2022, Analysis, Government and Security - Information Management Today

9 cyber security predictions for 2022

IT Governance

FEBRUARY 15, 2022

This is as true in the cyber security landscape as it is in any other. To help you understand what might be in store in 2022, we’ve collected nine forecasts from cyber security experts. It’s led to a growing trend for organisations to purchase cyber insurance, which Forbes contributor Emil Sayegh believes will continue in 2022.

Security

Security Insurance Authentication Passwords

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The virtualization giant recently warned that a threat actor can exploit the CVE-2022-22972 flaw (CVSSv3 base score of 9.8) using CVE-2022-22972. states VMware.

Authentication

Authentication Cybersecurity Access Education

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. The Chinese government made the headlines because government-linked APT groups exploited 12 zero-day vulnerabilities in 2023, which marks a notable increase from seven in 2022.

Government

Government Ransomware Libraries Access

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. Compressed files.

Libraries

Libraries Metadata Education Security

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

An IT security certification can provide a key boost for your career, but with so many different certifications available (and so many organizations more than happy to take your money for training and testing), it’s important to make sure that the time and investment are well spent. How to Choose a Security Certification.

Cybersecurity

Cybersecurity Systems administration Information Security Compliance

Earth Krahang APT breached tens of government organizations worldwide

Security Affairs

MARCH 19, 2024

The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities. Analysis of the backdoors uploaded on VirusTotal revealed that threat actors utilized geopolitical topics as bait.

Government

Government Phishing Access Passwords

Infosource Global Capture & IDP Vertical Market Analysis 2022-2023 Update

Info Source

DECEMBER 8, 2023

The lack of Telecoms infrastructure and digital skill development presents a hurdle; however, where investments by local government or overarching organisations close the gap, they will enable in particular economies with young populations. The Public Sector, which consists of Federal, State and Local Government (incl.

Marketing

Marketing Customer Experience Energy and Utilities Digital transformation

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. ” continues the report. .”

Government

Government Authentication Phishing IT

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. ” reads the analysis published by Morphisec. ” The experts reported that the campaign was first uncovered in May 2022 that Zscaler researchers linked to the Ducktail operation by Zscaler.

Government

Government Manufacturing Authentication Cybersecurity

Threat actors target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 bug

Security Affairs

JANUARY 12, 2023

Recently patched Fortinet FortiOS SSL-VPN zero-day exploited in attacks against government organizations and government-related targets. The CVE-2022-42475 flaw is a heap-based buffer overflow issue that resides in FortiOS sslvpnd. “A reads the advisory published by the security vendor. Pierluigi Paganini.

Government

Government Marketing Security Cybersecurity

IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

IT Governance

SEPTEMBER 7, 2023

This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi. Transcript: Hello and welcome to the IT Governance podcast for Friday, 8 September 2023.

Government

Government IT Personal data GDPR

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

The Last Watchdog

NOVEMBER 14, 2023

Related: How ‘Internet Access Brokers’ fuel ransomware I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies. Yet, there remains much leeway for improvements.

Ransomware

Ransomware Military Government Security

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. The APT group was discovered in June 2022 by Kaspersky which linked it to a series of attacks aimed at high-profile entities in Europe and Asia since at least December 2020. appeared first on Security Affairs.

Government

Government IT Encryption Libraries

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. link] — Shane Huntley (@ShaneHuntley) March 15, 2022. government. government.

Government

Government File names Phishing Security

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

government. government. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. government.

Government

Government Phishing Military IT

Technical analysis of China-linked Earth Preta APT’s infection chain

Security Affairs

MARCH 27, 2023

China-linked Earth Preta cyberespionage group has been observed adopting new techniques to bypass security solutions. Trend Micro researchers reported that the China-linked Earth Preta group (aka Mustang Panda ) is actively changing its tools, tactics, and procedures (TTPs) to bypass security solutions.

Archiving

Archiving Phishing Passwords Government

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

Following the attacks of the Killnet Collective, the group responsible for the attacks against major government resources and law enforcement, a new group has been identified called “Cyber Spetsnaz”. Sources interviewed by Security Affairs interpreted this activity with high levels of confidence to be state-supported.

