Security Affairs

APRIL 28, 2021

China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group mainly focuses on high-profile orgs, including government entities and military orgs. Follow me on Twitter: @securityaffairs and Facebook.

Military 104

Military Passwords Government Security 104

Dark Reading

FEBRUARY 22, 2023

A DoD email server hosted in the cloud (and now secured) had no password protection in place for at least two weeks.

Military 90

Military Cloud Passwords Security 90

Security Affairs

NOVEMBER 3, 2024

EIW — ESET Israel Wiper — used in active attacks targeting Israeli orgs Tenacious Pungsan: A DPRK threat actor linked to Contagious Interview Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack (..)

Security 108

Security Military Ransomware Passwords 108

Krebs on Security

OCTOBER 31, 2022

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. stolen with the help of Raccoon.

Military 316

Military Passwords Data collection Ransomware 316

Security Affairs

JUNE 17, 2020

Experts uncovered a new cyber-espionage campaign, dubbed “ Operation In(ter)receptio n,” aimed at aerospace and military organizations in Europe and the Middle East. ” The attackers used password-protected RAR archive files as decoys purported to include a PDF document with details on the salary for specific job positions.

Military 105

Military Archiving Passwords Communications 105

Security Affairs

JUNE 5, 2024

In March, the German authorities admitted the hack by Russia-linked actors of a military meeting where participants discussed giving military support to Ukraine. The experts also discovered that some meeting rooms of high-ranking officials were not password-protected. ” reads the advisory published by the company.

Government 143

Government Metadata Military Passwords 143

Krebs on Security

OCTOBER 18, 2024

22, 2022, in which they offered the email address and password for 659 members of the Brazilian Federal Police. Additional reporting revealed National Public Data had inadvertently published its own passwords on the Internet. The company is now the target of multiple class-action lawsuits, and recently declared bankruptcy.

Passwords 224

Passwords Military Sales Communications 224

Threatpost

JULY 2, 2021

The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military.

Military 133

Military Passwords Cloud Government 133

eSecurity Planet

FEBRUARY 11, 2021

This creates a lot of opportunities for hackers to gain access to company resources because users often reuse passwords or mirror patterns in creating them. The recent boom in remote work due to the Covid-19 pandemic has further amplified the need to secure network endpoints , in which effective password management plays a big role.

Passwords 52

Passwords Encryption Authentication Cloud 52

Security Affairs

NOVEMBER 3, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Blockchain 109

Blockchain Security Military Phishing 109

Dark Reading

AUGUST 16, 2023

Researchers found that many Dark Web forums have stronger password rules than most government and military entities.

Military 79

Military Passwords Government 79

Krebs on Security

JANUARY 19, 2021

military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. military members and government employees. 2015 by criminals who social engineered PayPal employees over the phone into changing my password and bypassing multi-factor authentication. .”

Military 332

Military Passwords Government Personal data 332

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate.

Cybersecurity 214

Cybersecurity Passwords Military Education 214

The Security Ledger

FEBRUARY 26, 2020

In this Spotlight* podcast, Yaser Masoudnia of LogMeIn and LastPass talks about the continued persistence of the password in enterprise IT environments and how its inevitable demise (and replacement) may be closer than you would think. The post Spotlight Podcast: The Demise of the Password may be closer than you think!

Passwords 52

Passwords Military IoT Authentication 52

Dark Reading

SEPTEMBER 14, 2018

New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.

Military 82

Military Passwords Government Authentication 82

The Last Watchdog

JULY 30, 2018

DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. All the user needs is a strong password to access to the data. DataLocker actually got traction, early on, selling to the military.

Encryption 203

Encryption Military Passwords Authentication 203

Security Affairs

AUGUST 27, 2023

military procurement system Spoofing an Apple device and tricking users into sharing sensitive data Israel and US to Invest $3.85 military procurement system Spoofing an Apple device and tricking users into sharing sensitive data Israel and US to Invest $3.85 Korean Kimsuky APT targets S.

Security 98

Security Military Ransomware Passwords 98

Security Affairs

DECEMBER 30, 2021

An attacker can exploit the flaws to obtain user passwords. DataVault is an advanced encryption software to protect user data, it provides comprehensive military grade data protection and security features to multiple systems. Other flaws of the key derivation function will be discussed and compared with nowadays good practices.”

Encryption 135

Encryption Passwords Military Security 135

Security Affairs

MARCH 31, 2023

A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 flaw affects Zimbra Collaboration versions 9.0.0,

Military 98

Military Phishing Passwords Government 98

Security Affairs

JULY 31, 2022

The attackers said that the stolen data includes information about the employees of the company involved in military projects, commercial activities, contract agreements and correspondence with other companies. Adrastea said that they have found critical vulnerabilities in the company infrastructure and have stolen 60 GB of confidential data.

