Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. 27, 2023. . Stanford was breached last year by Clop Ransomware.

Ransomware 107

Ransomware Data breaches Passwords Access 107

The Last Watchdog

JUNE 23, 2023

June 22, 2023 — Dasera , the premier automated data security and governance platform for top-tier finance, healthcare, and technology enterprises, is thrilled to unveil “Ski Lift,” a complimentary platform exclusively designed for Snowflake users. Mountain View, Calif.

Government 113

Government Security Compliance Risk 113

IT Governance

SEPTEMBER 7, 2023

This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi. Transcript: Hello and welcome to the IT Governance podcast for Friday, 8 September 2023.

Government 115

Government IT Personal data GDPR 115

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Zimbra addressed the vulnerability CVE-2023-37580 in July 2023. A second threat actor exploited the vulnerability since July 11 before the official patch became available on July 25.

Government 114

Government Authentication Phishing IT 114

IT Governance

NOVEMBER 6, 2023

When MOVEit was hacked by the Russian Cl0p ransomware gang in May, email addresses and links to government employee surveys were compromised. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

IT Governance

NOVEMBER 13, 2023

On 14 September, Mulkay discovered that the compromised files contained personal information, including “name, address, date of birth, Social Security number, driver’s license number or state ID, medical treatment information, and health insurance information”. Records breached: 79,582 Ontario hospitals update: information relating to 5.6

Data Privacy 85

Data Privacy Privacy Security Data breaches 85

Security Affairs

OCTOBER 2, 2023

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. Most of these online assets belong to large enterprises, governments and educational institutions.” The vulnerability was discovered by researchers at the cybersecurity firm Assetnote.

Authentication 112

Authentication Cybersecurity Education Government 112

Security Affairs

OCTOBER 30, 2023

Canada banned the Chinese messaging app WeChat and Kaspersky antivirus on government mobile devices due to privacy and security risks. The Government of Canada announced a ban on the use of the WeChat and Kaspersky applications on government-issued mobile devices due to privacy and security risks.

Government 117

Government Privacy Risk Data collection 117

IG Guru

NOVEMBER 22, 2023

The post Cybersecurity and Infrastructure Security Agency released today its Roadmap for Artificial Intelligence 2023-2024 first appeared on IG GURU. Check out the post here.

Artificial Intelligence 81

Artificial Intelligence Cybersecurity IT Security 81

IT Governance

MARCH 20, 2024

In the UK, cyber security has been dropping down the board’s list of priorities. However, the 2023 edition of that study found that this had dropped to 44% in the UK, whereas the global average had climbed to 73%. The UK government’s Cyber Security Breaches Survey 2023 confirms this trend. Specifically, a 13.4%

Security 116

Security Data breaches Government Insurance 116

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix.

Authentication 115

Authentication Access Communications Cloud 115

IT Governance

APRIL 5, 2023

Malware is one of the most common cyber security threats that organisations and individuals face. IT Governance Podcast 2023-7: Capita, ChatGPT and TikTok (yet again) 5th April 2023 How to Prevent Malware Attacks: 8 Tips for 2023 5th April 2023 List of Data Breaches and Cyber Attacks in March 2023 – 41.9

Encryption 126

Encryption Data breaches Phishing Government 126

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). PSIRT and Talos launched an investigation to support the customer.

Government 103

Government Authentication Communications Access 103

eSecurity Planet

DECEMBER 7, 2022

Just today, security and compliance automation firm Drata announced a $200 million Series C funding round that brings the company’s valuation to $2 billion, doubling its $1 billion valuation from its Series B round last year. According to a recent Gartner survey, security is the top priority for CIOs. Where will the dollars go?

Cybersecurity 145

Cybersecurity Compliance Risk Ransomware 145

eSecurity Planet

NOVEMBER 6, 2023

The past week has been a busy one for cybersecurity vulnerabilities, with 34 vulnerable Windows drivers and four Microsoft Exchange flaws heading a long list of security concerns. The Problem: Three flaws discovered by the Kubernetes security community carry CVSS severity scores of 7.6 CVE-2023-5044 (Code Injection): This CVSS score 7.6

Ransomware 112

Ransomware Authentication Cybersecurity Education 112

Security Affairs

SEPTEMBER 23, 2023

The Government of Bermuda believes that the recent cyberattack against its IT infrastructure was launched by Russian threat actors. This week a cyber attack hit the Government of Bermuda causing the interruption of internet/email and phone services. The attack impacted all the government departments. ” said Burt.

Government 115

Government IT Security Information Security 115

IT Governance

NOVEMBER 20, 2023

Date of breach: 26 October 2023 Breached organisation: Homeland, Inc., According to OPB, the district didn’t provide details, but said that “our student credentials may have been compromised as part of a security incident”. For more information about the SEC cyber security disclosure rules, register for our free webinar on 30 November.)

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

The Last Watchdog

OCTOBER 31, 2023

31, 2023 – Traceable AI , the industry’s leading API security company, proudly announces its continued recognition in the cybersecurity industry, with the latest accolade being the prestigious SINET16 Innovator Award for 2023. To learn more about Traceable’s API Security Platform, visit [link].

Cybersecurity 100

Cybersecurity Cloud Security Risk 100

IT Governance

SEPTEMBER 15, 2023

Welcome to our September 2023 catches of the month feature, which examines recent phishing scams and the tactics criminals use to trick people into compromising their data. More recently, it has mainly distributed the JSSLoader malware for the Sangria Tempest group. It appears, however, in the target inbox as a file, not a link.”

