2021, Blog and Education - Information Management Today

Data breaches and cyber attacks quarterly review: Q3 2021

IT Governance

OCTOBER 26, 2021

Welcome to our third quarterly review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of cyber attacks and data breaches. IT Governance discovered 266 security incidents between July and September 2021, which accounted for 185,721,284 breaches records. Download now.

Data breaches

Data breaches Retail Government Ransomware

Data breaches and cyber attacks quarterly review: Q2 2021

IT Governance

JULY 13, 2021

Welcome to our second quarterly review of security incidents for 2021, in which we take a closer look at the information gathered in our monthly list of cyber attacks and data breaches. In this blog, we provide an overview of the security landscape in the past three months, and look at key statistics and observations. Download now.

Data breaches

Data breaches Retail Ransomware Government

List of data breaches and cyber attacks in October 2021 – 51.2 million records breached

IT Governance

NOVEMBER 1, 2021

However, there are plenty of other incidents to dig into, including a raft of ransomware attacks against the education sector. And don’t forget to check out our Q3 2021 data breaches and cyber attacks quarterly review , in which we take a closer look at the information gathered in our monthly lists.

Data breaches

Data breaches Ransomware Government Education

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. In May 2021, cybercriminals offered more than 36,000 login credentials for.edu email accounts and advertised the data on an instant messaging platform. To nominate, please visit:?.

Sales

Sales Education Phishing Passwords

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 8, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, CISA) The post CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog appeared first on Security Affairs.

IT

IT Ransomware Education Cybersecurity

List of data breaches and cyber attacks in August 2021 – 61 million records breached

IT Governance

SEPTEMBER 1, 2021

The post List of data breaches and cyber attacks in August 2021 – 61 million records breached appeared first on IT Governance UK Blog. Travel and medical insurance provider guard.me million) Indra hacking group blamed for attack on Iranian railway system (unknown) Willdan Group, Inc.

Data breaches

Data breaches Ransomware Insurance Data migration

Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation

Security Affairs

APRIL 19, 2023

The man was arrested in Amsterdam in November 2021 and was extradited to the US in August 2022. According to a joint report published in January 2021 by security firms Advanced-intel and HYAS, Ryuk operators earned, at the time of publishing the analysis, more than $150 million worth of Bitcoin from ransom paid by their victims.

Ransomware

Ransomware Education Cybersecurity Security

Moobot botnet spreads by targeting Cacti and RealTek flaws

Security Affairs

APRIL 3, 2023

FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The Moobot botnet is actively exploiting critical vulnerabilities in Cacti, and Realtek in attacks in the wild.

Education

Education Encryption Passwords Communications

CISA adds TP-Link, Apache, and Oracle bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

MAY 2, 2023

CVE-2021-45046 (CVSS score: 9.0) – Apache Log4j2 deserialization of untrusted data vulnerability. Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

IT

IT Cybersecurity Education Access

GUEST ESSAY: A call to blur the lines between cybersecurity training, up-skilling and higher ed

The Last Watchdog

APRIL 26, 2022

According to the Infosec 2021 IT & Security Talent Pipeline Survey , over 90% of hiring managers struggle to fill open cyber roles — leaving mission-critical work undone and existing teams strapped for time and resources. About the essayist: Jack Koziol is the founder, SVP and GM of Infosec Institute , a cybersecurity education company.

Cybersecurity

Cybersecurity Education Communications Security

SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market

Security Affairs

MAY 2, 2023

The Monopoly Market was launched in 2019 and the German authorities seized the marketplace’s infrastructure in December 2021. “Europol has been compiling intelligence packages based on troves of evidence provided by German authorities, who successfully seized the marketplace’s criminal infrastructure in December 2021.

Marketing

Marketing Sales Education Cybersecurity

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Security Affairs

APRIL 4, 2023

Below is the list of flaws exploited by the ransomware gang’s affiliate: CVE-2021-27876 : The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. CVE-2021-27877 : An issue was discovered in Veritas Backup Exec before 21.2. CVSS score: 8.1).

