Document - Information Management Today

Chinese Hacking Contractor iSoon Leaks Internal Documents

Data Breach Today

FEBRUARY 20, 2024

Company Mainly Hacked for the Ministry of Public Security An apparent leak of internal documents from a Chinese hacking contractor paints a picture of a disaffected, poorly paid workforce that nonetheless penetrated multiple regional governments and possibly NATO.

Information Security

Information Security Government Security

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

They also enrich documents with metadata and place them in crypto-containers, access to which is only granted by permission. However, all of these solutions are powerless when it comes to photographing a document with a smartphone and compromising printed copies of documents. There are more exotic ways of protecting documents.

Access

Access Marketing Metadata Information Security

How Intelligent Document Processing is Revolutionizing Document Management

AIIM

OCTOBER 31, 2024

One such technology is intelligent document processing (IDP), powered by artificial intelligence (AI). In this blog post, I’ll define intelligent document processing (IDP) and outline some key benefits of IDP. Forward-thinking organizations seek technologies that streamline operations, reduce errors and improve productivity.

Artificial Intelligence

Selecting an Intelligent Document Processing Solution

AIIM

NOVEMBER 14, 2024

Intelligent document processing (IDP) solutions are emerging that combine AI with IDP to revolutionize client and document onboarding and processing.

Financial Services

Financial Services Insurance Artificial Intelligence

Best Practices for Modern Records Management and Retention

Speaker: Sean Baird, Director of Product Marketing at Nuxeo

Documents are at the heart of many business processes. Exploding volumes of new documents, growing and changing regulatory requirements, and inconsistencies with manual, labor-intensive classification requirements prevent organizations from consistent retention practices.

Records Management

Unlock the Future of Document Management: How AI is Revolutionizing Intelligent Document Processing

AIIM

NOVEMBER 7, 2024

In this blog post, I want to share how AI is having a dramatic impact on intelligent document processing (IDP). I will share three use cases that demonstrate the impact AI is having.

Artificial Intelligence

FDA Document Details Cyber Expectations for Device Makers

Data Breach Today

APRIL 7, 2022

Revised Draft Guidance Lists Security Asks for Premarket Medical Device Submissions The Food and Drug Administration on Thursday issued revamped draft guidance providing updated and detailed recommendations for how medical device makers should address cybersecurity risk in the premarket of their products, especially as the threat landscape continues (..)

Cybersecurity

Cybersecurity Risk Security

Federal Courts Investigate 'Apparent Compromise' of System

Data Breach Today

JANUARY 8, 2021

Meanwhile, Courts Suspend Use of SolarWinds, Adopt New Document Security Measures The U.S. federal court system is investigating an "apparent compromise" of a confidential electronic filing system used for sensitive legal documents.

Security

Security IT

Why Information Management Practitioners Should Care about Document Capture Standards

AIIM

DECEMBER 5, 2024

As an advocate for advanced imaging technologies and standards, I'm often asked why information management practitioners should care about imaging standards like those developed by the TWAIN Working Group. The answer is simple yet profound: these standards are crucial for efficient, accurate, and secure information acquisition and management.

Security

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. These sealed documents will not be uploaded to CM/ECF.

Computer and Electronics

Computer and Electronics Access Communications Paper

Attackers Using Malicious Doc Builder Called 'EtterSilent'

Data Breach Today

APRIL 8, 2021

Report: Builder Allows Cybercriminals to Create Specialized Office Documents Cybercriminal gangs are using a newly uncovered malicious document builder called "EtterSilent" to create differentiated and harder-to-discover malicious documents that can be deployed in phishing attacks.

Phishing

North Korea Disguising Android Malware as Legitimate Apps

Data Breach Today

OCTOBER 31, 2022

Apps Masquerade as Google Security Plug-In and Document Viewer North Korean state hacking group Kimsuky is developing Android malware targeted at South Korean users by disguising the apps as legitimate apps including a Google security plug-in and a document viewer.

Cybersecurity

Cybersecurity Security

Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them

Data Breach Today

MARCH 15, 2024

That's not what data leak sites actually document.

Ransomware

Zero-Day Attacks Exploit MSHTML Flaw in Microsoft Windows

Data Breach Today

SEPTEMBER 8, 2021

Microsoft has issued workarounds and mitigations designed to block the zero-day attack for the flaw in the MSHTML browsing engine, which is being exploited via malicious Microsoft Office documents.

