Data collection, Government and Security - Information Management Today

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

The threat actors used exploits for the above issues in attacks against organizations in various sectors globally, allowing the APT group to access sensitive data and deploy infrastructure for ongoing data collection. cyber agencies warned.

Data collection

Data collection Authentication Access Cybersecurity

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Government

Government Privacy Risk Data collection

Look Beyond TikTok: Massive Data Collection Is the Real Risk

Data Breach Today

MARCH 29, 2023

All Social Media Apps Collect Information on a Scale That Facilitates Surveillance There's much national security ado about how much user data gets collected by the Chinese-owned, wildly popular video-sharing app TikTok.

Data collection

Data collection Risk Government Security

Webinars

Going Beyond Chatbots: Connecting AI to Your Tools, Systems, & Data

Automation, Evolved: Your New Playbook for Smarter Knowledge Work

MORE WEBINARS

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Security Affairs

NOVEMBER 6, 2024

Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue a full ban on the platform. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc.

Security

Security Government Risk Data collection

Canada is going to ban TikTok on government mobile devices

Security Affairs

MARCH 1, 2023

The Canadian government announced it will ban the video app TikTok from all government-issued devices over security concerns. Canada is going to ban the popular Chinese video-sharing app TikTok from the mobile devices of its employees over security concerns. The app will be removed from government devices this week.

Government

Government Privacy Risk Data collection

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 9, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Phishing

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates. The access was first blocked via national provider Turk Telecom (AS9121), but later other service providers applied the government restrictions. local time (8:30 p.m.

Military

Military Data collection Government Access

Hackers targeted the US Census Bureau network, DHS report warns

Security Affairs

OCTOBER 11, 2020

The US Department of Homeland Security revealed that unknown threat actors have targeted the network of the US Census Bureau during the last year. The US Census Bureau is the largest US federal government statistical agency responsible dedicated to providing current facts and figures about America’s people, places, and economy.

Government

Government Data collection Access Communications

AI Governance vs. Data Governance: Understanding the Differences and Opportunities

Gimmal

JANUARY 8, 2025

AI Governance vs. Data Governance: Understanding the Differences and Opportunities Written by In our current rapidly evolving technological landscape, enterprises are collecting, analyzin g, and lev eraging unprecedented amounts of data. YouTube Video: What is AI governance? What is AI Governance?

Government

Government Information governance Privacy Compliance

Mobile virtual network operator Mint Mobile discloses a data breach

Security Affairs

DECEMBER 23, 2023

. “We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information. ” reads the data breach notification email sent to the impacted customers.

Data breaches

Data breaches Data collection Passwords Access

CIRWA Project tracks ransomware attacks on critical infrastructure

Security Affairs

SEPTEMBER 14, 2020

These are based on publicly disclosed incidents in the media or security reports.” ” Anyone can request access to the data by compiling this form. According to the summary findings related to the period 2013-2020, the most targeted critical infrastructures are government facilities, followed by education and healthcare.

Ransomware

Ransomware Data collection Education Security

Threat Report Portugal: Q2 2020

Security Affairs

AUGUST 14, 2020

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática.

Phishing

Phishing Data collection Retail Security awareness

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

JUNE 19, 2021

The security breach took place on on May 14, and the institute discovered it only on May 31, then the research institute reported the incident to the government and launched an investigation. In accordance with this, the attacker IP is blocked and the VPN system security update is applied.” ” reported the Reuters.

Phishing

Phishing Government Data collection Cybersecurity

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

.” The Andariel APT (aka Stonefly) has been active since at least 2015, it was involved in several attacks attributed to the North Korean government. Lazarus APT is an umbrella for sub-groups, each of them has specific objectives in defense, politics, national security, and research and development.

Agriculture

Agriculture Data collection Access Manufacturing

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Zebrocy is mainly used against governments and commercial organizations engaged in foreign affairs.

Phishing

Phishing Healthcare Military Data collection

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Security Affairs

FEBRUARY 12, 2023

Australia’s Defense Department announced that they will remove surveillance cameras made by Chinese firms linked to the government of Beijing. Australia’s Defense Department is going to replace surveillance cameras made by Chinese firms Hikvision and Dahua, who are linked to the government of Beijing. ” reported The Guardian. .

Manufacturing

Manufacturing Government Risk Communications

Supply Chain Security 101: An Expert’s View

Krebs on Security

OCTOBER 12, 2018

alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. Tony Sager, senior vice president and chief evangelist at the Center for Internet Security. TS: Like a lot of things in security, the economics always win.

Security

Security Computer and Electronics IoT Cloud

Secret Service Investigates Breach at U.S. Govt IT Contractor

Krebs on Security

SEPTEMBER 9, 2019

Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. government IT contractor that does business with more than 20 federal agencies, including several branches of the military.

IT

IT Government Access Military

Threat Report Portugal: Q4 2020

Security Affairs

JANUARY 26, 2021

The Threat Report Portugal: Q4 2020 compiles data collected on the malicious campaigns that occurred from October to December, Q4, of 2020. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist.