Ransomware

Ransomware Authentication Communications Access

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. Microsoft has linked the Iranian Mint Sandstorm APT (previously tracked by Microsoft as PHOSPHORUS ) to a series of attacks aimed at US critical infrastructure between late 2021 to mid-2022.

Energy and Utilities

Energy and Utilities Military Education Phishing

Sabbath Ransomware target critical infrastructure in the US and Canada

Security Affairs

DECEMBER 1, 2021

Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021.

Ransomware

Ransomware Education Encryption Security

Google obtained a temporary court order against CryptBot distributors

Security Affairs

APRIL 28, 2023

” In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet. .” concludes the announcemebt.

Blockchain

Blockchain Mining Education IT

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The FBI’s Internet Crime Complaint Center (IC3) received 3,729 ransomware complaints in 2021, representing $49.2 In fact, ransomware-as-a-service is alive and well, educating would-be offenders on how to undertake an attack and even offering customer support. Prevalence. million in adjusted losses. Incident response.

Ransomware

Ransomware Education Phishing Financial Services

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

“These operations have targeted various industries, including Aerospace & Defense, Education, Energy & Utilities, Governments, Hospitality, Manufacturing, Oil & Gas, Retail, Technology, and Transportation. ” reads the joint report. Since September 2022, Moobot botnet was spotted targeting vulnerable D-Link routers.

Energy and Utilities

Energy and Utilities Military Government Phishing

Authorities dismantled the card-checking platform Try2Check

Security Affairs

MAY 3, 2023

Over a nine-month period in 2018, the site performed at least 16 million checks, and over a 13-month period beginning in September 2021, the site performed at least 17 million checks.” ” reads the press release published by the DoJ. ” The indictment is the result of a law enforcement operation conducted by the U.S.

Education

Education Cybersecurity Government Security

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

In 2021, CISA added Remcos to the list of top malware strains due to its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals. The phishing attacks began in February 2023, the IT giant reported.

Phishing

Phishing Financial Services Education Cybersecurity

Machine vs. machine

OpenText Information Management

APRIL 19, 2024

General awareness and education on the potential threats to your employee base is a must. New era of concern In 2023, the world saw a 72% increase in data breaches from 2021, which held the previous record. The post Machine vs. machine appeared first on OpenText Blogs. Get more information about our Cybersecurity portfolio.

Cybersecurity

Cybersecurity Analytics Data breaches Ransomware

Researchers found the first Linux variant of the RTM locker

Security Affairs

APRIL 27, 2023

The new variant of the encryptor targets Linux, NAS, and ESXi hosts, it appears to be based on the source code of Babuk ransomware that was leaked online in 2021. The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider.

Encryption

Encryption Ransomware Education Access

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability.

Cybersecurity

Cybersecurity Education Risk Security

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The joint advisory provides detailed info on tactics, techniques, and procedures (TTPs) associated with APT28’s attacks conducted in 2021 that exploited the flaw in Cisco routers. The Russia-linked APT28 conducted the attacks in 2021 and targeted a small number of entities in Europe, U.S. ” reads the joint advisory.

Military

Military Access Cybersecurity Education

How CyBOK Can Help You Develop Your Cyber Security Career

IT Governance

OCTOBER 27, 2022

was released in July 2021 and consists of 21 Knowledge Areas in the following groups: Human, Organisational and Regulatory Aspects Attacks and Defences Systems Security Software and Platform Security Infrastructure Security. How do you start your cyber security education?

Security

Security Paper Education Government

Expert publishes PoC exploit code for Microsoft Exchange flaws

Security Affairs

MARCH 11, 2021

On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. — MalwareTech (@MalwareTechBlog) March 10, 2021.

Education

Education Access Security IT

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Security Affairs

APRIL 30, 2023

In August 2021, ShinyHunters group claimed to have a database containing private information on roughly 70 million AT&T customers, but the company denies that they have been stolen from its systems.

