Krebs on Security

MAY 13, 2024

The government alleges Khoroshev created, sold and used the LockBit ransomware strain to personally extort more than $100 million from hundreds of victim organizations, and that LockBit as a group extorted roughly half a billion dollars over four years. 2011 said he was a system administrator and C++ coder. Dmitry Yuryevich Khoroshev.

Ransomware 260

Ransomware Encryption Systems administration Government 260

Security Affairs

NOVEMBER 10, 2024

US CFPB warns employees to avoid work-related mobile calls and texts following China-linked Salt Typhoon hack over security concerns. The US government’s Consumer Financial Protection Bureau (CFPB) advises employees to avoid using cellphones for work after China-linked APT group Salt Typhoon hackers breached major telecom providers.

Government 133

Government Cybersecurity Compliance Access 133

Security Affairs

NOVEMBER 17, 2020

Happy BirthDay Security Affairs! I launched Security Affairs for passion in November 2011 and since then the blog read by millions of readers. I started with a single post per day, nine years later I’m still the only contributor and I do all my best to cover the most important news in the cyber security landscape.

Security 133

Security IT Cybersecurity Risk 133

WIRED Threat Level

MAY 20, 2021

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Cybersecurity 142

Cybersecurity Government IT Security 142

IG Guru

JUNE 7, 2022

FTC and DOJ Order Twitter to Pay $150 Million Penalty for Violating 2011 FTC Order and Cease Profiting from Deceptively Collected Data. The post FTC Charges Twitter with Deceptively Using Account Security Data to Sell Targeted Ads appeared first on IG GURU.

Security 78

Security Information governance Government Privacy 78

Hunton Privacy

MAY 31, 2022

On May 25, 2022, Twitter reached a proposed $150 million settlement with the Department of Justice (“DOJ”) and the Federal Trade Commission to resolve allegations that the company deceptively used nonpublic user contact information obtained for account security purposes to serve targeted ads to Twitter users.

Privacy 99

Privacy Information Security Data Privacy Compliance 99

The Security Ledger

MARCH 27, 2024

In this episode of The Security Ledger Podcast (#257) Paul speaks with Dennis Kengo Oka, a senior principal automotive security strategist at the firm Synopsys about the growing cyber risks to automobiles as connected vehicle features proliferate in the absence of strong cybersecurity protections. Read the whole entry. »

Security 52

Security Cybersecurity Risk Government 52

Security Affairs

APRIL 22, 2024

The threat actors shared a portion of the stolen data with TechCrunch as proof of the hack, it includes records on current and former government officials, diplomats, and politically exposed people. Curiously, in 2011, Thomson Reuters acquired World-Check, then in October 2018, Thomson Reuters closed a deal with The Blackstone Group.

Risk 140

Risk Archiving Access Privacy 140

The Last Watchdog

SEPTEMBER 26, 2019

Is mobile technology on a course to become more secure than traditional computing? Related: Securing the Internet of Things I’ve been writing about organizations struggling to solve the productivity vs. security dilemma that’s part and parcel of the BYOD craze for some time now. We spoke at Black Hat 2019.

Security 147

Security Encryption Access Passwords 147

eSecurity Planet

JULY 20, 2023

Once dubbed “the world’s most wanted hacker” after his youthful exploits attacking Digital Equipment Corporation and Pacific Bell, Mitnick completed his decade-long transition to cybersecurity luminary when he joined KnowBe4 as Chief Hacking Officer and part owner in 2011. Mitnick’s Legacy The U.S.

Cybersecurity 98

Cybersecurity Education Military Government 98

IT Governance

APRIL 5, 2018

While most organisations believe that their information security systems are secure, often the reality is that they are not. Faced with these increasing information security threats, organisations have an urgent need to adopt IT governance best practice strategies. What is IT governance?

Government 51

Government IT Compliance Information Security 51

Security Affairs

AUGUST 18, 2023

The campaign was launched to protest against the Government’s plan to release the treated radioactive water from the Fukushima nuclear plant into the sea. The security firm warns of a possible escalation of the attacks and urge to increase the level of cyber security of potential targets. ” reported the Japan Times.

Government 98

Government Security IT Information Security 98

Security Affairs

JULY 19, 2021

US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The APT40 group has been active since at least 2013 and appears to be focused on supporting naval modernization efforts of the Government of Beijing. Ltd. (????) . ” states DoJ.