Phishing

Phishing Retail Security awareness Data collection

Threat Report Portugal Q1 2020

Security Affairs

APRIL 20, 2020

The Threat Report Portugal: Q1 2020 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2020. Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist.

Phishing

Phishing Retail Security awareness Data collection

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

Security Affairs

SEPTEMBER 26, 2023

The BORN funded by the government of Ontario disclosed a data breach that impacts some 3.4 BORN Ontario hired cybersecurity experts to mitigate the threat, secure its infrastructure, and investigate the scope of the incident. million newborns and pregnancy care patients appeared first on Security Affairs. million people.

Data breaches

Data breaches Ransomware Data collection Cybersecurity

GDPR and The Data Governance Imperative

AIIM

SEPTEMBER 12, 2018

Data Privacy and Open Data: Secondary Uses under GDPR. Mitigate Data Privacy and Security Risks with Machine Learning. The Privacy and Security Dichotomy. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Government Information governance Compliance

China-linked hackers target telcos to steal 5G secrets

Security Affairs

MARCH 17, 2021

. “While the initial vector for the infection is not entirely clear, the McAfee ATR team believes with a medium level of confidence that victims were lured to a domain under control of the threat actor, from which they were infected with malware which the threat actor leveraged to perform additional discovery and data collection.”

Data collection

Data collection Phishing Government Security

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Security Affairs

JUNE 21, 2019

Turla (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ), has been active since at least 2007 targeting government organizations and private businesses. The three recent Turla campaigns targeted governments and international organizations worldwide. Pierluigi Paganini. SecurityAffairs – Turla, hacking).

Communications

Communications Government Data collection Education

The What & Why of Data Governance

erwin

MARCH 4, 2021

Modern data governance is a strategic, ongoing and collaborative practice that enables organizations to discover and track their data, understand what it means within a business context, and maximize its security, quality and value. The What: Data Governance Defined. Where is it?

Government

Government Digital transformation GDPR Compliance

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ that has been targeting military and government entities since 2018.

Archiving

Archiving Military Communications Phishing

Happy Information Governance Day

Data Protection Report

FEBRUARY 20, 2025

Happy February 20 th and Information Governance Day! Today is an opportunity to reflect on the evolution of information governance and, more importantly, its future. In our view, information governance is in its ascendency and is only becoming more and more important to our clients.

Information governance

Information governance Government e-Discovery Records Management

Report: Recent 10x Increase in Cyberattacks on Ukraine

Krebs on Security

MARCH 11, 2022

The increase in malicious activity detected by Quad9 is the latest chapter in an ongoing series of cyberattacks against Ukrainian government and civilian systems since the outset of the war in the last week of February. But the data collected by Quad9 suggest that a great deal of low-level cyberattacks targeting Ukrainians remain ongoing.

Phishing

Phishing Military Government Data collection

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Security Affairs

SEPTEMBER 20, 2024

Research conducted by ARD’s Panorama and STRG_F revealed that data collected during surveillance is processed using statistical methods, effectively breaking Tor’s anonymity. German law enforcement agencies have been surveilling Tor network by operating their own servers for months. And the Tor Network is healthy.”

Privacy

Privacy Data collection Encryption Access

Russian spies are attempting to tap transatlantic undersea cables

Security Affairs

MARCH 1, 2020

Attacks against undersea cables are not a novelty, in 2014 The Register published information on a secret British spy base located at Seeb on the northern coast of Oman, a strategic position that allows the British Government to tap to various undersea cables passing through the Strait of Hormuz into the Persian/Arabian Gulf.

Military

Military Communications Data collection Access

Hundreds of C-level executives credentials available for $100 to $1500 per account

Security Affairs

NOVEMBER 28, 2020

ZDnet confirmed the authenticity for some of the data available for sale. Experts from threat intelligence firm KELA , speculate the threat actor could have obtained the credentials buying “Azor logs,” which are lots of data stolen from computers infected with the AzorUlt info-stealer trojan. ” reported ZDNet.

Sales

Sales Access Retail Data collection

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

The Last Watchdog

APRIL 9, 2020

Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. The many privacy and security issues raised by IoT, however, are another story. The addressing of IoT privacy and security concerns lags far, far behind.

IoT

IoT Security Cloud Privacy

5G Security

Schneier on Security

JANUARY 14, 2020

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. The 5G security problems are threefold.

Security

Security Data collection Marketing Encryption

US sued TikTok and ByteDance for violating children’s privacy laws

Security Affairs

AUGUST 3, 2024

According to COPPA, website operators are forbidden from collecting, using, or disclosing personal information from children under 13 without parental consent and mandates deletion of such data upon parental request. In 2019, the government sued TikTok’s predecessor, Musical.ly, for COPPA violations.

Privacy

Privacy Data collection Risk IT

Cybercriminals Are Targeting AI Conversational Platforms

Security Affairs

OCTOBER 9, 2024

Bots can collect valuable data from user interactions, which can be analyzed to gain insights into customer preferences and behaviors. At the same time, it creates a major risk in terms of data protection, as the data collected from users may reveal sensitive information due to personalized interactions.

