2021 - Information Management Today

COVID-19 themed attacks December 19, 2020– January 02, 2021

Security Affairs

JANUARY 3, 2021

This post includes the details of the COVID-19 themed attacks launched from December 19, 2020– January 02, 2021. January 1, 2021 – Alleged docs relating to Covid19 vaccine leaked in darkweb. The post COVID-19 themed attacks December 19, 2020– January 02, 2021 appeared first on Security Affairs.

Ransomware

Ransomware Security Information Security IT

The worst cyber attacks of 2021

Security Affairs

JANUARY 3, 2022

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? The US Cybersecurity and Infrastructure Security Agency (CISA) also issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange.

Ransomware

Ransomware Cybersecurity Access Insurance

Time for the crystal ball – What to expect in 2021

Thales Cloud Protection & Licensing

FEBRUARY 3, 2021

Time for the crystal ball – What to expect in 2021. Wed, 02/03/2021 - 11:56. In the fourth Thales Security Sessions podcast , Neira Jones asked me to join Troels Oerting, Chairman of the Board of the World Economic Forum's Centre for Cybersecurity (C4C) and discuss what we can expect in 2021 by reviewing 2020. Encryption.

Digital transformation

Digital transformation Privacy Cybersecurity Education

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Check Point CPX 360 2021

Adapture

JANUARY 28, 2021

02/23/2021 - 02/24/2021 - All Day #_LOCATIONNAME #_LOCATIONADDRESS #_LOCATIONTOWN

Get ready for Libraries Week 2021

CILIP

JUNE 2, 2021

CILIP is delighted to launch campaign assets for Libraries Week 2021, recognising the amazing contribution that libraries make to their communities as drivers for inclusion, sustainability, social mobility and community cohesion.? Published: 02 June 2021. Get ready for Libraries Week 2020. Find out more about this year?s

Libraries

Possible Government Surveillance of the Otter.ai Transcription App

Schneier on Security

FEBRUARY 17, 2022

It read: “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”. The next day, I received an odd note from Otter.ai, the automated transcription app that I had used to record the interview.

Government

Government IT

Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape

Security Affairs

MARCH 31, 2021

Experts from the Chinese cybersecurity company Qihoo 360 have reported to Google another sandbox escape vulnerability (CVE-2021-21194) affecting the Chrome web browser. The CVE-2021-21194 flaw, rated as high severity, is a use after free in screen capture that could be exploited to escape the Chrome sandbox.

Security

Security Cybersecurity IT Information Security

North Korea-linked Konni APT targets Russian diplomatic bodies

Security Affairs

JANUARY 6, 2022

C25 researchers have monitored the activity of the APT group aimed at Russian targets in the diplomatic sector since August 2021. scr,” was compiled on Dec 20 09:16:02 2021, a circumstance that suggests it was specifically developed to the operation that was uncovered by the C25 team.

Phishing

Phishing Archiving IT Security

CERT of Ukraine says Russia-linked APT backdoored multiple govt sites

Security Affairs

FEBRUARY 25, 2023

The state-sponsored hackers used a web shell created no later than December 23, 2021, to deploy multiple backdoors. The UAC-0056 APT group has been active since at least March 2021, it focuses on Ukraine, despite it has been involved in attacks on targets in Kyrgyzstan and Georgia.

Passwords

Passwords Government Cybersecurity Phishing

Making green hydrogen a viable strategy to drive decarbonization

CGI

AUGUST 12, 2021

Thu, 08/12/2021 - 02:44. It uses electricity from renewable energy sources to split water into hydrogen and oxygen using a process called electrolysis. During this process, no CO2 is produced, making it one of the most encouraging enablers of the energy transition. ravi.kumarv@cgi.com. 4 min read

IT

Google addresses a high severity flaw in V8 engine in Chrome

Security Affairs

APRIL 28, 2021

Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227 , in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser.

Cybersecurity

Cybersecurity Security IT Information Security

Experts found three new 15-year-old bugs in a Linux kernel module

Security Affairs

MARCH 13, 2021

The first vulnerability, tracked as CVE-2021-27365, is a heap buffer overflow in the iSCSI subsystem. ” The second vulnerability, tracked as CVE-2021-27363, is a heap overflow vulnerability. The flaws were present in the component since it was being developed in 2006. ” reads the analysis published by GRIMM researchers.