First American Financial's SEC Breach Settlement: $488,000

Data Breach Today

JUNE 21, 2021

Information security staff members were aware of the vulnerability in the company's EaglePro document-sharing system for five months but failed to fix it, the SEC reports. SEC: Executives Left in Dark About Vulnerability in File-Sharing System Title insurance company First American Financial Corp.

Insurance

Insurance Data breaches Information Security Security

Emotet Botnet Returns After Months-Long Hiatus

Data Breach Today

JULY 18, 2020

Victims are hit with phishing emails that contain either a malicious URL or Word document attachment that downloads the malware. Security Researchers Detect New Spam Campaigns in US and UK After a nearly six-month hiatus, the Emotet botnet has sprung back to life with a spam campaign targeting the U.S.

Phishing

Phishing Security

Mercedes-Benz Data Leak Lesson: Lock Down Code Repositories

Data Breach Today

MAY 26, 2020

Luckily for Car Giant, Access Control Gaff Didn't Expose Secret Data - This Time Don't forget to lock down online shared code repositories, as Mercedes-Benz parent company Daimler AG learned the hard way after a researcher was able to access nearly 9 GB of software development documentation from a misconfigured GitLab repository.

Access

Play Ransomware Lists A10 Networks on its Leak Site

Data Breach Today

FEBRUARY 11, 2023

The group says it has confidential data, technical documentation and more.

Ransomware

Ransomware IT Manufacturing Data breaches

Is AI Making Banking Safer or Just More Complicated?

Data Breach Today

AUGUST 23, 2024

As Banks Combat Fraud, Customers Feel the Strain of Overly Cautious Measures In today’s AI-driven world, banks are becoming increasingly vigilant, often freezing accounts or demanding extensive documentation at the slightest hint of suspicious activity. Sending money, once a straightforward task, is now fraught with complexity.

How 'SEO Poisoning' Is Used to Deploy Malware

Data Breach Today

JUNE 16, 2021

PDF Documents Stuffed With SEO Keywords Lead to Malware Attacks SolarMarker malware operators are using "SEO poisoning" techniques to deploy the remote access Trojan to steal sensitive information, Microsoft reports.

Access

Microsoft Office: Attackers Injecting Code via Zero-Day Bug

Data Breach Today

MAY 30, 2022

Malicious Code Execution Traced to Weaponized Office Documents Dating From April Attention to anyone who manages a Microsoft Windows environment: Security researchers are tracking a zero-day vulnerability in Microsoft Office that's being actively exploited by attackers to run malicious code on a vulnerable system.

Security

Capital One Breach Suspect Faces New Criminal Charges

Data Breach Today

JUNE 30, 2021

Paige Thompson Now Faces Up to 20 Years in Federal Prison, Documents Show The Justice Department has filed seven new criminal charges against Paige Thompson, who is suspected of hacking Capital One in 2019, which compromised the personal data of 100 million Americans, including exposing hundreds of thousands of Social Security numbers.

Personal data

Personal data Security

Police Shutter Largest German-Speaking Criminal Marketplace

Data Breach Today

DECEMBER 4, 2024

Crimenetwork, online since 2012, was used to sell stolen data, drugs and forged documents. Crimenetwork Served as a Platform for Illegal Goods and Services German police arrested the suspected administrator of the largest German-speaking underground markets for illegal goods and services.

Marketing

Lazarus Group Hid RATs in BMP Images

Data Breach Today

APRIL 21, 2021

Group Used Fresh Tactic to Target South Korea Malwarebytes researchers report the North Korean APT group Lazarus rolled out a new weapon during a recent phishing campaign targeting South Korea in which the gang incorporated malicious BMP files in an image-laden document.

Phishing

Evilnum Hacking Group Updates TTPs Targeting Fintech

Data Breach Today

JULY 2, 2022

Group Now Uses MS Office Word Documents to Deliver Payload The Evilnum hacking group has updated its tactics, techniques and procedures, now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines. and Europe.

