Analysis, Education and Government - Information Management Today

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. ” reads the analysis published by Carbon Black Managed Detection & Response team.

Education

Education Government Business Services Archiving

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. Pierluigi Paganini.

Education

Education Government Libraries Mining

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. Static Analysis x Dynamic Analysis.

Libraries

Libraries Metadata Education Security

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.

e-Discovery

e-Discovery Communications Ransomware Government

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

ChaChi, a GoLang Trojan used in ransomware attacks on US schools

Security Affairs

JUNE 24, 2021

A new Trojan written in the Go programming language, tracked as ChaChi, was involved in ransomware attacks against government agencies and US schools. The malware was recently employed in attacks against large US schools and education organizations. . The Trojan leverages the gobfuscate GoLang tool for obfuscation.

Ransomware

Ransomware Education Cybersecurity Government

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Ransomware

Ransomware Phishing Government File names

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Horizon3 security researchers have released a proof-of-concept (PoC) exploit and technical analysis for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. VMware did not provide technical details about the flaw, then Horizon3 researchers performed an analysis of the patch. .

Authentication

Authentication Cybersecurity Access Education

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

A sophisticated threat actor, tracked as Earth Lusca, is targeting government and private organizations worldwide as for financial purposes. ”reads the analysis published by Trend Micro. However, the group still primarily relies on tried-and-true techniques to entrap a target,” concludes the analysis.

Healthcare

Healthcare Phishing Archiving Education

China-linked APT Silk Typhoon targets IT Supply Chain

Security Affairs

MARCH 5, 2025

Silk Typhoon targets multiple sectors worldwide, including information technology (IT) services and infrastructure, remote monitoring and management (RMM) companies, managed service providers (MSPs) and affiliates, healthcare, legal services, higher education, defense, government, non-governmental organizations (NGOs), and energy.

Energy and Utilities

Energy and Utilities IT Cloud Passwords

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs

DECEMBER 3, 2023

The malware was used in attacks against multiple industries, including education, real estate, retail, non-profit organizations, telecom companies, and governments. The analysis of the C2 infrastructure revealed that it dates back to 2020.

Retail

Retail Education Communications Government

Zero-day exploit used to hack iPhones of Al Jazeera employees

Security Affairs

DECEMBER 21, 2020

“In July and August 2020, government operatives used NSO Group ’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. Investments in journalist security and education must be accompanied by efforts to regulate the sale, transfer, and use of surveillance technology.”

Government

Government Security awareness Education Sales

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.” ” reads the joint advisory. mstsc.exe A native tool that establishes an RDP connection to a host.

Ransomware

Ransomware Manufacturing Education Passwords

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. . ” reads the analysis published by FireEye. through 2020.2.1

Military

Military Cybersecurity Communications Government

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

” states the analysis published by FireEye. The groups targeted organizations in the business services, financial, health, retail/consumer, aero-military, engineering and manufacturing, government, education, transportation, and utilities industries.

Manufacturing

Manufacturing Phishing Military Retail

Personal Data and docs of Swiss town Rolle available on the dark web

Security Affairs

AUGUST 26, 2021

Initially the municipal government in the town downplayed the incident, saying that attackers stole only a small amounts of data and that all the information had been restored from backup copies. The threat actors compromised some administrative servers and exfiltrated sensitive documents.

Personal data

Personal data Ransomware Data breaches Education

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

A deeper analysis of some of these samples revealed that they were compiled in 2014 and used in the wild between 2014 and 2015. reads the analysis published by Symantec. According to the firm, the US cyber spies are targeting various industry sectors and government agencies.

Government

Government Cybersecurity Education Security

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

The group is very sophisticated and used zero-day exploits and complex malware to conduct targeted attacks against governments and organizations in almost every industry, including financial, energy, telecommunications, and education, aerospace. ” reads the analysis. “The described installation technique is unique.

Communications

Communications Encryption Education Authentication

58% of all nation-state attacks in the last year were launched by Russian nation-state actors

Security Affairs

OCTOBER 8, 2021

Microsoft revealed that Russia-linked cyberespionage groups are behind the majority of the nation-state cyber attacks on US government agencies. Microsoft revealed that most of the cyber attacks on US government agencies are orchestrated by Russia-linked cyberespionage groups. ” continues the report.