Phishing 110

Phishing Mining Education Passwords 110

IT Governance

JULY 4, 2023

IT Governance found 79 publicly disclosed security incidents in June 2023, accounting for 14,353,113 breached records. Also be sure to check out our new page, which provides a complete list of data breaches and cyber attacks for 2023.

Data breaches 96

Data breaches Ransomware Government Insurance 96

Security Affairs

AUGUST 8, 2023

Microsoft Patch Tuesday security updates for August 2023 addressed 74 vulnerabilities, including two actively exploited flaws. Microsoft has released an Office Defense in Depth update ( ADV230003 ) to address a patch bypass of the actively exploited RCE vulnerability CVE-2023-36884. ” reads the report published by ZDI.

Phishing 89

Phishing Security Government IT 89

IT Governance

OCTOBER 31, 2023

Publicly disclosed data breaches and cyber attacks France says Russian state hackers breached numerous critical networks Date of breach: From second half of 2021 (reported 26 October 2023). Reeds Spring district alerts families to cybersecurity data breach Date of breach: 26 April 2023 (reported 26 October 2023).

Data Privacy 52

Data Privacy Privacy Data breaches Security 52

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. “TAG70 has demonstrated a high level of sophistication in its attack methods. . ESET researchers also detailed the same attack chain.

Military 110

Military Government Access Risk 110

Security Affairs

AUGUST 29, 2023

China-linked threat actors breached government organizations worldwide with attacks exploiting Barracuda ESG zero-day. The vulnerability, tracked as CVE-2023-2868 , resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed it with the release of two security patches on May 20 and 21.

Government 104

Government Access Security Cybersecurity 104

Security Affairs

JANUARY 16, 2024

VMware Aria Automation (formerly vRealize Automation ) is a modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud infrastructure and applications. VMware addressed a critical vulnerability, tracked as CVE-2023-34063 (CVSS score 9.9), that impacted its Aria Automation platform.

IT 115

IT Cloud Authentication Access 115

Thales Cloud Protection & Licensing

NOVEMBER 27, 2023

How better key management can close cloud security gaps troubling US government (Part 1 of 2) sparsh Tue, 11/28/2023 - 05:20 Bruce Schneier recently blogged : A bunch of networks, including US Government networks , have been hacked by the Chinese.

Cloud 83

Cloud Government Security Marketing 83

IT Governance

JUNE 1, 2023

IT Governance found 98 publicly disclosed security incidents in May 2023, accounting for 98,226,877 breached records. Also be sure to check out our new page, which provides a complete list of data breaches and cyber attacks for 2023. million) Apria Healthcare suffers security breach (1.8

Data breaches 98

Data breaches Ransomware Insurance Personal data 98

Data Protection Report

MARCH 6, 2023

According to a recent briefing to the Legislative Council, the Privacy Commissioner for Personal Data (the PCPD ) reported that she is working closely with the government to comprehensively review the PDPO to formulate concrete proposals for legislative amendments.

Data Privacy 136

Data Privacy Privacy Paper Personal data 136

Collibra

JUNE 21, 2023

Today, OpenAI has one of the most popular websites in the world, with nearly 2B people visiting their site in May 2023 (footnote 3). Businesses everywhere are seeking ways to leverage LLMs as fast as governments are talking about ways to regulate them. What you need is a governance model for AI. You need AI governance.

Government 85

Government IT Risk Privacy 85

Security Affairs

MAY 12, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 79

Data breaches Security Military Ransomware 79

Security Affairs

MARCH 19, 2024

The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities. “Earth Krahang abuses the trust between governments to conduct their attacks.

Government 80

Government Phishing Access Passwords 80

IT Governance

JANUARY 5, 2024

IT Governance’s research found the following for December 2023: 1,351 publicly disclosed security incidents. Both these figures are a significant increase on what we found for November 2023 : 470 incidents and 519,111,354 records – 187% and 332% increases respectively. In November 2023, this was 227 incidents (48%).

Data breaches 97

Data breaches Insurance Manufacturing Ransomware 97

IT Governance

JULY 10, 2023

Welcome to our second quarterly review of cyber attacks and data breaches for 2023. In this article, we take a closer look at the information gathered in our monthly list of security breaches , and delve into the infosec landscape over the past three months. However, the start of the year coincided with a huge spike in infections.

Data breaches 73

Data breaches Ransomware Encryption Government 73

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. appeared first on Security Affairs. OwlProxy is a unique and custom tool used by the group.

Government 102

Government Manufacturing Education Access 102

Security Affairs

JULY 12, 2023

The issue, tracked as CVE-2023-36884 , was exploited by nation-state actors and cybercriminals to gain remote code execution via malicious Office documents. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”

Phishing 87

Phishing Security Government IT 87

Security Affairs

OCTOBER 16, 2023

— Signal (@signalapp) October 16, 2023 The company also added that it has checked with the U.S. Government to determine if they were aware of a zero-day exploit for their platform. We also checked with people across US Government, since the copy-paste report claimed USG as a source.

IT 104

IT Encryption Government Security 104

The Last Watchdog

DECEMBER 14, 2022

Based on insights from our team of elite security researchers here at Bugcrowd, these are three trends gaining steam as 2022 comes to a close – trends that I expect to command much attention in 2023. For years, penetration testing has played an important role in regulatory compliance and audit requirements for security organizations.

Compliance 229

Compliance Cybersecurity Risk Security 229