Security

Security Risk Access IT

EnemyBot malware adds new exploits to target CMS servers and Android devices

Security Affairs

MAY 30, 2022

CVE Number Affected devices CVE-2021-44228, CVE-2021-45046 Log4J RCE CVE-2022-1388 F5 BIG IP RCE No CVE (vulnerability published on 2022-02) Adobe ColdFusion 11 RCE CVE-2020-7961 Liferay Portal – Java Unmarshalling via JSONWS RCE No CVE (vulnerability published on 2022-04) PHP Scriptcase 9.7

CMS

CMS IoT Passwords Security

Hackers exploit 3-years old flaw to wipe Western Digital devices

Security Affairs

JUNE 25, 2021

It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,” reads the security advisory. Please check yours and see what happened.” ” Some of the users were able to recover the wiped files using a tool named PhotoRec. .

Security

Security Access IT Cybersecurity

Using Mitre Att&CK with threat intelligence to improve Vulnerability Management

Outpost24

NOVEMBER 26, 2021

Fri, 11/26/2021 - 02:31. Using Mitre Att&CK with threat intelligence to improve Vulnerability Management. Florian Barre. Simon Roe, Product Manager Outpost24. Threat Intelligence. Risk Based Vulnerability Management.

Risk

Dirty Pipe Linux flaw allows gaining root privileges on major distros

Security Affairs

MARCH 7, 2022

Below is the timeline for this vulnerability: Timeline. Below is the timeline for this vulnerability: Timeline.

Passwords

Passwords Access Security IT

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws

Security Affairs

MARCH 6, 2021

This week Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. ” states Microsoft. ” states CISA.

Cybersecurity

Cybersecurity Access Security IT

Google fixes a Chrome zero-day flaw actively exploited in attacks

Security Affairs

FEBRUARY 15, 2022

Reported by Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group on 2022-02-10 [$TBD][ 1285449 ]” reads the security advisory published by Google. Reported by Krace on 2021-11-24 [$7000][ 1286940 ] High CVE-2022-0605: Use after free in Webstore API. “Use after free in Animation.

Security

Security Access IT Information Security

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. — Matthew Prince (@eastdakota) December 11, 2021. “Cisco Talos has observed attacker activity related to CVE-2021-22448 beginning 02-December-2021. ” reads the advisory published by Cisco Talos.

Mining

Mining Honeypots Libraries IT

QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks

Security Affairs

MAY 15, 2021

Unfortunately, the bad news for NAS owners are not ended, the vendor also issued another security advisory to warn of an actively exploited zero-day vulnerability affecting Roon Labs’ Roon Server 2021-02-01 and earlier versions. “We have already notified Roon Labs of the issue and are thoroughly investigating the case.

Ransomware

Ransomware Passwords IoT Security

How Real-Time Location Systems Enable Continuity of Care During COVID-19: A Case Study with TPIRC

HID Global

DECEMBER 2, 2021

Thu, 12/02/2021 - 11:44. How Real-Time Location Systems Enable Continuity of Care During COVID-19: A Case Study with TPIRC. raufreiter.

US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

JANUARY 23, 2022

CVE Number CVE Title Required Action Due Date CVE-2021-32648 October CMS Improper Authentication 2/1/2022 CVE-2021-21315 System Information Library for node.js CVE Number CVE Title Required Action Due Date CVE-2021-32648 October CMS Improper Authentication 2/1/2022 CVE-2021-21315 System Information Library for node.js

CMS

CMS IT Authentication Libraries

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions

Security Affairs

MARCH 9, 2021

On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. ” state the Microsoft Exchange team.

Access

Access Security Cybersecurity IT

DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5

Security Affairs

APRIL 2, 2021

The new directive demands agencies to accelerate the mitigation process and extends the Emergency Directive 21-02 issued by the DHS agency on March 3, 2021. “This script checks targeted exchange servers for signs of the proxy logon compromise described in CVE-2021-26855, 26857, 26858, and 27065. ” continues CISA.

Manufacturing

Manufacturing Information Security Security Cybersecurity

This Halloween, Don’t Let Your Citizens Get Tricked: Three Ways Identities Can Be Stolen

HID Global

OCTOBER 27, 2021

Wed, 10/27/2021 - 17:02. This Halloween, Don’t Let Your Citizens Get Tricked: Three Ways Identities Can Be Stolen.

