2023 and Government - Information Management Today

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” continues the report.

Government

Government Ransomware Libraries Access

Government Surveillance Reform Act of 2023 Seeks to End Warrantless Police and FBI Spying

WIRED Threat Level

NOVEMBER 7, 2023

The Government Surveillance Reform Act of 2023 pulls from past privacy bills to overhaul how police and the feds access Americans’ data and communications.

Government

Government Communications Privacy Access

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Data breaches

Data breaches Communications Artificial Intelligence Government

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Zimbra addressed the vulnerability CVE-2023-37580 in July 2023. A second threat actor exploited the vulnerability since July 11 before the official patch became available on July 25.

Government

Government Authentication Phishing IT

LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost

Speaker: Shreya Rajpal, Co-Founder and CEO at Guardrails AI & Travis Addair, Co-Founder and CTO at Predibase

However, productionizing LLMs comes with a unique set of challenges such as model brittleness, total cost of ownership, data governance and privacy, and the need for consistent, accurate outputs. January 18th, 2023 at 9:30am PST, 12:30pm EST, 5:30pm GMT

Privacy

Hackers stole OpenAI secrets in a 2023 security breach

Security Affairs

JULY 5, 2024

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. ” The executives believed the threat actor was a lone hacker with no link to a foreign government.

Security

Security Artificial Intelligence Risk Access

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Security Affairs

OCTOBER 2, 2023

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. Most of these online assets belong to large enterprises, governments and educational institutions.” “From our analysis of WS_FTP, we found that there are about 2.9k

Authentication

Authentication Cybersecurity Education Government

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Government

Government Privacy Risk Data collection

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix. NetScaler ADC 13.1-FIPS

Authentication

Authentication Access Communications Cloud

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

He will also dive into topic definitions, governance structures, and framework components for success. July 20th, 2023 at 9:30am PDT, 12:30pm EDT, 5:30pm BST Register today!

Risk

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

e-Discovery

e-Discovery Communications Ransomware Government

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. 27, 2023. . Stanford was breached last year by Clop Ransomware.

Ransomware

Ransomware Data breaches Passwords Access

ISMG Editors: Call for Cooperation at Black Hat Europe 2023

Data Breach Today

DECEMBER 8, 2023

Highlights From the Conference on Improving Public-Private Sector Collaboration In this special edition at Black Hat Europe 2023 in London, three ISMG editors cover the highlights of the conference, including a resounding call for better collaboration between government agencies and the private sector, regulatory trends, and the cautionary tale of (..)

Government

Government of Bermuda blames Russian threat actors for the cyber attack

Security Affairs

SEPTEMBER 23, 2023

The Government of Bermuda believes that the recent cyberattack against its IT infrastructure was launched by Russian threat actors. This week a cyber attack hit the Government of Bermuda causing the interruption of internet/email and phone services. The attack impacted all the government departments. ” said Burt.

Government

Government IT Security Information Security

Customer Experience Management: Optimizing Your Strategy for Financial Success

Speaker: Diane Magers, Founder and Chief Experience Officer at Experience Catalysts

October 19th, 2023 at 9:30am PDT, 12:30pm EDT, 5:30pm BST Register today!

Customer Experience

Yearly Intel Trend Review: The 2023 RedSense report

Security Affairs

JANUARY 25, 2024

The 2023 RedSense report covers long-term observations we have made regarding intel trends and interconnectivity. These observations were made by analyzing numerous 2023 threat findings and discoveries, and include references to case studies that were reported on by RedSense throughout the year.

Ransomware

Ransomware Data breaches Phishing Cybersecurity

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection

Data collection Authentication Access Cybersecurity

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

Security Affairs

OCTOBER 18, 2023

Experts reported that the vulnerability CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been exploited in attacks since late August. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. ” reported Citrix.

Authentication

Authentication Access Cloud Risk

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. European, and Asian entities. systems. .”

Government

Government Cybersecurity Access IT

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

TopSec was founded in 1995, it offers cybersecurity services such as Endpoint Detection and Response (EDR) and vulnerability scanning, along with “boutique” solutions to align with government initiatives and intelligence requirements. ” reads the report published by SentinelLabs. ” concludes the report.”The

Cybersecurity

Cybersecurity Government Cloud Security

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Security Affairs

AUGUST 29, 2023

China-linked threat actors breached government organizations worldwide with attacks exploiting Barracuda ESG zero-day. The vulnerability, tracked as CVE-2023-2868 , resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed it with the release of two security patches on May 20 and 21.

