2019 and Government - Information Management Today

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

Security Affairs

FEBRUARY 18, 2020

Summary: A few days ago I saw a post from Alienvault which says attackers are still exploiting SharePoint vulnerability to attack Middle East government organization. Aside, MIT Sloan School of Management was also found to be vulnerable with CVE-2019-0604. SecurityAffairs – hacking, CVE-2019-0604). Pierluigi Paganini.

Government

Government Security IT Information Security

Google issued 40,000 alerts of State-Sponsored attacks in 2019

Security Affairs

MARCH 27, 2020

Google announced to have warned users of almost 40,000 alerts of state-sponsored phishing or malware attacks during 2019. Google shared data on alerts related to state-sponsored attacks, the tech giant revealed that it issued almost 40,000 alerts of state-sponsored phishing or malware attacks to its users during 2019.

Phishing

Phishing Passwords Risk Personal data

Nation-state actors target Australia, Government warns

Security Affairs

JUNE 19, 2020

A state-based actor is launching cyber attacks against government, public services and businesses, Australia ‘s prime minister said. Australia ‘s prime minister Scott Morrison said that a “state-based actor” is targeting government, public services, and businesses.

Government

Government Risk Education Passwords

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

US Government Sites Give Bad Security Advice

Krebs on Security

MARCH 25, 2020

government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Census Bureau website [link] carries a message that reads, “An official Web site of the United States government. government.

Government

Government Security Phishing Encryption

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. The malicious code appended the extension. This new version used the.

Ransomware

Ransomware Government Encryption Passwords

Most of the attacks on Telecom Sector in 2019 were carried out by China-linked hackers

Security Affairs

MARCH 5, 2020

China-linked cyber espionage groups increasingly targeted organizations in the telecommunications industry in 2019. According to the CrowdStrike 2020 Global Threat Report, the telecommunications and government sectors were the most targeted by the threat actors. ” reads the report published by CrowdStrike. Pierluigi Paganini.

Military

Military Government IT Security

Ex Twitter employee found guilty of spying for Saudi Arabian government

Security Affairs

AUGUST 10, 2022

In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. Of course, he was also able to unmask the identities of some users on behalf of the Saudi Arabian Government.

Government

Government Marketing Access IT

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The agencies warn of risk to elections information housed on government networks. ” continues the alert. ” concludes the alert.

Government

Government Authentication Access Risk

Iran – Government blocks Internet access in response to the protests

Security Affairs

NOVEMBER 24, 2019

Iran – After the announcement of the government to cut fuel subsidies, protests erupted in the country and the authorities blocked Internet access. Initially, mobile networks stopped working in large areas of the country, the government blocked any access to the Internet. ” reported the Washington Post.

Access

Access Government Security IT

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN. The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN.

Government

Government Mining Archiving Encryption

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

Security Affairs

OCTOBER 23, 2020

The US government declared that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. state, local, territorial, and tribal (SLTT) government networks, as well as aviation networks. . Hackers also targeted Exim mail agents ( CVE 2019-10149 ) and Fortinet SSL VPNs ( CVE-2018-13379 ).

Government

Government Passwords Access Cybersecurity

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

Security Affairs

JULY 17, 2020

US DHS CISA urges government agencies to patch SIGRed Windows Server DNS vulnerability within 24h due to the likelihood of the issue being exploited. on the CVSS scale and affects Windows Server versions 2003 to 2019. The bug affects the DNS server component that ships with all Windows Server versions from 2003 to 2019.

Government

Government Security Cybersecurity IT

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Data breaches

Data breaches Communications Artificial Intelligence Government

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

The APT group targeted an organization in Latin America in 2019 and 2022. While investigating the 2022 attack, the researchers noticed that the victim organization had also suffered a 2019 attack using “Careto2” and “Goreto” frameworks. ” reads the analysis published by Kaspersky.

Government

Government IT Access Information Security

A new piece of Ryuk Stealer targets government, military and finance sectors

Security Affairs

JANUARY 26, 2020

A new piece of the Ryuk malware has been improved to steal confidential files related to the military, government, financial statements, and banking. The post A new piece of Ryuk Stealer targets government, military and finance sectors appeared first on Security Affairs. Anyone remember this "Ryuk Stealer"? Pierluigi Paganini.

