2014, Analysis, Cybersecurity and Government - Information Management Today

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” There’s oil in the state of Maryland – “cyber oil.” The state counts approximately 109,000 cyber engineers.

Cybersecurity

Cybersecurity Computer and Electronics Data science Marketing

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Security Affairs

MAY 9, 2020

Nigerian cyber gang SilverTerrier, specialized in BEC attacks, used COVID-19 lures in recent attacks on healthcare and government organizations. SilverTerrier has been active since at least 2014, it is a collective of over hundreds of individual threat actors. . ” reads the analysis published by Palo Alto Networks.

Government

Government Energy and Utilities Insurance Phishing

Security expert Marco Ramilli released for free the Malware Hunter tool

Security Affairs

FEBRUARY 6, 2019

I’v been working on cybersecurity for most than 10 years. Malware Static Analysis. You might decide to get deep into last processed samples by clicking on table raw (which highlights last 10 processed samples) or to search for a specific hash by pasting your desired sha256 and clicking on the “Search” button.

Computer and Electronics

Computer and Electronics Security Cybersecurity Government

ActiveX Controls in South Korean websites are affected by critical flaws

Security Affairs

MAY 22, 2019

Security experts discovered tens of critical vulnerabilities were found in 10 South Korean ActiveX controls as part of a short research project. Security researchers at Risk Based Security have discovered tens of critical vulnerabilities in 10 South Korean ActiveX controls as part of a research project. Pierluigi Paganini.

Risk

Risk Government Security Cybersecurity

FTC and DOJ Issue Antitrust Policy Statement on Cybersecurity

Hunton Privacy

APRIL 11, 2014

On April 10, 2014, U.S. Department of Justice Deputy Attorney General James Cole and Federal Trade Commission Chair Edith Ramirez announced a joint DOJ and FTC antitrust policy statement on the sharing of cybersecurity information (“Policy Statement”).

Cybersecurity

Cybersecurity Government Security IT

Security Affairs newsletter Round 216 – News of the week

Security Affairs

JUNE 2, 2019

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” [link]. Sectigo says that most of certificates reported by Chronicle analysis were already revoked. A new round of the weekly SecurityAffairs newsletter arrived!

Security

Security Military Paper Data breaches

Australian Privacy Regulator Sues in Data Breach Case

Hunton Privacy

NOVEMBER 15, 2023

The case is significant because: (1) it is only the second time that the Australian regulator has brought court proceedings of this kind despite having the power to do so since 2014; and (2) it signals the regulator’s priority in ensuring that cybersecurity incidents are responded to swiftly.

Data breaches

Data breaches Privacy Risk Information Security

Trojan Lampion is back after 3 months

Security Affairs

MAY 12, 2020

Trojan Lampion is a malware observed at the end of the year 2019 impacting Portuguese users using template emails from the Portuguese Government Finance & Tax and EDP. Figure 4: Malicious MSI file downloaded from AWS S3 bucket and using COVID-19 theme that impersonates the Portuguese Government. Lampion email templates – May 2020.

Cloud

Cloud Government Access Phishing

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

OCTOBER 17, 2018

Today I’d like to share an interesting analysis of a Targeted Attack found and dissected by Yoroi (technical details are available here ). A quick analysis of the Stage2 exposes a new object inclusion. (as That object was crafted on 2018-10-09 but it was seen only on 2018-10-12.

Computer and Electronics

Computer and Electronics Encryption Military Security

Security Affairs newsletter Round 228

Security Affairs

AUGUST 25, 2019

At least 23 Texas local governments targeted by coordinated ransomware attacks. Malware Analysis Sandboxes could expose sensitive data of your organization. The Cost of Dealing With a Cybersecurity Attack in These 4 Industries. Lenovo Solution Centre flaw allows hacking Windows laptop in 10 minutes. Once again thank you!

Security

Security Mining Data breaches Libraries

Two PoC exploits for CVE-2020-0601 NSACrypto flaw released

Security Affairs

JANUARY 16, 2020

Microsoft Patch Tuesday updates for January 2020 address a total of 49 vulnerabilities in various products, including a serious flaw, tracked as CVE-2020-0601, in the core cryptographic component of Windows 10, Server 2016 and 2019 editions. Swiss cybersecurity firm Kudelski Security published on GitHub a working exploit for the flaw.

Encryption

Encryption Security Cybersecurity Risk

TA505 Cybercrime targets system integrator companies

Security Affairs

NOVEMBER 12, 2019

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. The domain was protected by a Panama company to hide its real registrant and this condition rang a warning bell on the suspected email so that it required a manual analysis in order to investigate its attachment.

Computer and Electronics

Computer and Electronics Ransomware Security Retail

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. Creating an enterprise-wide governance structure.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

Group-IB , a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has analyzed key recent changes to the global cyberthreat landscape. This means that a peaceful existence is no longer possible while being out of touch with cybersecurity. In 2019, cybersecurity became a heavily debated topic in politics.

IT

IT Military Cybersecurity Phishing

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

We also talk about the pitfalls of using artificial intelligence in cyber security and about the best way to tackle the US's chronic cybersecurity talent shortage. ForAllSecure does automated analysis to find unknown defects in applications. David Brumley: My name is David Brumley. I'm CEO of the company ForAllSecure.

Security

Security Artificial Intelligence Computer and Electronics Libraries

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

We also talk about the pitfalls of using artificial intelligence in cyber security and about the best way to tackle the US's chronic cybersecurity talent shortage. ForAllSecure does automated analysis to find unknown defects in applications. David Brumley: My name is David Brumley. I'm CEO of the company ForAllSecure.

Security

Security Artificial Intelligence Computer and Electronics Libraries

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

We also talk about the pitfalls of using artificial intelligence in cyber security and about the best way to tackle the US's chronic cybersecurity talent shortage. ForAllSecure does automated analysis to find unknown defects in applications. David Brumley: My name is David Brumley. I'm CEO of the company ForAllSecure.

Security

Security Artificial Intelligence Computer and Electronics Libraries

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Lampion was first documented in December 2019 , and it was distributed in Portugal via phishing emails using templates based on the Portuguese Government Finance & Tax. Figure 10: Compilation time – Jun 21 16:39 – 2020. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Communications

Communications Cloud Phishing Encryption

GAO Report shed the lights on the failures behind the Equifax hack

Security Affairs

SEPTEMBER 10, 2018

Government Accountability Office (GAO) provides detailed information of the Equifax hack. Government Accountability Office (GAO) published a report on the Equifax hack that includes further details on the incident. The analysis of the log files revealed that attackers executed approximately 9,000 queries to access data containing PII.

Encryption

Encryption Systems administration Access Government

Information Management Today

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Trending Sources

Security expert Marco Ramilli released for free the Malware Hunter tool

ActiveX Controls in South Korean websites are affected by critical flaws

FTC and DOJ Issue Antitrust Policy Statement on Cybersecurity

Security Affairs newsletter Round 216 – News of the week

Australian Privacy Regulator Sues in Data Breach Case

Trojan Lampion is back after 3 months

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs newsletter Round 228

Two PoC exploits for CVE-2020-0601 NSACrypto flaw released

TA505 Cybercrime targets system integrator companies

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Group-IB presents its annual report on global threats to stability in cyberspace

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

GAO Report shed the lights on the failures behind the Equifax hack

Stay Connected