2019, Government, Manufacturing and Security - Information Management Today

5 IoT Security Predictions for 2019

Security Affairs

DECEMBER 21, 2018

2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019. 2019 will continue these trends but at a faster pace. The regulation around IoT security was this year’s signal that the answer is, fortunately, no.

IoT

IoT Security Manufacturing Privacy

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs

MAY 22, 2020

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. The group behind this activity is the same we identified in the past malicious operations described in Roma225 (12/2018), Hagga (08/2019), Mana (09/2019), YAKKA (01/2020). Introduction.

Manufacturing

Manufacturing e-Delivery IT Security

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Security Affairs

AUGUST 9, 2021

The Australian Cyber Security Centre (ACSC) warns of a surge of LockBit 2.0 The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 Experts warn of active exploitation of the CVE-2018-13379 , a security bug heavily exploited by LockBit to breach networks. ransomware. in Australia since 2020.

Ransomware

Ransomware Retail Security Manufacturing

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

LockBit claims responsibility for Capital Health security incident The LockBit ransomware group has claimed responsibility for an attack on Capital Health , a healthcare provider in Pennington, New Jersey, last November. KG Source 1 ; source 2 (New) Manufacturing Germany Yes 1.1 They accessed 41.5 Data breached: 41,500,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

JANUARY 22, 2021

In 2019, there were an estimated 9.9 As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point. While it’s a progressive step for the network security of the U.S. Government-Grade Security.

IoT

IoT Cybersecurity Manufacturing Government

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Security Affairs

SEPTEMBER 15, 2020

CISA published an advisory on China-linked groups targeting government agencies by exploiting flaws in Microsoft Exchange, Citrix, Pulse, and F5 systems. CISA published a security advisory warning of a wave of attacks carried out by China-linked APT groups affiliated with China’s Ministry of State Security.

Government

Government Energy and Utilities Healthcare Access

Law enforcement operation seized Ragnar Locker group’s infrastructure

Security Affairs

OCTOBER 19, 2023

The ransomware operation has been active since late December 2019, the FBI published two flash alert to warn of the operation of the group. This is an important achievement in the fight against cybercrime. Both FBI and Europol declined to comment on the events. More details are expected to be released tomorrow.

Ransomware

Ransomware Financial Services Manufacturing Government

The Growing Presence (and Security Risks) of IoT

Thales Cloud Protection & Licensing

NOVEMBER 6, 2019

The issue is that these tens of billions of new devices will likely amplify the inherent security risks of IoT. In the absence of IoT security regulations, many smart product manufacturers simply release new devices that lack built-in security measures and have not undergone proper security review and testing.

IoT

IoT Risk Energy and Utilities Security

Security Affairs newsletter Round 250

Security Affairs

FEBRUARY 9, 2020

The best news of the week with Security Affairs. The Russian Government blocked ProtonMail and ProtonVPN. Sudo CVE-2019-18634 flaw allows Non-Privileged Linux and macOS Users run commands as Root. Google mistakenly shared private videos of some users with others in 2019. A new round of the weekly newsletter arrived!

Security

Security Ransomware IoT Manufacturing

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

Krebs on Security

FEBRUARY 20, 2024

First surfacing in September 2019, the gang is estimated to have made hundreds of millions of U.S. The government says Russian national Artur Sungatov used LockBit ransomware against victims in manufacturing, logistics, insurance and other companies throughout the United States. Department of Justice (DOJ).

Ransomware

Ransomware Encryption Insurance Manufacturing

New TA2101 threat actor poses as government agencies to distribute malware

Security Affairs

NOVEMBER 15, 2019

A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy. The post New TA2101 threat actor poses as government agencies to distribute malware appeared first on Security Affairs. Pierluigi Paganini.

Government

Government Ransomware Manufacturing Phishing

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 LockBit is a prominent ransomware operation that first emerged in September 2019. Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. on January 5, 2020.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Japan suspects HGV missile data leak in Mitsubishi security breach

Security Affairs

MAY 21, 2020

In January, the company disclosed a security breach that might have exposed personal and confidential corporate data, at the time, it claimed that attackers did not obtain sensitive information about defense contracts. The intrusion took place on June 28, 2019, and the company launched an investigation in September 2019.