Military

Military Government Ransomware Privacy

Taiwan Government faces 5 Million hacking attempts daily

Security Affairs

NOVEMBER 10, 2021

Taiwan ‘s government agencies face around five million cyberattacks and probes every day, most of them from China. Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. SecurityAffairs – hacking, Taiwan Government).

Government

Government Military Information Security Security

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

FEBRUARY 23, 2020

Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. . ” Cisco Talos also discovered a link between ObliqueRAT and another campaign from December 2019 distributing CrimsonRAT sharing similar maldocs and macros.”

Government

Government File names Passwords Phishing

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

According to the indictment, Ptitsyn facilitated the worldwide use of a dangerous ransomware strain to target corporations and various organizations, including government agencies, healthcare facilities, educational institutions, and critical infrastructure. Barron for the District of Maryland.

Ransomware

Ransomware Education Sales Government

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Security Affairs

FEBRUARY 4, 2022

The Russia-linked Gamaredon APT group attempted to compromise an unnamed Western government entity in Ukraine. In Mid January the Ukrainian government was hit with destructive malware, tracked as WhisperGate , and several Ukrainian government websites were defaced by exploiting a separate vulnerability in OctoberCMS.

Government

Government Military Phishing Information Security

Ex-Canadian government employee admits to being a member of the Russian cybercrime gang NetWalker

Security Affairs

JUNE 30, 2022

A former Canadian government IT worker admitted to being a high-level member of the Russian cybercrime group NetWalker. A former Canadian government employee, Sebastien Vachon-Desjardins, pleaded guilty in the U.S. and foreign government organizations. In January, a joint operation of U.S. million ransom to recover its files.

Government

Government Ransomware Security IT

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. But in a letter sent to affected individuals dated Feb. 13, 2018 and Mar.

Passwords

Passwords Access Insurance Government

Russia-linked threat actors targets critical infrastructure, US authorities warn

Security Affairs

JANUARY 12, 2022

government includes: Russian state-sponsored APT actors targeting state, local, tribal, and territorial (SLTT) governments and aviation networks, September 2020, through at least December 2020. Some of the hacking campaigns that were publicly attributed to Russian state-sponsored APT actors by U.S.

Cybersecurity

Cybersecurity Risk Phishing Government

Russia-Linked Turla APT uses new malware in watering hole attacks

Security Affairs

MARCH 13, 2020

The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. ” reads the analysis published by ESET.

Archiving

Archiving Government Communications IT

NSA and ASD issue a report warning of web shells deployments

Security Affairs

APRIL 24, 2020

The document provides valuable information on how to detect and prevent web shells from infecting the servers of the Department of Defense and other government agencies. .” reads the report. The report could be useful for administrators that want to defend the servers in their networks from these threats.

Cybersecurity

Cybersecurity Access Authentication Communications

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Krebs on Security

FEBRUARY 4, 2025

In this 2019 post from Cracked, a forum moderator told the author of the post (Buddie) that the owner of the RDP service was the founder of Nulled, a.k.a. Constella found that a user named Shoppy registered on Cracked in 2019 using the email address finn@shoppy[.]gg. “Finndev.” ” Image: Ke-la.com. io , and rdp[.]sh.

Archiving

Archiving Passwords Government IT

Massive DDoS attack brought down 25% Iranian Internet connectivity

Security Affairs

FEBRUARY 9, 2020

The N etBlocks internet observatory, which tracks disruptions and shutdowns, observed yesterday (February 8, 2019) a massive outage of the country’s connectivity to the Internet. Confirmed: Internet partially shut down #Iran from 11:45 a.m. Confirmed: Internet partially shut down #Iran from 11:45 a.m.

Government

Government Access Cybersecurity Security

Russia-linked APT29 group changes TTPs following April advisories

Security Affairs

MAY 7, 2021

These changes reported by the government experts include the deployment of the open-source tool Sliver to gain persistence on the compromised infrastructure and the use of multiple vulnerabilities, including Microsoft Exchange ProxyLogon vulnerability CVE-2021-26855. ” states the report.

