Course, Government and Security - Information Management Today

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

OCTOBER 12, 2020

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The agencies warn of risk to elections information housed on government networks. ” reads the report. ” continues the alert. . ” continues the alert.

Government

Government Authentication Access Risk

Ex Twitter employee found guilty of spying for Saudi Arabian government

Security Affairs

AUGUST 10, 2022

In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. The two former Twitter employees operated for the Saudi Arabian government with the intent of unmasking dissidents using the social network.

Government

Government Marketing Access IT

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Each company brings its own security (or lack thereof) into the game, so your overall security status is essentially the average of yours, plus anyone else’s to whom you’re connected (i.e.,

B2B

B2B Cybersecurity Risk Access

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Estonia ‘s police arrested a Tallin resident who stole 286K ID scans from a government DB

Security Affairs

JULY 30, 2021

Estonia ‘s police arrested a man from Tallinn that is suspected to be the hacker who stole 286K ID scans from the government systems. Estonian police arrested a man from Tallinn that is suspected to have stolen 286,438 belonging to Estonians citizens from the government systems. or take a new document photo. .

Government

Government Access Personal data Sales

Exodus, a government malware that infected innocent victims

Security Affairs

MARCH 30, 2019

Security researchers have found a new government spyware, tracked as Exodus, that was distributed through the Google Play Store. This time, researchers discovered more than 20 malicious apps went unnoticed by Google over the course of roughly two years. ” continues the analysis. on November 6, 2017.”

Government

Government Marketing Compliance Security

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Security Affairs

NOVEMBER 6, 2024

Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue a full ban on the platform. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc.

Security

Security Government Risk Data collection

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Security Affairs

AUGUST 5, 2020

ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum. According to Bank Security , all the Pulse Secure VPN servers included in the list were vulnerable to the CVE-2019-11510 flaw.

Passwords

Passwords Security Ransomware Military

European Commission has chosen the Signal app to secure its communications

Security Affairs

FEBRUARY 25, 2020

. “The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications.” There is no doubt, Signal is the first choice for hackers and security experts … and not only them. SecurityAffairs – security, Signal).

Communications

Communications IT Security Encryption

US Army banned the popular TikTok app over China security concerns

Security Affairs

JANUARY 3, 2020

Army this week has banned the popular TikTok app from government mobile amid fear of China-linked cyberespionage. The US Army has banned the use of the popular TikTok app on mobile phones used by its personnel for security reasons. “We do not allow it on government phones.” ” Source: Il Messaggero.

Security

Security Government Military Privacy

Poland institutions and individuals targeted by an unprecedented series of cyber attacks

Security Affairs

JUNE 16, 2021

Poland ‘s government announced that it was targeted by an ‘Unprecedented’ series of cyber attacks, hackers hit against institutions and individuals. Mateusz Morawiecki had to provide details about the attacks presenting secret documents related to attacks, as anticipated by government spokesman Piotr Muller.

Metadata

Metadata Government Phishing Communications

Russia-linked APT28 targets govt bodies with fake NATO training docs

Security Affairs

SEPTEMBER 23, 2020

Russia-linked cyberespionage group APT28 uses fake NATO training documents as bait in attacks aimed at government bodies. The Russia-linked cyberespionage group APT28 is behind a string of attacks that targeting government bodies with Zebrocy Delphi malware. The researchers analyzed files (Course 5 – 16 October 2020.zipx)

Military

Military Government Encryption Communications

MY TAKE: RSAC 2024’s big takeaway: rules-based security is out; contextual security is taking over

The Last Watchdog

MAY 13, 2024

Secretary of State Antony Blinken opened RSA Conference 2024 last week issuing a clarion call for the cybersecurity community to defend national security, nurture economic prosperity and reinforce democratic values. And, of course, this has created new tiers of criminal hacking opportunities. KINGSTON, Wash. — U.S.

Security

Security Cloud Artificial Intelligence Cybersecurity

British Court rejects the US’s request to extradite Julian Assange

Security Affairs

JANUARY 4, 2021

A British court has rejected the request of the US government to extradite Wikileaks founder Julian Assange to the country. Of course, the U.S. government will likely appeal the decision. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Military

Military Government Risk Passwords

Hackers accessed Stormshield data, including source code of ANSSI certified products

Security Affairs

FEBRUARY 4, 2021

The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients. Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks. ” continues Stormshield. ” continues Stormshield.

