2023, Education and Security - Information Management Today

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Security Affairs

DECEMBER 19, 2024

Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. ai security researcher Zach Hanley (@hacks_zach) reported this vulnerability to Fortinet. through 8.6.5 Fixed in 8.6.6 through 8.5.4

Authentication

Authentication Education Access IT

SAP April 2023 security updates fix critical vulnerabilities

Security Affairs

APRIL 12, 2023

SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. CVE-2023-28765 : An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) – versions 420, 430, can exploit the issue to access to lcmbiar file and further decrypt the file.

Security

Security Education Passwords Authentication

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Security Affairs

OCTOBER 2, 2023

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. Most of these online assets belong to large enterprises, governments and educational institutions.” “From our analysis of WS_FTP, we found that there are about 2.9k

Authentication

Authentication Cybersecurity Education Government

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. Warn “Small businesses face a unique set of cybersecurity challenges and threats and must be especially proactive with cybersecurity training,” said Dara Warn, CEO of INE Security. “At Cary, NC, Oct.

Security

Security Data breaches Passwords Cybersecurity

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

e-Discovery

e-Discovery Communications Ransomware Government

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach.

Education

Education Data breaches Ransomware Access

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Security Affairs

MAY 12, 2023

CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350.

Education

Education Ransomware Encryption Communications

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. In September 2024, Port of Seattle confirmed that the Rhysida ransomware group was behind the cyberattack.

Data breaches

Data breaches Ransomware Manufacturing Education

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

Security Affairs

APRIL 25, 2023

VMware released security updates to address two zero-day vulnerabilities ( CVE-2023-20869, CVE-2023-20870 ) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors. They earned $80,000 and 8 Master of Pwn points.

Education

Education Cybersecurity Security Information Security

Google fixed the first Chrome zero-day of 2023

Security Affairs

APRIL 14, 2023

Google released an emergency security update to address a zero-day vulnerability in Chrome which is actively exploited in the wild. Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue.

Libraries

Libraries Education Cybersecurity Security

What the Email Security Landscape Looks Like in 2023

Security Affairs

MAY 12, 2023

Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? Recently, VIPRE Security Group published their Email Security in 2023 report , where they shared insights on the development of email-based threats and how they can impact organizations. What Can We Expect in 2023?

Security

Security Phishing B2B Data breaches

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

With 85% of campaigns targeting victims with phishing emails containing malicious links, another form of a social engineering attack, education and cyber vigiliance remain a high priority. Why should employers educate employees about cyber security? For large businesses, those costs may be a drop in the ocean.

Ransomware

Ransomware Phishing Passwords Education

Google fixed the second actively exploited Chrome zero-day of 2023

Security Affairs

APRIL 19, 2023

Google rolled out emergency security patches to address another actively exploited high-severity zero-day flaw in the Chrome browser. Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136 , in its Chrome web browser.

Libraries

Libraries Education Access Security

T-Mobile suffered the second data breach in 2023

Security Affairs

MAY 1, 2023

T-Mobile disclosed the second data breach of 2023, threat actors had access to the personal information of hundreds of customers since February. T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds of customers starting in late February 2023.

Data breaches

Data breaches Access Education Government

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity

Cybersecurity Phishing Authentication Analytics

National Student Clearinghouse data breach impacted approximately 900 US schools

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The security breach resulted from a cyber attack exploiting a vulnerability in the MOVEit managed file transfer (MFT).- The issue occurred on or around May 30, 2023.”

Data breaches

Data breaches Education Ransomware Cybersecurity

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs

NOVEMBER 12, 2023

Threat actors exploited the zero-day vulnerability CVE-2023-34362 to hack the file transfer platform and steal the data of the organization. The security breach took place in the State between May 28, 2023, and May 29, 2023. ” reads the notice of Security Incident. million individuals. million Genworth 2.5

Data breaches

Data breaches Insurance Education Cybersecurity

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware

Ransomware Encryption Education Phishing

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 11, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Marketing

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Threat actors are wiping NAS and backup devices.