Cybersecurity

Cybersecurity Risk Government Security

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

According to Bank Security , all the Pulse Secure VPN servers included in the list were vulnerable to the CVE-2019-11510 flaw. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability. UPDATE: [link] — Bank Security (@Bank_Security) August 5, 2020. reads the advisory.

Passwords

Passwords Security Ransomware Military

Travel leisure company Carnival Corporation discloses data breach

Security Affairs

MARCH 6, 2020

Carnival Corporation, the world’s largest travel leisure company, discloses a data breach that took place in 2019. The company launched an investigation immediately after it discovered an anomalous activity on its network in May 2019. “In late May 2019, we identified suspicious activity on our network. .

Data breaches

Data breaches Access Privacy Cybersecurity

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

“The adversary is particularly interested in exploits related to VPNs and network appliances , including CVE-2019-11510, CVE-2019-19781, and most recently CVE-2020-5902; reliance on exploits such as these lends to an opportunistic operational model.” ” reads the report published by Crowdstrike.

Access

Access Financial Services Retail Insurance

Exclusive: TIM’s Red Team Research finds 4 zero-days in WOWZA Streaming Engine product

Security Affairs

AUGUST 5, 2020

Today, the TIM’s Red Team Research led by Massimiliano Brolli, discovered 4 new vulnerabilities that have been addressed by the manufacturer WOWZA Streaming Engine, between the end of 2019 and July 2020.

Manufacturing

Manufacturing Government Access Security

LockBit 3.0 gang claims to have stolen data from Kearney & Company

Security Affairs

NOVEMBER 6, 2022

Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its financial operations’ overall effectiveness and efficiency. Pierluigi Paganini.

Ransomware

Ransomware Government IT Security

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Security Affairs

MARCH 2, 2024

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. In May 2019, Facebook patched a critical zero-day vulnerability in WhatsApp, tracked as CVE-2019-3568 , that has been exploited to remotely install spyware on phones by calling the targeted device.

IT

IT Government Security Information Security

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The cyberespionage group continues to target members of defense companies, embassies, governments, and the military.

Phishing

Phishing Military Government Passwords

Chinese Nation-State Hacker Is Exploiting Cisco Routers

Data Breach Today

JANUARY 12, 2024

Volt Typhoon' Could Be Preparing for Renewed Burst of Activity A Chinese state hacking group is attacking superseded Cisco routers to target government entities in the United States, the United Kingdom and Australia. Beijing cyberespionage hackers dubbed "Volt Typhoon" are using vulnerabilities that were first disclosed in early 2019.

Government

Trojan Lampion is back after 3 months

Security Affairs

MAY 12, 2020

Trojan Lampion is a malware observed at the end of the year 2019 impacting Portuguese users using template emails from the Portuguese Government Finance & Tax and EDP. Figure 4: Malicious MSI file downloaded from AWS S3 bucket and using COVID-19 theme that impersonates the Portuguese Government. SAPO TRANSFER TEMPLATE.

Cloud

Cloud Government Access Phishing

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

A British court has rejected the request of the US government to extradite Wikileaks founder Julian Assange to the country. government will likely appeal the decision. In April 2019, WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London after Ecuador withdrew asylum after seven years.

Military

Military Government Risk Passwords

FBI issued a flash alert about Netwalker ransomware attacks

Security Affairs

AUGUST 2, 2020

and foreign government organizations. and foreign government organizations. and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors.” The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. ” reads the alert.

Ransomware

Ransomware Encryption Passwords Government

Russian watchdog fines Twitter, Facebook for not moving user data to local servers

Security Affairs

FEBRUARY 14, 2020

Roskomnadzor is attempting to oblige the IT giants, including Facebook, Twitter, and Google to move data related to Russian citizens to servers in Russia allowing the Government to monitor them., The Russian government could also ban IT companies that will not comply with the same law.

