2017, Education, IT and Security - Information Management Today

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Security Affairs

AUGUST 6, 2023

The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach.

Education

Education Data breaches Ransomware Access

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Krebs on Security

JUNE 13, 2018

And now she’s celebrating a small but symbolic victory after a small claims court awarded her $600 in damages stemming from the 2017 breach. Vermont librarian Jessamyn West sued Equifax over its 2017 data breach and won $600 in small claims court. The 49-year-old librarian from a tiny town in Vermont took Equifax to court.

Data breaches

Data breaches Personal data Privacy Libraries

Sophie Sayer on the IT Governance Partner Programme

IT Governance

FEBRUARY 14, 2024

The benefits of partnering with us, and our partner-exclusive event IT Governance launched its partner programme in 2017, which now includes more than 400 organisations. In more recent months, we launched the channel partner programme in Europe and America, with training and security testing proving especially popular.

Government

Government IT Sales Data Privacy

BlueCharlie changes attack infrastructure in response to reports on its activity

Security Affairs

AUGUST 6, 2023

The APT group has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. The APT group has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.

IT

IT Phishing Authentication Education

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The operating algorithm was RSA.

IT

IT Computer and Electronics e-Discovery Encryption

Vice Society ransomware also exploits PrintNightmare flaws in its attack

Security Affairs

AUGUST 13, 2021

Microsoft issued security updates, between June and August, to address the above issues, it also implemented the same changes to the default Point and Print default behavior. reads the security advisory published by Microsoft. A local attacker could exploit the vulnerability to gain SYSTEM privileges on vulnerable systems.

Ransomware

Ransomware IT Education Security

FTC Releases 2017 Privacy and Data Security Update

Hunton Privacy

JANUARY 22, 2018

On January 18, 2018, the Federal Trade Commission (“FTC”) released its 2017 Privacy & Data Security Update (the “Report”).

Privacy

Privacy Security Education IT

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. In 2017, crooks launched a phishing campaign against universities to compromise.edu accounts. ” reads the alert published by the FBI. To nominate, please visit:?.

Sales

Sales Education Phishing Passwords

Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

Hunton Privacy

JULY 1, 2020

The sanction was imposed following a data breach that took place between April 2016 and July 2017 that the banking institution notified to the Garante at the end of July 2017.

Data breaches

Data breaches GDPR Personal data Education

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

In reality, the caller had just tricked a GoDaddy employee into giving away their credentials, and he could see from the employee’s account that Escrow.com required a specific security procedure to complete a domain transfer. In a filing with the U.S. What else do we know about the cause of these incidents?

Phishing

Phishing Passwords Authentication Security

Law enforcement seized the Genesis Market cybercrime marketplace

Security Affairs

APRIL 5, 2023

The FBI seized the Genesis Market , a black marketplace for stolen credentials that was launched in 2017. Law enforcement seized the Genesis Market black marketplace, a platform focused on the sale of stolen credentials, as part of Operation Cookie Monster. The seizure is part of a law enforcement operation codenamed Operation Cookie Monster.

Marketing

Marketing Sales Education Cybersecurity

What it Takes to Achieve Saudi Arabia’s Vision 2030

Thales Cloud Protection & Licensing

JANUARY 21, 2021

Through Vision 2030, the Kingdom of Saudi Arabia (KSA) intends to reduce dependence on oil, diversify its economy, and develop public service sectors, such as health, education, infrastructure, recreation, and tourism. A Royal Decree, dated 31 October 2017 , established the National Cybersecurity Authority (NCA). Encryption.

IT

IT Digital transformation Cybersecurity Cloud

Laserfiche Wins Gold in Best in Biz Awards 2017

Info Source

DECEMBER 5, 2017

With customers in nearly every industry including government, education, financial services, manufacturing and health care, Laserfiche offers solutions tailored to organizations’ needs, and the expertise and personalized service that drive customer success. Investment Advisor Magazine, Security Products Magazine, Wired and Yahoo Tech.

ECM

ECM Education Financial Services Manufacturing

No Jail Time for “WannaCry Hero”

Krebs on Security

JULY 29, 2019

Marcus Hutchins , the “accidental hero” who helped arrest the spread of the global WannaCry ransomware outbreak in 2017, will receive no jail time for his admitted role in authoring and selling malware that helped cyberthieves steal online bank account credentials from victims, a federal judge ruled Friday. ” .