Government

Government Cybersecurity IoT Security

Regulatory Update: NAIC Summer 2022 National Meeting

Data Matters

SEPTEMBER 7, 2022

The National Association of Insurance Commissioners (NAIC) held its Summer 2022 National Meeting (Summer Meeting) August 9–13, 2022. The Privacy Working Group expects to expose an initial draft of the white paper in advance of the Fall 2022 Meeting. 43R — Loan-Backed and Structured Securities (SSAP No. 26R) and SSAP No.

Insurance

Insurance Paper Privacy Risk

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Security Affairs

SEPTEMBER 10, 2022

China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government officials in Europe, the Middle East, and South America with the PlugX malware.

Government

Government Archiving Metadata Encryption

CompTIA to launch new Data+ Certification early 2022

IG Guru

DECEMBER 10, 2021

CompTIA Data+ will launch in Q1 2022.CompTIA CompTIA Data+ gives you the confidence to bring data analysis to life. The post CompTIA to launch new Data+ Certification early 2022 appeared first on IG GURU. Collecting, analyzing, and reporting on data can drive priorities and lead business decision-making.

Analytics

Analytics Communications Education Information governance

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Further analysis uncovered embedded scenarios detecting the victim’s IP (using GEO2IP module, deployed on a third-party WEB-site), likely done to selectively choose targets or to filter by region.

Phishing

Phishing e-Delivery Government Passwords

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

Security Affairs

DECEMBER 29, 2023

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported. Albania’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed that cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania.

Computer and Electronics

Computer and Electronics Government Security IT

Best Disaster Recovery Solutions for 2022

eSecurity Planet

JULY 8, 2022

Many vendors now offer disaster recovery as a service (DRaaS), which is a good way to integrate disaster recovery with advanced security and data protection solutions. Top DR Solutions Including Security Features. eSecurity Planet evaluated many different disaster recovery solutions with a focus on security features.

Ransomware

Ransomware Cloud Encryption Marketing

Capital Markets, AI, and the need for governance

Collibra

OCTOBER 31, 2023

And while AI in financial services is not entirely new, the meteoric rise of generative AI in Q4 2022 dramatically increased the prevalence of AI in conversations in boardrooms across the globe. Embracing an informed, measured, and governed approach to AI provides a path to maximizing ROI while helping mitigate emerging risks.

Marketing

Marketing Government Financial Services Artificial Intelligence

China-linked APT Sharp Panda targets government entities in Southeast Asia

Security Affairs

MARCH 8, 2023

China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework. CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia.

Government

Government Communications Phishing IT

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. Background. Reports to CISA. 651, et seq.

Ransomware

Ransomware Cybersecurity Agriculture Communications

ENISA published ENISA Threat Landscape for DoS Attacks

Security Affairs

DECEMBER 5, 2023

Denial-of-Service (DoS) attacks pose a persistent and significant security risk for organizations. The insights presented herein result from a thorough mapping and analysis of DoS incidents spanning from January 2022 to August 2023. DoS attacks affect all sectors, government services are consistently the most targeted.

Cybersecurity

Cybersecurity Risk Government IT

Pro-Russia hackers target critical infrastructure in North America and Europe

Security Affairs

MAY 2, 2024

The malicious activity began in 2022 and is still ongoing. The government agencies urge OT operators in critical infrastructure sectors to implement a set of mitigations provided in the advisory. ” The pro-Russia hacktivists tend to over exaggerate their the effects of the attacks.

Agriculture

Agriculture Passwords Authentication Government

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

Mustang Panda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. In the 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures.

Phishing

Phishing Government Archiving Passwords

Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit

Security Affairs

AUGUST 4, 2022

Taiwan government websites were temporarily forced offline by cyber attacks during the visit to Taipei of US House Speaker Nancy Pelosi. Major Taiwan government websites were temporarily forced offline by distributed denial of service (DDoS) attacks attacks during the visit to Taipei of US House Speaker Nancy Pelosi.

Government

Government Cloud Cybersecurity Security

Documation 2022: summary of our conferences

Everteam

APRIL 22, 2022

Analyzing , Information Governance , Records Management. Documation 2022: summary of our conferences. 22 April 2022. Here is what you should know: Summary of Everteam Documation 2022 conferences Eradicate your numerical bulk thanks to practical advice and effective tools. Nicolas d'Ambrosio. Overview of risks and issues.