Passwords

Passwords Access Education Security

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The joint advisory provides detailed info on tactics, techniques, and procedures (TTPs) associated with APT28’s attacks conducted in 2021 that exploited the flaw in Cisco routers.

Systems administration

Systems administration Military Phishing Government

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0014. for the affected VMware applications we can find organizations in the healthcare and education industries, and state government potentially vulnerable. cations of this vulnerability are serious.” states VMware.

Authentication

Authentication Cybersecurity Access Education

Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks

Security Affairs

APRIL 26, 2023

2021, but when in February 2023 they checked the fix they discovered that in January 2022 the default SECRET_KEY value was changed to “ CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET “, and a warning was added to the logs with this Git commit. ” Horizon3 researchers reported the issue to the Superset team in Oct.

Authentication

Authentication Education Access Security

AuKill tool uses BYOVD attack to disable EDR software

Security Affairs

APRIL 24, 2023

The technique of abusing the Process Explorer driver to bypass EDR systems was already observed in the wild, Sophos reported it was implemented in the open-source tool Backstab , which was published in June 2021.

Ransomware

Ransomware Education Security Cybersecurity

GUEST ESSAY: What it will take to train the next generation of cybersecurity analysts

The Last Watchdog

OCTOBER 4, 2021

According to the 2019/2020 Official Annual Cyber Security Jobs Report sponsored by the Herjavec Group, the number of open cyber security positions has grown 350 percent from 2013 to 2021. million unfilled cyber security jobs globally by 2021. Cybersecurity Ventures predicts that there will be 3.5 Growing need. Fostering tradecraft.

Cybersecurity

Cybersecurity IT Analytics Education

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

Security Affairs

JUNE 10, 2022

Vice Society ransomware has been active since June 2021, it is considered by researchers a spin-off of the HelloKitty ransomware , the malware targets both Windows and Linux systems primarily belonging to small or midsize victims. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Ransomware

Ransomware IT Data breaches Education

DXC supports digital literacy with Iberia Codes contest

DXC Technology

SEPTEMBER 29, 2021

2021 marked the sixth year […]. The post DXC supports digital literacy with Iberia Codes contest appeared first on DXC Blogs. This fun and collaborative initiative to awaken and foster children’s interest in and passion for technology helps them develop and hone their computational thinking skills using a STEM approach.

Education

Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds

Hunton Privacy

APRIL 27, 2021

As reported on the Hunton Retail Law Blog , on April 26, 2021, the U.S. 19-4310, 2021 WL 1603808 (2d Cir. Court of Appeals for the Second Circuit affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft. McMorris v.

Data breaches

Data breaches Risk Retail Education

Archive-It Partner News, October 2021

Archive-It

OCTOBER 20, 2021

Meet them and learn much more about the program here on the Internet Archive blog. You can catch up anytime with recordings and recaps, starting here on the Archive-It blog. Archive-It will phase out its cost-sharing program for new web archive collections related to the COVID-19 pandemic at the end of 2021. Community News.

Archiving

Archiving Digital preservation IT Libraries

An Agency Is Born: California Appoints Board of Its New California Privacy Protection Agency

Data Matters

MARCH 19, 2021

On March 17, 2021, California officials announced the appointment of five board members of the California Privacy Protection Agency ( the “CPPA”), the first data protection agency in the United States. Board appointees were drawn from academia, government, and public service: Jennifer M.

Privacy

Privacy IT Education Government

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

Security Affairs

APRIL 26, 2023

In September 2020, the British government announced the ban on the installation of new Huawei equipment in the 5G networks of Wireless carriers after September 2021. The government could order operators to “rip and replace” the risky components provided by Chinese suppliers.

Government

Government Communications Risk Cybersecurity

CISA JCDC Will Focus on Energy Sector

Security Affairs

APRIL 5, 2023

Going one step further, in 2021, the CISA announced the formation of the Joint Cyber Defense Collective (JCDC) , an initiative formulated to bring government and private industry representatives together to build operation plans for protecting and responding to cyber threats.

