Government, Information Security and Libraries - Information Management Today

Foreign adversary hacked email communications of the Library of Congress says

Security Affairs

NOVEMBER 18, 2024

The Library of Congress discloses the compromise of some of its IT systems, an alleged foreign threat actor hacked their emails. Only email communications between congressional offices and some library staff, including the Congressional Research Service, from January to September, were affected. ” reported the NBC News.

Libraries

Libraries Communications Access Government

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. Pierluigi Paganini.

Ransomware

Ransomware Government Encryption Passwords

Webinars

How to Achieve High-Accuracy Results When Using LLMs

Maximizing Profit and Productivity: The New Era of AI-Powered Accounting

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

In 2023, the researchers observed a surge in zero-day vulnerabilities in third-party components and libraries that can impact all products that use them. The Chinese government made the headlines because government-linked APT groups exploited 12 zero-day vulnerabilities in 2023, which marks a notable increase from seven in 2022.

Government

Government Ransomware Libraries Access

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library. appeared first on Security Affairs. Is it linked to ToddyCat APT?

Government

Government IT Encryption Libraries

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. Despite these risks, Microsoft considers the issues low-risk and declined to fix them, stating that some apps need to allow unsigned libraries for plugin support. ” continues the report.

Libraries

Libraries Risk Access Security

Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw

Security Affairs

DECEMBER 12, 2021

Quebec shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw in the Apache Log4j Java-based logging library. Quebec shut down nearly 4,000 of its sites as a preventative measure after the disclosure of a PoC exploit for the Log4Shell flaw ( CVE-2021-44228 ) in the Apache Log4j Java-based logging library.

Libraries

Libraries Digital transformation Education Government

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs

AUGUST 12, 2024

A campaign tracked as EastWind is targeting Russian government and IT organizations with PlugY and GrewApacha Backdoors. In late July 2024, Kaspersky researchers detected a series of targeted cyberattacks against the Russian government and IT organizations. “This library is a backdoor packed with the VMProtect tool.

Libraries

Libraries Encryption Cloud Archiving

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks.

Authentication

Authentication Libraries Access Government

DinodasRAT Linux variant targets users worldwide

Security Affairs

MARCH 31, 2024

ESET researchers reported that a Windows version of DinodasRAT was used in attacks against government entities in Guyana. The campaign seems active since at least early 2022 and focuses primarily on government organizations. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data.

Libraries

Libraries Encryption Communications Government

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The CISA agency is warning of a surge in Emotet attacks targeting multiple state and local governments in the US since August. The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August.

Government

Government Libraries Cybersecurity Phishing

China-linked APT40 group hides behind 13 front companies

Security Affairs

JANUARY 13, 2020

The cyber-espionage group tracked as APT40 (aka TEMP.Periscope , TEMP.Jumper , and Leviathan ), apparently linked to the Chinese government, is focused on targeting countries important to the country’s Belt and Road Initiative (i.e. Hainan Xiandun even appears to operate from the Hainan University Library!”

Libraries

Libraries Information Security Military Government

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

This issue arises because the GeoTools library API, which GeoServer uses, evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library, allowing arbitrary code execution. government entities in Belgium, and telecommunications companies in Thailand and Brazil.

Libraries

Libraries Encryption Cybersecurity Access

CISA releases a scanner to identify web services affected by Apache Log4j flaws

Security Affairs

DECEMBER 22, 2021

Government experts warn of sophisticated cyber threat actors which are actively scanning networks to potentially exploit the above flaws in vulnerable systems. Government experts warn of sophisticated cyber threat actors which are actively scanning networks to potentially exploit the above flaws in vulnerable systems.

Libraries

Libraries Cybersecurity Security Government

Iran-linked threat actors compromise US Federal Network

Security Affairs

NOVEMBER 16, 2022

. “CISA obtained four malicious files for analysis during an on-site incident response engagement at a Federal Civilian Executive Branch (FCEB) organization compromised by Iranian government sponsored advanced persistent threat (APT) actors.” ” reads the Malware Analysis Report (AR22-320A) published by CISA.