Ransomware

Ransomware Education Government Risk

The Sheriffs are in Town: Recent Developments in Initial Coin Offerings (ICO) Enforcement and Investor Education

Data Matters

SEPTEMBER 11, 2018

In the months following director William Hinman’s noteworthy speech on whether and when a digital asset is subject to securities laws, U.S. regulators have continued their stern warnings regarding the importance of compliance with the securities laws. securities laws. Convertible Equity Securities.

Education

Education Blockchain Sales Mining

News alert: Massachusetts pumps $1.1 million into state college cybersecurity training programs

The Last Watchdog

OCTOBER 5, 2023

The grants are part of the state’s SOC/Range Initiative, a program managed by MassTech’s MassCyberCenter that aims to help build a diverse generation of cybersecurity professionals through education, training, and workforce development. Preparation, communication, and active monitoring are key to defending against online attacks.” “The

Cybersecurity

Cybersecurity Education Government Security

SHARED INTEL: Mobile apps are riddled with security flaws, many of which go unremediated

The Last Watchdog

SEPTEMBER 4, 2019

Some fresh evidence of this encouraging trend comes to us by way of shared intelligence from WhiteHat Security. Based on 17 million application security scans carried out in 2018, WhiteHat found a 20% increase in vulnerabilities found in the applications that organizations tested for security flaws.

Security

Security Customer Experience Access Security awareness

80% of organisations affected by cyber security skills gap

IT Governance

MARCH 22, 2018

Four out of five organisations can’t find qualified staff to fill cyber security positions, according to CyberEdge’s 2018 Cyberthreat Defense Report. Although this figure is alarmingly high, CyberEdge notes that the skills gap decreased by ten percentage points compared to its 2017 report. IT security architect/engineer (27.6%).

Security

Security Education Manufacturing Information Security

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The increase in remote workforces and difficulty enforcing security controls with expanding perimeters has played a role in the rise of ransomware. In fact, ransomware-as-a-service is alive and well, educating would-be offenders on how to undertake an attack and even offering customer support. Prevalence. million in adjusted losses.

Ransomware

Ransomware Education Phishing Financial Services

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Security Affairs

JUNE 23, 2019

The attackers exploited a Raspberry Pi device that was connected to the IT network of the NASA Jet Propulsion Laboratory (JPL) without authorization or implementing proper security measures. The Technology Security Database (ITSDB) is a web-based application used to track and manage physical assets and applications on its network.

IT

IT Data breaches Archiving Education

ICO data security statistics highlight need for increased staff awareness

IT Governance

FEBRUARY 22, 2018

The Information Commissioner’s Office’s (ICO) latest statistics on data security incidents have revealed a 19% increase from Q2 to Q3 2017, with 815 incidents reported between October and December 2017. In the education sector, there was a 68% increase, from 57 reported incidents in Q2 to 96 in Q3.

Security

Security Information Security Data breaches GDPR

Cambridgeshire crowned the UK’s cyber crime capital

IT Governance

SEPTEMBER 21, 2020

Figures from the ONS (Office of National Statistics) show that security incidents in Cambridgeshire increased from 2,789 in 2016 to 4,155 in 2018. In 2017, Cambridge became the fastest-growing city in the UK , with businesses attracted to its proximity to London and the North, as well as its highly educated workforce.

Healthcare

Healthcare Education Phishing Risk

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog. CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. CISA orders federal agencies to fix this flaw by April 20, 2023.

Cybersecurity

Cybersecurity Education Risk Security

Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data

eSecurity Planet

OCTOBER 28, 2022

GitHub proofs of concept (PoCs) for known vulnerabilities could themselves contain malware as often as 10% of the time, security researchers have found. These “proofs” advertised exploits for vulnerabilities that have been publicly disclosed between 2017 and 2021. See the Top Vulnerability Management Tools. Signs of Malicious PoCs.

Cybersecurity

Cybersecurity Ransomware Education Security

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

Security Affairs

MAY 4, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. The Sandworm group (aka BlackEnergy , UAC-0082 , Iron Viking , Voodoo Bear , and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU’s Main Center for Special Technologies (GTsST).

