2022 and Education - Information Management Today

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The virtualization giant recently warned that a threat actor can exploit the CVE-2022-22972 flaw (CVSSv3 base score of 9.8) using CVE-2022-22972. states VMware.

Authentication

Authentication Cybersecurity Access Education

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. The vulnerability CVE-2022-38028 was reported by the U.S.

Military

Military File names Education Phishing

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Security Affairs

MAY 12, 2023

CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350.

Education

Education Ransomware Encryption Communications

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Ransomware attacks hit 105 US local governments in 2022

Security Affairs

JANUARY 2, 2023

In 2022, ransomware attacks targeted 105 state or municipal governments or agencies in the US, reads a report published by Emsisoft. The only local government known to have paid a ransom in 2022 was Quincy, MA., The post Ransomware attacks hit 105 US local governments in 2022 appeared first on Security Affairs.

Ransomware

Ransomware Government Education Encryption

Threat Report Portugal: Q3 & Q4 2022

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Threat Report Portugal: Q3 & Q4 2022 compiles data collected on the malicious campaigns that occurred from Jully to December, Q3 and Q4, 2022. in Q2 2022.

Phishing

Phishing Data collection Retail Security awareness

Google banned 173k developer accounts in 2022

Security Affairs

MAY 1, 2023

In 2022, Google prevented 1.43 million policy-violating applications from being published on Google Play in 2022. ” The company explained that in 2022, the App Security Improvements program helped developers to address approximately 500K security weaknesses affecting approximately 300K apps.

Education

Education Security Privacy IT

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

Mitre shared 2022 CWE Top 25 most dangerous software weaknesses

Security Affairs

JUNE 29, 2022

The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack. SecurityAffairs – hacking, 2022 CWE Top 25).

Authentication

Authentication Education Security Cybersecurity

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Education Cybersecurity Risk

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022.

e-Discovery

e-Discovery Communications Ransomware Government

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. The researchers discovered that in 2022, NSO Group customers used at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets worldwide. ” reads the report. ” reads the report.

Military

Military Risk Education Security

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces. “If

Sales

Sales Education Phishing Passwords

Save the Children confirms it was hit by cyber attack

Security Affairs

SEPTEMBER 12, 2023

The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufactoring, media and entertainment, and healthcare. Its products focus on fundraising, website management, CRM, analytics, financial management, ticketing, and education administration.

IT

IT Ransomware Education Data breaches

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs

JUNE 6, 2022

The IT giant has seized the domains used by the threat actors employed in its attacks aimed at organizations in tech, transportation, government, and education sectors located in the U.S., The court filings can be found here: [link] — Amy Hogan-Burney (@CyberAmyHB) June 2, 2022. Middle East, and India.

Phishing

Phishing Manufacturing Education Cybersecurity

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

Security Affairs

SEPTEMBER 20, 2024

The threat actor has been active since July 2022, it was observed targeting organizations in the education, healthcare, IT, and manufacturing sectors. Microsoft observed the financially motivated threat actor tracked as Vanilla Tempest using INC ransomware for the first time to target the healthcare sector in the United States.

Ransomware

Ransomware Manufacturing Education IT

Threat actors defaced Ukrainian government websites

Security Affairs

JANUARY 14, 2022

The attackers deleted the content of multiple websites, including the Ukrainian Ministry of Foreign Affairs, Ministry of Education and Science, Ministry of Defense, the State Emergency Service, and the Cabinet of Ministers. Attackers apparently used this: [link] pic.twitter.com/FaepCsRO5E — Kim Zetter (@KimZetter) January 14, 2022.

Government

Government CMS Personal data Education

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government.

Government

Government Manufacturing Education Access

Fortinet fixed a critical vulnerability in its Data Analytics product

Security Affairs

APRIL 13, 2023

Fortinet has addressed a critical vulnerability, tracked as CVE-2022-41331 (CVSS score of 9.3), in its Fortinet FortiPresence data analytics solution. FortiSandbox / FortiDeceptor – Improper profile-based access control over APIs CVE-2022-41330 (CVSS score of 8.3)

Analytics

Analytics IT Authentication Education

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. In early July and August of 2022, the researchers noticed several Cisco RV320s , DrayTek Vigor routers , and NETGEAR ProSAFEs that were part of the botnet.