IT

After the Sullivan Verdict: A CISO's Guide to Avoiding Jail

Data Breach Today

OCTOBER 18, 2022

Guilty Verdict for Breach Cover-Up a Reminder to Maintain Playbooks, Legal Cover In the wake of former Uber CSO Joe Sullivan being found guilty of a criminal data breach cover-up, legal experts say CISOs shouldn't be running scare, but should ensure they have well-defined incident response playbooks and remember to always clearly document what they're (..)

Data breaches

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

SEPTEMBER 8, 2021

warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. “The attacker would then have to convince the user to open the malicious document. Microsoft Corp.

Security

Security IT

Helping Your Team Cope With the Stress of a Cyber Incident

Data Breach Today

OCTOBER 16, 2024

Stress in the cybersecurity field, particularly post-incident, is a well-documented issue that many professionals quietly struggle with.

Cybersecurity

Cybersecurity Security

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. If you bought or sold a property in the last two decades or so, chances are decent that you also gave loads of personal and financial documents to First American.

Insurance

Insurance Risk Financial Services Mining

National Guardsman Arrested for Military, Intelligence Leaks

Data Breach Today

APRIL 13, 2023

Jack Teixeira, 21, Accused of Sharing Classified National Defense Info on Discord A member of the Massachusetts Air National Guard has been arrested for leaking highly classified military and intelligence documents.

Military

House Oversight Committee Probing JBS Ransomware Payment

Data Breach Today

JUNE 11, 2021

Committee Chairwoman Carolyn Maloney also asked for documents related to ransom payments made by Colonial Pipeline and CNA.

Ransomware

CISA's New SBOM Guidance Faces Implementation Challenges

Data Breach Today

NOVEMBER 10, 2023

Cybersecurity and Infrastructure Security Agency published guidance that offers best practices in developing consumption processes for software bills of materials, but experts told ISMG the document lacks technical specifics and warned that most organizations face SBOM resourcing issues.

Cybersecurity

Cybersecurity Security

Hackers Target Russian Federal Air Transport Agency

Data Breach Today

MARCH 31, 2022

65 Terabytes of Data Wiped Out, According to Reports Hackers have allegedly managed to breach the infrastructure belonging to Russia's Federal Air Transport Agency, or Rosaviatsiya, and wiped out its entire database and files consisting of 65TB of data, including documents, files, aircraft registration data and emails from the servers.

IT

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Krebs on Security

JUNE 21, 2020

In a post on Twitter , DDoSecrets said the BlueLeaks archive indexes “ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources,” and that “among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more.”

Archiving

Archiving Government Risk Security

Socure Buys Berbix for $70M to Fortify Identity Verification

Data Breach Today

JUNE 27, 2023

Buying Document Verification Startup Berbix Will Make Socure Faster, More Accurate Socure has purchased a document verification startup founded by former members of Airbnb's Trust and Safety Team for $70 million to better detect fake identities.

Biden Administration Issues Cyber Strategy for Health Sector

Data Breach Today

DECEMBER 6, 2023

Department of Health and Human Services on Wednesday released a sweeping strategy document proposing how the Biden administration intends to push the healthcare sector - through new requirements, incentives and enforcement - into improving the state of its cybersecurity.

Cybersecurity

Cybersecurity Security IT

FDA: How to Inform Patients About Medical Device Cyber Flaws

Data Breach Today

OCTOBER 5, 2021

Agency Issues Best Practices for Communicating Device Vulnerabilities The Food and Drug Administration has issued a new best practices document for healthcare industry stakeholders and government agencies to use when communicating medical device vulnerabilities to patients and caregivers.

Communications

Communications Government

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

AUGUST 14, 2020

The “RCM” portion of its name refers to “revenue cycle management,” an industry which tracks profits throughout the life cycle of each patient, including patient registration, insurance and benefit verification, medical treatment documentation, and bill preparation and collection from patients.

Ransomware

Ransomware Insurance Phishing IT

Kansas Supreme Court Probes Potential Ransomware Attack

Data Breach Today

OCTOBER 16, 2023

Electronic Filing and Payments Offline as Courts Revert to Paper Records and Faxes The Kansas Supreme Court said it's probing a "security incident" that has disrupted access to IT systems also used by the state's Court of Appeals and every District Court but one, leaving them unable to accept electronic filing of documents or process some cases.

Ransomware

Ransomware Paper Access Security

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON , a technology company headquartered in Shanghai that is perhaps best known for providing cybersecurity training courses throughout China. A marketing slide deck promoting i-SOON’s Advanced Persistent Threat (APT) capabilities.

Government

Government Cybersecurity Sales Blockchain

Feds Issue HIPAA Guidance on Employee Sanctions, Telehealth

Data Breach Today

OCTOBER 23, 2023

HHS OCR Guides Spotlight Sanctions for Insiders; Telehealth Privacy, Security Risks Federal regulators issued new guidance materials for HIPAA-regulated entities, including a document stressing the importance of sanction policies for workforce members who violate HIPAA, plus two new resources for healthcare providers and patients regarding telehealth (..)

Privacy

Privacy Risk Security

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

The documents were available without authentication to anyone with a Web browser. According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years. .

Insurance

Insurance Financial Services Mining Access

Cyber Espionage Actor Deploying Malware Using Excel

Data Breach Today

APRIL 2, 2022

Threat Actors Luring Ukrainian Phishing Targets to Download Malicious Files Researchers from Malwarebytes have found that cyber espionage actor UAC-0056, also known as SaintBear, UNC2589 and TA471, is now using a macro-embedded Excel document to target several entities in Ukraine, including ICTV, a private TV channel.

Phishing

Feds Describe Intelligence Leak Probe as Criminal Matter

Data Breach Today

APRIL 14, 2023

military IT specialist, Jack Teixeira, on suspicion of leaking highly classified documents begs the question of why he had access to them in the first place. National Guard Airman Jack Teixeira Charged With Mishandling Intelligence The arrest of a low-level U.S.

Military

Military Access IT

Chinese Hacking Contractor iSoon Leaks Internal Documents

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

Trending Sources

How Intelligent Document Processing is Revolutionizing Document Management

Selecting an Intelligent Document Processing Solution

Best Practices for Modern Records Management and Retention

Unlock the Future of Document Management: How AI is Revolutionizing Intelligent Document Processing

FDA Document Details Cyber Expectations for Device Makers

Federal Courts Investigate 'Apparent Compromise' of System

Why Information Management Practitioners Should Care about Document Capture Standards

Sealed U.S. Court Records Exposed in SolarWinds Breach

Attackers Using Malicious Doc Builder Called 'EtterSilent'

North Korea Disguising Android Malware as Legitimate Apps

Ransomware Groups' Data Leak Blogs Lie: Stop Trusting Them

Zero-Day Attacks Exploit MSHTML Flaw in Microsoft Windows

First American Financial's SEC Breach Settlement: $488,000

Emotet Botnet Returns After Months-Long Hiatus

Mercedes-Benz Data Leak Lesson: Lock Down Code Repositories

Play Ransomware Lists A10 Networks on its Leak Site

Is AI Making Banking Safer or Just More Complicated?

How 'SEO Poisoning' Is Used to Deploy Malware

Microsoft Office: Attackers Injecting Code via Zero-Day Bug

Capital One Breach Suspect Faces New Criminal Charges

Police Shutter Largest German-Speaking Criminal Marketplace

Lazarus Group Hid RATs in BMP Images

Evilnum Hacking Group Updates TTPs Targeting Fintech

After the Sullivan Verdict: A CISO's Guide to Avoiding Jail

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Helping Your Team Cope With the Stress of a Cyber Incident

First American Financial Pays Farcical $500K Fine

National Guardsman Arrested for Military, Intelligence Leaks

House Oversight Committee Probing JBS Ransomware Payment

CISA's New SBOM Guidance Faces Implementation Challenges

Hackers Target Russian Federal Air Transport Agency

‘BlueLeaks’ Exposes Files from Hundreds of Police Departments

Socure Buys Berbix for $70M to Fortify Identity Verification

Biden Administration Issues Cyber Strategy for Health Sector

FDA: How to Inform Patients About Medical Device Cyber Flaws

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Kansas Supreme Court Probes Potential Ransomware Attack

New Leak Shows Business Side of China’s APT Menace

Feds Issue HIPAA Guidance on Employee Sanctions, Telehealth

NY Charges First American Financial for Massive Data Leak

Cyber Espionage Actor Deploying Malware Using Excel

Feds Describe Intelligence Leak Probe as Criminal Matter

Stay Connected