IT Governance

JANUARY 9, 2023

Welcome to our review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly lists of data breaches and cyber attacks. IT Governance discovered 1,063 security incidents in 2022, which accounted for 480,014,323 breached records. The biggest data breaches of 2022.

Data breaches 126

Data breaches Ransomware Government Passwords 126

Security Affairs

JUNE 29, 2022

The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack. SecurityAffairs – hacking, 2022 CWE Top 25).

Authentication 95

Authentication Education Cybersecurity Security 95

Security Affairs

APRIL 25, 2024

CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

IT 116

IT Education Cybersecurity Risk 116

IT Governance

DECEMBER 20, 2022

2022 will go down as the year where some semblance of normality returned. Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape. Source: Security Affairs.

Security 132

Security Data breaches Ransomware Military 132

Security Affairs

APRIL 18, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. The researchers discovered that in 2022, NSO Group customers used at least three iOS 15 and iOS 16 zero-click exploit chains against civil society targets worldwide. ” reads the report. ” reads the report.

Military 81

Military Risk Education Security 81

Thales Cloud Protection & Licensing

JANUARY 11, 2023

The Most Popular Data Security Webinars of 2022: Sovereignty, Cloud Security and Compliance Top the List. If you have already watched them, repetition is the mother of all education. Fasten your seatbelts and enjoy the Top 5 list of Thales webinars for 2022. Key Findings from 2022 Global Data Threat Report.

Compliance 83

Compliance Cloud Security Financial Services 83

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education 79

Education Government Libraries Mining 79

IG Guru

DECEMBER 10, 2021

CompTIA Data+ will launch in Q1 2022.CompTIA The post CompTIA to launch new Data+ Certification early 2022 appeared first on IG GURU. CompTIA Data+ gives you the confidence to bring data analysis to life. Collecting, analyzing, and reporting on data can drive priorities and lead business decision-making.

Analytics 78

Analytics Communications Education Information governance 78

IT Governance

MARCH 1, 2022

Meanwhile, you can find the full list of cyber attacks and data breaches for February 2022 below. Financial information. The post List of data breaches and cyber attacks in February 2022 – 5.1 It will take place on Thursday, 3 March at 3pm, and you can register for on our website. Cyber attacks. Ransomware. Data breaches.

Data breaches 134

Data breaches Ransomware Government Blockchain 134

IG Guru

MARCH 25, 2022

The post ARMA Milwaukee Revives Spring Seminar Mania for 2022 appeared first on IG GURU. Download your passport here!

Records Management 70

Records Management Education Information governance Government 70

IG Guru

OCTOBER 1, 2021

They’re seeking solutions to their information governance challenges and opportunities. […]. The post MER Conference Call for Presenters – Deadline October 15th, 2022 appeared first on IG GURU.

Information governance 63

Information governance Government Records Management Education 63

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. law enforcement).

Ransomware 82

Ransomware Cybersecurity Agriculture Education 82

Data Matters

APRIL 6, 2022

On March 30, 2022, the U.S. Securities and Exchange Commission (SEC) Division of Enforcement (EXAMS or Division) issued its annual examination priorities. 1 “2022 Examination Priorities,” available here. Broker-dealer examinations will review firms’ recommendations related to SPACs, structured and other enumerated products.

Retail 88

Retail Compliance Sales Risk 88

IG Guru

FEBRUARY 11, 2022

on February 24, 2022 via ARMA NOVA appeared first on IG GURU. Phishing is on the rise and cybercriminals are getting better. The weather is not stopping them, so we have to be more diligent in recognizing the threat […]. The post Webinar: IS IT TOO COLD FOR PHISHING?

Phishing 76

Phishing IT Education Information governance 76

IT Governance

MARCH 11, 2024

Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc. Source (New) Professional services Netherlands Yes 28.3 Source (New) Professional services Netherlands Yes 28.3

Data Privacy 87

Data Privacy Privacy Security Data breaches 87

IT Governance

APRIL 29, 2024

Source (New) Finance USA Yes 1,955,385 BerryDunn and Reliable Networks Source (New) Finance and IT services USA Yes 1,107,354 VISAV Limited Source (New) IT services UK Yes >1,000,000 Designed Receivable Solutions, Inc. Source 1 ; source 2 (Update) Finance USA Yes 498,686 J.P.

Data Privacy 94

Data Privacy Privacy Manufacturing Security 94

Hunton Privacy

MAY 2, 2022

On April 5, 2022, North Carolina became the first state in the U.S. North Carolina’s new law, which was passed as part of the state’s 2021-2022 budget appropriations , prohibits government entities from paying a ransom to an attacker who has encrypted their IT systems and subsequently offers to decrypt that data in exchange for payment.

Ransomware 138

Ransomware Government Education Encryption 138

Security Affairs

MAY 3, 2023

” said Meta Chief Information Security Officer Guy Rosen. . “ChatGPT is the new crypto.” Meta also revealed that its research teams are working on the adoption of generative AI to detect and block online influence campaigns.

Education 91

Education Information Security Cybersecurity Security 91

Security Affairs

SEPTEMBER 12, 2023

The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in various industries, including manufactoring, media and entertainment, and healthcare. In July 2023, security firm Avast released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files.