Government

Government Access Security Cybersecurity

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Government

Government Authentication Communications Access

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. Chinese hackers gained access to the VSSE’s email server between 2021 and May 2023, stealing 10% of staff incoming and outgoing emails. ” reported Reuters.

Security

Security Access Government Cybersecurity

MITRE December 2023 attack: Threat actors created rogue VMs to evade detection

Security Affairs

MAY 25, 2024

The MITRE Corporation revealed that threat actors behind the December 2023 attacks created rogue virtual machines (VMs) within its environment. The MITRE Corporation has provided a new update about the December 2023 attack. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

Communications

Communications Risk Access Security

Record-Breaking Ransomware Profits Surpassed $1B in 2023

Data Breach Today

FEBRUARY 7, 2024

Their increasingly sophisticated attacks targeted "high-profile institutions and critical infrastructure, including hospitals, schools and government," reported Chainalysis. Ongoing Innovation and Sophistication Drive Unparalleled Profits Attackers wielding ransomware collectively earned over $1 billion last year - breaking previous records.

Ransomware

Ransomware Government

Earth Krahang APT breached tens of government organizations worldwide

Security Affairs

MARCH 19, 2024

The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities. “Earth Krahang abuses the trust between governments to conduct their attacks.

Government

Government Phishing Access Passwords

Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws

Security Affairs

AUGUST 8, 2023

Microsoft Patch Tuesday security updates for August 2023 addressed 74 vulnerabilities, including two actively exploited flaws. Microsoft has released an Office Defense in Depth update ( ADV230003 ) to address a patch bypass of the actively exploited RCE vulnerability CVE-2023-36884. reads the post.

Phishing

Phishing Security Government IT

Chinese hackers compromised emails of U.S. Government agencies

Security Affairs

JULY 13, 2023

Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) on July 12, 2023 have published a joint advisory to warn organizations and allow them to enhance organizational cybersecurity posture and position organizations to detect similar malicious activity via implementing the listed logging recommendations.

Government

Government Authentication Cloud Access

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Security Affairs

JULY 3, 2023

Researchers reported that there are 490,000 Fortinet firewalls exposing SSL VPN interfaces on the internet, and roughly 69% of them are still vulnerable to CVE-2023-27997. Bishop Fox’s Capability Development team built an exploit for the vulnerability CVE-2023-27997. states the report published by Fortinet.

Manufacturing

Manufacturing Authentication Security Risk

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns. “Microsoft assesses that a threat actor located in China established and maintains this network.

Passwords

Passwords Access Cloud Government

Unpatched Office zero-day CVE-2023-36884 actively exploited in targeted attacks

Security Affairs

JULY 12, 2023

The issue, tracked as CVE-2023-36884 , was exploited by nation-state actors and cybercriminals to gain remote code execution via malicious Office documents. The threat actors were observed exploiting the flaw CVE-2023-36884 using lures related to the Ukrainian World Congress. ” reads the post.

Phishing

Phishing Security Government IT

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

JUNE 13, 2023

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy.

Manufacturing

Manufacturing Authentication Risk Government

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

Security Affairs

DECEMBER 5, 2023

CISA warns that threat actors are actively exploiting a critical vulnerability in Adobe ColdFusion to breach government agencies. Cybersecurity and Infrastructure Security Agency (CISA) is warning about threat actors actively exploiting a critical vulnerability ( CVE-2023-26360 ) in Adobe ColdFusion to breach government agencies.

Government

Government Cybersecurity Security Access

U.S. Medical billing provider Medusind suffered a sata breach

Security Affairs

JANUARY 9, 2025

Medusind, a medical billing provider, disclosed a data breach that occurred in December 2023 and affected over 360,000 individuals. The company disclosed a data breach discovered on December 29, 2023, that impacted 360,934 individuals. “On December 29, 2023, Medusind discovered suspicious activity within its IT network.

Data breaches

Data breaches Insurance Ransomware Information governance

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Palo Alto Networks’ Unit 42 reported that the Russia-linked APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) group exploited the CVE-2023-23397 vulnerability in attacks aimed at European NATO members. The first occurred between March-December 2022 and the second occurred in March 2023.”

Military

Military Government Phishing Authentication

US govt offers $10 million bounty for info linking Clop ransomware gang to a foreign government.