Security

Security Military Manufacturing Personal data

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

A royal baby, a fire at Notre-Dame, the highest grossing film of all time and more than 12 billion breached data records: 2019 has been quite a year. IT Governance is closing out the year by rounding up 2019’s biggest information security stories.

Data breaches

Data breaches GDPR Passwords Personal data

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

MARCH 13, 2019

And yet we are overlooking profound privacy and security ramifications. billion IoT devices in use as of 2017, half are consumer gadgets, like smart TVs, speakers, watches, baby cams and home thermostats; much of the rest is made up of things like smart electric meters and security cameras in corporate and government use.

IoT

IoT Energy and Utilities Security Privacy

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

You’d therefore expect that the sector fares better at data security than your average organisation. The public data set on the ICO (Information Commissioner’s Office) website shows that data security isn’t necessarily better for financial organisations. What do the statistics say? million (about £4.70

Risk

Risk Data breaches Authentication Financial Services

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

Security Affairs

APRIL 26, 2023

German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes. government officials as well as European security authorities, which have warned of the risks associated with Chinese telecoms equipment.” In November 2019, the U.S.

Government

Government Communications Risk Cybersecurity

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

government offers rewards of up to $15 million for information that could lead to the identification or location of LockBit ransomware gang members and affiliates. The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? “Based on the message body of the leak, the cyber attack indicates hacktivism, but last year, around May 23, 2019, UK warned NATO allies of hacking activities of Russia -> Link. .

Military

Military Manufacturing Phishing Government

Exclusive: TIM’s Red Team Research finds 4 zero-days in WOWZA Streaming Engine product

Security Affairs

AUGUST 5, 2020

Today, the TIM’s Red Team Research led by Massimiliano Brolli, discovered 4 new vulnerabilities that have been addressed by the manufacturer WOWZA Streaming Engine, between the end of 2019 and July 2020. Pierluigi Paganini. SecurityAffairs – hacking, WOWZA Streaming Engine).

Manufacturing

Manufacturing Government Access Security

China-linked threat actors have breached telcos and network service providers

Security Affairs

JUNE 8, 2022

Chinese hackers employed open-source tools for reconnaissance and vulnerability scanning, according to the government experts, they have utilized open-source router specific software frameworks, RouterSploit and RouterScan [ T1595.002 ], to identify vulnerable devices to target. To nominate, please visit:?. Pierluigi Paganini.

Authentication

Authentication Passwords Systems administration Manufacturing

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

SEPTEMBER 1, 2020

The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the world targeting Pulse Secure , Fortinet , Palo Alto Networks , and Citrix VPNs. ” reads the report published by Crowdstrike. ” continues the report. Pierluigi Paganini.

Access

Access Financial Services Retail Insurance

NEW TECH: Cequence Security deploys defense against botnets’ assault on business logic

The Last Watchdog

MARCH 26, 2019

Pick any company in any vertical – financial services, government, defense, manufacturing, insurance, healthcare, retailing, travel and hospitality – and you’ll find employees, partners, third-party suppliers and customers all demanding remote access to an expanding menu of apps — using their smartphones and laptops.

Security

Security Digital transformation Financial Services Risk

Belgium telecom operators Proximus and Orange drop Huawei

Security Affairs

OCTOBER 10, 2020

Major Belgium’s telecom operator Proximus announced on Friday that it will gradually replace its equipment from the Chinese manufacturer Huawei. One of the major Belgium telecom operator Proximus announced on Friday that it will gradually replace its equipment from the Chinese manufacturer Huawei. Pierluigi Paganini.

Manufacturing

Manufacturing Risk Communications Security

US House Passes IoT Cybersecurity Improvement Act

Security Affairs

SEPTEMBER 21, 2020

House of Representatives passed the IoT Cybersecurity Improvement Act, a bill that aims at improving the security of IoT devices. House of Representatives last week passed the IoT Cybersecurity Improvement Act, a bill designed to improve the security of IoT devices. Mark Warner. “I

IoT

IoT Cybersecurity Manufacturing Government

Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks

Security Affairs

DECEMBER 7, 2019

Alleged Vietnamese Ocean Lotus (APT32) hackers breached the networks of the car manufacturers BMW and Hyundai to steal automotive trade secrets. According to German media, hackers suspected to be members of the Vietnam-linked APT Ocean Lotus ( APT32 ) group breached the networks of the car manufacturers BMW and Hyundai.