Google fixes the third actively exploited Chrome 0-Day since January

Security Affairs

MARCH 15, 2021

The flaw, tracked as CVE-2021-21193, is a use after free vulnerability in the Blink rendering engine. 500][ 1167357 ] High CVE-2021-21191: Use after free in WebRTC. Reported by raven (@raid_akame) on 2021-01-15 [$TBD][ 1181387 ] High CVE-2021-21192: Heap buffer overflow in tab groups.

Libraries

Libraries Security IT Information Security

Healthcare Case Study: Contact Tracing and Care Continuity

HID Global

DECEMBER 2, 2021

Thu, 12/02/2021 - 11:44. Healthcare Case Study: Contact Tracing and Care Continuity. raufreiter.

A game changer for net zero: Climate-related financial disclosures

CGI

FEBRUARY 23, 2021

Wed, 02/24/2021 - 00:37. A game changer for net zero: Climate-related financial disclosures. This CGI blog post discusses new pressures on companies to identify and manage climate risks.

Risk

Mobilizing the data revolution in energy

CGI

JUNE 2, 2021

Wed, 06/02/2021 - 07:03. This sector has decades of experience in collecting and analyzing all kinds of data — from seismic data to data from the pump where you fill up or recharge your car.

A massive DDoS knocked offline Belgian government websites

Security Affairs

MAY 4, 2021

Belnet customers can contact our Service Desk at 02 790 33 00. PM CET time, Belnet announced that its teams have successfully implemented several mitigation rules and that the effect of the attack were diminishing. [link] — Kenneth Dée (@kennethdee) May 4, 2021. link] — FODJustitie (@FOD_Justitie) May 4, 2021.

Government

Government Education Security IT

Open Banking Insight – A Singapore Perspective

HID Global

SEPTEMBER 2, 2021

Thu, 09/02/2021 - 09:53. Open Banking Insight – A Singapore Perspective.

CISA emergency directive urges to fix Microsoft Exchange zero-days

Security Affairs

MARCH 4, 2021

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued the Emergency Directive 21-02 in response to the disclosure of zero-day vulnerabilities in Microsoft Exchange. .

Cybersecurity

Cybersecurity Access Cloud Security

Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA

Security Affairs

MARCH 8, 2021

On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild.

Personal data

Personal data Access Cybersecurity Security

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 12, 2022

CISA also added to the catalog two flaws in Microsoft Active Directory ( CVE-2021-42287 , CVE-2021-42278 ), a flaw in Google Pixel ( CVE-2021-39793 ), a flaw in Checkbox Survey ( CVE-2021-27852 ), a flaw in Linux Kernel ( CVE-2021-22600 ), a bug in QNAP NAS ( CVE-2020-2509 ), and a vulnerability in Telerik WEB UI ( CVE-2017-11317 ).

IT

IT Cybersecurity Ransomware Access

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Security Affairs

MARCH 14, 2021

02 Dec 2020 – Netgear released the new firmware v2.6.0.48 16 Dec 2021 – Start the process to coordinate the publication of this document. 11 Jan 2021 – First draft shared with Netgear. 27 Jan 2021 – Remediation actions were agreed. 16 Dec 2021 – Start the process to coordinate the publication of this document.

Authentication

Authentication Security IT Access

Executive Order About Cybersecurity Urging Zero Trust Adoption

Thales Cloud Protection & Licensing

SEPTEMBER 2, 2021

Thu, 09/02/2021 - 07:09. During the 2021 Thales Crypto Summit , which brings together a group of experts to speak about cryptographic and key management to keep organizations secure, President Biden’s Executive Order (EO) was a key point of discussion. Executive Order About Cybersecurity Urging Zero Trust Adoption.

Cybersecurity

Cybersecurity Data structuring Cloud Encryption

Quantum Resistant Encryption – Are You Ready?

Thales Cloud Protection & Licensing

NOVEMBER 2, 2021

Tue, 11/02/2021 - 09:10. . Quantum Resistant Encryption – Are You Ready? Some good news and a couple of tips for being prepared. Over the past few months, a handful of Thales CPL clients have mentioned their concern regarding the future threat of quantum computing to their data security frameworks.

Encryption

Encryption Risk Cybersecurity Compliance

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Krebs on Security

JUNE 27, 2023

02, 2020, pitching O’Connor as a cryptocurrency expert and advisor. pleaded guilty in 2021 and agreed to serve three years in prison, followed by three years probation. Joseph “PlugwalkJoe” O’Connor, in a photo from a Globe Newswire press release Sept.