Archiving

Archiving Education Authentication Ransomware

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

The company received two vulnerability reports from the cybersecurity firm Trend Micro ) for high/critical severity security issues in PaperCut MF/NG. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities Catalog. ” reads the advisory published by PaperCut. Last week, the U.S.

Cybersecurity

Cybersecurity Ransomware Education Authentication

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

MAY 2, 2023

At this time, the vendor has yet to release security patches to address the flaw. In April 2018, security researcher Fernandez Ezequiel published proof-of-concept (PoC) code for this vulnerability. Previously seen to be exploited in the wild through 2017 and on-going.” in MVPower CCTV DVR models.

Authentication

Authentication Retail Education Marketing

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

APRIL 10, 2023

MERCURY (aka MuddyWater , SeedWorm and TEMP.Zagros ) has been active since at least 2017, in January 2022 the USCYBERCOM has officially linked the Iran-linked APT group to Iran’s Ministry of Intelligence and Security (MOIS). The attackers were able to interfere with security tools using Group Policy Objects (GPO).

Ransomware

Ransomware File names Access Education

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. ” continues the alert.

Systems administration

Systems administration Military Phishing Government

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. ” reads the joint advisory.

Military

Military Access Cybersecurity Education

Catches of the Month: Phishing Scams for September 2023

IT Governance

SEPTEMBER 15, 2023

Source: Truesec According to Telekom Security , DarkGate Loader’s developer, who goes by the name RastaFarEye, has been developing the malware since 2017 and has been advertising it as a malware-as-a-service model since 16 June 2023. More recently, it has mainly distributed the JSSLoader malware for the Sangria Tempest group.

Phishing

Phishing Mining Education Passwords

DePriMon downloader uses a never seen installation technique

Security Affairs

NOVEMBER 21, 2019

According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since at least 2011. In 2017, Symantec speculated that at least 40 targets in 16 countries have been compromised by the threat actors. The targets were all located in the Middle East, Europe, Asia, and Africa.

Communications

Communications Encryption Education Authentication

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. The group targeted multiple sectors, including government, defense, energy, transportation/logistics, education, and humanitarian organizations. .” reads the report published by the Google TAG.

Phishing

Phishing Military Ransomware Education

Siemens Metaverse exposes sensitive corporate data

Security Affairs

APRIL 15, 2023

The WordPress sets only exposed user names and avatar pictures, but all four Siemens WordPress-based subdomains were vulnerable to a flaw that WordPress itself fixed in 2017, leaving researchers wondering whether there are more severe vulnerabilities on these sites. It contained ComfyApp credentials and endpoints.

IoT

IoT Manufacturing Authentication Ransomware

California-based workforce platform Prosperix leaks drivers licenses and medical records

Security Affairs

JUNE 1, 2023

However, the leaky bucket dates back to 2017. Auditing and logging: regularly checking server access logs Employee training: enhancing knowledge and awareness of data security. Leaks like this put job seekers at risk, so they should educate themselves on how to spot common job search-related scam techniques.

Encryption

Encryption Risk Education Phishing

Hyundai suffered a data breach that impacted customers in France and Italy

Security Affairs

APRIL 12, 2023

In April 2017, security vulnerabilities in the Hyundai Blue Link mobile apps could have allowed hackers to locate, unlock and start vehicles of the carmaker. The intrusion aimed at stealing automotive trade secrets.

Data breaches

Data breaches Manufacturing Cybersecurity Education

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

NOVEMBER 26, 2018

Snyder says his experience as head of Gateway Computers and as an investor in tech security startups, prior to entering politics, gave him an awareness of why putting Michigan ahead of the curve, dealing with cyber threats, would be vital. or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. Cobo Center.

Cybersecurity

Cybersecurity Military Education Government

News alert: Massachusetts awards $2.3 million grant to strengthen cybersecurity ecosystem statewide

The Last Watchdog

OCTOBER 27, 2023

“That is why we have taken a multi-pronged approach that educates students about the opportunities that exist in a cybersecurity career, providing the critical training on cutting-edge tools, and the mentorship they need to succeed in a career.