Manufacturing

Manufacturing Government Security IT

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

The Last Watchdog

FEBRUARY 3, 2020

Department of Homeland Security issued a bulletin calling out Iran’s “robust cyber program,” and cautioning everyone to be prepared for Iran to “conduct operations in the United States.” and Saudi Arabia have been steadily escalating for at least the past decade, with notable spikes in activity throughout the course of 2019. .”

Energy and Utilities

Energy and Utilities Access Cybersecurity Passwords

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

Security Affairs

JANUARY 28, 2022

Taiwanese electronics manufacturing company Delta Electronics was hit by the Conti ransomware that took place this week. According to the company, the security breach did not impact its operation, it already notified local authorities. ” reported a statement from the security company cited by CTWANT.

Ransomware

Ransomware Computer and Electronics Manufacturing Encryption

SEC Continues Focus on Cybersecurity Disclosure Failures, Announces Settled Charges Against Pearson plc

Data Matters

AUGUST 30, 2021

Securities and Exchange Commission signaled its continued, high level scrutiny of companies’ public statements related to data security incidents. The software manufacturer had publicized the vulnerability as critical since September 2018, but Pearson did not implement the patch until it learned of the attack.

Cybersecurity

Cybersecurity Risk Data Privacy Passwords

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

JANUARY 25, 2020

This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. The breach was detected almost eight months ago, on June 28, 2019, with the delay being attributed to the increased complexity of the investigation caused by the attackers deleting activity logs.

Manufacturing

Manufacturing Sales Data breaches Access

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate information. Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. According to the company, attackers did not obtain sensitive information about defense contracts.

Data breaches

Data breaches Computer and Electronics Government Manufacturing

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. LockBit is a prominent ransomware operation that first emerged in September 2019. In 2022, LockBit was one of the most active ransomware groups, and its prevalence continued into 2023.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

The root cause of these attacks is that the devices are lacking the security mechanisms to defend themselves against malicious actions that lead to the control of hijacked devices. The common denominator in IoT attacks is the assumption that these simple devices do not require strong security measures. Security mindset is changing.

IoT

IoT Manufacturing Energy and Utilities Encryption

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country.

Military

Military Manufacturing Government Security

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

The Operation CuckooBees had been operating under the radar since at least 2019, threat actors conducted multiple attacks to steal intellectual property and other sensitive data from victims. The attacks detailed by Cybereason targeted technology and manufacturing companies primarily located in East Asia, Western Europe, and North America.

File names

File names Encryption Manufacturing Libraries

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Security Affairs

MARCH 8, 2022

The ransomware operation has been active since late December 2019, this is the second time that the FBI first shares IoC related to RagnarLocker operation, the FBI first became aware of this threat in April 2020. Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the data resides.

Ransomware

Ransomware Passwords Financial Services Manufacturing

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Security Affairs

MARCH 16, 2021

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. We have tested this tool across Exchange Server 2013, 2016, and 2019 deployments.”

Military

Military Manufacturing Access Security

Chinese Supply-Chain Attack on Computer Systems

Schneier on Security

FEBRUARY 13, 2021

The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. ”) Here’s me in 2018: Supply-chain security is an incredibly complex problem. We need some fundamental security research here.

Cybersecurity

Cybersecurity Manufacturing Government Communications

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Security Affairs

NOVEMBER 11, 2022

Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The campaigns involved a new piece of malware called BadBazaar and new variants of the MOONSHINE surveillance software discovered by Citizen Lab in 2019 and employed in attacks against Tibetan activists. .

Communications

Communications Manufacturing Government Security

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

NOVEMBER 18, 2020

Targeted sectors include: Automotive Clothing Conglomerates Electronics Engineering General Trading Company Government Industrial Products Managed Service Providers Manufacturing Pharmaceutical Professional Services. The latest campaign has been active since mid-October in 2019 and appears to be still ongoing.