Government 125

Government Cybersecurity Security Access 125

Security Affairs

OCTOBER 23, 2018

Security experts from FireEye found evidence that links the development of the Triton malware (aka Trisis and HatMan) to a Russian government research institute. a Russian government-owned technical research institution located in Moscow. Security Affairs – Triton Malware, ICS). ” continues the expert.

Government 104

Government Communications Access Security 104

eSecurity Planet

JUNE 17, 2021

Naturally, database vendors are leading providers of database security tools, and a growing number of cloud-based database providers are moving deeper into the data security space. Security is paramount. Starting our list of the top database security vendors is the multinational cloud computing company, Alibaba Cloud.

Security 120

Security Cloud Encryption Computer and Electronics 120

Hunton Privacy

JUNE 10, 2011

On June 7, 2011, Senator Patrick Leahy (D-VT) introduced the “ Personal Data Privacy and Security Act of 2011 ” (the “Act”), co-sponsored by Senators Charles Schumer (D-NY) and Ben Cardin (D-MD). impacts federal databases or concerns federal employees or contractors engaged in national security or law enforcement services.

Personal data 40

Personal data Data Privacy Privacy Security 40

Security Affairs

JANUARY 12, 2022

US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. ” reads the joint alert. Pierluigi Paganini.

Cybersecurity 144

Cybersecurity Risk Phishing Government 144

Hunton Privacy

JUNE 14, 2011

On June 7, 2011, the Congress of the Republic of Peru passed the Personal Data Protection Law ( Ley de Protección de Datos Personales, Proyecto de Ley 4079/2009-PE). View a copy of the Personal Data Protection Law (in Spanish) as passed on June 7, 2011. Require consent for the processing of personal data.

Privacy 40

Privacy Personal data Communications Government 40

Security Affairs

SEPTEMBER 11, 2023

ESET researchers observed a series of attacks, conducted by the Iran-linked APT group Charming Kitten (aka Ballistic Bobcat APT, APT35 , Phosphorus , Newscaster , TA453 , and Ajax Security Team), which are targeting various entities in Brazil, Israel, and the United Arab Emirates. Israel, Iraq, and Saudi Arabia.

Education 134

Education Access Government IT 134

Security Affairs

OCTOBER 29, 2020

Iran-linked APT group Phosphorus successfully hacked into the email accounts of multiple high-profile individuals and security conference attendees. “Phosphorus, an Iranian actor, has targeted with this scheme potential attendees of the upcoming Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia.”

Security 87

Security Authentication Phishing Government 87

Krebs on Security

JULY 20, 2021

In 2011, KrebsOnSecurity dissected “SevAntivir” — Severa’s eponymous fake antivirus affiliate program — showing it was used to deploy new copies of the Kelihos spam botnet. The government argued that under U.S. Levashov was arrested in 2017 while in Barcelona, Spain with his family. I will die in a year.”

Government 320

Government Phishing Communications IT 320

Security Affairs

JULY 21, 2021

French cyber-security agency ANSSI warned of an ongoing cyberespionage campaign aimed at French organizations carried out by China-linked APT31 group. The French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group.

Government 120

Government Security IT Cybersecurity 120

Collibra

OCTOBER 12, 2023

Manual identity provisioning processes, involving tasks such as user creation, modification, and de-provisioning, can lead to bottlenecks, errors, and security vulnerabilities. This not only simplifies the provisioning process but also enhances the overall governance of identity and access.

Access 105

Access Data breaches Risk Compliance 105

Security Affairs

NOVEMBER 22, 2021

According to Iran’s Fars News Agency, Mahan Air was hit by similar attacks “many times,” for this reason Mahan’s Cyber Security Team rapidly neutralized these attacks. The US had sanctioned Mahan Air in 2011 for providing financial, material, or technological support to Iran’s Islamic Revolutionary Guard Corps. Pierluigi Paganini.

IT 141

IT Security Cybersecurity Government 141

Security Affairs

SEPTEMBER 11, 2022

APT42’s TTPs overlap with another Iran-linked APT group tracked as APT35 (aka ‘ Charming Kitten ‘, ‘ Phosphorus ‘, Newscaster , and Ajax Security Team) which made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media.

