IT Governance

OCTOBER 24, 2023

Publicly disclosed data breaches and cyber attacks City of Philadelphia discloses data breach after five months Date of breach: 24 May 2023 ( notice issued 20 October 2023). Incident details: The company found that data on its network had been encrypted without its knowledge. Breached organisation: City of Philadelphia, US.

Data Privacy 107

Data Privacy Privacy Security Data breaches 107

Security Affairs

DECEMBER 18, 2022

Google introduces end-to-end encryption for Gmail web to its Workspace and education customers to protect emails sent using the web client. Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta, users can send and receive encrypted emails within their domain and outside of their domain. .

Encryption 95

Encryption Education Compliance Cloud 95

Security Affairs

APRIL 17, 2024

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of October 2023, Atlassian warned of a critical security flaw, tracked as CVE-2023-22518 (CVSS score 9.1), that affects all versions of Confluence Data Center and Server.

Ransomware 133

Ransomware Encryption Access IT 133

Security Affairs

FEBRUARY 6, 2023

Royal Ransomware operators added support for encrypting Linux devices and target VMware ESXi virtual machines. The Royal Ransomware gang is the latest extortion group in order of time to add support for encrypting Linux devices and target VMware ESXi virtual machines. The malware changes the extension of the encrypted files to ‘.royal’.

Encryption 97

Encryption Ransomware IT Security 97

Security Affairs

AUGUST 2, 2023

Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Cybersecurity and Infrastructure Security Agency (CISA) recently warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting the zero-day CVE-2023-3519.

Cybersecurity 93

Cybersecurity Cloud Encryption Passwords 93

Security Affairs

JULY 6, 2023

Cisco warns of a high-severity vulnerability in Nexus 9000 series switches that can allow attackers to read or modify encrypted traffic. Cisco disclosed a high-severity vulnerability, tracked as CVE-2023-20185 (CVSS Score 7.4), in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode.

Encryption 96

Encryption Security IT Information Security 96

Thales Cloud Protection & Licensing

MAY 8, 2023

Thales 2023 Data Threat Report: Sovereignty, Transformation, and Global Challenges madhav Tue, 05/09/2023 - 05:30 Despite the economic and geopolitical instability in 2022, enterprises continued to invest in their operations and digital transformation. Download the full Thales 2023 Thales Data Threat Report now.

Digital transformation 87

Digital transformation Cloud Data breaches Encryption 87

IT Governance

NOVEMBER 13, 2023

million patient visits stolen in ransomware attack Date of breach: 23 October 2023 Breached organisation: Bluewater Health and Chatham-Kent Health Alliance Incident details: A database containing information about 5.6 Records breached: 79,582 Ontario hospitals update: information relating to 5.6

Data Privacy 85

Data Privacy Privacy Security Data breaches 85

eSecurity Planet

AUGUST 21, 2023

August 18 , 2023 Vulnerability Allows Code Execution When Opening WinRAR Archives Vulnerability CVE-2023-40477 in the popular WinRAR utility allows for arbitrary code execution (ACE) to automatically occur during the opening of the archive container. Organizations are urged to scan, remediate, and patch these NetScaler devices.

Archiving 75

Archiving Cybersecurity Encryption Privacy 75

Security Affairs

JULY 23, 2023

Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. Exploits of CVE-2023-3519 on unmitigated appliances have been observed. Update on CVE-2023-3519 vulnerable IPs: we now tag 15K Citrix IPs as vulnerable to CVE-2023-3519.

Cybersecurity 92

Cybersecurity Cloud Encryption Passwords 92

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. The attackers mostly used Cisco vulnerabilities CVE-2020-3259 and CVE-2023-20269.