Energy and Utilities

Energy and Utilities Risk Cybersecurity Compliance

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Communications

Communications Manufacturing Access Archiving

What are you doing for Data Privacy Week?

IT Governance

JANUARY 24, 2022

It’s why, for the past fifteen years, 28 January has marked Data Privacy Day – an international event raises awareness about online privacy and educates people on the ways they can protect their personal information. That’s why now is an ideal time to educate your children on the importance of data privacy. Keep it private.

Data Privacy

Data Privacy Privacy Personal data Passwords

What Are You Doing for Cyber Security Awareness Month?

IT Governance

OCTOBER 6, 2022

This October is Cyber Security Awareness Month, an event designed to educate people about information security and the steps they can take to stay safe online. Meanwhile, Verizon’s 2021 Data Breach Investigations Report found that 25% of all data breaches involve phishing. appeared first on IT Governance UK Blog.

Security awareness

Security awareness Security Phishing Passwords

Archive-It Partner News, January 2021

Archive-It

JANUARY 14, 2021

Mellon Foundation, the program is expanding nationwide to provide free web archiving and technical services, education, professional development, and funding to build community history web archives documenting civic life and especially communities traditionally under-represented in the historical record. Have questions? Tech and Training.

Archiving

Archiving IT Libraries Digital preservation

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. Ransomware? I think you may have heard of it, isn’t the news full of it? Related: Make it costly for cybercriminals. Back up your data and secure your backups in an offline location.

Access

Access Ransomware Risk Cloud

Building cyber security careers

IT Governance

OCTOBER 21, 2021

The need for experienced and qualified cyber security professionals is a highlight of Cybersecurity Career Awareness Week , led by NICE (National Initiative for Cybersecurity Education). The post Building cyber security careers appeared first on IT Governance UK Blog. UK skills gap.

Security

Security Information Security GDPR Data Privacy

Data breaches and cyber attacks quarterly review: Q3 2021

Data breaches and cyber attacks quarterly review: Q2 2021

Trending Sources

List of data breaches and cyber attacks in October 2021 – 51.2 million records breached

FBI: Compromised US academic credentials available on various cybercrime forums

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

List of data breaches and cyber attacks in August 2021 – 61 million records breached

Russian national sentenced to time served for committing money laundering for the Ryuk ransomware operation

Moobot botnet spreads by targeting Cacti and RealTek flaws

CISA adds TP-Link, Apache, and Oracle bugs to its Known Exploited Vulnerabilities catalog

GUEST ESSAY: A call to blur the lines between cybersecurity training, up-skilling and higher ed

SpecTor operation: 288 individuals arrested in the seizure of marketplace Monopoly Market

ALPHV/BlackCat ransomware affiliate targets Veritas Backup solution bugs

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Sabbath Ransomware target critical infrastructure in the US and Canada

Google obtained a temporary court order against CryptBot distributors

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Authorities dismantled the card-checking platform Try2Check

Remcos RAT campaign targets US accounting and tax return preparation firms

Machine vs. machine

Researchers found the first Linux variant of the RTM locker

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

How CyBOK Can Help You Develop Your Cyber Security Career

Expert publishes PoC exploit code for Microsoft Exchange flaws

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks

AuKill tool uses BYOVD attack to disable EDR software

GUEST ESSAY: What it will take to train the next generation of cybersecurity analysts

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

DXC supports digital literacy with Iberia Codes contest

Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds

Archive-It Partner News, October 2021

An Agency Is Born: California Appoints Board of Its New California Privacy Protection Agency

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

CISA JCDC Will Focus on Energy Sector

China-linked APT Volt Typhoon targets critical infrastructure organizations

What are you doing for Data Privacy Week?

What Are You Doing for Cyber Security Awareness Month?

Archive-It Partner News, January 2021

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Building cyber security careers

Stay Connected