Manufacturing 132

Manufacturing Military Archiving Cybersecurity 132

Krebs on Security

OCTOBER 9, 2020

military’s Cyber Command. Holden said while the attack on Trickbot appears to have cut its operators off from a large number of victim computers, the bad guys still have passwords, financial data and reams of other sensitive information stolen from more than 2.7 Image: Shuttstock. million systems around the world.

Ransomware 340

Ransomware Military Passwords Access 340

eSecurity Planet

FEBRUARY 25, 2022

Rainbow table attacks are an older but still effective tactic for threat actors targeting password database vulnerabilities. Rainbow table attacks are an effective tactic for threat actors targeting password database vulnerabilities presenting inadequate privacy and security functionality. Moving Away from the Password.

Passwords 130

Passwords Encryption Authentication Communications 130

eSecurity Planet

JUNE 21, 2024

Keeper and Dashlane are top password managers prioritizing multi-layered encryption systems for secure password sharing. Both password managers are suitable for small to large businesses. 5 Keeper, a low-cost password manager, highlights security with strong end-to-end encryption and authentication. user • Premium: $4.99/user

Passwords 103

Passwords Encryption Authentication Access 103

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. reads the post published by Proofpoint.

IT 98

IT Military Phishing Passwords 98

Security Affairs

OCTOBER 11, 2021

DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Threat actors are launching extensive password spraying attacks aimed at the target organizations, the malicious campaign was first spotted in July 2021. ” reads the post published by Microsoft.

Passwords 100

Passwords Authentication Military Analytics 100

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The group was involved also in the string of attacks that targeted 2016 Presidential election. ” reads trhe announcement published by DKWOC.

Military 129

Military Government Access Phishing 129

The Last Watchdog

FEBRUARY 21, 2022

Many security programs focus on employee education (creating a strong password, being aware of phishing, etc.). In addition, make it easy to report security concerns (phishing, data leaks, social engineering , password compromise, etc.). Educate employees. Your employees can be your first line of defense or your weakest link.

Passwords 214

Passwords Cybersecurity Education Phishing 214

Security Affairs

DECEMBER 25, 2022

Expert found Backdoor credentials in ZyXEL LTE3301 M209 Raspberry Robin malware used in attacks against Telecom and Governments TikTok parent company ByteDance revealed the use of TikTok data to track journalists BetMGM discloses security breach impacting 1.5

Security 98

Security Military Ransomware Encryption 98

Security Affairs

NOVEMBER 9, 2018

Italian Military Personnel and National Association of Professional Educators. Login information for 37 administrators, including full names, username, password and email: [link]. 11 Usernames, Passwords & Emails for Database eSG: [link]. 110 Usernames, Passwords & Emails for Database exe: [link].

Passwords 111

Passwords Archiving Mining Education 111

Security Affairs

MAY 3, 2022

“ Curious Gorge, a group TAG attributes to China’s PLA SSF, has remained active against government, military, logistics and manufacturing organizations in Ukraine, Russia and Central Asia. The malware is able to steal cookies and saved passwords from Chrome, Edge and Firefox browsers.

Manufacturing 136

Manufacturing Phishing Passwords Military 136

Security Affairs

FEBRUARY 28, 2024

“As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. Change any default usernames and passwords.

Energy and Utilities 131

Energy and Utilities Military Government Phishing 131

Krebs on Security

AUGUST 29, 2023

In April 2022, the DOJ quietly removed malware from computers around the world infected by the “Snake” malware , an even older malware family that has been tied to the GRU, an intelligence arm of the Russian military. Documents published by the DOJ in support of today’s takedown state that beginning on Aug.

Ransomware 277

Ransomware Government Military Access 277

Security Affairs

JULY 20, 2022

MiCODUS is used today by 420,000 customers in multiple industries, including government, military, law enforcement agencies, and Fortune 1000 companies. CVE-2022-2141 (CVSS score: 9.8) – Improper authentication allows a user to send some SMS commands to the GPS tracker without a password.

Passwords 100

Passwords Manufacturing Military Authentication 100

Security Affairs

NOVEMBER 4, 2022

The threat actors set up websites cloning the official download websites for SolarWinds Network Performance Monitor (NPM), KeePass password manager, and PDF Reader Pro. The attacks were spotted while analyzing network artifacts associated with RomComRAT infections resulting from attacks targeting Ukrainian military institutions.

Passwords 134

Passwords Military Ransomware Archiving 134

Security Affairs

JANUARY 9, 2023

Threat actors created fake login pages for each organization and sent spear-phishing messages to nuclear scientists in an attempt to trick them into providing their passwords. The researchers uncovered a phishing campaign conducted by the COLDRIVER (aka Calisto ) APT against a NATO Centre of Excellence and Eastern European militaries.

Military 97

Military Phishing Cybersecurity Passwords 97

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Security 125

Security Passwords Military Marketing 125

Security Affairs

MAY 23, 2024

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ that has been targeting military and government entities since 2018.

Archiving 133

Archiving Military Communications Phishing 133