Ransomware 94

Ransomware Encryption Education Phishing 94

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 93

Encryption Phishing Authentication Libraries 93

Security Affairs

JANUARY 11, 2023

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8)

Security 97

Security Libraries Encryption Authentication 97

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Ransomware 87

Ransomware Authentication Cybersecurity Education 87

Security Affairs

JULY 31, 2023

Researchers warn that threat actors started exploiting Citrix ShareFile RCE vulnerability CVE-2023-24489 in the wild. Citrix ShareFile is a widely used cloud-based file-sharing application, which is affected by the critical remote code execution (RCE) tracked as CVE-2023-24489 (CVSS score of 9.1). the company said in an advisory.

Encryption 87

Encryption Cloud Cybersecurity Access 87

eSecurity Planet

DECEMBER 7, 2022

But for 2023, cybersecurity will be a “key pillar” of the company’s focus – particularly data compliance and protection. The startup manages an open source project for key management, authorization enforcement policies, and end-to-end encryption. An area that Kakran is bullish on for 2023 is Kubernetes security and observability.

Cybersecurity 125

Cybersecurity Compliance Risk Ransomware 125

Collibra

JANUARY 31, 2023

So CIOs around the world are making their 2023 technology wish lists for the solutions that will help drive data intelligence into the new year. Your smartest 2023 wish: Collibra Data Intelligence The three challenges facing today’s CIO — data deluge, regulation, organizational inertia — don’t need to hold teams back in 2023.

Digital transformation 97

Digital transformation Data Privacy Privacy Cloud 97

IT Governance

JULY 10, 2023

Welcome to our second quarterly review of cyber attacks and data breaches for 2023. Overview IT Governance discovered 297 security incidents between April and June 2023, which accounted for 116,933,247 breached records. There were 82 such instances in Q2 2023, which represents a 16% decrease compared to last quarter.

Data breaches 73

Data breaches Ransomware Encryption Government 73

Thales Cloud Protection & Licensing

MARCH 29, 2023

World Backup Day 2023: Five Essential Cyber Hygiene Tips madhav Thu, 03/30/2023 - 05:54 World Backup Day , celebrated each year on March 31st, is a day created to promote backing up data from your devices. Encrypt Your Sensitive Data Data encryption isn't just for large organizations.

Encryption 71

Encryption Passwords Ransomware Privacy 71

The Last Watchdog

DECEMBER 13, 2023

Notable progress was made in 2023 in the quest to elevate Digital Trust. We met at DigiCert Trust Summit 2023. Each time we use a mobile app or website-hosted service, digital certificates and the Public Key Infrastructure ( PKI ) come into play — to assure authentication and encrypt sensitive data transfers.

Encryption 278

Encryption IoT Authentication Security 278

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. #ViperSoftX is back, doesn't look like much has changed. c2 arrowlchat[.]com ” concludes the report.

Encryption 90

Encryption Passwords Education Communications 90

eSecurity Planet

JANUARY 8, 2024

The new year brought few new vulnerabilities, and only Ivanti Endpoint Manager (EPM) and Kyber, the quantum resistant encryption algorithm, publicized new vulnerabilities or fixes. and older of the Perl Spreadsheet::ParseExcel library ( CVE-2023-7101 ) contain a RCE vulnerability exploited by Chinese hackers, as noted on December 24th.

Encryption 103

Encryption Libraries Cybersecurity Communications 103

IT Governance

APRIL 11, 2023

Welcome to our April 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. For instance, it could monitor users’ keystrokes or encrypt the user’s files in a ransomware attack.

Phishing 114

Phishing Passwords Ransomware Insurance 114

eSecurity Planet

AUGUST 14, 2023

August 12 , 2023 Ford Auto’s TI Wi-Fi Vulnerability The Internet of Things (IoT) continues to expand and become a threat to connected businesses. August 11 , 2023 DEFCON and Black Hat Vulnerabilities Security researchers at DEFCON and Black Hat discussed a number of vulnerabilities with significant impact for affected organizations.

Cybersecurity 82

Cybersecurity Access IoT Manufacturing 82

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2023

Thales 2023 Data Threat Report: The Increased Telco Cybersecurity Challenges in the 5G Era madhav Tue, 09/12/2023 - 05:15 Telecommunications firms have always faced a unique set of security challenges. The rapid shift to higher levels of digitization has meant they have much more dispersed infrastructure and data to protect.

