Analysis, Government and Passwords - Information Management Today

Earth Krahang APT breached tens of government organizations worldwide

Security Affairs

MARCH 19, 2024

The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities. Analysis of the backdoors uploaded on VirusTotal revealed that threat actors utilized geopolitical topics as bait.

Government

Government Phishing Access Passwords

Technical analysis of China-linked Earth Preta APT’s infection chain

Security Affairs

MARCH 27, 2023

Earth Preta, also known as “RedDelta” or “Bronze President,” has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. The link points to a password-protected archive, the document also includes the password.

Archiving

Archiving Phishing Passwords Government

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain.

Ransomware

Ransomware Data breaches Unstructured data Personal data

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory. ” reads the MAR.

Security

Security Authentication Libraries Passwords

IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

IT Governance

SEPTEMBER 7, 2023

Transcript: Hello and welcome to the IT Governance podcast for Friday, 8 September 2023. The Cyber Essentials scheme is a government-backed framework supported by the National Cyber security Centre. IT Governance has been a certification body for the scheme since 2014, when it was launched.

Government

Government IT Personal data GDPR

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

Mustang Panda has been active since at least 2012, it targeted American and European entities such as government organizations, think tanks, NGOs , and even Catholic organizations at the Vatican. In the 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures. .

Phishing

Phishing Government Archiving Passwords

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Further analysis uncovered embedded scenarios detecting the victim’s IP (using GEO2IP module, deployed on a third-party WEB-site), likely done to selectively choose targets or to filter by region.

Phishing

Phishing e-Delivery Government Passwords

Hundreds of network operators’ credentials found circulating in Dark Web

Security Affairs

JANUARY 30, 2024

This figure also includes historical records and new artifacts identified in January 2024, following an analysis of Command and Control (C2) servers and underground marketplaces. As such, this employee category represents a high-value target for sophisticated threat actors.

Passwords

Passwords Cybersecurity Cloud Access

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

Security Affairs

FEBRUARY 23, 2020

Experts from Cisco Talos discovered a new malware, tracked as ObliqueRAT, that appears a custom malware developed by a threat actor focused on government and diplomatic targets. . ” reads the analysis published by the exp erts. “CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.”

Government

Government File names Passwords Phishing

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

MAY 12, 2022

KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. ” The DEA’s EPIC portal login page.

Authentication

Authentication Passwords Government Access

“Collection #1” Data Breach Analysis – Part 2

Security Affairs

JANUARY 26, 2019

The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data. TOP Leaked eMail. Pierluigi Paganini.

Data breaches

Data breaches Passwords Government Security

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. As the United States and other nations condemn Russia’s actions, the odds of Russian cyber actors targeting the U.S.,

Cybersecurity

Cybersecurity Military Passwords Education

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

The Last Watchdog

APRIL 5, 2022

The Chinese government is well known for its censorship– and frequent harassment and intimidation of foreign journalists. If the Chinese government cannot prevent a story from being published outside of the country, it can act against sources. Password leaks are commonplace. MFA is a must for organizations using SaaS for email.

Passwords

Passwords Access Cloud Government

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices. Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Security

Security Passwords Military Marketing

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

3.5m IP cameras exposed, with US in the lead

Security Affairs

DECEMBER 14, 2022

Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies.

Passwords

Passwords Manufacturing Authentication Government

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Security Affairs

JULY 11, 2019

The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. According to experts at ESET, the Windows zero-day flaw CVE-2019-1132 was exploited by the Buhtrap threat actor in a targeted attack aimed at a government organization in Eastern Europe.

Government

Government Passwords IT Security

Three Top Russian Cybercrime Forums Hacked

Krebs on Security

MARCH 4, 2021

In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. On Tuesday, someone dumped thousands of usernames, email addresses and obfuscated passwords on the dark web apparently pilfered from Mazafaka (a.k.a. ” On Feb.

Passwords

Passwords Analytics Encryption Authentication

US govt agencies share details of the China-linked espionage malware Taidoor

Security Affairs

AUGUST 4, 2020

China-linked hackers carried out cyber espionage campaigns targeting governments, corporations, and think tanks with TAIDOOR malware. “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1 “CISA encourages users and administrators to review Malware Analysis Report MAR-10292089-1.v1

Healthcare

Healthcare Passwords Government Systems administration

PureCrypter used to deliver AgentTesla to govt organizations

Security Affairs

FEBRUARY 27, 2023

An unknown threat actor is targeting government organizations with the PureCrypter downloader, Menlo Security firm reported. Menlo Labs researchers uncovered an unknown threat actor is using the PureCrypter downloader in attacks aimed at government entities. ” reads the analysis published by Menlo Labs.

Passwords

Passwords Government Sales Archiving

Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached

IT Governance

APRIL 4, 2024

This blog provides further analysis of the data we’ve collected. This gave them access to names, phone numbers, emails, plaintext passwords, branch locations, confidential messages and shift information for Chattr employees, franchisee managers and job applicants. Passwords and bank details were not affected.

Data breaches

Data breaches Passwords Security Cloud

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.” ” reads the joint advisory. Rhysida actors heavily leveraged this tool for lateral movement and remote execution.

Ransomware

Ransomware Manufacturing Education Passwords

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. ” reads the analysis published by Google TAG. The fake browser window displays a URL and a login prompt designed to trick recipients into providing their password to a legitimate login page.

