2024 and Government - Information Management Today

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

VMware failed to fully address a remote code execution flaw, tracked as CVE-2024-38812 (CVSS score: 9.8), in its vCenter Server platform. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. During the 2024 Matrix Cup hacking contest in China, zbl & srs of team TZL demonstrated the vulnerability.

Government

Government Cloud Access IT

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” reads the report published by Microsoft Threat Intelligence.

Phishing

Phishing Authentication Access Government

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Our goal is to deploy 200 new WebTunnel bridges by the end of this December (2024) to open secure access for users in Russia.” Tunnel bridges have grown from 60 to 143 since early 2024, but they are not enough.

Government

Government Access Security IT

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities. “Note that related cyberattacks have been occurring since at least July 2024 and may have a broader geographic scope. ”” states the CERT-UA.

Phishing

Phishing Government File names Access

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations.

Data Privacy

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Security Affairs

DECEMBER 26, 2023

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year.

Energy and Utilities

Energy and Utilities Artificial Intelligence Ransomware Data breaches

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

JUNE 5, 2024

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings.

Government

Government Metadata Military Passwords

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., “In August 2024, the Justice Department and FBI obtained the first of nine warrants in the Eastern District of Pennsylvania authorizing the deletion of PlugX from U.S.-based based computers.

Government

Government Cybersecurity Access IT

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. The researchers observed threat actors exploiting CVE-2024-36401 in attacks aimed at IT service providers in India, technology companies in the U.S., ” concludes the report.

Libraries

Libraries Encryption Cybersecurity Access

Elections 2024, artificial intelligence could upset world balances

Security Affairs

DECEMBER 27, 2023

Governments should recognize electoral processes as critical infrastructure and enact laws to regulate the use of generative Artificial Intelligence. Elections are scheduled in several countries worldwide in 2024, with potential geopolitical implications. Key events include the European Parliament elections in June, the U.S.

Artificial Intelligence

Artificial Intelligence Government Manufacturing IT

Russian Phobos ransomware operator faces cybercrime charges

Security Affairs

NOVEMBER 19, 2024

Affiliates paid fees to administrators like Ptitsyn for decryption keys, with payments routed via unique cryptocurrency wallets from 2021–2024. The attacks were observed as recently as February 2024, they targeted government, education, emergency services, healthcare, and other critical infrastructure sectors.

Ransomware

Ransomware Education Sales Government

Ransomware threat landscape Jan-Apr 2024: insights and challenges

Security Affairs

JUNE 24, 2024

Between Jan and Apr 2024, the global ransomware landscape witnessed significant activity, with 1420 ransomware claims reported worldwide. In the first four months of 2024, the global ransomware landscape witnessed significant activity, with 1420 ransomware claims reported worldwide, including 55 in Italy.

Ransomware

Ransomware Healthcare Cybersecurity Government

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. Key Findings from the “Email Security in 2024” Report In an exhaustive review, VIPRE processed 7.2

Security

Security Phishing Communications Financial Services

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises. This campaign highlights the group’s continued efforts to refine their remote access strategies.

Government

Government Archiving Phishing Access

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

Cybersecurity

Cybersecurity Access Authentication Marketing

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Government

Government Authentication Communications Access

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Privacy Compliance: By 2024, 40% of privacy tools will rely on AI, highlighting its expanding role in ensuring data privacy and meeting regulations. RaaS usage is expected to increase by 25% in 2024.

Security

Security Phishing IoT Ransomware

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Security Affairs

DECEMBER 3, 2024

Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. million year-to-date. ” reads the report filed with SEC.

Ransomware

Ransomware Encryption Cybersecurity Access

Poland to establish Cyberspace Defence Force by 2024

Security Affairs

SEPTEMBER 12, 2019

Poland announced it will launch a cyberspace defense force by 2024 composed of around 2,000 soldiers with a deep knowledge in cybersecurity. The Polish Defence Ministry Mariusz Blaszczak has approved the creation of a cyberspace defence force by 2024, it will be composed of around 2,000 soldiers with deep expertise in cybersecurity.