Cybersecurity 77

Cybersecurity IoT Cloud Encryption 77

Schneier on Security

SEPTEMBER 26, 2023

Totally expected, but still good to hear : Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. “We would leave the U.K. “And that’s never not true.” ” .

Encryption 122

Encryption Privacy IT 122

IT Governance

NOVEMBER 20, 2023

Date of breach: 26 October 2023 Breached organisation: Homeland, Inc., An investigation found that there was unauthorised access to its network between 18 and 23 May 2023. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Security Affairs

OCTOBER 11, 2023

US CISA added the flaw CVE-2023-21608 in Adobe Acrobat Reader to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added five new flaws to its Known Exploited Vulnerabilities Catalog , including a high-severity flaw ( CVE-2023-21608 ) (CVSS score: 7.8) in Adobe Acrobat Reader.

IT 116

IT Encryption Cybersecurity Risk 116

Thales Cloud Protection & Licensing

APRIL 18, 2023

RSA Conference 2023: Meet Thales Where the World Talks Security! madhav Tue, 04/18/2023 - 07:06 "Alone we can do so little; together we can do so much." - Helen Keller At Thales, we couldn’t be more excited about RSA Conference 2023. This year’s theme “ Stronger Together ” echoes our company culture.

Security 71

Security Digital transformation Privacy Cybersecurity 71

Security Affairs

MAY 12, 2023

Recently, VIPRE Security Group published their Email Security in 2023 report , where they shared insights on the development of email-based threats and how they can impact organizations. What Can We Expect in 2023? This can be done using encryption. It’s not likely to stop there. 1 There will be more remote work-based attacks.

Security 92

Security Phishing B2B Data breaches 92

Security Affairs

NOVEMBER 19, 2023

Phobos variants are usually distributed by the SmokeLoader , but in 8Base campaigns, it has the ransomware component embedded in its encrypted payloads. The experts observed a massive spike in activity associated with this threat actor between May and June 2023. Generation of target list of extensions and folders to encrypt.

Ransomware 124

Ransomware Encryption Metadata Manufacturing 124

Security Affairs

JANUARY 2, 2024

A team of researchers released a suite of tools that could help victims to decrypt data encrypted with by the Black Basta ransomware. Independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor.

Ransomware 116

Ransomware Encryption Blockchain Insurance 116

IT Governance

APRIL 12, 2023

Welcome to our first quarterly review of security incidents for 2023, in which we take a closer look at the information gathered in our monthly list of data breaches and cyber attacks. Overview IT Governance discovered 310 security incidents between January and March 2023, which accounted for 349,171,305 breached records.

Data breaches 59

Data breaches Ransomware Government Encryption 59

WIRED Threat Level

MAY 16, 2023

The Meta-owned app offers end-to-end encryption of texts, images, and more by default—but its settings aren't as private as they could be.

Privacy 86

Privacy Encryption IT Security 86

Security Affairs

SEPTEMBER 1, 2023

The Key Group ransomware gang has been active since at least January 2023. EclecticIQ researchers reported that since June 29, 2023, the ransomware group is likely using the NjRAT RAT to remotely access victim devices. “Key Group ransomware uses a base64 encoded static key N0dQM0I1JCM= to encrypt victims’ data. .

Ransomware 112

Ransomware Encryption Access Security 112

WIRED Threat Level

DECEMBER 7, 2022

The company will also soon support the use of physical authentication keys with Apple ID, and is adding contact verification for iMessage in 2023.

Encryption 84

Encryption Authentication Privacy Security 84

Security Affairs

JANUARY 23, 2024

In early January, independent security research and consulting team SRLabs discovered a vulnerability in Black Basta ransomware’s encryption algorithm and exploited it to create a free decryptor. The ransomware employs encryption based on a ChaCha keystream, which is utilized to perform XOR operations on 64-byte-long chunks of the file.

Encryption 116

Encryption Ransomware Blockchain Insurance 116