Phishing 100

Phishing Government Authentication IT 100

Thales Cloud Protection & Licensing

APRIL 24, 2019

Ensuring that systems behave only how a designer intends is a central aspect of security. A security-enforcing system will take the context of available information measured against policy to determine whether an operation should be permitted or denied. MBSE and security engineering. Model-Based Systems Engineering.

Security 61

Security Communications Military Risk 61

Security Affairs

AUGUST 10, 2023

The intelligence agency attributes the attack to the Iran-linked APT group Charming Kitten (aka APT35 , Phosphorus , Newscaster , and Ajax Security Team). Intelligence officers believe that Iranian dissidents tracked by the government of Teheran could be killed by the regime. Israel, Iraq, and Saudi Arabia.

Phishing 98

Phishing Security Government Access 98

Thales Cloud Protection & Licensing

MAY 8, 2024

This act, set to replace the existing frameworks under the Information Technology Act of 2000 and the SPDI Rules of 2011, provides a comprehensive approach to protecting digital personal data. The Bill allows the transfer of personal data outside India, too, except to nations restricted by the central government through notification.

Personal data 71

Personal data Compliance Encryption Cloud 71

Security Affairs

MAY 15, 2020

The Tropic Trooper APT that has been active at least since 2011, it was first spotted in 2015 by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. ” reads the analysis published by Trend Micro. ” continues the report.

Military 127

Military Government IT Security 127

Security Affairs

APRIL 29, 2022

ECM’s domestic clients include the Novovoronezh, Kursk and Smolensk nuclear power plants, Russian Railways JSC, State enterprise Moscow Power Directorate, the Energy department of Moscow Government, the Moscow united electric grid JSC branch, and Baltic Oil Pipelines LLC. The collective has released a 1.7 Pierluigi Paganini.

ECM 105

ECM Archiving Government Cybersecurity 105

Security Affairs

AUGUST 1, 2019

million to settle a legal dispute for selling vulnerable software to the US government. The case was filed in the Federal District Court for the Western District of New York and was handled under the False Claims Act, which specifically addresses fraud and misconduct in federal government contracts. Cisco is going to pay $8.6

Sales 110

Sales Government Access Security 110

Security Affairs

APRIL 29, 2021

In April 2017, Symantec security experts who analyzed the alleged CIA hacking tools included in the Vault 7 dump that were involved in attacks aimed at least 40 governments and private organizations across 16 countries. Symantec believes Longhorn is a North American hacking group that has been active since at least 2011.

Government 128

Government Cybersecurity Education Security 128

Security Affairs

AUGUST 31, 2022

Over the years, the group hit defence contractors, manufacturers, universities, government agencies, legal firms involved in diplomatic disputes, and foreign companies involved with Australasian policy or South China Sea operations. . ” read the report published by the experts. Follow me on Twitter: @securityaffairs and Facebook.

Energy and Utilities 98

Energy and Utilities Manufacturing Phishing Government 98

Security Affairs

JANUARY 20, 2020

Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate information. Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. According to the company, attackers did not obtain sensitive information about defense contracts.

Data breaches 145

Data breaches Computer and Electronics Government Manufacturing 145

Security Affairs

OCTOBER 14, 2020

Finisher, aka FinFisher, is a multiplatform surveillance software used by government and law enforcement agencies for their investigations, but unfortunately, it made the headlines because it was also used by oppressive regimes to spy on dissidents, activists, and Journalists. Pierluigi Paganini. SecurityAffairs – hacking, K-Electric).

Sales 129

Sales Communications Privacy IT 129

Security Affairs

SEPTEMBER 27, 2020

Finisher, aka FinFisher, is a multiplatform surveillance software used by government and law enforcement agencies for their investigations, but unfortunately, it made the headlines because it was also used by oppressive regimes to spy on dissidents, activists, and Journalists. Pierluigi Paganini. SecurityAffairs – hacking, FinSpy).

Encryption 145

Encryption Communications IT Government 145

Hunton Privacy

MAY 15, 2013

In March 2013, the UK government launched its consultation on cybersecurity standards (the “Consultation”) following the government’s recent announcement regarding a cybersecurity partnership initiative to facilitate information sharing on cyber threats.

Cybersecurity 40

Cybersecurity Government Risk IT 40