Document, Government and Libraries - Information Management Today

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Out of the eight in-the-wild zero-day issues targeting Chrome in 2023, none of the vulnerabilities impacted the Document Object Model (DOM) and there were use-after-free issues. In 2023, the researchers observed a surge in zero-day vulnerabilities in third-party components and libraries that can impact all products that use them.

Government

Government Ransomware Libraries Access

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. ” reads the issued by French CERT. Pierluigi Paganini.

Ransomware

Ransomware Government Encryption Passwords

What are the Best Document Management Capabilities?

AIIM

APRIL 8, 2021

Document Management is the use of a software application to track digital documents from creation through approval and publication. It serves in many ways to apply a formal governance framework to the document creation and collaborative editing processes. Five Key Document Management Capabilities. Version control.

Cloud

Cloud ECM Access File names

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

Invitation to tender: Future ready libraries

CILIP

JANUARY 31, 2025

Invitation to tender: Future ready libraries CILIP is inviting researchers to undertake a gap analysis and consultation with sector experts to create a comprehensive review of training provision for leadership in the public library workforce in England. Contact Hinna Vayani for more details.

Libraries

Libraries Access Government

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The CISA agency is warning of a surge in Emotet attacks targeting multiple state and local governments in the US since August. The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August.

Government

Government Libraries Cybersecurity Phishing

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks.

Authentication

Authentication Libraries Access Government

The Emotet botnet is back and hits 100K recipients per day

Security Affairs

DECEMBER 26, 2020

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information , resumes, financial documents, or scanned documents. Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.

Ransomware

Ransomware Libraries Cybersecurity IT

Documentation Theory for Information Governance

ARMA International

NOVEMBER 15, 2019

Documentation the Emblem of Modern Society? Documentation is a central feature of the contemporary world. We are immersed in documents in nearly every sphere of life and constantly engage with them. Our lives, in many ways, are “document-pervaded.” [i] Documents are the lifeblood of institutions.

Information governance

Information governance Government Libraries Paper

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

TechCrunch reported that a zero-day exploits for popular applications like WhatsApp “are now worth millions of dollars” TechCrunch obtained leaked documents that demonstrate that, as of 2021, a zero-click, zero-day exploit for the Android version of WhatsApp had a bounty between $1.7 and $8 million.

Marketing

Marketing Libraries Sales Government

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs. The malware samples analyzed by the researchers are slightly obfuscated using string obfuscation and dynamic Windows API library loading.

Military

Military Phishing Passwords Government

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Security Affairs

MAY 12, 2020

The Zeus Sphinx malware was first observed on August 2015, a few days after a new variant of the popular Zeus banking trojan was offered for sale on hacker forums, At the end of March, experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware that focused on government relief payment.

Libraries

Libraries Sales Government IT

Leveraging Metadata for Enhanced Information Governance

Gimmal

NOVEMBER 21, 2024

Enter metadata—a powerful tool that can revolutionize your information governance strategy. This method has been perpetuated by document management systems and enterprise content management platforms, reinforcing our reliance on folder structures. Consider the question: On average, how many clicks does it take you to find a document?

Metadata

Metadata Information governance Government Records Management

Iran-linked threat actors compromise US Federal Network

Security Affairs

NOVEMBER 16, 2022

. “CISA obtained four malicious files for analysis during an on-site incident response engagement at a Federal Civilian Executive Branch (FCEB) organization compromised by Iranian government sponsored advanced persistent threat (APT) actors.” ” reads the Malware Analysis Report (AR22-320A) published by CISA.

Government

Government Mining Cybersecurity Libraries

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Government Libraries

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Security Affairs

DECEMBER 31, 2020

The malicious emails sent by the NVSC’s infected computers were received by the representatives of the Government of the Republic of Lithuania, ministries, as well as researchers that were contacted by the national center during epidemiological diagnostics. since August.

Passwords

Passwords Archiving Libraries Government

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

GossiTheDog @SOSIntel @UK_Daniel_Card @LisaForteUK pic.twitter.com/L7A3XNNxU7 — Dominic Alvieri (@AlvieriD) November 29, 2023 The group published images of stolen documents as proof of the hack. King Edward VII’s Hospital in London has been breached by Rhysida Ransomware. “Unique files are presented to your attention!

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

pic.twitter.com/6uHMDcNhTC — Dominic Alvieri (@AlvieriD) December 26, 2023 The group published images of stolen documents as proof of the hack. The group also claimed the hack of the British Library and China Energy Engineering Corporation. Rhysida has allegedly breached more critical infrastructure. reads the joint advisory.

Ransomware

Ransomware Manufacturing Education Libraries

Threat actors continue to exploit Log4Shell in VMware Horizon Systems

Security Affairs

JUNE 24, 2022

The CVE-2021-44228 flaw made the headlines in December, after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability ( aka Log4Shell ) that affects the Apache Log4j Java-based logging library.