Access

Access Data breaches Passwords Government

Japanese government’s cybersecurity strategy chief has never used a computer

Security Affairs

NOVEMBER 17, 2018

The Japanese government’s cybersecurity strategy chief Yoshitaka Sakurada is in the middle of a heated debate due to his admission about his cyber capability. Of course, the response shocked the audience, including Imai. “It’s a matter that should be dealt with by the government as a whole. ” said Imai.

Cybersecurity

Cybersecurity Military Government Security

Poland: The leader of the PiS party blames Russia for the recent attack

Security Affairs

JUNE 20, 2021

The media reported that the politicians targeted by the hackers used their private Gmail accounts for communications, instead of using their secure government accounts. According to Muller, the attacks did not target only Dworczyk, hackers also targeted government members, the PiS party, and a large group of people. aw Gowin.”.

Metadata

Metadata Government Phishing Communications

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Security Affairs

FEBRUARY 15, 2024

. “These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. and foreign governments and military, security, and corporate organizations. ” continues the press release.

Military

Military Government Access Cybersecurity

Two former Twitter employees charged of spying on Users for Saudi Arabian Government

Security Affairs

NOVEMBER 7, 2019

Two former Twitter employees have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. Two former Twitter employees have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government.

Government

Government Marketing Privacy Risk

Supply Chain Security 101: An Expert’s View

Krebs on Security

OCTOBER 12, 2018

alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. Tony Sager, senior vice president and chief evangelist at the Center for Internet Security. TS: Like a lot of things in security, the economics always win.

Security

Security Computer and Electronics IoT Cloud

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

The Last Watchdog

APRIL 16, 2020

NotPetya wrought $10 billion in damages , according to Tom Bossert a senior Department of Homeland Security official at the time. This is true of all software, of course. Of course it’s rarely practical to lock down everything. For instance, a scan might turn up a configuration setting that ought to be changed to boost security.

Security

Security Ransomware Authentication Access

Sopra Steria hit by the Ryuk ransomware gang

Security Affairs

OCTOBER 23, 2020

Security measures have been taken to limit the risk of propagation.” “According to our sources, the incident started to spread during the course of last night. The post Sopra Steria hit by the Ryuk ransomware gang appeared first on Security Affairs. ” reads the press release published by the company.

Ransomware

Ransomware Computer and Electronics Mining Manufacturing

Alleged docs relating to Covid-19 vaccine leaked in darkweb

Security Affairs

JANUARY 1, 2021

Security experts from threat intelligence firm Cyble have found several documents relating to the Covid-19 vaccine allegedly stolen from the European Medicines Agency (EMA) leaked in the Darkweb. Further information will be made available in due course.”. reads the EMA’s announcement. Pierluigi Paganini. Pierluigi Paganini.

Healthcare

Healthcare Marketing Authentication Access

Ministry of Defence academy hit by state-sponsored hackers

Security Affairs

MARCH 22, 2021

The Defence Academy of the United Kingdom provides higher education for personnel in the British Armed Forces, Civil Service, other government departments and service personnel from other nations. The majority of training is postgraduate with many courses being accredited for the award of civilian qualifications. Teaching continues.”.

Education

Education Military Government IT

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Ransomware

Ransomware Phishing Government File names

Finnish intelligence warns of Russia’s cyberespionage activities

Security Affairs

OCTOBER 3, 2022

The Finnish Security Intelligence Service ( SUPO ) warns Russia will highly likely intensify its cyber activity over the winter. The Finnish Security Intelligence Service ( Suojelupoliisi or SUPO ) warn of a highly likely intensification of cyberespionage activities conducted by Russia-linked threat actors over the winter.

Manufacturing

Manufacturing Access Security Government

It’s Way Too Easy to Get a.gov Domain Name

Krebs on Security

NOVEMBER 26, 2019

federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a.gov domain versus a commercial one ending in.com or.org. WHO WANTS TO BE A GOVERNMENT? Many readers probably believe they can trust links and emails coming from U.S. Then you either mail or fax it in.