Archiving

Archiving Records Management Paper Marketing

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The state-sponsored hackers exploited the CVE-2022-47966 RCE vulnerability in Zoho ManageEngine. reads the analysis.

Cybersecurity

Cybersecurity Access Security Encryption

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

At any point the external environment can throw a curve ball – new government regulations, changes in political and social dynamics, or trends in sustainability to name a few. In our recent report Intelligent Business: 2022 Strategic Intelligence Report we asked 205 creators and consumers of intelligence within large organizations (i.e.

Risk

Risk Military Marketing Data Privacy

Russia, China May Be Coordinating Cyber Attacks: SaaS App Security Firm

eSecurity Planet

MARCH 7, 2022

A SaaS security company says a spike in cyber attacks from Russia and China in recent weeks suggests the two countries may be coordinating their cyber efforts. Per analysis available from SaaS Alerts, attack trend lines that compare Russia and China show almost the exact same pattern.” SaaS Apps Under Attack.

Security

Security Risk Military Cybersecurity

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 17, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Ransomware Artificial Intelligence

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. 5,255,944,117 known records breached in 128 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories.

Data Privacy

Data Privacy Privacy Manufacturing Security

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

Please vote before May 11! 2022 DBTA Reader’s Choice Awards

erwin

APRIL 27, 2022

Please help us keep our #1 position in 2022. Best Data Governance Solution (erwin Data Intelligence). Best Data Governance Solution (erwin Data Intelligence). Best Data Security Solution (Quest ApexSQL). Best Data Governance Solution (erwin Data Intelligence). Best Data Security Solution (Quest ApexSQL).

Digital transformation

Digital transformation Metadata Compliance Big data

FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks

Security Affairs

JULY 23, 2022

In May 2022, the FBI filed a sealed seizure warrant for the funds worth approximately half a million dollars.” In April 2022, the FBI observed an approximately $120,000 Bitcoin payment into one of the seized cryptocurrency accounts that were identified thanks to the cooperation of the Kansas hospital.

Ransomware

Ransomware Encryption Cybersecurity Government

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. PingPull, was first spotted by Unit 42 in June 2022, the researchers defined the RAT as a “difficult-to-detect” backdoor that leverages the Internet Control Message Protocol (ICMP) for C2 communications.

Communications

Communications Military Government Libraries

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. i-SOON is a prominent contractor for various agencies of the Chinese government, including Ministry of Public Security, Ministry of State Security, and the People’s Liberation Army.

Government

Government IoT Marketing Data breaches

9 cyber security predictions for 2022

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Trending Sources

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Malicious file analysis – Example 01

15 Top Cybersecurity Certifications for 2022

Earth Krahang APT breached tens of government organizations worldwide

Infosource Global Capture & IDP Vertical Market Analysis 2022-2023 Update

Zimbra zero-day exploited to steal government emails by four groups

SYS01 stealer targets critical government infrastructure

Threat actors target govt networks exploiting Fortinet SSL-VPN CVE-2022-42475 bug

IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

China-linked threat actors are targeting the government of Ukraine

Google blocked China-linked APT31’s attacks targeting U.S. Government

Technical analysis of China-linked Earth Preta APT’s infection chain

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Regulatory Update: NAIC Summer 2022 National Meeting

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

CompTIA to launch new Data+ Certification early 2022

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Raspberry Robin malware used in attacks against Telecom and Governments

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

Best Disaster Recovery Solutions for 2022

Capital Markets, AI, and the need for governance

China-linked APT Sharp Panda targets government entities in Southeast Asia

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

ENISA published ENISA Threat Landscape for DoS Attacks

Pro-Russia hackers target critical infrastructure in North America and Europe

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit

Documation 2022: summary of our conferences

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

Russia, China May Be Coordinating Cyber Attacks: SaaS App Security Firm

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

China-linked APT Curious Gorge targeted Russian govt agencies

Please vote before May 11! 2022 DBTA Reader’s Choice Awards

FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Raspberry Robin malware used in attacks against Telecom and Governments

Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities

Stay Connected