Communications

Communications Risk Cybersecurity Personal data

Coronavirus app: will Australians trust a government with a history of tech fails and data breaches?

The Guardian Data Protection

APRIL 25, 2020

But it’s an uphill battle due to a long history of secrecy and failures to live up to promises on security and privacy of Australians’ data. Location information (outside of postcode) isn’t retained.

Government

Government Data breaches Data collection Privacy

Privacy in an open-data world: Why government agencies need to be proactive

Collibra

JUNE 23, 2023

Government agencies — from DC to Duluth, NYC to LA — are struggling. The ever-growing digitalization of our world has raised significant concerns about data privacy and security, particularly for agencies that manage and process sensitive and confidential information. There’s no going back. They must choose both.

Privacy

Privacy Government Data Privacy Data breaches

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Security Affairs

DECEMBER 19, 2018

The Sofacy APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The Go variant of Zebrocy initially starts collecting info on the compromised system, then sends it to the command and control server. Pierluigi Paganini. SecurityAffairs –APT, Sofact).

Military

Military Data collection Phishing IT

Avast details Worok espionage group’s compromise chain

Security Affairs

NOVEMBER 15, 2022

The experts started their investigation from the analysis published by ESET on attacks against organizations and local governments in Asia and Africa. Avast experts were able to capture several PNG files embedding a data-stealing payload. ” Follow me on Twitter: @securityaffairs and Facebook and Mastodon. Pierluigi Paganini.

Communications

Communications Metadata Data collection Cybersecurity

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

The Last Watchdog

DECEMBER 6, 2018

Businesses at large would do well to model their data collection and security processes after what the IC refers to as the “intelligence cycle.” This cycle takes a holistic approach to detecting and deterring external threats and enforcing best-of-class data governance procedures. infrastructure from cyber attacks.

Security

Security Financial Services Data collection Manufacturing

Questions remain over whether data collected by Covidsafe app could be accessed by US law enforcement

The Guardian Data Protection

MAY 14, 2020

Federal parliament this week debated and passed Covidsafe legislation designed to protect the privacy and security of users of the government’s contact-tracing app.

Data collection

Data collection Access Privacy Government

Home affairs data breach may have exposed personal details of 700,000 migrants

The Guardian Data Protection

MAY 2, 2020

At a time the federal government is asking Australians to trust the security of data collected by its Covid-Safe contact tracing app , privacy experts are appalled by the breach, which they say is just the latest in a long line of cybersecurity blunders.

Data breaches

Data breaches Data collection Privacy Government

China Issues Data Security Law

Hunton Privacy

JUNE 16, 2021

After two rounds of public comments, the Data Security Law of the People’s Republic of China (the “DSL”) was formally issued on June 10, 2021, and will become effective on September 1, 2021. Data Security Policies. Data Security Obligation. increasing the punishment dynamics for violations of the law. .

Security

Security Education Government Cybersecurity

Senators Urge FTC to Probe ID.me Over Selfie Data

Krebs on Security

MAY 18, 2022

for “deceptive statements” the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service , which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me. ’ ID.me

Government

Government Insurance Data collection Paper

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Webinars

Trending Sources

Look Beyond TikTok: Massive Data Collection Is the Real Risk

Webinars

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Canada is going to ban TikTok on government mobile devices

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Hackers targeted the US Census Bureau network, DHS report warns

AI Governance vs. Data Governance: Understanding the Differences and Opportunities

Mobile virtual network operator Mint Mobile discloses a data breach

CIRWA Project tracks ransomware attacks on critical infrastructure

Threat Report Portugal: Q2 2020

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Supply Chain Security 101: An Expert’s View

Secret Service Investigates Breach at U.S. Govt IT Contractor

Threat Report Portugal: Q4 2020

Threat Report Portugal Q1 2020

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

GDPR and The Data Governance Imperative

China-linked hackers target telcos to steal 5G secrets

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

The What & Why of Data Governance

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Happy Information Governance Day

Report: Recent 10x Increase in Cyberattacks on Ukraine

Tor Project responded to claims that law enforcement can de-anonymize Tor users

Russian spies are attempting to tap transatlantic undersea cables

Hundreds of C-level executives credentials available for $100 to $1500 per account

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

5G Security

US sued TikTok and ByteDance for violating children’s privacy laws

Cybercriminals Are Targeting AI Conversational Platforms

Coronavirus app: will Australians trust a government with a history of tech fails and data breaches?

Privacy in an open-data world: Why government agencies need to be proactive

Russia-linked Sofacy APT developed a new ‘Go’ variant of Zebrocy tool

Avast details Worok espionage group’s compromise chain

GUEST ESSAY: 5 security steps all companies should adopt from the Intelligence Community

Questions remain over whether data collected by Covidsafe app could be accessed by US law enforcement

Home affairs data breach may have exposed personal details of 700,000 migrants

China Issues Data Security Law

Senators Urge FTC to Probe ID.me Over Selfie Data

Stay Connected