Government

Government Security Cybersecurity IT

The cyber attack against Austria’s foreign ministry has ended

Security Affairs

FEBRUARY 15, 2020

Despite all the intensive security measures, there is no 100-percent protection against cyberattacks.”. The highest possible data security at the Foreign Ministry is guaranteed and no damage to the IT equipment could be detected.”. The attack took place on the evening of Saturday 4 January evening and it was quickly detected.

Government

Government IT Security Access

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Cybersecurity Sales Blockchain

1.2 million CPR numbers for Danish citizen leaked through tax service

Security Affairs

FEBRUARY 10, 2020

And of course we need to be able to make sure that our suppliers handle all data according to applicable law and within the framework agreed upon with them.” ” states the Government Agency. Peter Kruse, cyber security expert and founder of the CSIS group, explained that Google had access to 1.2 Pierluigi Paganini.

Encryption

Encryption Libraries Access Government

NCSC warns of a surge in ransomware attacks on education institutions

Security Affairs

SEPTEMBER 20, 2020

National Cyber Security Centre (NCSC) has issued an alert about a surge in ransomware attacks targeting education institutions. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware attacks against education institutions. backup servers, network shares, servers, auditing devices). Pierluigi Paganini.

Education

Education Ransomware Phishing Encryption

Hackers used Scanbox framework to hack Pakistani Govt’s passport application tracking site

Security Affairs

MARCH 18, 2019

Security experts at Trustwave have shared their findings of a recent data breach suffered by a Pakistani government website. Most of the victims of the hack were, of course, Pakistani citizens, followed by Saudi Arabia, the United States, and China. SecurityAffairs – ScanBox, Pakistan government). Pierluigi Paganini.

Sales

Sales Government Data breaches Security

DHS BOD 19-02 directive – Critical flaws must be fixed within 15 Days

Security Affairs

MAY 1, 2019

Department of Homeland Security (DHS) issued a new Binding Operational Directive ( BOD 19-02 ) ordering federal agencies and departments quickly patch serious vulnerabilities in Internet-facing systems. Government systems exposed online undergo Cyber Hygiene vulnerability assessment to help agencies identify flaws. Pierluigi Paganini.

Government

Government Risk Access Security

The Top 5 Reasons to Use an API Management Platform

Security Affairs

NOVEMBER 20, 2023

Organizations need to govern and control the API ecosystem, this governance is the role of API management. – Authentication and Security : APIs may require authentication for access control. organizations need to govern and control the API ecosystem. This governance is the role of API management.

Authentication

Authentication Risk Government Security

Israel Defense Forces were searching systems to spy on private social media messages

Security Affairs

OCTOBER 22, 2018

Monitoring of social media platforms is a crucial activity for intelligence agencies, almost any government is working to gather intelligence for these systems. “ The surveillance system have to allow government operators to spy on users by searching for targeted keywords, such as terror, resistance, nationality and religion.

Government

Government Cybersecurity Security IT

MICROCHIPS Act aims at improving tech supply chain

Security Affairs

AUGUST 1, 2019

2316 ) – Two US Senators have introduced a bill to protect US government supply chain against foreign sabotage and cyber espionage. 2316) that aims at protecting US government supply chain against foreign sabotage and cyber espionage. SecurityAffairs – Supply Chain Security, MICROCHIPS Act). MICROCHIPS Act ( S.

Military

Military Manufacturing Government Security

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.” and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes in activity throughout the course of 2019. .”

Energy and Utilities

Energy and Utilities Access Passwords Cybersecurity

Leveraging Metadata for Enhanced Information Governance

Gimmal

NOVEMBER 21, 2024

Enter metadata—a powerful tool that can revolutionize your information governance strategy. Facilitate Compliance and Governance : Use metadata to automate records management processes, apply retention policies, and ensure regulatory compliance. The labeled can, of course. You come across two cans: A plain can with no label.

Metadata

Metadata Information governance Government Records Management

Upcoming Ukraine elections in the crosshairs of hackers

Security Affairs

JANUARY 26, 2019

Ukraine reported a surge in cyber attacks aimed at disrupting the upcoming presidential election, the Government believes that Russian nation-state actors could be responsible for them. Of course, Russia has denied any involvement in hacking campaigns aimed at Ukraine’s elections. said Kremlin spokesman Dmitry Peskov. .