Ransomware

Ransomware Authentication Cybersecurity Education

Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical

Security Affairs

APRIL 10, 2023

Cybersecurity vendor Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw, tracked as CVE-2023-1671 (CVSS score of 9.8), that can lead to code execution. The CVE-2023-1671 flaw is a pre-auth command injection issue that resides in the warn-proceed handler, it affects appliances older than version 4.3.10.4.

Security

Security Education Cybersecurity IT

News Alert: CybSafe CEO Oz Alashe MBE recognized as “Security Industry Innovator” for 2023

The Last Watchdog

JULY 11, 2023

Boston, July 7, 2023 — CybSafe, the human risk management platform, has today announced CEO Oz Alashe MBE has been named as a SecurityInfoWatch.com , Security Business and Security Technology Executive magazines’ 2023 Security Industry Innovator Award winner.

Security

Security Risk Education Marketing

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Rapid7 researchers have observed increased threat activity targeting Cisco ASA SSL VPN appliances dating back to at least March 2023. reads report published by Rapid7.

Ransomware

Ransomware Authentication Access Education

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

ransomfeed #security #infosec #energychina pic.twitter.com/deRRximVPd — Ransomfeed (@ransomfeed) November 25, 2023 The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and infrastructure sectors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

Security Affairs

SEPTEMBER 2, 2023

The main activities carried out by the organization are planning and coordinating the undergrounding of electrical wires, managing and maintaining the underground electrical network, and providing information and education about underground electrical networks. The LockBit ransomware group published the stolen data on August 30, 2023.

Ransomware

Ransomware Education Security IT

Save the Children confirms it was hit by cyber attack

Security Affairs

SEPTEMBER 12, 2023

The company disclosed the security incident after the ransomware gang BianLian listed the organization on its Tor leak site. The organization notified law enforcement agencies and is working with external cyber security experts to investigate the security breach.

IT

IT Ransomware Education Data breaches

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JULY 7, 2024

Every week the best security articles from Security Affairs are free in your email box. GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches

Data breaches Security Mining Education

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

In May 2023, a ransomware attack hit the IT systems at the City of Dallas , Texas. The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. During this time, Royal performed data exfiltration and ransomware delivery preparation activities.”

Ransomware

Ransomware Encryption Systems administration Cybersecurity

Western Digital took its services offline due to a security breach

Security Affairs

APRIL 3, 2023

Western Digital disclosed a security breach, according to the company an unauthorized party gained access to multiple systems. Western Digital has shut down several of its services after discovering a security breach, the company disclosed that an unauthorized party gained access to multiple systems. We apologize for any inconvenience.

IT

IT Security Cloud Ransomware

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

In December 2023, the group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors.

Ransomware

Ransomware Manufacturing Libraries Education

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Cybersecurity Authentication

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

Akira ransomware infections were first reported in Finland in June 2023, however, in December the number of attacks increased. ” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. Threat actors are wiping NAS and backup devices.

Ransomware

Ransomware Authentication Cybersecurity Education

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

pic.twitter.com/Wdj7VfkWXa — British Library (@britishlibrary) November 20, 2023 The library plans to partially restore many services in the next few weeks, but it believes that some disruption may persist for longer. The report includes IOCs and TTPs identified through investigations as recently as September 2023.

Libraries

Libraries Ransomware Manufacturing Education

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 26, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. million patients in the U.S.

Security

Security Ransomware Data breaches Libraries

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs

MAY 14, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Nominate Pierluigi Paganini and Security Affairs here here: [link] Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. We are in the final !

Security

Security Data breaches Ransomware Artificial Intelligence

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 13, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Honeypots Artificial Intelligence

Welltok data breach impacted 8.5 million patients in the U.S.

