Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Additionally, Line Dancer hooks into the crash dump and AAA processes to evade forensic analysis and establish remote access VPN tunnels.

Government 105

Government Authentication Communications Access 105

Security Affairs

NOVEMBER 10, 2021

Taiwan ‘s government agencies face around five million cyberattacks and probes every day, most of them from China. Around five million cyber attacks hit Taiwan’s government agencies every day, and most of the hacking attempts are originated from China. SecurityAffairs – hacking, Taiwan Government).

Government 124

Government Military Information Security Security 124

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory.

Security 130

Security Authentication Libraries Passwords 130

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. ” reads the analysis published by Carbon Black Managed Detection & Response team.

Education 111

Education Government Business Services Archiving 111

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. ” reads the analysis published by Morphisec. to lure victims into downloading a malicious file. .” ” concludes Morphisec that also provides indicators of compromise (IoCs).

Government 92

Government Manufacturing Authentication Cybersecurity 92

Security Affairs

MARCH 9, 2022

government. government. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. government.

Government 89

Government Phishing Military IT 89

Security Affairs

SEPTEMBER 20, 2021

Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . ” concludes the analysis.

Phishing 91

Phishing Government Cybersecurity Access 91

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. ” reads the analysis published by Checkpoint. The analysis of the C2 allowed the researchers to discover other loader variants used by the threat actor, such as CurLu, CurCore, and CurLog.

Government 103

Government IT Encryption Libraries 103

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. response to COVID-19.

Government 94

Government IT Security Information Security 94

Security Affairs

MARCH 27, 2023

Earth Preta, also known as “RedDelta” or “Bronze President,” has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican.

Archiving 83

Archiving Phishing Passwords Government 83

Security Affairs

SEPTEMBER 10, 2022

China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government officials in Europe, the Middle East, and South America with the PlugX malware.

Government 102

Government Archiving Metadata Encryption 102

Security Affairs

JUNE 6, 2022

Following the attacks of the Killnet Collective, the group responsible for the attacks against major government resources and law enforcement, a new group has been identified called “Cyber Spetsnaz”. The post Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies appeared first on Security Affairs.

Government 140

Government Cybersecurity IoT Security 140

IT Governance

MAY 8, 2019

Most GDPR (General Data Protection Regulation) compliance projects start with a gap analysis. A gap analysis is a popular method of assessing compliance against the requirements of the Regulation. What does a gap analysis involve? Can I use a free GDPR gap analysis tool? What gap analysis options are available?

GDPR 80

GDPR Compliance Personal data Risk 80

IT Governance

MARCH 6, 2019

Yes, most information security experts will be able to explain what confidentiality, integrity and availability mean, but other terms, like ‘risk’, are surprisingly vague. There’s a good reason for this: information security best practice is constantly evolving, meaning any advice listed in the Regulation could soon be out of date.

Information Security 90

Information Security GDPR Data breaches Compliance 90

Security Affairs

JULY 19, 2021

Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that could infect both iPhones and Android devices, it is sold exclusively to the governments and law enforcement agencies. The evidence demonstrates that governments used Pegasus to intimidate journalists and critical media. Pierluigi Paganini.

Government 115

Government Privacy IT Security 115

IT Governance

AUGUST 16, 2018

ISMS (information security management system) that meets the requirements of ISO 27001 can be challenging. One solution is to conduct an ISO 27001 gap analysis – a process many organisations consider an important starting point when putting a prioritised plan in place. IT Governance can help. As a result, building an?

Information Security 68

Information Security Compliance Data breaches Risk 68

IT Governance

FEBRUARY 14, 2019

Data breaches are on the up, and information security and GDPR compliance remain business-critical issues. That’s why – for a limited time – we’re giving away our EU GDPR Compliance Gap Assessment Tool and ISO 27001 Gap Analysis Tool for free*. Understanding best-practice information security.

GDPR 66

GDPR Compliance Information Security Data breaches 66

IT Governance

AUGUST 10, 2018

Building an ISMS (information security management system) that that meets the requirements of ISO 27001 is a challenging project, and it is often difficult to know where to start. Below we have outlined exactly how an ISO 27001 gap analysis can benefit your organisation. 4) You’ll understand what you need to do next.

Compliance 66

Compliance Information Security Risk Security 66

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. government. government. China is working hard here too. Pierluigi Paganini.