Government

Government Mining Cybersecurity Libraries

Alleged APT implanted a backdoor in the network of a US federal agency

Security Affairs

DECEMBER 20, 2021

federal government commission associated with international rights. federal government commission associated with international rights. ” According to security firm Avast who discovered the attack, the backdoor was likely used as the initial vector in a multi-stage attack to penetrate the government network.

Government

Government Libraries Access Security

US CISA orders federal agencies to fix Log4Shell by December 24th

Security Affairs

DECEMBER 14, 2021

US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. beta9 to 2.14.1. ” reads the announcement published by CISA.

Libraries

Libraries Cybersecurity Security Risk

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs

APRIL 21, 2024

Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote. The malware is developed in C/C++ without utilizing the Standard Template Library (STL), and certain segments are coded in pure Assembler.” ” reads the analysis published by Kaspersky.

Libraries

Libraries Communications IT Government

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Security Affairs

MAY 12, 2020

The Zeus Sphinx malware was first observed on August 2015, a few days after a new variant of the popular Zeus banking trojan was offered for sale on hacker forums, At the end of March, experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware that focused on government relief payment.

Libraries

Libraries Sales Government IT

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

Recently, the Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. The advisory is part of the ongoing #StopRansomware effort, disseminating information about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

Ransomware

Ransomware Manufacturing Education Libraries

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

Researchers at security firm ESET discovered an SFile ransomware variant supporting the FreeBSD platform that was used in attacks against a partially state-owned company in China. “The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption.

Ransomware

Ransomware Encryption Libraries Communications

How Do You Mitigate Information Security Risk?

IT Governance

SEPTEMBER 5, 2024

Risk management is fundamental to information security and the international standard for information security management, ISO 27001. Previously , our head of GRC (governance, risk and compliance) consultancy, Damian Garcia, explained where to start with cyber security risk management: establishing a common vocabulary.

Information Security

Information Security Risk Security Compliance

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

Recently, the Rhysida ransomware gang added the British Library and China Energy Engineering Corporation to the list of victims on its Tor leak site. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The group also claimed the hack of the British Library and China Energy Engineering Corporation. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

Experts observed a 400% increase in the number of attacks, compared with October, that hit government organizations. PYSA ransomware operators focus on large or high-value finance, government and healthcare organisations. CERT-FR’s alert states that the Pysa ransomware code is based on public Python libraries.

Ransomware

Ransomware Encryption Government Retail

1.2 million CPR numbers for Danish citizen leaked through tax service

Security Affairs

FEBRUARY 10, 2020

” states the Government Agency. “Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on. And of course we need to be able to make sure that our suppliers handle all data according to applicable law and within the framework agreed upon with them.”

Encryption

Encryption Libraries Access Government

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Patch your TeamCity instance to avoid server hack Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Security Affairs

MARCH 16, 2023

Multiple threat actors exploited a critical flaw in Progress Telerik to breach an unnamed US federal agency, said the US government. Exploitation of this vulnerability allowed malicious actors to successfully execute remote code on a federal civilian executive branch (FCEB) agency’s Microsoft Internet Information Services (IIS) web server.”

Libraries

Libraries Government Ransomware Cybersecurity

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

“The document said the exploit worked for Android versions 9 to 11, which was released in 2020, and that it took advantage of a flaw in the “image rendering library.” Operation Zero’s clients include Russian government agencies and private businesses. ” wrote Lorenzo Franceschi-Bicchierai on TechCrunch.

Marketing

Marketing Libraries Sales Government

Security Affairs newsletter Round 248

Security Affairs

JANUARY 26, 2020

Malware attack took down 600 computers at Volusia County Public Library. For the second time in a few days, Greek Government websites hit by DDoS attacks. US-based childrens clothing maker Hanna Andersson discloses a data breach. Yomi Hunter Catches the CurveBall. Jeff Bezos phone was hacked by Saudi crown prince.

Security

Security Data breaches Military IoT

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files.