Personal data

Personal data Government Security IT

Ukrainian REvil affiliate charged with Ransomware Attack on Kaseya

Security Affairs

NOVEMBER 8, 2021

. “The Justice Department announced today recent actions taken against two foreign nationals charged with deploying Sodinokibi/REvil ransomware to attack businesses and government entities in the United States.” Polyanin breached at least 13 government entities in Texas in August 2019. US DoJ also seized $6.1

Ransomware

Ransomware Government Security Information Security

Texas Department of Transportation (TxDOT) hit by a ransomware attack

Security Affairs

MAY 18, 2020

A new ransomware attack hit the Texas government, the malware this time infected systems at the state’s Department of Transportation (TxDOT). The Texas government suffered two ransomware attacks in a few weeks, the first one took place on May 8, 2020 and infected systems at the Texas court. All @txcourts websites are down.

Ransomware

Ransomware Government Access IT

Crowdfense is offering a larger 30M USD exploit acquisition program

Security Affairs

APRIL 8, 2024

In 2019 the company made the headlines for its 10M USD bug bounty program along with its unique “ Vulnerability Research Hub ” (VRH) online platform. Zero-day brokers acquire zero-day exploits to re-sell them to intelligence and law enforcement agencies or government contractors.

Government

Government IT Security Information Security

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

The breach was detected almost eight months ago, on June 28, 2019, with the delay being attributed to the increased complexity of the investigation caused by the attackers deleting activity logs. The intrusion took place on June 28, 2019, and the company launched an investigation in September 2019.

Data breaches

Data breaches Computer and Electronics Government Manufacturing

Zero-day exploit used to hack iPhones of Al Jazeera employees

Security Affairs

DECEMBER 21, 2020

“In July and August 2020, government operatives used NSO Group ’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. These surgical attacks took place between July and August 2020, but experts speculate the attack are going on since at least October 2019.

Government

Government Security awareness Education Sales

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

Google issued 40,000 alerts of State-Sponsored attacks in 2019

Webinars

Trending Sources

Nation-state actors target Australia, Government warns

Webinars

US Government Sites Give Bad Security Advice

CERT France – Pysa ransomware is targeting local governments

Most of the attacks on Telecom Sector in 2019 were carried out by China-linked hackers

Ex Twitter employee found guilty of spying for Saudi Arabian government

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Iran – Government blocks Internet access in response to the protests

APT hacked a US municipal government via an unpatched Fortinet VPN

FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack

DHS CISA urges government agencies to fix SIGRed Windows Server DNS bug within 24h

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

The Mask APT is back after 10 years of silence

A new piece of Ryuk Stealer targets government, military and finance sectors

Taiwan Government faces 5 Million hacking attempts daily

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Russian Phobos ransomware operator faces cybercrime charges

Russia-linked Gamaredon APT targeted a western government entity in Ukraine

Ex-Canadian government employee admits to being a member of the Russian cybercrime gang NetWalker

Hackers Were Inside Citrix for Five Months

Russia-linked threat actors targets critical infrastructure, US authorities warn

Russia-Linked Turla APT uses new malware in watering hole attacks

NSA and ASD issue a report warning of web shells deployments

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Massive DDoS attack brought down 25% Iranian Internet connectivity

Russia-linked APT29 group changes TTPs following April advisories

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Travel leisure company Carnival Corporation discloses data breach

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Exclusive: TIM’s Red Team Research finds 4 zero-days in WOWZA Streaming Engine product

LockBit 3.0 gang claims to have stolen data from Kearney & Company

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Chinese Nation-State Hacker Is Exploiting Cisco Routers

Trojan Lampion is back after 3 months

British Court rejects the US’s request to extradite Julian Assange

FBI issued a flash alert about Netwalker ransomware attacks

Russian watchdog fines Twitter, Facebook for not moving user data to local servers

Ukrainian REvil affiliate charged with Ransomware Attack on Kaseya

Texas Department of Transportation (TxDOT) hit by a ransomware attack

Crowdfense is offering a larger 30M USD exploit acquisition program

Mitsubishi Electric discloses data breach, media blame China-linked APT

Zero-day exploit used to hack iPhones of Al Jazeera employees

Stay Connected