Government and Security - Information Management Today

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on national security.

Government

Government Communications Access Risk

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures. These penalties apply to all aspects of GDPR compliance, including inadequate data security, improper consent, and data breach failures. government surveillance.

GDPR

GDPR Security Compliance Data Privacy

Massive cyberattacks hit French government agencies

Security Affairs

MARCH 11, 2024

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” ” reported the French newspaper Le Monde.

Government

Government Information Security Access Security

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” reads the announcement published by the National Security and Defense Council of Ukraine. The ban does not affect Ukrainian citizens. The ban does not affect Ukrainian citizens.

Military

Military Government Personal data Phishing

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows.

Cloud

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Phishing

Phishing Government File names Access

Russian cyber spies stole data and emails from UK government systems

Security Affairs

AUGUST 8, 2024

Earlier this year, Russian cyber spies breached UK government systems and stole sensitive data and emails, reported The Record media. Earlier this year, Russia’s foreign intelligence service stole internal emails and data on individuals from the UK government. ” reported The Record Media. .

Government

Government Data breaches Access IT

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government Authentication Cybersecurity Data breaches

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

JUNE 5, 2024

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings.

Government

Government Metadata Military Passwords

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations.

Data Privacy

Information Governance: The Foundation of Responsible AI Systems

AIIM

FEBRUARY 20, 2025

But as AI systems become more sophisticated and pervasive, a critical question emerges: How do we ensure the data feeding these systems is accurate, secure, and ethically managed? This is where information governance takes center stage.

Information governance

Information governance Government Artificial Intelligence Security

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

In September, Broadcom released security updates to the vulnerability CVE-2024-38812. ” Chinese law requires researchers to disclose zero-day vulnerabilities to the government. Experts speculate that the Chinese government was aware of the flaw and may have exploited it as a zero-day.

Government

Government Cloud Access IT

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. Enhancing secure logging, isolating device management, and enforcing strict access control lists (ACLs) are key strategies.

Government

Government Communications Access Passwords

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Data breaches

Data breaches Communications Artificial Intelligence Government

Zero Trust Mandate: The Realities, Requirements and Roadmap

Government agencies can no longer ignore or delay their Zero Trust initiatives. You’ll hear where peer organizations are currently with their Zero Trust initiatives, how they are securing funding, and the realities of the timelines imposed. The DHS compliance audit clock is ticking on Zero Trust.

Cybersecurity

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. ” reported Reuters.

Security

Security Access Government Cybersecurity

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Our goal is to deploy 200 new WebTunnel bridges by the end of this December (2024) to open secure access for users in Russia.” ” reads the announcement published by Tor Project.

Government

Government Access Security IT

Chinese man charged for spear-phishing against NASA and US Government

Security Affairs

SEPTEMBER 17, 2024

” The man, who remails at large, used fake email accounts posing as US-based researchers and engineers to target government personnel to obtain software and source code created by the National Aeronautics and Space Administration (“NASA”), research universities, and private companies. Air Force, Navy, Army, and the FAA.”

Phishing

Phishing Government Military Security

Relyance AI Raises $32M to Take on AI Governance Challenges

Data Breach Today

OCTOBER 10, 2024

Thomvest Ventures Leads Series B Funding to Support Privacy and Security Compliance Relyance AI raised $32 million in Series B funding to grow its data governance platform.

Government

Government Privacy Compliance Security

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

Read this whitepaper to learn: How this “no data copy” approach dramatically streamlines data workflows while reducing security and governance overhead. This new open data architecture is built to maximize data access with minimal data movement and no data copies.

Cloud

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

In 2023, the researchers attributed a combined total of 48 out of 58 zero-day vulnerabilities to commercial surveillance vendors (CSVs) and government espionage actors, while 10 zero-day flaws were attributed to financially motivated actors. ” continues the report. ” concludes the report.

Government

Government Ransomware Libraries Access

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

Security Affairs

AUGUST 18, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security

Security Ransomware Government IT

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Government

Government Authentication Communications Access

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

TopSec was founded in 1995, it offers cybersecurity services such as Endpoint Detection and Response (EDR) and vulnerability scanning, along with “boutique” solutions to align with government initiatives and intelligence requirements. The company provided monitoring services to a state-owned enterprise facing a corruption scandal.

Cybersecurity

Cybersecurity Government Cloud Security

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Security Affairs

OCTOBER 12, 2024

The government agencies warn that the Russian APT29 group has the capability and intent to exploit more CVEs for initial access, remote code execution, and privilege escalation. cyber agencies warned. The joint advisory includes a list of known vulnerabilities that should be addressed as soon as possible.

Data collection

Data collection Authentication Access Cybersecurity

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks. What is Data Security Posture Management?

Data Privacy

Data Privacy Privacy GDPR Compliance

Lithuania security services warn of China’s espionage against the country

Security Affairs

MARCH 10, 2024

A report published by Lithuanian security services warned that China has escalated its espionage operations against Lithuania. A report released by Lithuanian security services has cautioned that China has intensified espionage activities targeting Lithuania. ” reads the report published by Lithuanian security services.

Security

Security Government IT Access

Hackers stole OpenAI secrets in a 2023 security breach

Security Affairs

JULY 5, 2024

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported. ” The executives believed the threat actor was a lone hacker with no link to a foreign government. .”