Passwords

Passwords Authentication Communications Security

Novel phishing technique uses Morse code to compose malicious URLs

Security Affairs

FEBRUARY 8, 2021

The campaign uses with subject ‘Revenue_payment_invoice February_Wednesday 02/03/2021.’ ’ The HTML attachment appears to be an Excel invoice, the naming convention used is ‘[company_name]_invoice_[number]._xlsx.hTML.’ _xlsx.hTML.’

Phishing

Phishing Passwords Security IT

Moving toward an innovative openSERVICE approach in healthcare

CGI

MARCH 2, 2021

Tue, 03/02/2021 - 15:10. Only at this point can we create the right support and services. kathy.jacquay@….

IT

AWS Innovate Online Conference - AI/ML Edition

Adapture

JANUARY 28, 2021

02/24/2021 - All Day #_LOCATIONNAME #_LOCATIONADDRESS #_LOCATIONTOWN

Microsoft Azure- Modernize Your Network Security Strategy

Adapture

JANUARY 28, 2021

02/18/2021 - All Day #_LOCATIONNAME #_LOCATIONADDRESS #_LOCATIONTOWN

Security

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

Security Affairs

JUNE 10, 2022

The attack took place on June 02 and the outage caused severe problems to the citizens. Vice Society ransomware has been active since June 2021, it is considered by researchers a spin-off of the HelloKitty ransomware , the malware targets both Windows and Linux systems primarily belonging to small or midsize victims.

Ransomware

Ransomware IT Data breaches Education

Malicious NPM packages used to grab data from apps, websites?

Security Affairs

JULY 5, 2022

The malicious NPM modules were delivered as part of a widespread campaign, tracked as IconBurst, that according to the experts has been active at least since 2021. One of the tainted packages had been downloaded more than 17,000 times. ” conclude the researchers.

Libraries

Libraries Security Information Security IT

COVID-19 themed attacks December 19, 2020– January 02, 2021

The worst cyber attacks of 2021

Webinars

Trending Sources

Time for the crystal ball – What to expect in 2021

Webinars

Check Point CPX 360 2021

Get ready for Libraries Week 2021

Possible Government Surveillance of the Otter.ai Transcription App

Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape

North Korea-linked Konni APT targets Russian diplomatic bodies

CERT of Ukraine says Russia-linked APT backdoored multiple govt sites

Making green hydrogen a viable strategy to drive decarbonization

Google addresses a high severity flaw in V8 engine in Chrome

Experts found three new 15-year-old bugs in a Linux kernel module

EnemyBot malware adds new exploits to target CMS servers and Android devices

Hackers exploit 3-years old flaw to wipe Western Digital devices

Using Mitre Att&CK with threat intelligence to improve Vulnerability Management

Dirty Pipe Linux flaw allows gaining root privileges on major distros

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws

Google fixes a Chrome zero-day flaw actively exploited in attacks

Log4Shell was in the wild at least nine days before public disclosure

QNAP warns of eCh0raix ransomware and Roon Server zero-day attacks

How Real-Time Location Systems Enable Continuity of Care During COVID-19: A Case Study with TPIRC

US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog

Microsoft releases ProxyLogon patches for unsupported Microsoft Exchange versions

DHS CISA requires federal agencies to assess their Microsoft Exchange servers by April 5

This Halloween, Don’t Let Your Citizens Get Tricked: Three Ways Identities Can Be Stolen

Google fixes the third actively exploited Chrome 0-Day since January

Healthcare Case Study: Contact Tracing and Care Continuity

A game changer for net zero: Climate-related financial disclosures

Mobilizing the data revolution in energy

A massive DDoS knocked offline Belgian government websites

Open Banking Insight – A Singapore Perspective

CISA emergency directive urges to fix Microsoft Exchange zero-days

Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Executive Order About Cybersecurity Urging Zero Trust Adoption

Quantum Resistant Encryption – Are You Ready?

U.K. Cyber Thug “PlugwalkJoe” Gets 5 Years in Prison

Novel phishing technique uses Morse code to compose malicious URLs

Moving toward an innovative openSERVICE approach in healthcare

AWS Innovate Online Conference - AI/ML Edition

Microsoft Azure- Modernize Your Network Security Strategy

Vice Society ransomware gang adds the Italian City of Palermo to its data leak site

Malicious NPM packages used to grab data from apps, websites?

Stay Connected