Government

Government Education Security IT

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Security Affairs

OCTOBER 2, 2023

“From our analysis of WS_FTP, we found that there are about 2.9k Most of these online assets belong to large enterprises, governments and educational institutions.” ” continues Assetnote. hosts on the internet that are running WS_FTP (and also have their webserver exposed, which is necessary for exploitation).

Authentication

Authentication Cybersecurity Education Government

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

The operation targeted many organizations in critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. organizations since 2020. law enforcement). According to the French ANSSI cybersecurity agency, LockBit 3.0

Ransomware

Ransomware Cybersecurity Agriculture Education

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Security Affairs

OCTOBER 6, 2021

The majority of intercepted credentials by Agent Tesla related to financial services, online-retailers, e-government systems and personal and business e-mail accounts. . Researchers found active instances of Agent Tesla and developed a mechanism to enumerate the affected clients and extract compromised data.

Financial Services

Financial Services Retail Education Information Security

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The group has continued launching attacks against entities in Southeast Asia, including military, satellite communications, media and educational organizations. ” reads the analysis published by Symantec. The Thrip group has been active since 2013, but this is the first time Symantec publicly shared details of its activities.

Military

Military Communications Government Education

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. ” reads the analysis published by Unit 42. Analysis of the C2 for a second Sword2033 sample revealed that the domain *.saspecialforces.co[.]za org over port 8443 for C2.

Communications

Communications Military Government Libraries

Data leak exposes sensitive data of all Ecuador ‘citizens

Security Affairs

SEPTEMBER 16, 2019

Data were left unsecured online on a misconfigured Elasticsearch server, exposed data includes full PII, marital status and date of marriage, level of education, financial info, and more. . Security experts at vpnMentor have discovered a huge data leak affecting Ecuador that exposed data belonging to 20 million Ecuadorian Citizens.

Data breaches

Data breaches Education Government Security

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

Security Affairs

SEPTEMBER 11, 2023

Most of the victims of the campaign are education, government, and healthcare organizations, as well as human rights activists and journalists. ” reads the analysis published by ESET. ESET reported that the Sponsor backdoor was deployed to at least 34 victims in Brazil, Israel, and the United Arab Emirates.

Education

Education Access Government Security

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Security Affairs

JUNE 21, 2019

Turla (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ), has been active since at least 2007 targeting government organizations and private businesses. ” reads the analysis published by Symantec. The three recent Turla campaigns targeted governments and international organizations worldwide.

Communications

Communications Government Data collection Education

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 26, 2023

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software New InfectedSlurs Mirai-based botnet exploits two zero-days SiegedSec hacktivist group hacked Idaho National Laboratory (INL) CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog Enterprise software provider TmaxSoft leaks 2TB of data (..)

Security

Security Ransomware Data breaches Libraries

Experts observed the growth of hi-tech crime landscape in Asia in 2018

Security Affairs

MARCH 19, 2019

Security experts at Group-IB presented at Money2020 Asia the results of an interesting analysis of hi-tech crime landscape in Asia in 2018. Group-IB Threat Intelligence team identified hundreds of compromised credentials from Singaporean government agencies and educational institutions over the course of 2017 and 2018.

Sales

Sales Passwords Government Marketing

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization.

Cloud

Cloud Phishing Government Education

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

MARCH 18, 2019

UK intelligence agency GCHQ, as part of the celebration of its centenary , has released emulators for World War II cipher machines that can be executed in the encryption app CyberChef released for educational purposes. We even tested them against the real thing! According to the GCHQ, CodeChef runs in Chrome and Firefox.

Encryption

Encryption Military Education Communications

Cyber espionage campaign targets Asian countries since 2021

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021.

Government

Government Access Libraries Education

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). ” reads the report published by the Google TAG.

Phishing

Phishing Military Ransomware Education

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Educate your employees on threats and risks such as phishing and malware. Related: Cyber espionage is in a Golden Age.

Cybersecurity

Cybersecurity Passwords Military Education

CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild

Security Affairs

NOVEMBER 11, 2018

The analysis of the hacked server revealed that it had all ColdFusion updates installed, except for the CVE-2018-15961 fix. ” continues the analysis. The servers belong to state government, educational, healthcare, and humanitarian aid organizations and each of them had been defaced or presented attempts to upload a webshell.