Security

Security Artificial Intelligence Risk Access

Security firm discovers DeepSeek has 'direct links' to Chinese government servers

Collaboration 2.0

FEBRUARY 7, 2025

Beyond investor and CEO panic, DeepSeek presents a host of security concerns. Here's what the experts think you should know.

Government

Government Security

How to Protect Privacy and Build Secure AI Products

Security Affairs

JULY 18, 2024

How to protect privacy and build secure AI products? How to Protect Privacy and Build Secure AI Products AI systems are transforming technology and driving innovation across industries. However, their unpredictability raises significant concerns about data security and privacy.

Privacy

Privacy Security Data Privacy Risk

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Security Affairs

DECEMBER 3, 2024

Founded in 1985, ENGlobal Corporation designs automated control systems for commercial and government sectors, reporting $6 million in Q3 revenue and $18.4 Securities and Exchange Commission (SEC), the company discovered the attack on November 25. million year-to-date. According to the FORM 8-K report filed with the U.S.

Ransomware

Ransomware Encryption Cybersecurity Access

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. “TAG70 has demonstrated a high level of sophistication in its attack methods.

Military

Military Government Access Risk

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

Security Affairs

NOVEMBER 6, 2024

Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue a full ban on the platform. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc. The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc.

Security

Security Government Risk Data collection

How Microsoft Is Beefing Up Security With 34,000 Engineers

Data Breach Today

SEPTEMBER 23, 2024

After Review Board Criticism, Microsoft Targets Culture, Governance, Engineering After high-profile security incidents, Microsoft has dedicated 34,000 engineers to advancing security across all platforms, focusing on identity protection and rapid response.

Security

Security Government

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises.

Government

Government Archiving Phishing Access

Concentric AI Secures $45M Series B to Expand Data Security

Data Breach Today

OCTOBER 25, 2024

Top Tier Capital, HarbourVest Support Concentric's Path to Autonomous Data Security Supported by Top Tier Capital Partners and HarbourVest Partners, Concentric AI’s $45 million Series B funding round will drive product innovation in identity governance, risk monitoring and data breach investigation - critical areas for enterprises seeking resilient (..)

Security

Security Data breaches Risk Government

Port of Seattle ‘s August data breach impacted 90,000 people

Security Affairs

APRIL 5, 2025

The ransomware gang hit organizations in multiple industries, including education, healthcare, manufacturing, information technology, and government sectors. While our response and recovery are still ongoing, we wanted to share updated information about what happened, what we have been doing, and how we are further strengthening our security.

Data breaches

Data breaches Ransomware Manufacturing Education

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Security Affairs

SEPTEMBER 15, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security

Security Military Ransomware Marketing

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Each company brings its own security (or lack thereof) into the game, so your overall security status is essentially the average of yours, plus anyone else’s to whom you’re connected (i.e.,

B2B

B2B Cybersecurity Risk Access

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 16, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Security Ransomware Sales

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Security Affairs

AUGUST 11, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security

Security Ransomware Cloud Government

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. Microsoft has notified affected customers and shared details on CovertNetwork-1658, Storm-0940 tactics, and recommended mitigations to help secure affected environments.

Passwords

Passwords Access Cloud Government

ISMG Editors: DSPM, DLP Converge to Reshape Data Security

Data Breach Today

OCTOBER 18, 2024

Also: Impact of NIS2 Directive in Europe, Cloud Governance Challenges In the latest weekly update, ISMG editors discussed the strategic convergence of data security posture management and data loss prevention technologies, evolving priorities of security leaders and the urgent readiness challenges posed by the NIS2 Directive.

Security

Security Cloud Government

Security Affairs Malware Newsletter – Round 1

Security Affairs

JULY 7, 2024

Today marks the launch of the Security Affairs newsletter, specializing in Malware. This newsletter complements the weekly one you already receive. Each week, it will feature a collection of the best articles and research on malware.

Security

Security Ransomware Government IT

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Increased GDPR Enforcement Highlights the Need for Data Security

Webinars

Trending Sources

Massive cyberattacks hit French government agencies

Webinars

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Enhance Innovation and Governance Through the Cloud Development Maturity Model

CERT-UA warns of a phishing campaign targeting government entities

Russian cyber spies stole data and emails from UK government systems

U.S. CISA: hackers breached a state government organization

Cisco addressed Webex flaws used to compromise German government meetings

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Information Governance: The Foundation of Responsible AI Systems

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Zero Trust Mandate: The Realities, Requirements and Roadmap

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Chinese man charged for spear-phishing against NASA and US Government

Relyance AI Raises $32M to Take on AI Governance Challenges

The Next-Generation Cloud Data Lake: An Open, No-Copy Data Architecture

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 7

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

Why DSPM is Essential for Achieving Data Privacy in 2024

Lithuania security services warn of China’s espionage against the country

Hackers stole OpenAI secrets in a 2023 security breach

Security firm discovers DeepSeek has 'direct links' to Chinese government servers

How to Protect Privacy and Build Secure AI Products

Energy industry contractor ENGlobal Corporation discloses a ransomware attack

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Canada ordered ByteDance to shut down TikTok operations in the country over security concerns

How Microsoft Is Beefing Up Security With 34,000 Engineers

Awaken Likho APT group targets Russian government with a new implant

Concentric AI Secures $45M Series B to Expand Data Security

Port of Seattle ‘s August data breach impacted 90,000 people

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Chinese threat actors use Quad7 botnet in password-spray attacks

ISMG Editors: DSPM, DLP Converge to Reshape Data Security

Security Affairs Malware Newsletter – Round 1

Stay Connected