Archiving

Archiving File names Government Libraries

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

The Emotet botnet is back and hits 100K recipients per day

Security Affairs

DECEMBER 26, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. In October, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August.

Ransomware

Ransomware Libraries Cybersecurity Security

Threat actors continue to exploit Log4Shell in VMware Horizon Systems

Security Affairs

JUNE 24, 2022

The CVE-2021-44228 flaw made the headlines in December, after Chinese security researcher p0rz9 publicly disclosed a Proof-of-concept exploit for the critical remote code execution zero-day vulnerability ( aka Log4Shell ) that affects the Apache Log4j Java-based logging library.

Access

Access Libraries Cybersecurity Security

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Security Affairs

MARCH 15, 2023

Russia-linked APT29 group abused the legitimate information exchange systems used by European countries to target government entities. The HTLM files are hosted on a legitimate online library website that was likely compromised by the threat actors sometime between the end of January 2023 and the beginning of February 2023.

Metadata

Metadata Government Libraries Phishing

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

Croatia government agencies targeted with news SilentTrinity malware. Backdoor mechanism found in Ruby strong_password library. Cyberattack shuts down La Porte County government systems. Prototype Pollution flaw discovered in all versions of Lodash Library. Microsoft released Patch Tuesday security updates for July 2019.

Security

Security Libraries Data breaches Ransomware

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 18, 2024

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders U.S.

Security

Security Ransomware Data breaches Libraries

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S.

File names

File names Financial Services Manufacturing Libraries

Security Affairs newsletter Round 347

Security Affairs

JANUARY 2, 2022

Morgan exposed 100 GB worth of clients’ data, including Fortune 500 Clients A new wave of ech0raix ransomware attacks targets QNAP NAS devices Apache addressed a couple of severe vulnerabilities in Apache HTTP Server Experts found backdoors in a popular Auerswald VoIP appliance Experts monitor ongoing attacks using exploits for Log4j library flaws (..)

Security

Security Ransomware Libraries Data breaches

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

In March 2020, CERT France cyber-security agency warned about a new wave of ransomware attack that was targeting the networks of local government authorities. CERT-FR’s alert states that the Pysa ransomware code based on public Python libraries.

Education

Education Ransomware Encryption Government

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library.

File names

File names Encryption Manufacturing Libraries

Foreign adversary hacked email communications of the Library of Congress says

Rhysida ransomware gang is auctioning data stolen from the British Library

Webinars

Trending Sources

CERT France – Pysa ransomware is targeting local governments

Webinars

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Raspberry Robin malware used in attacks against Telecom and Governments

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw

EastWind campaign targets Russian organizations with sophisticated backdoors

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

DinodasRAT Linux variant targets users worldwide

CISA alert warns of Emotet attacks on US govt entities

China-linked APT40 group hides behind 13 front companies

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

CISA releases a scanner to identify web services affected by Apache Log4j flaws

Iran-linked threat actors compromise US Federal Network

Alleged APT implanted a backdoor in the network of a US federal agency

US CISA orders federal agencies to fix Log4Shell by December 24th

DuneQuixote campaign targets the Middle East with a complex backdoor

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Rhysida ransomware gang claimed China Energy hack

Experts warn of attacks using a new Linux variant of SFile ransomware

How Do You Mitigate Information Security Risk?

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Rhysida ransomware group hacked Abdali Hospital in Jordan

PYSA ransomware gang is the most active group in November

1.2 million CPR numbers for Danish citizen leaked through tax service

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs newsletter Round 248

China-linked LuminousMoth APT targets entities from Southeast Asia

Raspberry Robin malware used in attacks against Telecom and Governments

The Emotet botnet is back and hits 100K recipients per day

Threat actors continue to exploit Log4Shell in VMware Horizon Systems

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Security Affairs newsletter Round 222 – News of the week

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

China-linked Budworm APT returns to target a US entity

Security Affairs newsletter Round 347

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

China-linked APT41 group targets Hong Kong with Spyder Loader

Stay Connected