2023, Education and Government - Information Management Today

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

e-Discovery

e-Discovery Communications Ransomware Government

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Security Affairs

OCTOBER 2, 2023

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. Most of these online assets belong to large enterprises, governments and educational institutions.” “From our analysis of WS_FTP, we found that there are about 2.9k

Authentication

Authentication Cybersecurity Education Government

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. In September 2024, Port of Seattle confirmed that the Rhysida ransomware group was behind the cyberattack.

Data breaches

Data breaches Ransomware Manufacturing Education

T-Mobile suffered the second data breach in 2023

Security Affairs

MAY 1, 2023

T-Mobile disclosed the second data breach of 2023, threat actors had access to the personal information of hundreds of customers since February. T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds of customers starting in late February 2023.

Data breaches

Data breaches Access Education Government

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. However, from August 2023 onwards, certain Akira attacks began utilizing Megazord, which employs Rust-based code and encrypts files with a.powerranges extension.

Ransomware

Ransomware Encryption Education Phishing

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

ransomfeed #security #infosec #energychina pic.twitter.com/deRRximVPd — Ransomfeed (@ransomfeed) November 25, 2023 The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and infrastructure sectors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

GossiTheDog @SOSIntel @UK_Daniel_Card @LisaForteUK pic.twitter.com/L7A3XNNxU7 — Dominic Alvieri (@AlvieriD) November 29, 2023 The group published images of stolen documents as proof of the hack. The Rhysida ransomware group has been active since May 2023. “Unique files are presented to your attention!

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

pic.twitter.com/6uHMDcNhTC — Dominic Alvieri (@AlvieriD) December 26, 2023 The group published images of stolen documents as proof of the hack. The Rhysida ransomware group has been active since May 2023. The report includes IOCs and TTPs identified through investigations as recently as September 2023.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

In December 2023, the group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors.

Ransomware

Ransomware Manufacturing Libraries Education

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs

NOVEMBER 12, 2023

The Government organization disclosed a data breach that impacted about 1.3 Threat actors exploited the zero-day vulnerability CVE-2023-34362 to hack the file transfer platform and steal the data of the organization. The security breach took place in the State between May 28, 2023, and May 29, 2023. million individuals.

Data breaches

Data breaches Insurance Education Cybersecurity

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops. Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” reads an update published by the services provider.

Ransomware

Ransomware Government Retail Cloud

IT Governance Podcast 2023-1: more ransomware attacks on the education sector, and DPC and Meta sued

IT Governance

JANUARY 13, 2023

The post IT Governance Podcast 2023-1: more ransomware attacks on the education sector, and DPC and Meta sued appeared first on IT Governance UK Blog. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud.

Education

Education Ransomware Government GDPR

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

pic.twitter.com/Wdj7VfkWXa — British Library (@britishlibrary) November 20, 2023 The library plans to partially restore many services in the next few weeks, but it believes that some disruption may persist for longer. The report includes IOCs and TTPs identified through investigations as recently as September 2023.

Libraries

Libraries Ransomware Manufacturing Education

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report. ” continues the report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Lockbit ransomware gang demanded an 80 million ransom to CDW

Security Affairs

OCTOBER 14, 2023

CDW Corporation is a provider of technology solutions and services for business, government and education. A secondary division of the company, known as CDW-G , focuses on United States governmental entities, including as K-12 schools, universities, non-profit healthcare organizations, State & Local and the Federal government.

Ransomware

Ransomware Archiving Cybersecurity Education

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. Between April 7, 2023, and May 4, 2023, Royal performed data exfiltration and ransomware delivery preparation activities. ” The group was able to steal data from the City and leaked approximately 1.169 TB at a time prior to May 03, 2023.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The report includes IOCs and TTPs identified through investigations as recently as September 2023. The Rhysida ransomware group has been active since May 2023, according to the gang’s Tor leak site, at least 62 companies are victims of the operation. The victims of the group are “targets of opportunity.”

Ransomware

Ransomware Manufacturing Education Passwords

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. was the prevalent variant in 2023.

Ransomware

Ransomware Cybersecurity Agriculture Education

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

In November 2023, the experts noticed that the botnet started targeting Axis IP cameras, such as the M1045-LW, M1065-LW, and p1367-E. The KV-botnet logical network map, December 2023 In May, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.