Access

Access Libraries Cybersecurity Security

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Microsoft Office Documents. Microsoft Office Documents. PEframe is an open source tool to perform static analysis of malware executables and malicious MS Office documents. PdfParser, a standalone PHP library, provides various tools to extract data from a PDF file. Some files are more used in attacks. Compressed files.

Libraries

Libraries Metadata Education Security

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Patch your TeamCity instance to avoid server hack Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

Tips for Maximizing Your Sharepoint Investment

AIIM

JULY 15, 2021

Documents are hard to locate, security is an afterthought and every group has its own way of “managing content". New groups have new document types they would like to upload so more content types are created, but without considering other document types already being used. Tip #1: Planning is Everything.

Libraries

Libraries Metadata Access Security

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. The Dropbox link leads to a RAR archive that masquerades as a Word document by setting the “file_subpath” parameter to point to a filename with a.DOCX extension.

Archiving

Archiving File names Government Libraries

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

According to coordinated reports published by FireEye and Pulse Secure in May, two hacking groups have exploited the zero-day vulnerability in Pulse Secure VPN equipment to break into the networks of US defense contractors and government organizations worldwide. ” reads the MAR. Follow me on Twitter: @securityaffairs and Facebook.

Security

Security Authentication Libraries Passwords

US disrupts Russia-linked Snake implant’s network

Security Affairs

MAY 10, 2023

The US government announced to have disrupted the peer-to-peer (P2P) network of computers compromised by the Snake malware. Government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB).” “The FSB used the OpenSSL library to handle its Diffie-Hellman key exchange.

Government

Government Libraries Cybersecurity Security

Invitation to tender: Anti-Racist Library Collections training for Wales NEW DEADLINE

CILIP

OCTOBER 27, 2023

Invitation to Tender - Anti-Racist Library Collections training for Wales Content Developers needed for the Anti-Racist Library Collections project. There is scope to develop one, two or three anti-racist library collection modules that will form a program of training for public libraries across Wales.

Libraries

Libraries Government Security

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Security Affairs

SEPTEMBER 5, 2018

GOBLIN PANDA was focused on Vietnam, most of the targets were in the defense, energy, and government sectors. The group is back and is targeting once again Vietnam running a spear phishing campaign that uses weaponized documents featuring Vietnamese-language lures and themes. ” reads the analysis published by CrowdStrike.

Metadata

Metadata File names Libraries Government

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ that has been targeting military and government entities since 2018.

Archiving

Archiving Military Communications Phishing

Serpent backdoor targets French entities with high-evasive attack chain

Security Affairs

MARCH 21, 2022

The campaign targeted French entities in the construction, real estate, and government industries. The phishing messages uses a weaponized Microsoft Word document masquerading as information relating to the “règlement général sur la protection des données (RGPD)” or the European Union’s General Data Protection Regulations (GDPR).

Libraries

Libraries GDPR Phishing Government

Defining responsible AI governance with UCLA Health

Collibra

JUNE 27, 2024

UCLA Health is at the forefront of AI innovation in healthcare and has partnered with Collibra to bring clear, accessible AI governance to all levels of its organization. Balancing governance and innovation To many developers, data governance is the opposite of innovation. The two can coexist, but there needs to be a balance.

Government

Government Artificial Intelligence Access Libraries

Information Governance and the Records Lifecycle

The Texas Record

JUNE 28, 2021

In a nutshell, this is information governance. ARMA defines “information governance” as “the overarching and coordinating strategy for all organizational information. But how is information governance any different than records management? Source: Texas State Library and Archives Commission.

Information governance

Information governance Government Records Management e-Discovery

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings

Security Affairs

AUGUST 3, 2023

The researchers pointed out that they haven’t found online documented data purge processes for device decommissioning. The Alaris security team explained that the documentation is only accessible to customers that have a support contract with Becton, Dickinson and Company (BD). ” continues the analysis.

Marketing

Marketing Authentication Communications Manufacturing

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

We noticed that the TTP of the group is almost the same leveraging a weaponized document with a fake certificate of request of an Indian public fund. The document presents itself as a request for a DSOP FUND (Defence Services Officers Provident Fund ). Figure 1: Piece of the malicious document employed in the Op.

Military

Military Communications Encryption IT

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Lampion was first documented in December 2019 , and it was distributed in Portugal via phishing emails using templates based on the Portuguese Government Finance & Tax. The text is written in Portuguese, and just the logo at the end of the document was changed between May and July malware versions.

Communications

Communications Cloud Phishing Encryption

News alert: SandboxAQ launches new open source framework to simplify cryptography management

The Last Watchdog

AUGUST 8, 2023

8, 2023 – SandboxAQ today announced Sandwich, an open source framework and meta-library of cryptographic algorithms that simplifies modern cryptography management. To access Sandwich and review the documentation, visit the SandboxAQ GitHub repository. Palo Alto, Calif., A broad range of U.S.