Security Affairs

NOVEMBER 23, 2023

On July 26, 2023, threat actors hacked the company’s MOVEit Transfer server. “On July 26, 2023, Welltok was alerted to an earlier alleged compromise of our MOVEit Transfer server in connection with software vulnerabilities made public by the developer of the MOVEit Transfer tool. million patients ( 8,493,379 ) in the U.S.

Data breaches

Data breaches Insurance Ransomware Education

VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root

Security Affairs

APRIL 20, 2023

VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product. The vulnerability CVE-2023-20864 (CVSSv3 base score of 9.8)

Education

Education Cybersecurity Security Access

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

Security Affairs

JANUARY 24, 2024

” BleepingComputer first reported that the security breach was the result of an Akira ransomware attack. At present, Tietoevry cannot provide a definite timeframe for the complete restoration process due to the complexity of the security breach. The company later confirmed the news of an Akira ransomware attack.

Ransomware

Ransomware Government Retail Cloud

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. Today MSI confirmed the security breach, it confirmed that threat actors had access to some of its information service systems.

Ransomware

Ransomware Security Manufacturing Cybersecurity

CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 15, 2023

US Cybersecurity and Infrastructure Security Agency (CISA) added Android and Novi Survey flaws to its Known Exploited Vulnerabilities catalog. The bulletin confirmed that “there are indications that CVE-2023-20963 may be under limited, targeted exploitation.” CISA orders federal agencies to fix this flaw by May 4, 2023.

IT

IT Cybersecurity Education Security

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Security Affairs

AUGUST 31, 2023

Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Rapid7 researchers have observed increased threat activity targeting Cisco ASA SSL VPN appliances dating back to at least March 2023. ” reads a post published by Cisco PSIRT.

Authentication

Authentication Ransomware Access Education

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Security Affairs

NOVEMBER 7, 2023

Iran-linked Agonizing Serpens group (aka Agrius , BlackShadow , Pink Sandstorm , DEV-0022 ) has been targeting Israeli organizations in higher education and tech sectors with destructive cyber attacks since January 2023. Based on our telemetry, the most targeted organizations belong to the education and technology sectors.”

Education

Education Ransomware Security Access

Lockbit ransomware gang demanded an 80 million ransom to CDW

Security Affairs

OCTOBER 14, 2023

CDW Corporation is a provider of technology solutions and services for business, government and education. The data leaked looks pretty bad from both a security and business pov. LockBit has published 2 posts with CDWG data to its leak site. subsidiary of CDW-G.”

Ransomware

Ransomware Archiving Cybersecurity Education

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

SAP April 2023 security updates fix critical vulnerabilities

Webinars

Trending Sources

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Webinars

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

China’s Volt Typhoon botnet has re-emerged

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Port of Seattle ‘s August data breach impacted 90,000 people

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

Google fixed the first Chrome zero-day of 2023

What the Email Security Landscape Looks Like in 2023

Ransomware realities in 2023: one employee mistake can cost a company millions

Google fixed the second actively exploited Chrome zero-day of 2023

T-Mobile suffered the second data breach in 2023

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

National Student Clearinghouse data breach impacted approximately 900 US schools

The State of Maine disclosed a data breach that impacted 1.3M people

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

Akira ransomware targets Finnish organizations

Sophos patches three issues in the Sophos Web Security appliance, one of them rated as critical

News Alert: CybSafe CEO Oz Alashe MBE recognized as “Security Industry Innovator” for 2023

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Rhysida ransomware gang claimed China Energy hack

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

Save the Children confirms it was hit by cyber attack

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Western Digital took its services offline due to a security breach

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Akira ransomware targets Finnish organizations

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 419 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

Welltok data breach impacted 8.5 million patients in the U.S.

VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root

Akira ransomware attack on Tietoevry disrupted the services of many Swedish organizations

MSI confirms security breach after Money Message ransomware attack

CISA adds bugs in Android and Novi Survey to its Known Exploited Vulnerabilities catalog

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Lockbit ransomware gang demanded an 80 million ransom to CDW

Stay Connected