Cybersecurity

Cybersecurity Artificial Intelligence Government Education

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

JANUARY 26, 2023

National Cyber Security Centre (NCSC) warns of a surge in the number of attacks from Russian and Iranian nation-state actors. National Cyber Security Centre (NCSC) is warning of targeted phishing attacks conducted by threat actors based in Russia and Iran. The are increasingly targeting organizations and individuals.

Phishing

Phishing Education Authentication Passwords

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Security Affairs

APRIL 2, 2023

The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017. Files leaked by Russian IT contractor NTC Vulkan show that Russia-linked Sandworm APT requested it to develop offensive tools. The documents demonstrate that it also developed hacking tools for the Russia-linked APT group Sandworm.

Energy and Utilities

Energy and Utilities Education Ransomware IT

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

DECEMBER 3, 2021

In early 2017, Babam confided to another Verified user via private message that he is from Lithuania. com (2017). Verified was hacked at least twice in the past five years, and its user database posted online. That information shows that Babam joined Verified using the email address “ operns@gmail.com.”

Access

Access Ransomware Sales Passwords

Canadian Privacy Commissioner Issues Report on Children’s Educational Apps

Hunton Privacy

NOVEMBER 3, 2017

Recently, the Office of the Privacy Commissioner of Canada (“OPC”) issued its 2017 Global Privacy Enforcement Network Sweep results (the “Report”), which focused on certain privacy practices of online educational tools and services targeted at classrooms.

Education

Education Privacy Access IT

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. SEABORGIUM has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. ” reads the post published by Microsoft.

Phishing

Phishing Education Security IT

Why the cyber security skills gap is so damaging

IT Governance

APRIL 11, 2018

The cyber security skills gap has been growing for years, and the problem is particularly bad in the UK. All of this means that organisations are unprepared for major security incidents, which could cause substantial damage and affect business operations. However, some cyber security experts believe the skills shortage is a “myth”.

Security

Security Risk Education Information Security

Colorado Department of Higher Education (CDHE) discloses data breach after ransomware attack

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

Trending Sources

Sophie Sayer on the IT Governance Partner Programme

BlueCharlie changes attack infrastructure in response to reports on its activity

Wannacry, the hybrid malware that brought the world to its knees

Vice Society ransomware also exploits PrintNightmare flaws in its attack

FTC Releases 2017 Privacy and Data Security Update

FBI: Compromised US academic credentials available on various cybercrime forums

Italian Garante Fines Bank 600,000 Euros for Pre-GDPR Data Breach

When Low-Tech Hacks Cause High-Impact Breaches

Law enforcement seized the Genesis Market cybercrime marketplace

What it Takes to Achieve Saudi Arabia’s Vision 2030

Laserfiche Wins Gold in Best in Biz Awards 2017

No Jail Time for “WannaCry Hero”

The Sheriffs are in Town: Recent Developments in Initial Coin Offerings (ICO) Enforcement and Investor Education

News alert: Massachusetts pumps $1.1 million into state college cybersecurity training programs

SHARED INTEL: Mobile apps are riddled with security flaws, many of which go unremediated

80% of organisations affected by cyber security skills gap

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

ICO data security statistics highlight need for increased staff awareness

Cambridgeshire crowned the UK’s cyber crime capital

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Cybercriminals Use Fake Public PoCs to Spread Malware and Steal Data

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Fortinet warns of a spike in attacks against TBK DVR devices

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Catches of the Month: Phishing Scams for September 2023

DePriMon downloader uses a never seen installation technique

Google TAG warns of Russia-linked APT groups targeting Ukraine

Siemens Metaverse exposes sensitive corporate data

California-based workforce platform Prosperix leaks drivers licenses and medical records

Hyundai suffered a data breach that impacted customers in France and Italy

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

News alert: Massachusetts awards $2.3 million grant to strengthen cybersecurity ecosystem statewide

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Leaked documents from Russian firm NTC Vulkan show Sandworm cyberwarfare arsenal

Who Is the Network Access Broker ‘Babam’?

Canadian Privacy Commissioner Issues Report on Children’s Educational Apps

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Why the cyber security skills gap is so damaging

Stay Connected