Education

Education Authentication Security Government

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. ” reads the analysis published by Google TAG. In one case, the group posed as a journalist for a South Korean news agency and sent benign emails with an interview request to North Korea experts.”

Phishing

Phishing Passwords Military Education

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Security Affairs

APRIL 13, 2023

The hackers targeted diplomatic entities and systems transmitting sensitive information about the region’s politics, aiding Ukrainian citizens fleeing the country, and providing help to the government of Ukraine. reads the analysis published by BlackBerry. ” reads the report published by the Poland government.

Libraries

Libraries Military Education Government

Defining responsible AI governance with UCLA Health

Collibra

JUNE 27, 2024

Healthcare executives are doubting whether their returns on AI investments will materialize, highlighting the importance of risk assessment and impact analysis. UCLA Health is at the forefront of AI innovation in healthcare and has partnered with Collibra to bring clear, accessible AI governance to all levels of its organization.

Government

Government Artificial Intelligence Access Libraries

NetWalker ransomware operators have made $25 million since March 2020

Security Affairs

AUGUST 4, 2020

and foreign government organizations. and foreign government organizations, education entities, private companies, and health agencies by unidentified cyber actors.” Last week, the FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. reads the alert. public health organization.

Ransomware

Ransomware Phishing Encryption Education

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

Security Affairs

APRIL 12, 2023

“QuaDream Ltd (קוודרים בע”מ) is an Israeli company that specialises in the development and sale of advanced digital offensive technology to government clients. The victims were identified using a set of indicators of compromise based on an analysis of samples shared with Citizen Lab by Microsoft Threat Intelligence.

Government

Government Education Sales Marketing

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The Royal group began reconnaissance activity in April 2023, and the analysis of system log data dates the beginning of the surveillance operations on April 7, 2023. Between April 7, 2023, and May 4, 2023, Royal performed data exfiltration and ransomware delivery preparation activities.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

Security Affairs

NOVEMBER 23, 2020

Sonatype has discovered more malware in the npm registry which, following our analysis and multiple cyber threat intelligence reports, has led to the discovery of a novel and large scale malware campaign leveraging the open-source ecosystem. It is worth noting xpc.js What is xpc.js and what does it do? About the author: Ax Sharma.

Archiving

Archiving IT Security Education

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Cleanup

Cleanup Libraries Access Manufacturing

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

Security Affairs

JANUARY 13, 2023

The attacks started in March 2022 and targeted government and critical infrastructure organizations. Interestingly, NoName057(16) makes attempts to teach their followers through educational content such as explaining basic industry jargon and attack concepts.” ” reads the analysis published by SentinelOne.

Education

Education Security Government IT

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Webinars

Trending Sources

Malicious file analysis – Example 01

Webinars

China’s Volt Typhoon botnet has re-emerged

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

ChaChi, a GoLang Trojan used in ransomware attacks on US schools

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Financially motivated Earth Lusca threat actors targets organizations worldwide

China-linked APT Silk Typhoon targets IT Supply Chain

New Agent Raccoon malware targets the Middle East, Africa and the US

Zero-day exploit used to hack iPhones of Al Jazeera employees

FBI and CISA warn of attacks by Rhysida ransomware gang

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Personal Data and docs of Swiss town Rolle available on the dark web

Purple Lambert, a new malware of CIA-linked Lambert APT group

DePriMon downloader uses a never seen installation technique

58% of all nation-state attacks in the last year were launched by Russian nation-state actors

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

Cybersecurity agencies published a joint LockBit ransomware advisory

Exclusive: Researchers dumped Gigabytes of data from Agent Tesla C2Cs

Symantec uncovered the link between China-Linked Thrip and Billbug groups

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Data leak exposes sensitive data of all Ecuador ‘citizens

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Experts observed the growth of hi-tech crime landscape in Asia in 2018

China-linked APT41 group spotted using open-source red teaming tool GC2

GCHQ implements World War II cipher machines in encryption app CyberChef

Cyber espionage campaign targets Asian countries since 2021

Google TAG warns of Russia-linked APT groups targeting Ukraine

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Defining responsible AI governance with UCLA Health

NetWalker ransomware operators have made $25 million since March 2020

QuaDream surveillance firm’s spyware targeted iPhones with zero-click exploit

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Massive threat campaign strikes open-source repos, Sonatype spots new CursedGrabber malware

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

Stay Connected