the campaign are regarded as unusually evasive and difficult to detect.

Researchers at ReversingLabsdetailedtheir discovery of a widespread supply chain attack against the NPM repository earlier this week, publishing an update on Wednesday. Though the exact scope of the attack wasn't initially clear, researchers say the packages are potentially used by thousands of mobile and desktop applications and websites, and in one instance a malicious package had been downloaded over 17,000 times. ReversingLabs called the campaign "IconBurst." Their conclusion is that IconBurst represents a major software supply chain attack "involving more than two dozen NPM modules used by thousands of downstream applications, as indicated by the package download counts." Application developers should be particularly alert to the problem, which appears to represent an organized, cooperative criminal effort. "Analysis of the modules reveals evidence of coordination, with malicious modules traceable to a small number of NPM publishers, and consistent patterns in supporting infrastructure such as exfiltration domains."

IconBurst "marks a significant escalation in software supply chain attacks," ReversingLabs says. The firm communicated its findings to the NPM security team on July 1st, 2022: "Malicious code bundled within the NPM modules is running within an unknown number of mobile and desktop applications and web pages, harvesting untold amounts of user data. The NPM modules our team identified have been collectively downloaded more than 27,000 times. As very few development organizations have the ability to detect malicious code within open source libraries and modules, the attacks persisted for months before coming to our attention. While a few of the named packages have been removed from NPM, most are still available for download at the time of this report."Developers, ReversingLabs says, should "assess their own exposure" to the threat, and the researchers have provided information that should assist them in doing so.

And there's been another attack on the NPM supply chain, this onedescribedby researchers at Checkmarx. "Checkmarx SCS team detected over 1200 npm packages released to the registry by over a thousand different user accounts," the security firm says. "This was done using automation which includes the ability to pass NPM 2FA challenge." The operators, whom the researchers call "CuteBoi," are using what Checkmarx calls a "fake identity-as-a-service provider:" "Looking at the domains with which CuteBoi is creating NPM users, we can deduce that they are usingmail.tm- a free service providing disposable email addresses with REST API, enabling programs to open disposable mailboxes and read the received emails sent to them with a simple API call. This way CuteBoi can and easily defeat NPM 2FA challenge when creating a user account."

And so far the operation seems to represent an initial, experimental phase of a larger campaign. "This cluster of packages seems to be a part of an attacker experimenting at this point." The researchers think that CuteBoi is preparing a large-scale cryptojacking campaign using XMRig derivatives. Checkmarx has also released information to help users identify the malicious activity. They also warn that further exploitation of NPM can be expected. "CuteBoi is the second attack group seen this year using automation to launch large-scale attacks on NPM. We expect we will continue to see more of these attacks as the barrier to [launch] them is getting lower."

Bravo, Emsisoft. The company has released, BleepingComputerreports, free decryptors for the AstraLocker and Yashma ransomware strains. Emsisofttweeted, "The AstraLocker decryptor is for the Babuk-based one using .Astra or .babyk extension, and they released a total of 8 keys. The Yashma decryptor is for the Chaos-based one using .AstraLocker or a random .[a-z0-9]{4} extension, and they released a total of 3 keys." BleepingComputer points out thatAstraLocker, itself derived from Babuk Locker, has gained a reputation for being both buggy and effective. The operators of AstraLocker early this week released some decryptors as theyannouncedthey were exiting the ransomware business, saying that they had decided to turn to cryptomining. They were probably kidding about getting into coin-mining. Not only did they close their announcement with an "LOL," but there's also some reason to think they were feeling the approach of law enforcement.

The US Cybersecurity and Infrastructure Security Agency (CISA) hasaddedan entry to its Known Exploited Vulnerabilities Catalog:CVE-2022-26925, an issue with Microsoft Windows Local Security Authority (LSA) that amounts to "a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM." Theprescribed mitigationis to apply Microsoft's June patch, which agencies under CISA oversight must do by close-of-business, July 22, 2022.

CISA, the US Cybersecurity and Infrastructure Security Agency, released threeIndustrial Control Systems AdvisoriesThursday, forRockwell Automation MicroLogix("mitigations for an Improper Restriction of Rendered UI Layers or Frames vulnerability in the Rockwell Automation MicroLogix controllers"),Bently Nevada ADAPT 3701-4X Series and 60M100("mitigations for Use of Hard-coded Credentials and Missing Authentication for Critical Function vulnerabilities in the Bently Nevada ADAPT 3701-4X Series and 60M100 machinery monitors"), andMitsubishi Electric MELSEC iQ-R Series C Controller Module (Update B)(a follow-up to ICSA-21-280-04 Mitsubishi Electric MELSEC iQ-R Series C Controller Module (Update A) published October 28, 2021, this "contains mitigations for anUncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series C controller module products").

Apple has released a new, highly secure Lockdown Mode to protect users at risk of targeted attacks, Computer World reports. Lockdown Mode significantly limits the functions of an enabled device, which aids in protecting the user from "mercenary" surveillance threats. The addition of this feature closely follows the company's suit against NSO Group, which was filed in November to "hold it accountable for the surveillance and targeting of Apple users," according to a press release. The company added a new category to the Apple Security Bounty program, offering up to $2 million to researchers that can find bypasses for Lockdown Mode, as well as making a $10 million grant to support organizations involved in investigating, exposing, and preventing targeted cyberattacks, which will be given to the Ford Foundation's Dignity and Justice Fund.

Reuters reports that mercenary hackers are being used to sway litigation battles. Indian hackers attempting to steal documents via password-stealing emails from companies involved in litigation have been identified by Reuters 35 times since 2013. At least 75 US and European companies, three dozen advocacy and media groups, and numerous Western business executives have been targeted in these campaigns. At least 11 groups of victims had emails publicly leaked or submitted into evidence, and it was found that stolen documents often shaped the verdict. Lawyers of targets often also fell victim to the hackers, with around 1,000 attorneys at 108 different law firms found to be targeted. The FBI has been investigating the hacks since at least 2018, with the goal of finding who hired these hackers.

The United Kingdom is trying to nip foreign disinformation in the bud, Bloomberg reports. The UK is amending its upcoming new online safety law, requiring social media apps and search engines to curb "state-linked disinformation" or face fines. The Department for Digital, Culture, Media and Sport said in a statement that "social media platforms, search engines and other apps and websites allowing people to post their own content will have a legal duty to take proactive, preventative action to identify and minimise peoples exposure to state-sponsored or state-linked disinformation aimed at interfering with the UK." Security Minister Damian Hinds also said in the statement, "Disinformation is often seeded by multiple fake personas, with the aim of getting real users, unwittingly, then to share it. We need the big online platforms to do more to identify and disrupt this sort of coordinated inauthentic behaviour. That is what this proposed change in the law is about."

Go here to see the original:
Royal Army accounts hijacked. A hacktivist group claims to have hit Iranian sites. Very large database of PII for sale on the dark web. - The...