Communications

Communications Manufacturing Education Government

Researchers released a free decryption tool for the Rhysida Ransomware

Security Affairs

FEBRUARY 12, 2024

“This study examines Rhysida ransomware, which caused significant damage in the second half of 2023, and proposes a decryption method. The Rhysida ransomware group has been active since May 2023. In December 2023, FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks.

Ransomware

Ransomware Encryption Paper Manufacturing

Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach

Security Affairs

AUGUST 14, 2023

“While HCPF confirmed that no other HCPF systems or databases were impacted, on June 13, 2023, the investigation identified that certain HCPF files on the MOVEit application used by IBM were accessed by the unauthorized actor on or about May 28, 2023. state of Colorado. CDHE did not disclose the number of impacted individuals.

Data breaches

Data breaches Ransomware Education Access

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities

Energy and Utilities Communications Military Access

Seiko confirmed a data breach after BlackCat attack

Security Affairs

OCTOBER 26, 2023

On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. “We had previously announced on August 10, 2023, about the unauthorized access to our servers (*). This unauthorized access was the result of a ransomware attack. ” reads the update provided by the company on August 22.

Data breaches

Data breaches Ransomware Personal data Cybersecurity

A Russian national charged for committing LockBit Ransomware attacks

Security Affairs

JUNE 16, 2023

The US authorities arrested the man in Arizona last month DoJ states that from at least as early as August 2020 to March 2023, Astamirov and other members of the LockBit ransomware gang committed wire fraud and compromised many computer systems worldwide attempting to extort the victims of ransomware attacks. law enforcement).

Ransomware

Ransomware Agriculture Education Government

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

MAY 23, 2024

Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. Click to enlarge. PEACE HOSTING?

Cloud

Cloud Education Government Communications

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Security Affairs

SEPTEMBER 18, 2024

The botnet has been active since at least May 2020, reaching its peak with 60,000 compromised devices in June 2023. and Taiwan across various sectors, including military, government, higher education, telecommunications, defense industrial base, and IT.” “This botnet has targeted entities in the U.S.

IoT

IoT Military Education Cybersecurity

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. This domain has been hosted on eight other IPs throughout its history, none of these IPs were directly affiliated with the South African government. Experts added that the IP 196.216.136[.]139

Communications

Communications Military Government Libraries

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns.

Systems administration

Systems administration Military Phishing Government

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. reads the post published by Proofpoint.

IT

IT Military Phishing Passwords

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. The group targeted multiple sectors, including government, defense, energy, transportation/logistics, education, and humanitarian organizations.

Phishing

Phishing Military Ransomware Education

Low-Drama ‘Dark Angels’ Reap Record Ransoms

Krebs on Security

AUGUST 5, 2024

But the Dark Angels didn’t even have a victim shaming site until April 2023. ” Dark Angels is thought to be a Russia-based cybercrime syndicate whose distinguishing characteristic is stealing truly staggering amounts of data from major companies across multiple sectors, including healthcare, finance, government and education. .”

Ransomware

Ransomware Healthcare Insurance Cybersecurity

How to Prevent Malware Attacks: 8 Tips for 2023

IT Governance

APRIL 5, 2023

IT Governance Podcast 2023-7: Capita, ChatGPT and TikTok (yet again) 5th April 2023 How to Prevent Malware Attacks: 8 Tips for 2023 5th April 2023 List of Data Breaches and Cyber Attacks in March 2023 – 41.9 Million Records Breached 3rd April 2023 GDPR Article 17: What Is the Right to Erasure?

Encryption

Encryption Data breaches Phishing Government

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JULY 7, 2024

GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io

Data breaches

Data breaches Security Mining Education

Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks

Security Affairs

APRIL 26, 2023

The maintainers of the software have released security patches to address an insecure default configuration, tracked as CVE-2023-27524 (CVSS score: 8.9), that could lead to remote code execution. ” The CVE-2023-27524 flaw impacts versions up to and including 2.0.1. on April 5, 2023. ” reads the advisory.

Authentication

Authentication Education Access Security

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 26, 2023

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software New InfectedSlurs Mirai-based botnet exploits two zero-days SiegedSec hacktivist group hacked Idaho National Laboratory (INL) CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog Enterprise software provider TmaxSoft leaks 2TB of data (..)