Security Affairs

JUNE 18, 2023

government announced up to a $10 million bounty for information linking the Clop ransomware gang to a foreign government. critical infrastructure to a foreign government. critical infrastructure to a foreign government? StopRansomware pic.twitter.com/fAAeBXgcWA — Rewards for Justice (@RFJ_USA) June 16, 2023 The U.S.

Ransomware

Ransomware Government Encryption Access

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. In March 2023, Microsoft published guidance for investigating attacks exploiting the patched Outlook vulnerability tracked as CVE-2023-23397.

Military

Military Government Access Phishing

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

Government agencies revealed that Akira ransomware has breached over 250 entities worldwide and received over $42 million in ransom payments. However, from August 2023 onwards, certain Akira attacks began utilizing Megazord, which employs Rust-based code and encrypts files with a.powerranges extension.

Ransomware

Ransomware Encryption Education Phishing

US Agencies Increasing Use of Facial Recognition Tech

Data Breach Today

AUGUST 27, 2021

government agencies are planning to increase the use of facial recognition technologies by 2023, according to a GAO report. GAO Finds Increasing Use for Security and Access; Privacy Concerns Remain At least 10 U.S. The growing utilization comes as facial recognition technology raises privacy concerns.

Privacy

Privacy Government Access Security

The Rhysida ransomware group hit the Kuwait Ministry of Finance

Security Affairs

SEPTEMBER 26, 2023

Last week a ransomware attack hit the Government of Kuwait, the attack took place on September 18 and the government experts immediately started the incident response procedures to block the threat. Government officials shut off affected systems to prevent the threat from spreading.

Ransomware

Ransomware Government Cybersecurity IT

Cisco Fixes Firewall 0-Days After Likely Nation-State Hack

Data Breach Today

APRIL 24, 2024

Networking Giant Dubs Campaign Against Government Customers 'Arcane Door' Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday while releasing three patches, two of them rated critical. Cisco doesn't connect the hackers with a specific country.

Government

Government IT

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Security Affairs

FEBRUARY 28, 2024

The advisory updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released on April 19, 2022 and on December 19, 2023. “From mid-December 2023 onward, the healthcare sector has emerged as the most frequently targeted among the approximately 70 disclosed victims.” ” reads the joint advisory.

Ransomware

Ransomware Government Insurance Manufacturing

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Security Affairs

AUGUST 29, 2024

TAG experts detected multiple exploit campaigns between November 2023 and July 2024 that were used in watering hole attacks on Mongolian government websites. In November 2023, these iframes led to the site track-adv.com, delivering a CVE-2023-41993 exploit targeting iPhones running iOS 16.6.1 ” continues the report.

Government

Government Encryption Authentication Risk

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Government Surveillance Reform Act of 2023 Seeks to End Warrantless Police and FBI Spying

Webinars

Trending Sources

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Webinars

Zimbra zero-day exploited to steal government emails by four groups

LLMOps for Your Data: Best Practices to Ensure Safety, Quality, and Cost

Hackers stole OpenAI secrets in a 2023 security breach

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

ERM Program Fundamentals for Success in the Banking Industry

China’s Volt Typhoon botnet has re-emerged

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

ISMG Editors: Call for Cooperation at Black Hat Europe 2023

Government of Bermuda blames Russian threat actors for the cyber attack

Customer Experience Management: Optimizing Your Strategy for Financial Success

Yearly Intel Trend Review: The 2023 RedSense report

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

FBI deleted China-linked PlugX malware from over 4,200 US computers

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

MITRE December 2023 attack: Threat actors created rogue VMs to evade detection

Record-Breaking Ransomware Profits Surpassed $1B in 2023

Earth Krahang APT breached tens of government organizations worldwide

Microsoft Patch Tuesday for August 2023 fixed 2 actively exploited flaws

Chinese hackers compromised emails of U.S. Government agencies

335,923 out of 489,337 Fortinet firewalls vulnerable to CVE-2023-27997

Chinese threat actors use Quad7 botnet in password-spray attacks

Unpatched Office zero-day CVE-2023-36884 actively exploited in targeted attacks

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

U.S. Medical billing provider Medusind suffered a sata breach

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

US govt offers $10 million bounty for info linking Clop ransomware gang to a foreign government.

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Akira ransomware received $42M in ransom payments from over 250 victims

US Agencies Increasing Use of Facial Recognition Tech

The Rhysida ransomware group hit the Kuwait Ministry of Finance

Cisco Fixes Firewall 0-Days After Likely Nation-State Hack

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Stay Connected