Communications

Communications Manufacturing Education Government

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability. CISA orders federal agencies to fix this flaw by April 20, 2023.

Cybersecurity

Cybersecurity Education Risk Security

Researchers disclose critical sandbox escape bug in vm2 sandbox library

Security Affairs

APRIL 9, 2023

In October 2022, VM2 maintainers addressed another critical sandbox escape vulnerability tracked as CVE-2022-36067. .” Wi also published two proof-of-concept (PoC) exploits for this vulnerability that can be used to escape the sandbox to create an empty file named “flag” on the host.

Libraries

Libraries File names Education Cybersecurity

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022.

Energy and Utilities

Energy and Utilities Communications Military Access

Highline Public Schools school district suspended its activities following a cyberattack

Security Affairs

SEPTEMBER 11, 2024

In September 2022, one of the US largest School districts, the Los Angeles Unified School District, suffered a ransomware attack. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Education)

IT

IT Ransomware Education Security

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Security Affairs

APRIL 13, 2023

The vulnerability was reported in December 2022 by Souvik Kandar, Arko Dhar of the Redinent Innovations team in India. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.” ” reads the advisory published by the company. On April 10, Hikvision released version 2.3.8-8

Education

Education Access Cybersecurity Security

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. law enforcement).

Ransomware

Ransomware Cybersecurity Agriculture Education

Researchers found DoS flaws in popular BGP implementation

Security Affairs

MAY 3, 2023

Potential Impact CVE-2022-40302 Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option. DoS CVE-2022-40318 Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option. This is a different issue from CVE-2022-40302.

Education

Education Security Cybersecurity IT

Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical

Security Affairs

APRIL 10, 2023

The company also addressed a high-severity code execution issue, tracked as CVE-2022-4934. The CVE-2023-1671 flaw is a pre-auth command injection issue that resides in the warn-proceed handler, it affects appliances older than version 4.3.10.4. The company recommends customers replace the appliances with Sophos Firewall.

Security

Security Education Cybersecurity IT

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing webmail portals. reads the post published by Proofpoint.

IT

IT Military Phishing Passwords

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs

APRIL 16, 2023

The MacOS variant has been available since November 11th, 2022. It appears we are late to the game. Bleeping computer states that the encryptors in the archive cannot be used in actual attacks against macOS systems.

Archiving

Archiving Encryption Ransomware Education

Security Affairs newsletter Round 353

Security Affairs

FEBRUARY 13, 2022

US seizes $3.6 to replace Chinese equipment Hackers breached a server of National Games of China days before the event Russian Gamaredon APT is targeting Ukraine since October Israeli surveillance firm QuaDream emerges from the dark Argo CD flaw could allow stealing sensitive data from Kubernetes Apps.

Security

Security Ransomware Data breaches Education

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023. Lockbit ransomware group administrative staff has confirmed with us their websites have been seized.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Catches of the Month: Phishing Scams for February 2022

IT Governance

FEBRUARY 8, 2022

Welcome to our February 2022 review of phishing attacks, in which we explore the latest scams and the tactics that cyber criminals use to trick people into handing over their personal information. As we move into 2022, organisations should consider email security and phishing awareness at one of their biggest priorities. Get started.

Phishing

Phishing Passwords Authentication Education

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Phishing

Phishing Military Ransomware Education

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

Security Affairs

AUGUST 14, 2024

China-linked threat actor Earth Baku expanded its operations in Europe, the Middle East, and Africa starting in late 2022. The group targeted multiple industries, including media and communications, telecoms, technology, healthcare, and education and government entities. ” reads the report published by Trend Micro.

Encryption

Encryption Education Communications Access

Catches of the Month: Phishing Scams for March 2022

IT Governance

MARCH 8, 2022

Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal information. You can help educate your staff with IT Governance’s Phishing Staff Awareness Training Programme. Get started.

Phishing

Phishing Military Access Education

North Korea-linked ScarCruft APT uses large LNK files in infection chains

Security Affairs

MAY 2, 2023

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. “The first sample we will discuss below was first discovered in July 2022, the same month that Microsoft began enforcing this new rule.” ” reads the report published by Check Point.