Security

Security Ransomware Data breaches Libraries

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Security Affairs

APRIL 13, 2023

The hackers targeted diplomatic entities and systems transmitting sensitive information about the region’s politics, aiding Ukrainian citizens fleeing the country, and providing help to the government of Ukraine. One of the lures appeals to those who want to find out the Poland Ambassador’s schedule for 2023.

Libraries

Libraries Military Education Government

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Security Affairs

SEPTEMBER 15, 2024

The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack.

Ransomware

Ransomware Manufacturing Education Encryption

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

According to the company, they have over 600,000 Cameras and 50,000 Recorders installed all over the world in multiple sectors such as Banking, Retail, Government, etc. ” reads the advisory published by Fortinet. . ” reads the advisory published by Fortinet.

Authentication

Authentication Retail Education Marketing

Singapore proposes Governance Framework for Generative AI

Data Protection Report

FEBRUARY 4, 2024

The Draft GenAI Governance Framework may be accessed here. Views on the Draft GenAI Governance Framework may be provided to the IMDA at info@aiverify.sg. A brief summary of, and our key takeaways from, the Draft GenAI Governance Framework are set out below. The National AI Strategy was last updated in 2023.

Government

Government Personal data Paper Education

List of Data Breaches and Cyber Attacks in 2023

IT Governance

JUNE 1, 2023

IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. With that out of the way, it’s time to move on to May 2023. See the full list of data breaches for April 2023 Get started The biggest data breaches in April 2023 were: 1. million people.

Data breaches

Data breaches Insurance Personal data Ransomware

ARMA INTERNATIONAL AND THE MER CONFERENCE ANNOUNCE PARTNERSHIP TO PROVIDE INFORMATION GOVERNANCE PROFESSIONALS WITH ADDITIONAL CONTENT

IG Guru

OCTOBER 19, 2022

NASHVILLE, TN October 18, 2022 – During ARMA International’s InfoCon trade show and conference, Nate Hughes, Executive Director for ARMA announced that starting in 2023 the organization will be offering educational content to help support information governance professionals at the 2023 MER Conference schedule for May 22-24 in Chicago, IL.

Information governance

Information governance Government Education

China’s Volt Typhoon botnet has re-emerged

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Webinars

Trending Sources

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Webinars

Port of Seattle ‘s August data breach impacted 90,000 people

T-Mobile suffered the second data breach in 2023

Akira ransomware received $42M in ransom payments from over 250 victims

Rhysida ransomware gang claimed China Energy hack

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Rhysida ransomware group hacked Abdali Hospital in Jordan

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

The State of Maine disclosed a data breach that impacted 1.3M people

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

IT Governance Podcast 2023-1: more ransomware attacks on the education sector, and DPC and Meta sued

Rhysida ransomware gang is auctioning data stolen from the British Library

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Lockbit ransomware gang demanded an 80 million ransom to CDW

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

FBI and CISA warn of attacks by Rhysida ransomware gang

Cybersecurity agencies published a joint LockBit ransomware advisory

China-linked APT Volt Typhoon linked to KV-Botnet

Researchers released a free decryption tool for the Rhysida Ransomware

Colorado HCPF Department notifies 4 million individuals after IBM MOVEit breach

Operation Cronos: law enforcement disrupted the LockBit operation

FBI chief says China is preparing to attack US critical infrastructure

Seiko confirmed a data breach after BlackCat attack

A Russian national charged for committing LockBit Ransomware attacks

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Stark Industries Solutions: An Iron Hammer in the Cloud

Experts warn of China-linked APT’s Raptor Train IoT Botnet

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Google TAG warns of Russia-linked APT groups targeting Ukraine

Low-Drama ‘Dark Angels’ Reap Record Ransoms

How to Prevent Malware Attacks: 8 Tips for 2023

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Port of Seattle confirmed that Rhysida ransomware gang was behind the August attack

Fortinet warns of a spike in attacks against TBK DVR devices

Singapore proposes Governance Framework for Generative AI

List of Data Breaches and Cyber Attacks in 2023

ARMA INTERNATIONAL AND THE MER CONFERENCE ANNOUNCE PARTNERSHIP TO PROVIDE INFORMATION GOVERNANCE PROFESSIONALS WITH ADDITIONAL CONTENT

Stay Connected