Libraries

Libraries Encryption Access Cybersecurity

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

This appears to be the case regardless of which Russian government site you visit. government on multiple occasions over the past five years. According to Russian search giant Yandex , the laws of the Russian Federation demand that encrypted connections be installed according to the Russian GOST cryptographic algorithm.

Encryption

Encryption Ransomware Government Communications

Sue Williamson's Presidential year

CILIP

DECEMBER 6, 2024

CILIP responded swiftly, mobilising the advocacy training commissioned from Inflect to help make our case for libraries in fulfilling government missions. The document Come Rain or Shine, while aimed at public libraries, can be used throughout our profession to develop strategies for these very uncertain times.

Libraries

Libraries Government IT

Web application exposures continue do bedevil companies as digital transformation accelerates

The Last Watchdog

MARCH 21, 2019

Related: Cyber spies feast on government shut down. This widely-used open-source plugin is written in java script and allows files, such as a document or an image, to be neatly uploaded to a website. As this ‘digital transformation’ of commerce accelerates, the attack surface available to threat actors likewise is expanding.

Digital transformation

Digital transformation Libraries Security Cloud

Data ready from day one

CILIP

OCTOBER 22, 2024

Here she looks at the how a National Data Library could work and what is needed for it to be a success. The idea of a National Data Library (NDL) emerged in the Labour Party Manifesto ahead of this year’s General Election. As a country, we need well-structured and well-governed data to support AI stacks.

Libraries

Libraries Personal data Government Access

Halfway to Data Access Governance

Collibra

OCTOBER 4, 2022

If you’re a Collibra customer, chances are you’re already made significant progress in establishing an expansive data access governance program even if that wasn’t your original intent. The three components of a scalable data access governance foundation. Data classification for data access governance.

Government

Government Access Sales Risk

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Security Affairs

AUGUST 23, 2018

Turla is the name of a Russian cyber espionage APT group (also known as Waterbug, Venomous Bear and KRYPTON) that has been active since at least 2007 targeting government organizations and private businesses. From the PDF documents, the backdoor is able to recover what attackers call a container in the logs.

Metadata

Metadata Military Libraries Access

Invitation to tender: Delivery of anti-racist library collections training

CILIP

JUNE 28, 2024

Applications are welcome from individuals, organisations and/or institutions, in what is the third and final phase of the Anti-Racist Library Collections: A Training Plan for Public Libraries in Wales project. The training will enable librarians to confidently shape and share library collections along clear anti-racist principles.

Libraries

Libraries Government

Urgent appeal: protect funding for public libraries at risk

CILIP

FEBRUARY 20, 2024

Urgent appeal: protect funding for public libraries at risk CILIP is the leading industry voice championing and representing library and information professionals across the United Kingdom, guided by our Royal Charter to develop and improve library and information services, and as a Charity to act in the public good.

Libraries

Libraries Risk Education Access

Five Benefits of an Automation Framework for Data Governance

erwin

JANUARY 24, 2019

Organizations are responsible for governing more data than ever before, making a strong automation framework a necessity. They need their data mappings to fall under governance and audit controls, with instant access to dynamic impact analysis and lineage. Governing metadata. Automated code generation.

Government

Government Metadata Big data Risk

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

CERT France – Pysa ransomware is targeting local governments

Webinars

Trending Sources

What are the Best Document Management Capabilities?

Webinars

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Invitation to tender: Future ready libraries

CISA alert warns of Emotet attacks on US govt entities

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

The Emotet botnet is back and hits 100K recipients per day

Documentation Theory for Information Governance

A WhatsApp zero-day exploit can cost several million dollars

XDSpy APT remained undetected since at least 2011

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Leveraging Metadata for Enhanced Information Governance

Iran-linked threat actors compromise US Federal Network

New Gallmaker APT group eschews malware in cyber espionage campaigns

Emotet campaign hits Lithuania’s National Public Health Center and several state institutions

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Rhysida ransomware group hacked Abdali Hospital in Jordan

Threat actors continue to exploit Log4Shell in VMware Horizon Systems

Malicious file analysis – Example 01

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Tips for Maximizing Your Sharepoint Investment

China-linked LuminousMoth APT targets entities from Southeast Asia

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

US disrupts Russia-linked Snake implant’s network

Invitation to tender: Anti-Racist Library Collections training for Wales NEW DEADLINE

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Serpent backdoor targets French entities with high-evasive attack chain

Defining responsible AI governance with UCLA Health

Information Governance and the Records Lifecycle

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

News alert: SandboxAQ launches new open source framework to simplify cryptography management

Adventures in Contacting the Russian FSB

Sue Williamson's Presidential year

Web application exposures continue do bedevil companies as digital transformation accelerates

Data ready from day one

Halfway to Data Access Governance

Latest Turla backdoor leverages email PDF attachments as C&C mechanism

Invitation to tender: Delivery of anti-racist library collections training

Urgent appeal: protect funding for public libraries at risk

Five Benefits of an Automation Framework for Data Governance

Stay Connected