Military

Military Cybersecurity Government IT

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

In February 2024, Serbian journalist Slavia Milanov was summoned to a police station after a routine traffic stop. Evidence, including the spywares installation during BIA interviews, attributes these surveillance campaigns with high confidence to the BIA and Serbian government.

Personal data

Personal data Encryption Security Privacy

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.

e-Discovery

e-Discovery Communications Ransomware Government

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

In 2023, the researchers attributed a combined total of 48 out of 58 zero-day vulnerabilities to commercial surveillance vendors (CSVs) and government espionage actors, while 10 zero-day flaws were attributed to financially motivated actors. ” continues the report.

Government

Government Ransomware Libraries Access

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Security Affairs

JANUARY 12, 2024

These findings coincide with the critical and fast-approaching Indonesian presidential election set to take place in February this year (2024). Threat actors obtained Jakarta voters’ records after breaching and exfiltrating data from web resources presumably related to the DKI Jakarta Provincial government.

Sales

Sales Risk Marketing Passwords

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The Ukrainian government experts noticed that some messages were sent from compromised contacts to increase trust. CERT-UA’s report states that the UAC-0200 activity has been tracked since summer 2024, with recent decoy messages (since February 2025) focusing on UAVs and electronic warfare.

Computer and Electronics

Computer and Electronics Archiving Passwords Government

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S. Targe including the U.S. Army, UN, NATO, and other agencies.

Data breaches

Data breaches Information Security Government Access

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

In September 2024, the Sekoia TDR team reported it had identified additional implants associated with the Quad7 botnet operation. Chinese threat actors use the Quad7 botnet in password-spray attacks to steal credentials, Microsoft warns.

Passwords

Passwords Access Cloud Government

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

. “These extensions can be configured through the C:MDaemonWorldClientWorldClient.ini file” The Mask group (aka Careto [Spanish for Ugly Face or Mask]) is a high-profile group of state-sponsored hackers that have been targeting government agencies, diplomatic offices,embassies, diplomatic offices andenergy companies.

Government

Government IT Access Information Security

ZAGG disclosed a data breach that exposed its customers’ credit card data

Security Affairs

DECEMBER 29, 2024

Attackers injected a malicious code in the FreshClick app to scrap credit card data from ZAGG.com transactions between October 26 and November 7, 2024. “On November 8, 2024, our e-commerce software platform provider, BigCommerce Inc. Compromised customer payment data includes names, addresses, and card details.

Data breaches

Data breaches IT Computer and Electronics Access

Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data

Security Affairs

AUGUST 7, 2024

Experts pointed out that government employees’ emails are a valuable target for APT groups carrying out cyber espionage campaigns. In October 2023, ESET Research revealed that a similar vulnerability was exploited by the APT group Winter Vivern to target European government entities. The flaws impact Roundcube version 1.6.7

Passwords

Passwords Government IT Information Security

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

On May 2, 2024, Judische claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank , one of the first known Snowflake victims. In a statement on Moucka’s arrest, Mandiant said UNC5537 aka Alexander ‘Connor’ Moucka has proven to be one of the most consequential threat actors of 2024.

Sales

Sales Communications Phishing Access

Misinformation and hacktivist campaigns targeting the Philippines skyrocket

Security Affairs

APRIL 16, 2024

Amidst rising tensions with China in the SCS, Resecurity observed a spike in malicious cyber activity targeting the Philippines in Q1 2024. In Q2 2024 , this growth trajectory continues, with Resecurity observing multiple cyberattacks staged by previously unknown threat actors. The full report is available here.

Government

Government Security Information Security IT

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Security Affairs

AUGUST 29, 2024

TAG experts detected multiple exploit campaigns between November 2023 and July 2024 that were used in watering hole attacks on Mongolian government websites. The researchers noticed that by February 2024, mfa.gov.mn In July 2024, the site mfa.gov.mn In July 2024, the site mfa.gov.mn ” continues the report.

Government

Government Encryption Authentication Risk

SolarWinds addressed a critical RCE in all Web Help Desk versions

Security Affairs

AUGUST 14, 2024

SolarWinds fixed a critical vulnerability, tracked as CVE-2024-28986 (CVSS score 9.8), in SolarWinds’ Web Help Desk solution for customer support. SolarWinds describes WHD as an affordable Help Desk Ticketing and Asset Management Software that is widely used by large enterprises and government organizations.