Healthcare

Healthcare Archiving Cloud Manufacturing

Biometric data of 1M leaked via an unsecured Suprema owned database

Security Affairs

AUGUST 15, 2019

facial recognition and fingerprint information) of more than a million people exposed online on an unsecured database owned by the Suprema biometric security company. Data was collected by the UK Metropolitan police, small local businesses and governments globally. Phoenix Medical – Medical products manufacturer.

Archiving

Archiving Passwords Manufacturing Access

Toyota suffers second data breach in five weeks

IT Governance

APRIL 3, 2019

It’s the second time the car manufacturer has been breached in the last five weeks. In a statement released on 29 March 2019, the organisation confirmed that several of its Asian subsidiaries were targeted by criminal hackers. The only thing missing is a more effective security system. million customers.

Data breaches

Data breaches Sales Manufacturing Government

List of data breaches and cyber attacks in June 2020 – 7 billion records breached

IT Governance

JULY 1, 2020

The first half of 2020 ended on a familiarly bad note, with 92 security incidents accounting for at least 7,021,195,399 breached records. Duluth student alerted school district about security breach (unknown). Florence, AL, government hit by cyber attack (unknown). Australian government bombarded by cyber attacks (unknown).

Data breaches

Data breaches Ransomware Retail Personal data

Catches of the month: Phishing scams for July 2021

IT Governance

JULY 7, 2021

The number of officially reported HMRC-branded phishing scams increased from 572,029 in the 2019–2020 fiscal year to 1,069,522 in 2020–2021, according to data obtained under the Freedom of Information Act. Meanwhile, the researchers found that the most attacked industries are IT, healthcare and manufacturing.

Phishing

Phishing Manufacturing Insurance Data breaches

5 IoT Security Predictions for 2019

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Webinars

Trending Sources

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Webinars

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

The IoT Cybersecurity Act of 2020: Implications for Devices

China-linked hackers target government agencies by exploiting flaws in Citrix, Pulse, and F5 systems, and MS Exchange

Law enforcement operation seized Ragnar Locker group’s infrastructure

The Growing Presence (and Security Risks) of IoT

Security Affairs newsletter Round 250

Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates

New TA2101 threat actor poses as government agencies to distribute malware

Operation Cronos: law enforcement disrupted the LockBit operation

Japan suspects HGV missile data leak in Mitsubishi security breach

2019 end-of-year review part 1: January to June

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

Risk Management under the DORA Regulation

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Researchers found alleged sensitive documents of NATO and Turkey

Exclusive: TIM’s Red Team Research finds 4 zero-days in WOWZA Streaming Engine product

China-linked threat actors have breached telcos and network service providers

Iran-linked APT group Pioneer Kitten sells access to hacked networks

NEW TECH: Cequence Security deploys defense against botnets’ assault on business logic

Belgium telecom operators Proximus and Orange drop Huawei

US House Passes IoT Cybersecurity Improvement Act

Vietnam-linked Ocean Lotus hacked BMW and Hyundai networks

MY TAKE: Iran’s cyber retaliation for Soleimani assassination continues to ramp up

Delta Electronics, a tech giants’ contractor, hit by Conti ransomware

SEC Continues Focus on Cybersecurity Disclosure Failures, Announces Settled Charges Against Pearson plc

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Mitsubishi Electric discloses data breach, media blame China-linked APT

More details about Operation Cronos that disrupted Lockbit operation

Critical Success Factors to Widespread Deployment of IoT

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

China-linked APT41 group targets Hong Kong with Spyder Loader

Ragnar Locker ransomware group breached at least 52 organizations across 10 critical infrastructure sectors

Microsoft releases On-premises Mitigation Tool (EOMT) tool to fix ProxyLogon issues

Chinese Supply-Chain Attack on Computer Systems

Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Biometric data of 1M leaked via an unsecured Suprema owned database

Toyota suffers second data breach in five weeks

List of data breaches and cyber attacks in June 2020 ­– 7 billion records breached

Catches of the month: Phishing scams for July 2021

Stay Connected

List of data breaches and cyber attacks in June 2020 – 7 billion records breached