Government 99

Government File names Phishing Security 99

Security Affairs

DECEMBER 27, 2021

Albania’s prime minister Edi Rama apologized for the massive leak of personal records from a government database of state. Albania’s prime minister this week apologized for the massive leak of personal records from a government database of state. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Government 88

Government Security IT Data breaches 88

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government 90

Government Communications Ransomware Manufacturing 90

erwin

FEBRUARY 12, 2021

Managing an organization’s governance, risk and compliance (GRC) via its enterprise and business architectures means managing them against business processes (BP). Governance, risk and compliance are treated as isolated bubbles. The C-Level Demands GRC Real-Time Impact Analysis. Impact analysis is critical.

Compliance 98

Compliance Risk Government Data breaches 98

Security Affairs

MARCH 8, 2023

China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework. CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia.

Government 80

Government Communications Phishing IT 80

Collibra

JANUARY 1, 2021

Creating a data governance framework is crucial to becoming a data-driven enterprise because data governance brings meaning to an organization’s data. However, many organizations struggle to build a data governance program because the practice can seem amorphous. What is a data governance framework? Distinct use cases.

Government 59

Government Compliance Data Privacy Privacy 59

Security Affairs

MARCH 4, 2024

Threat actors stole sensitive information from the company, including military and government documents, revealed Taiwan’s Defense Ministry. TeraBytes of data” that included government contracts. We have asked the contractor involved to strengthen its information security control to prevent any further incidents.”

Military 109

Military Sales Government Information Security 109

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Further analysis uncovered embedded scenarios detecting the victim’s IP (using GEO2IP module, deployed on a third-party WEB-site), likely done to selectively choose targets or to filter by region.

Phishing 105

Phishing e-Delivery Government Passwords 105

IT Governance

JULY 4, 2018

To improve cyber risk governance among public-sector departments and their suppliers, the UK government has issued a series of minimum cyber security standards that will be incorporated into the Government Functional Standard for Security. Find out more about our ISO 27001 Gap Analysis service >>

Government 71

Government Security Information Security Risk 71

AIIM

SEPTEMBER 12, 2018

GDPR and the Data Governance Imperative. Compliance with the accountability principle implies having better visibility to the data, how it is collected and processed and the steps taken to minimize the amount of personal information collected. The Information Governance Imperative. Obligations Analysis.

GDPR 91

GDPR Government Information governance Compliance 91

Security Affairs

NOVEMBER 17, 2020

Most of the victims were in Vietnam, the group focuses on foreign government organizations of countries in Southeast Asia. . Opting for a command and control infrastructure deployed anywhere else in the world would have potentially raised some security alarms.” ” reads the report published by BitDefender.

Government 109

Government File names Communications Access 109

Security Affairs

JANUARY 26, 2020

A new piece of the Ryuk malware has been improved to steal confidential files related to the military, government, financial statements, and banking. At the time of the analysis, both sites were not reachable at the time of the analysis. Anyone remember this "Ryuk Stealer"? . ” reported BleepingComputer.

Military 111

Military Government Ransomware Privacy 111

Security Affairs

JULY 7, 2019

Croatia government agencies have been targeted by unknown hackers with a new piece of malware tracked as SilentTrinity. A mysterious group of hackers carried out a series of cyber attacks against Croatian government agencies, infecting employees with a new piece of malware tracked as SilentTrinity. ” reads one of the alerts.

Government 82

Government Computer and Electronics Archiving Phishing 82

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education 84

Education Government Libraries Mining 84

Security Affairs

MARCH 8, 2024

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain.

Ransomware 118

Ransomware Data breaches Unstructured data Personal data 118

Security Affairs

AUGUST 4, 2022

Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy Pelosi. Major Taiwan government websites were temporarily forced offline by distributed denial of service (DDoS) attacks attacks during the visit to Taipei of US House Speaker Nancy Pelosi.

Government 83

Government Cloud Cybersecurity Security 83

Security Affairs

DECEMBER 30, 2019

The United Arab Emirates denied reports that the popular mobile app ToTok was used as part of a government massive surveillance program. According to a report recently published by the New York Times , the popular app ToTok was used by the UAE government as a surveillance tool. reads the analysis published by Wardle.

Government 62

Government Data breaches Compliance Security 62

Security Affairs

APRIL 6, 2020

DarkHotel nation-state actor is exploiting a VPN zero -day to breach Chinese government agencies in Beijing and Shanghai. Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. Pierluigi Paganini.

Government 129

Government Security awareness Security Risk 129

Data Matters

MARCH 11, 2022

Securities and Exchange Commission (SEC) proposed new cybersecurity rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. That determination remains a complex analysis of several factors. Updates of previously reported incidents.

Cybersecurity 88

Cybersecurity Risk Government e-Discovery 88