Archiving

Archiving Cloud Education Phishing

UK police arrested 7 alleged members of Lapsus$ extortion gang

Security Affairs

MARCH 25, 2022

.” The youngster that goes online with the moniker “White” or “Breachbase” has autism, for this reason he attends a special educational school in Oxford. The teenager, who can’t be named for legal reasons, attends a special educational school in Oxford. ” states the post.

Education

Education Archiving Ransomware Cybersecurity

Moobot botnet spreads by targeting Cacti and RealTek flaws

Security Affairs

APRIL 3, 2023

FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers.

Education

Education Encryption Passwords Communications

Cybersecurity Employment in 2022: Solving the Skills Gap

eSecurity Planet

JANUARY 11, 2022

As we enter 2022, the shortage of cybersecurity pros hasn’t gotten better. Subsidize Education for Employees Who Want to Move to Cybersecurity. The post Cybersecurity Employment in 2022: Solving the Skills Gap appeared first on eSecurityPlanet. In fact, it’s gotten worse. Otherwise, you may lose more employees than you gain.

Cybersecurity

Cybersecurity Government Digital transformation Communications

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 8, 2023

Mandiant researchers first observed this affiliate targeting Veritas issues in the wild on October 22, 2022. Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments. CISA orders federal agencies to fix this flaw by April 28, 2023.

IT

IT Ransomware Education Cybersecurity

Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation

Security Affairs

APRIL 19, 2023

The man was arrested in Amsterdam in November 2021 and was extradited to the US in August 2022. On February 7, 2023, Dubnikov pleaded guilty in the U.S. to one count of conspiracy to commit money laundering for the Ryuk ransomware operation. reads the press release published by DoJ in August.

Ransomware

Ransomware Education Cybersecurity Security

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

The tool was developed by a company named Kodex, which claims that the tool was developed for an educational purpose. The tool is sold on cybercrime forums by an actor that goes online with the name Kodex, the developer released its project in October 2022 and is continuously updating it by releasing new modules with new features.

Phishing

Phishing Education Sales Ransomware

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. Microsoft has linked the Iranian Mint Sandstorm APT (previously tracked by Microsoft as PHOSPHORUS ) to a series of attacks aimed at US critical infrastructure between late 2021 to mid-2022.

Energy and Utilities

Energy and Utilities Military Education Phishing

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Webinars

Trending Sources

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Webinars

Ransomware attacks hit 105 US local governments in 2022

Threat Report Portugal: Q3 & Q4 2022

Google banned 173k developer accounts in 2022

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Mitre shared 2022 CWE Top 25 most dangerous software weaknesses

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

China’s Volt Typhoon botnet has re-emerged

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

FBI: Compromised US academic credentials available on various cybercrime forums

Save the Children confirms it was hit by cyber attack

Microsoft seized 41 domains used by Iran-linked Bohrium APT

The Vanilla Tempest cybercrime gang used INC ransomware for the first time in attacks on the healthcare sector

Threat actors defaced Ukrainian government websites

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Fortinet fixed a critical vulnerability in its Data Analytics product

China-linked APT Volt Typhoon linked to KV-Botnet

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Researchers disclose critical sandbox escape bug in vm2 sandbox library

FBI chief says China is preparing to attack US critical infrastructure

Highline Public Schools school district suspended its activities following a cyberattack

Hikvision fixed a critical flaw in Hybrid SAN and cluster storage products?

Cybersecurity agencies published a joint LockBit ransomware advisory

Researchers found DoS flaws in popular BGP implementation

Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Experts found the first LockBit encryptor that targets macOS systems

Security Affairs newsletter Round 353

Operation Cronos: law enforcement disrupted the LockBit operation

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Catches of the Month: Phishing Scams for February 2022

Google TAG warns of Russia-linked APT groups targeting Ukraine

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

Catches of the Month: Phishing Scams for March 2022

North Korea-linked ScarCruft APT uses large LNK files in infection chains

UK police arrested 7 alleged members of Lapsus$ extortion gang

Moobot botnet spreads by targeting Cacti and RealTek flaws

Cybersecurity Employment in 2022: Solving the Skills Gap

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Stay Connected