Authentication

Authentication Government Security IT

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Security Affairs

APRIL 19, 2024

The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks.

IT

IT Authentication Cybersecurity Security

UK Government Previews Cybersecurity Legislation

Data Breach Today

APRIL 1, 2025

Government Says Managed Service Providers Need More Regulation The British government pledged to introduce stricter rules surrounding incident reporting and supply chain vulnerability patching through legislation it previewed in July 2024.

Government

Government Cybersecurity Security IT

CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 16, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk deserialization of untrusted data vulnerability, tracked as CVE-2024-28986 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2024-28986 impacts all Web Help Desk versions.

IT

IT Cybersecurity Authentication Government

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

Most affected organizations are educational institutions such as schools and universities, healthcare facilities including clinics and doctors’ practices, nursing services, legal and tax advisory firms, local governments, and a multitude of medium-sized enterprises. In February 2024, the U.S.

Information Security

Information Security Cybersecurity Education Authentication

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). On April 19, 2024, CrushFTP advised of a virtual file system escape present in their FTP software that could allows users to download system files. PSIRT and Talos launched an investigation to support the customer.

IT

IT Authentication Security Access

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 16, 2024

Patch it now!

Data breaches

Data breaches Security Ransomware Sales

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

Security Affairs

JULY 23, 2024

The US government sanctioned two Russian hacktivists for their cyberattacks targeting critical infrastructure, including breaches of water facilities. In January 2024, CARR caused water tank overflows in Texas and compromised a U.S. The US government also blocked entities owned 50% or more by these individuals.

Government

Government IT Information Security Security

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Security Affairs

SEPTEMBER 23, 2024

Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region.

Phishing

Phishing File names Cloud Government

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

Security Affairs

AUGUST 18, 2024

Deciphering the Brain Cipher Ransomware Ideal typosquat ‘solana-py’ steals your crypto wallet keys Ransomware attackers introduce new EDR killer to their arsenal Beyond the wail: deconstructing the BANSHEE infostealer A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers Tusk: unraveling a complex infostealer campaign Zero (..)

Security

Security Ransomware Government IT

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs

FEBRUARY 1, 2024

The CISA’s emergency directive orders to disconnect all instances no later than 11:59PM on Friday February 2, 2024. “As soon as possible and no later than 11:59PM on Friday February 2, 2024, disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure solution products from agency networks.”

Authentication

Authentication Security Access Government

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S. Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Military

Military Security Ransomware Insurance

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Storm-2372 used the device code phishing technique since August 2024

Webinars

Trending Sources

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Webinars

CERT-UA warns of a phishing campaign targeting government entities

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Resecurity Released a 2024 Cyber Threat Landscape Forecast

Cisco addressed Webex flaws used to compromise German government meetings

FBI deleted China-linked PlugX malware from over 4,200 US computers

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Elections 2024, artificial intelligence could upset world balances

Russian Phobos ransomware operator faces cybercrime charges

Ransomware threat landscape Jan-Apr 2024: insights and challenges

Unmasking 2024’s Email Security Landscape

Awaken Likho APT group targets Russian government with a new implant

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Poland to establish Cyberspace Defence Force by 2024

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

China’s Volt Typhoon botnet has re-emerged

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Chinese threat actors use Quad7 botnet in password-spray attacks

The Mask APT is back after 10 years of silence

ZAGG disclosed a data breach that exposed its customers’ credit card data

Critical XSS bug in Roundcube Webmail allows attackers to steal emails and sensitive data

Canadian Man Arrested in Snowflake Data Extortions

Misinformation and hacktivist campaigns targeting the Philippines skyrocket

Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

SolarWinds addressed a critical RCE in all Web Help Desk versions

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

UK Government Previews Cybersecurity Legislation

CISA adds SolarWinds Web Help Desk bug to its Known Exploited Vulnerabilities catalog

German BSI warns of 17,000 unpatched Microsoft Exchange servers

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

US Gov sanctioned key members of the Cyber Army of Russia Reborn hacktivists group

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected