Document, Government, Information Security and Manufacturing

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe. “The data leakage affected all products and classified documents of the company. .

Military

Military Manufacturing Ransomware Mining

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? Also, in September 2020, it was reported that Russian hackers targeted government agencies in NATO member countries, and nations who cooperate with NATO -> Link.” Pierluigi Paganini.

Military

Military Manufacturing Phishing Government

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

Security Affairs

AUGUST 8, 2024

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. The BlackSuit ransomware has targeted various critical infrastructure sectors, including commercial facilities, healthcare, government, and manufacturing.

Ransomware

Ransomware Communications Manufacturing Phishing

Webinars

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

MORE WEBINARS

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

. “Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. Because of these efforts, along with the efforts of others in the industry and national governments to combat the rise of commercial spyware, Defendants have been substantially weakened.”

Risk

Risk Government Manufacturing IT

NHTSA Publishes Final Cybersecurity Best Practices

Hunton Privacy

SEPTEMBER 26, 2022

The 2022 Best Practices also is an update to NHTSA’s first cybersecurity best practices document, which was issued in 2016. .

Cybersecurity

Cybersecurity Manufacturing Risk Information Security

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Security

Security Ransomware Agriculture Cybersecurity

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

“The Defence Intelligence of Ukraine informs that as a result of a successful complex special operation in cyberspace, a large volume of confidential documents of the structural subdivision of the Russian Ministry of Transport – the Federal Air Transport Agency (Rosaviatsia) – is now acquired.”

Military

Military Manufacturing Government Authentication

APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

Security Affairs

AUGUST 17, 2023

The documents used in the campaign used the “Farewell to Ambassador of Germany” and “Day of German Unity” themes. “EclecticIQ Analysts assess with high confidence that the identified pdf documents are part of a wider campaign targeting diplomatic corps across the globe. zulipchat[.]com) ” concludes the report.

Phishing

Phishing Manufacturing Government Authentication

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

NOVEMBER 1, 2021

Experts uncovered a new threat actor, tracked as Balikbayan Foxes, that is impersonating the Philippine government to spread malware. . The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. ” reads the analysis published by the experts. .

Healthcare

Healthcare Phishing Manufacturing Government

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. Document control. Audit management.

Compliance

Compliance Risk Government Retail

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Security Affairs

DECEMBER 7, 2021

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. ” reads the post published by Microsoft. .” ” reads the post published by Microsoft.

Manufacturing

Manufacturing Phishing Government Security

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia

Security Affairs

MAY 16, 2021

The Avaddon ransomware gang is giving Acer Finance 240 hours to communicate and cooperate with them before start leaking the stolen valuable company documents. The ransomware gang claims to have stolen confidential company information about clients and employees. ” reads the statement published by the group on its leak site.

Ransomware

Ransomware Manufacturing Communications Risk

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report. ” concludes the report.

Energy and Utilities

Energy and Utilities Military Government Phishing

APT32 state hackers target human rights defenders with spyware

Security Affairs

FEBRUARY 24, 2021

The APT32 group has been active since at least 2012, it has targeted organizations across multiple industries and foreign governments, dissidents, and journalists. Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors.

Phishing

Phishing Manufacturing Government Privacy

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs

OCTOBER 7, 2020

Malwarebytes researchers Hossein Jazi and Jérôme Segura have documented a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER) service. The.ZIP archive, titled, “Compensation manual.doc,” claims to contain information relating to worker compensation rights.

Phishing

Phishing Manufacturing Archiving Government

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Patch your TeamCity instance to avoid server hack Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

Data Matters

FEBRUARY 14, 2019

On January 28, 2019, the Healthcare and Public Health Sector Coordinating Council released the “ Medical Device and Health IT Joint Security Plan ” (“JSP” or “Plan”)—cybersecurity recommendations for medical device manufacturers, healthcare information technology vendors, and healthcare providers.

Cybersecurity

Cybersecurity IT Manufacturing Risk

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

IT Governance

MARCH 1, 2023

IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. Million Records Breached appeared first on IT Governance UK Blog. Million Records Breached appeared first on IT Governance UK Blog.

Data breaches

Data breaches Ransomware e-Delivery Government

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. The malware samples analyzed impersonated the applications of telecommunications companies or smartphone manufacturers. ” continues the report.

Military

Military Manufacturing Government Security

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the bank’s clients. In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security.

Personal data

Personal data Phishing Risk Communications

Security Affairs newsletter Round 303

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Security

Security Blockchain Manufacturing Analytics

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Users could leave all the responsibility to governments and other institutions. The Flaws in Manufacturing Process. Manufacturers saw this as an opportunity and rushed in to grab their own piece of the IoT market. The results – unsupervised and cheap manufacturing processes and lack or complete absence of compliance.

IoT

IoT Cybersecurity Manufacturing Passwords

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

In fact, in 2020–2022, the financial sector was the second-most attacked sector, topped only by the retail and manufacturing sector. ICT risk management requirements under DORA In Chapter II, DORA recognises governance as a key part of the organisation’s ICT risk management framework. million (about £4.70

Risk

Risk Data breaches Authentication Financial Services

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

JULY 9, 2020

Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. The phone was being shipped to users with two malicious malware masqueraded as Wireless Update application and a Settings app respectively.

Manufacturing

Manufacturing Government Security IT

Key aerospace player Safran Group leaks sensitive data

Security Affairs

MARCH 15, 2023

It collaborates with Airbus, the second-largest aerospace company globally after Boeing, to manufacture aerospace equipment. Also, the company manufactures surface-to-air defense systems and missiles. The leaked MySQL database logins could be used to get into the company’s database stored on the same server and steal information.

Manufacturing

Manufacturing Access Risk IT

Data of Indian defence contractor Bharat Earth Movers Limited (BEML) available online

Security Affairs

JUNE 9, 2020

A threat actor is offering for sale in a darkweb black-market internal documents of the Indian defence contractor Bharat Earth Movers Limited (BEML). As part of the regular monitoring of cybercrime forums and markets in the deep-web and darkweb , Cyble researchers spotted a threat actor named as R3dr0x who leaked (BEML) internal documents.

Data breaches

Data breaches Mining Passwords Marketing

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA , the US defense contractor NJVC , gas pipeline Creos Luxembourg S.A. , the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware IT Access Manufacturing

Japan suspects HGV missile data leak in Mitsubishi security breach

Security Affairs

MAY 21, 2020

Mitsubishi Electric disclosed the security incident only after two local newspapers, the Asahi Shimbun and Nikkei , reported the security breach. Mitsubishi Electric had also already notified members of the Japanese government and the Ministry of Defense. ” states the AP press agency. ” states the AP press agency.

Security

Security Military Manufacturing Personal data

The US Gov is testing high-altitude balloons for surveillance

Security Affairs

AUGUST 4, 2019

The US government is testing high-altitude balloons manufactured by Sierra Nevada to conduct surveillance over American soil. The US government is planning to use high-altitude balloons to conduct surveillance over Americans. ” states The Guardian. ” states the authorization.

Military

Military Manufacturing Communications Government

Hacker breached Perceptics, a US maker of license plate readers

Security Affairs

MAY 26, 2019

The company was hacked and attackers stole data and offered business plans, financial documents, and personal information for free on the dark web. The name ‘Boris’ is not new for the cyber security industry, it is the name of the hacker who breached the IT provider CityComp at the end of April.

File names

File names Data breaches Manufacturing Cybersecurity

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

Mitsubishi Electric had also already notified members of the Japanese government and Ministry of Defense. The amount of unauthorized access is approximately 200 megabytes, mainly for documents.” This morning, at a press conference, Yoshii Kan, a secretary-general of Japan, said that the company had reported the intrusion.

Data breaches

Data breaches Computer and Electronics Government Manufacturing

Qbot uses a new email collector module in the latest campaign

Security Affairs

AUGUST 31, 2020

Most of the infections were observed in organizations in the US and Europe, the most targeted industries were in the government, military, and manufacturing sectors. . The researchers documented multiple QBots’ module inlucing: Executable Update – Updates the current executable with a newer version or newer bot list.

Passwords

Passwords Military Manufacturing Encryption

Vladimir Putin ‘s computers still run Windows XP, Media reports

Security Affairs

DECEMBER 30, 2019

Open Media pointed out that that Windows XP is the last operating system developed by Microsoft that was approved by the Kremlin for use on official Russian government computers. Microsoft Windows 10 is only allowed only for government systems that don’t manage secret information. intelligence agencies.

Government

Government Communications Military Manufacturing

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

DECEMBER 19, 2023

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA , the US defense contractor NJVC , gas pipeline Creos Luxembourg S.A. , the fashion giant Moncler , the Swissport , NCR , and Western Digital.

Ransomware

Ransomware IT Access Manufacturing

Weekly podcast: Meltdown and Spectre SCADA problems, Apple text bomb and WEF cyber risks

IT Governance

JANUARY 18, 2018

Hello and welcome to the IT Governance podcast for Friday, 19 January 2018. US ICS-CERT provides links to a number of advisories from industrial-equipment manufacturers, including ABB, Rockwell and Siemens. If that sounds familiar, you can find guidance on enterprise-wide information security best practice on our website at [link].

Risk

Risk Manufacturing Phishing Information Security

Group-IB detects a series of ransomware attacks by OldGremlin

Security Affairs

SEPTEMBER 23, 2020

Since March, the attackers have been trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. In other instances, the gang exploited the COVID-19 theme and anti-government rallies in Belarus in their phishing emails.

Ransomware

Ransomware Phishing Encryption Authentication

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

Mitsubishi Electric had also already notified members of the Japanese government and Ministry of Defense. The amount of unauthorized access is approximately 200 megabytes, mainly for documents.”. The two media outlets attribute the cyber attack to a China-linked cyber espionage group tracked as Tick (aka Bronze Butler ).

Manufacturing

Manufacturing Data breaches Sales Access

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. IT governance and security. Privacy governance and management. Document control. Audit management.

Compliance

Compliance Risk Government Retail

TrickBoot feature allows TrickBot bot to run UEFI attacks

Security Affairs

DECEMBER 3, 2020

The TrickBoot functionality was documented by experts from Advanced Intelligence (AdvIntel) and Eclypsium. Over the years, experts observed several attacks employing rootkits that were specifically developed to target the firmware to achieve persistence and bypassing security solutions. ” continues the post.

Manufacturing

Manufacturing Security Ransomware IT

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

Security Affairs

MAY 14, 2019

Kaspersky first documented the operations of the group in 2016. Cyber attacks conducted by the APT37 group mainly targeted government, defense, military, and media organizations in South Korea. The hackers targeted organizations in the chemicals, manufacturing, electronics, aerospace, healthcare, and automotive sectors.

IT

IT Military Manufacturing Government

Data security: Why a proactive stance is best

IBM Big Data Hub

JULY 7, 2023

IBM Security X-Force found the most common threat on organizations is extortion, which comprised more than a quarter (27%) of all cybersecurity threats in 2022. Thirty percent of those incidents occurred in manufacturing organizations. Here are some data security measures that every organization should strongly consider implementing.

Security

Security Data breaches Data Privacy Compliance

Regulation of AI-Based Applications: The Inevitable New Frontier

AIIM

NOVEMBER 12, 2019

The scope of the harmful impacts AI algorithms was documented by the AI Now Institute 2019 Report : “ Litigating Algorithms, New Challenges to Government Use of Algorithmic Decision Systems. ” Bill, the California government will be left to its own devices and resources, which are already thinly spread.

Artificial Intelligence

Artificial Intelligence Computer and Electronics Communications Manufacturing

Weekly podcast: 2018 end-of-year roundup

IT Governance

DECEMBER 13, 2018

This week, in our last podcast of the year, we revisit some of the biggest information security stories from the past 12 months. Hello and welcome to the final IT Governance podcast of 2018. For more information on each story, simply follow the links in the transcript on our blog. Patches were rushed out , but many.

Data breaches

Data breaches Personal data Access GDPR

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

IT Governance is closing out the year by rounding up 2019’s biggest information security stories. There are plenty of cases where the extent of a breach isn’t known until the information resurfaces years later (as you might recall from Yahoo’s security meltdown ). IT Governance released its final Weekly Podcast.

Data breaches

Data breaches GDPR Passwords Personal data

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Researchers found alleged sensitive documents of NATO and Turkey

Webinars

Trending Sources

FBI and CISA update a joint advisory on the BlackSuit Ransomware group

Webinars

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

NHTSA Publishes Final Cybersecurity Best Practices

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Top 10 Governance, Risk and Compliance (GRC) Vendors

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

APT32 state hackers target human rights defenders with spyware

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs newsletter Round 303

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Risk Management under the DORA Regulation

Pre-Installed malware spotted on other Android phones sold in US

Key aerospace player Safran Group leaks sensitive data

Data of Indian defence contractor Bharat Earth Movers Limited (BEML) available online

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Japan suspects HGV missile data leak in Mitsubishi security breach

The US Gov is testing high-altitude balloons for surveillance

Hacker breached Perceptics, a US maker of license plate readers

Mitsubishi Electric discloses data breach, media blame China-linked APT

Qbot uses a new email collector module in the latest campaign

Vladimir Putin ‘s computers still run Windows XP, Media reports

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Weekly podcast: Meltdown and Spectre SCADA problems, Apple text bomb and WEF cyber risks

Group-IB detects a series of ransomware attacks by OldGremlin

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Top GRC Tools & Software for 2021

TrickBoot feature allows TrickBot bot to run UEFI attacks

North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal

Data security: Why a proactive stance is best

Regulation of AI-Based Applications: The Inevitable New Frontier

Weekly podcast: 2018 end-of-year roundup

2019 end-of-year review part 1: January to June

Stay Connected