IT 102

IT Ransomware Education Data breaches 102

IT Governance

OCTOBER 6, 2022

This October is Cyber Security Awareness Month, an event designed to educate people about information security and the steps they can take to stay safe online. According to Proofpoint’s 2022 State of the Phish Report , 83% of organisations fell victim to a phishing attack last year. Getting involved.

Security awareness 130

Security awareness Security Phishing Passwords 130

Thales Cloud Protection & Licensing

JULY 12, 2023

It highlights the essential role of teachers, trainers, and other educators in providing skills for youth to transition to the labor market and actively engage in their communities and societies. Rather than being consumed by worry, we should focus on imparting the necessary skills to help youngsters stay safe and secure online.

Cybersecurity 115

Cybersecurity Education Communications Marketing 115

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. The FBI has observed incidents of stolen higher education credential information posted on publically accessible online forums or listed for sale on criminal marketplaces. “If

Sales 124

Sales Education Phishing Passwords 124

Security Affairs

APRIL 13, 2023

Fortinet has addressed a critical vulnerability, tracked as CVE-2022-41331 (CVSS score of 9.3), in its Fortinet FortiPresence data analytics solution. FortiSandbox / FortiDeceptor – Improper profile-based access control over APIs CVE-2022-41330 (CVSS score of 8.3)

Analytics 76

Analytics IT Authentication Education 76

Security Affairs

APRIL 16, 2023

The MacOS variant has been available since November 11th, 2022. It appears we are late to the game. Bleeping computer states that the encryptors in the archive cannot be used in actual attacks against macOS systems.

Archiving 94

Archiving Encryption Ransomware Education 94

Security Affairs

DECEMBER 13, 2023

The botnet is comprised of two complementary activity clusters, the experts believe it has been active since at least February 2022. In early July and August of 2022, the researchers noticed several Cisco RV320s , DrayTek Vigor routers , and NETGEAR ProSAFEs that were part of the botnet.

Communications 104

Communications Manufacturing Education Government 104

Security Affairs

APRIL 1, 2023

Five of the issues added by CISA to its catalog are part of the exploits used by surveillance vendors to target mobile devices with their commercial spyware: CVE-2021-30900 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability. CISA orders federal agencies to fix this flaw by April 20, 2023.

Cybersecurity 75

Cybersecurity Education Risk Security 75

Security Affairs

MAY 3, 2023

Potential Impact CVE-2022-40302 Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option. DoS CVE-2022-40318 Out-of-bounds read when processing a malformed BGP OPEN message with an Extended Optional Parameters Length option. This is a different issue from CVE-2022-40302.

Education 86

Education Security Cybersecurity IT 86

Security Affairs

JUNE 16, 2023

In November 2022, the U.S. On or about May 27, 2022, the man and his Hive coconspirators allegedly hit a nonprofit behavioral healthcare organization in New Jersey. The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. organizations since 2020.

Ransomware 80

Ransomware Agriculture Education Government 80

Security Affairs

APRIL 10, 2023

The company also addressed a high-severity code execution issue, tracked as CVE-2022-4934. The CVE-2023-1671 flaw is a pre-auth command injection issue that resides in the warn-proceed handler, it affects appliances older than version 4.3.10.4. The company recommends customers replace the appliances with Sophos Firewall.

Security 87

Security Education Cybersecurity IT 87

Security Affairs

APRIL 13, 2023

The vulnerability was reported in December 2022 by Souvik Kandar, Arko Dhar of the Redinent Innovations team in India. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.” ” reads the advisory published by the company. On April 10, Hikvision released version 2.3.8-8

Education 82

Education Access Cybersecurity Security 82

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities 91

Energy and Utilities Communications Military Manufacturing 91

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing webmail portals. reads the post published by Proofpoint.

IT 86

IT Military Phishing Passwords 86

Security Affairs

APRIL 9, 2023

In October 2022, VM2 maintainers addressed another critical sandbox escape vulnerability tracked as CVE-2022-36067. .” Wi also published two proof-of-concept (PoC) exploits for this vulnerability that can be used to escape the sandbox to create an empty file named “flag” on the host.

Libraries 66

Libraries File names Education Cybersecurity 66

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government.

Government 97

Government Manufacturing Education Access 97

Security Affairs

APRIL 7, 2023

.” The company reported the security breach to the relevant authorities, and it downplayed the incident, saying that the attack had no significant financial and operational impact. In response to the incident, the company announced it is enhancing the information security control measures of its network and infrastructure.

Ransomware 81

Ransomware Security Manufacturing Cybersecurity 81

Security Affairs

APRIL 20, 2023

In 2022, the Russian APT used multiple wipers in attacks aimed at Ukraine, including AwfulShred , CaddyWiper , HermeticWiper , Industroyer2 , IsaacWiper , WhisperGate , Prestige , RansomBoggs , and ZeroWipe. The group is also the author of the NotPetya ransomware that hit hundreds of companies worldwide in June 2017.

Phishing 82

Phishing Military Ransomware Education 82

Thales Cloud Protection & Licensing

MARCH 23, 2022

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies. Thu, 03/24/2022 - 05:00. The 2022 Thales Data Threat Report, based on data from a survey of almost 2,800 respondents from 17 countries across the globe, illustrates these trends and changes. 2022 Report. 2022 Report. 2022 Report.

Risk 126

Risk Security Encryption Ransomware 126