Phishing

Phishing Passwords Government Access

European Medicines Agency targeted by cyber attack

Security Affairs

DECEMBER 9, 2020

Further information will be made available in due course.” Nation-state actors consider organizations involved in the research of the vaccine a strategic target to gather intelligence on the ongoing response of the government to the pandemic. .” reads the EMA’s announcement. Pierluigi Paganini.

Access

Access Government IT Security

US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IP

Security Affairs

JULY 25, 2020

Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. F5 has released security updates to address the issue along with some mitigations that should prevent exploitation.

Education

Education Government Passwords Authentication

Russian and Belarusian men charged with spying for Russian GRU

Security Affairs

JANUARY 8, 2023

“Based on the materials collected by the Military Counterintelligence Service and the material collected in the course of the investigation, it was established that they participated in the activities of the Russian military intelligence” said the Warsaw prosecutor’s office. Pierluigi Paganini.

Military

Military Ransomware Government Security

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Security Affairs

MAY 14, 2019

The surveillance software developed by NSO Group was used by government organizations worldwide to spy on human rights groups , activists, journalists, lawyers, and dissidents. Security experts have detected and analyzed some of the tools in its arsenals, such as the popular Pegasus spyware (for iOS) and Chrysaor (for Android). .

Government

Government Security IT Information Security

Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’

Security Affairs

JANUARY 14, 2019

According to the cyber security community, NotPetya is a cyber weapon develped by Russia to hit the Ukrainian government. Of course, this situation will not have a simple resolution, even if Zurich has found a way to avoid paying the policy, it will be obliged to prove the attribution of the attack to Russia. Pierluigi Paganini.

Insurance

Insurance Ransomware Sales Government

RuNet – Russia successfully concluded tests on its Internet infrastructure

Security Affairs

DECEMBER 24, 2019

Russia’s government announced that it has successfully concluded a series of tests for its RuNet intranet aimed at country disconnection from the Internet. The Russian Government has announced on Monday that it has successfully concluded the test on its RuNet intranet and the complete disconnection of the country from the Internet.

IT

IT Communications Government Personal data

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Ex Twitter employee found guilty of spying for Saudi Arabian government

Webinars

Trending Sources

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Webinars

Estonia ‘s police arrested a Tallin resident who stole 286K ID scans from a government DB

Exodus, a government malware that infected innocent victims

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

European Commission has chosen the Signal app to secure its communications

US Army banned the popular TikTok app over China security concerns

Poland institutions and individuals targeted by an unprecedented series of cyber attacks

Russia-linked APT28 targets govt bodies with fake NATO training docs

MY TAKE: RSAC 2024’s big takeaway: rules-based security is out; contextual security is taking over

British Court rejects the US’s request to extradite Julian Assange

Hackers accessed Stormshield data, including source code of ANSSI certified products

Japanese government’s cybersecurity strategy chief has never used a computer

Poland: The leader of the PiS party blames Russia for the recent attack

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Two former Twitter employees charged of spying on Users for Saudi Arabian Government

Supply Chain Security 101: An Expert’s View

NEW TECH: Semperis introduces tools to improve security resiliency of Windows Active Directory

Sopra Steria hit by the Ryuk ransomware gang

Alleged docs relating to Covid-19 vaccine leaked in darkweb

Ministry of Defence academy hit by state-sponsored hackers

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Finnish intelligence warns of Russia’s cyberespionage activities

It’s Way Too Easy to Get a.gov Domain Name

The cyber attack against Austria’s foreign ministry has ended

New Leak Shows Business Side of China’s APT Menace

1.2 million CPR numbers for Danish citizen leaked through tax service

NCSC warns of a surge in ransomware attacks on education institutions

Hackers used Scanbox framework to hack Pakistani Govt’s passport application tracking site

DHS BOD 19-02 directive – Critical flaws must be fixed within 15 Days

The Top 5 Reasons to Use an API Management Platform

Israel Defense Forces were searching systems to spy on private social media messages

MICROCHIPS Act aims at improving tech supply chain

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

Leveraging Metadata for Enhanced Information Governance

Upcoming Ukraine elections in the crosshairs of hackers

European Medicines Agency targeted by cyber attack

US CISA warns of attacks exploiting CVE-2020-5902 flaw in F5 BIG-IP

Russian and Belarusian men charged with spying for Russian GRU

WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware

Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’

RuNet – Russia successfully concluded tests on its Internet infrastructure

Stay Connected