Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” Despite the ban on military and government devices, Ukrainian users rely heavily on Telegram to communicate and receive news on ongoing conflicts. ” continues the announcement.

Military 339

Military Government Personal data Phishing 339

Security Affairs

AUGUST 13, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities. This malware enables hidden, unauthorized access to computers.” The campaign, tracked as UAC-0198, has been active since July.

Phishing 342

Phishing Government File names Access 342

Security Affairs

OCTOBER 22, 2024

A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.” ” Chinese law requires researchers to disclose zero-day vulnerabilities to the government. reads the advisory.

Government 350

Government Cloud Access IT 350

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Government 343

Government Privacy Risk Data collection 343

WIRED Threat Level

NOVEMBER 20, 2023

A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.

Access 363

Access Government Privacy Security 363

Security Affairs

NOVEMBER 2, 2023

Clop ransomware gang gained access to the email addresses of more than 632K US federal employees at the departments of Defense and Justice. Russian-speaking Clop ransomware group gained access to the email addresses of about 632,000 US federal employees at the departments of Defense and Justice. ” states Bloomberg.

Access 342

Access Agriculture Data breaches Ransomware 342

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing 282

Phishing Authentication Access Government 282

Security Affairs

DECEMBER 3, 2024

Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 The threat actors had access to the company’s information technology systems and encrypted some of its data files. . million year-to-date. ” reads the report filed with SEC.

Ransomware 293

Ransomware Encryption Cybersecurity Access 293

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection 337

Data collection Authentication Access Cybersecurity 337

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023.

Government 331

Government Manufacturing Education Access 331

Security Affairs

JANUARY 23, 2024

The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group.

Government 339

Government Insurance Ransomware Data breaches 339

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Data breaches 279

Data breaches Communications Artificial Intelligence Government 279

Security Affairs

SEPTEMBER 20, 2024

Iran-linked APT group UNC1860 is operating as an initial access facilitator that provides remote access to Middle Eastern Networks. Mandiant researchers warn that an Iran-linked APT group, tracked as UNC1860, is operating as an initial access facilitator that provides remote access to target networks in the Middle East.

Access 309

Access Encryption Government Security 309

Security Affairs

DECEMBER 2, 2024

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Our goal is to deploy 200 new WebTunnel bridges by the end of this December (2024) to open secure access for users in Russia.” ” reads the announcement published by Tor Project.

Government 315

Government Access Security IT 315

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises. The threat actor continues to target Russian government entities and enterprises.

Government 299

Government Archiving Phishing Access 299

Security Affairs

MARCH 28, 2024

In 2023, the researchers attributed a combined total of 48 out of 58 zero-day vulnerabilities to commercial surveillance vendors (CSVs) and government espionage actors, while 10 zero-day flaws were attributed to financially motivated actors. ” continues the report. ” concludes the report.

Government 345

Government Ransomware Libraries Access 345

Security Affairs

OCTOBER 28, 2024

A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. As companies jump online, into the cloud, into SaaS, deeper into cyberspace, and further into third-party dependency, locking down their access points is of critical concern.

B2B 309

B2B Cybersecurity Risk Access 309

Security Affairs

NOVEMBER 3, 2024

Active since 2021, Storm-0940 gains access through password spraying, brute-force attacks, and exploiting network edge services, targeting sectors like government, law, defense, and NGOs in North America and Europe. “Microsoft assesses that a threat actor located in China established and maintains this network.

Passwords 329

Passwords Access Cloud Government 329

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

Government 326

Government Authentication Communications Access 326

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. In recent years, multiple threat actors, including the group TA569 , have been observed using the software as a Remote Access Trojan (RAT).

Education 339

Education Government Business Services Archiving 339

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., A French law enforcement agency has gained access to the C2 server (45.142.166.112) used to control the malware. European, and Asian entities. A court operation recently removed PlugX infections from U.S.

Government 298

Government Cybersecurity Access IT 298

WIRED Threat Level

FEBRUARY 7, 2025

The ACLU says it stands ready to sue for access to government records that detail DOGEs access to sensitive personnel data.

Access 211

Access Government IT Security 211

Security Affairs

OCTOBER 23, 2024

The charges result from an investigation conducted by the US government into public companies potentially impacted by the supply chain attack on SolarWinds’ Orion software. ” reads the press release published by SEC.

Cybersecurity 283

Cybersecurity Risk Access Government 283

Security Affairs

FEBRUARY 6, 2025

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S. Targe including the U.S. Army, UN, NATO, and other agencies.

Data breaches 195

Data breaches Information Security Government Access 195

Security Affairs

DECEMBER 11, 2024

The attackers exploited an SQL injection zero-day vulnerability to gain access to exposed XG devices. The attack used a previously unknown SQL injection vulnerability to gain access to exposed XG devices. At this time, there is no indication that the attack accessed anything on the local networks behind any impacted XG Firewall.

Passwords 185

Passwords Encryption Access Ransomware 185

Security Affairs

NOVEMBER 19, 2024

According to the indictment, Ptitsyn facilitated the worldwide use of a dangerous ransomware strain to target corporations and various organizations, including government agencies, healthcare facilities, educational institutions, and critical infrastructure. Barron for the District of Maryland.

Ransomware 284

Ransomware Education Sales Government 284

WIRED Threat Level

FEBRUARY 5, 2025

Experts question whether Edward Coristine, a DOGE staffer who has gone by Big Balls online, would pass the background check typically required for access to sensitive US government systems.

Government 363

Government Access Security 363

Security Affairs

DECEMBER 18, 2024

Threat actors accessed an MDaemon email server and used its WorldClient webmail component to maintain persistence within the compromised organization. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask. The APT group targeted an organization in Latin America in 2019 and 2022.

Government 283

Government IT Access Information Security 283

Security Affairs

OCTOBER 6, 2024

broadband providers, potentially accessing systems for lawful wiretapping and other data. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S.

Government 361

Government Access Risk Security 361

Security Affairs

NOVEMBER 13, 2024

The group managed to maintain access without being detected for as long as possible. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. and Guam without being detected.

e-Discovery 302

e-Discovery Communications Ransomware Government 302

Security Affairs

JANUARY 17, 2024

Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. The pro-Russian group launched a series of DDoS attacks against several government websites causing temporary disruptions in their accessibility. reported NCSC. reported NCSC.

Government 341

Government Access Security IT 341

Security Affairs

FEBRUARY 27, 2025

Chinese hackers gained access to the VSSE’s email server between 2021 and May 2023, stealing 10% of staff incoming and outgoing emails. Attackers gained access to VSSE HR’s data, including IDs and CVs of staff and applicants. ” reads the post by the Belgian website Le Soir. ” reported Reuters.

Security 174

Security Access Government Cybersecurity 174

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks.

Authentication 335

Authentication Libraries Access Government 335

Security Affairs

FEBRUARY 15, 2024

. “These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations. The US government operation blocked access to the routers by Russian cyberspies.

Military 338

Military Government Access Cybersecurity 338

Data Breach Today

SEPTEMBER 6, 2024

Global Outage Triggers Calls for 'Less-Invasive Access' to Essential Functions The global disruption caused by a faulty CrowdStrike software triggering a kernel panic and computer meltdowns has led government agencies, experts and vendors to call for rethinking Windows operating system resiliency, including the deep-level OS access security tools now (..)

Government 306

Government Access Security 306