Phishing

Phishing Passwords Military Education

Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials

Security Affairs

DECEMBER 15, 2021

assembly that is intended to be loaded as a module within an IIS web server that also exposes Exchange’s Outlook Web Access (OWA),” reads the analysis published by Kaspersky. The username, password, user’s IP address and current timestamp are stored in a file at C:WindowsTempaf397ef28e484961ba48646a5d38cf54.db.ses.

Encryption

Encryption Authentication Passwords Government

CISA analyzed stealthy malware found on compromised Pulse Secure devices

Security Affairs

JULY 22, 2021

The agency published a malware analysis report (MARs) for each malicious code, the report also includes threat actor techniques, tactics, and procedures (TTPs) and indicators of compromise (IOCs) for the threat. If these services are required, use strong passwords or Active Directory authentication.

e-Discovery

e-Discovery Security Passwords Access

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

Security Affairs

FEBRUARY 14, 2020

The government experts released new and updated Malware Analysis Reports (MARs) related to new malware families involved in new attacks carried out by North Korea-linked HIDDEN COBRA group. If these services are required, use strong passwords or Active Directory authentication. the extension matches the file header).

Passwords

Passwords Access Phishing Authentication

FBI warns of attacks on unsecured SonarQube used by US govt agencies and businesses

Security Affairs

NOVEMBER 9, 2020

The FBI warns that threat actors are abusing misconfigured SonarQube applications to steal source code from US government agencies and businesses. “Since April 2020, unidentified cyber actors have actively targeted vulnerable SonarQube instances to access source code repositories of US government agencies and private businesses.

Passwords

Passwords Government Access Security

These are the sources of DDoS attacks against Russia, local NCCC warns

Security Affairs

MARCH 4, 2022

Russian government released a list containing IP addresses and domains behind DDoS attacks that hit Russian infrastructure after the invasion. While the conflict on the battlefield continues, hacktivists continue to target Russian infrastructure exposed online. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Data breaches

Data breaches Phishing Passwords Government

New Graphiron info-stealer used in attacks against Ukraine

Security Affairs

FEBRUARY 8, 2023

Upon execution, the downloader will check against a blacklist of malware analysis tools by checking for running processes’ specific names (i.e. It uses hardcoded file names designed to masquerade as Microsoft office executables: OfficeTemplate.exe and MicrosoftOfficeDashboard.exe” reads the analysis published by Symantec.

File names

File names Passwords Phishing Encryption

Previously undetected Earth Longzhi APT group is a subgroup of APT41

Security Affairs

NOVEMBER 15, 2022

Further analysis, revealed that the same threat actor targeted multiple regions using a similar Cobalt Strike loader and has been active since 2020. The malware was embedded in a password-protected archive attached to the messages. ” reads the analysis published by Trend Micro.

Archiving

Archiving Passwords Metadata Insurance

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

JULY 4, 2020

But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online. After verifying my email address, I was asked to pick a strong password and select a form of multi-factor authentication (MFA). It just reported that my SSN was now unlocked.

Passwords

Passwords Authentication Insurance Mining

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

The US government agencies warned of threat actors that are targeting ICS and SCADA systems from various vendors. Researchers from Dragos shared a detailed analysis of the new PIPEDREAM toolkit confirming that it has yet to be employed in attacks in the wild. ” reads the analysis published by Mandiant.

Passwords

Passwords Communications Cybersecurity Access

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization.

Phishing

Phishing Cloud Government Education

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

credit or debit card number, or any financial account number in combination with any required security code, access code or password that would permit access to such financial account. Risk of Harm Analysis No Longer Requires Law Enforcement Consultation. 60-Day Notification Window. Required Identity Theft Prevention Services.

Data breaches

Data breaches IT Insurance Passwords

How to write an ISO 27001 access control policy – free template

IT Governance

JULY 5, 2021

9 of ISO 27001 helps you govern who has access to your organisation’s sensitive information and under what scenarios. This is most likely to cover digital records, which can be protected with passwords or other technical defences. Data encryption, a password management system and secure log-on procedures are ideal starting points.

Access

Access Passwords Government Encryption

Unprotected server of Oklahoma Department of Securities exposes millions of government files

Security Affairs

JANUARY 17, 2019

The unsecured storage server was discovered by security expert Greg Pollock from UpGuard, it contained 3 terabytes of data including millions of sensitive Government files and years worth of sensitive FBI investigations. The server also included email backups from 1999 to 2016, the largest and most recent reaching 16GB in size.

Government

Government Security Archiving Metadata

Germany’s cyber security authority criticised for failing to disclose data breach

IT Governance

JANUARY 11, 2019

It was only when a Twitter user, later revealed to be the person behind the attack, published portions of the stolen data, that the authority conducted further analysis. . This analysis ultimately led to the perpetrator’s apprehension. Weak passwords . Bad passwords were one of the reasons he had it so easy,” Seehofer said.

Data breaches

Data breaches Security Passwords Government

CERT-UA warns of malspam attacks distributing the Jester info stealer

Security Affairs

MAY 9, 2022

Government experts observed that malicious executables are downloaded from compromised web resources. “The government’s team for responding to computer emergencies in Ukraine CERT-UA revealed the fact of mass distribution of e-mails on the topic of “chemical attack” and a link to an XLS-document with a macro.”

Authentication

Authentication Passwords Government Cybersecurity

Hackers accessed Stormshield data, including source code of ANSSI certified products

Security Affairs

FEBRUARY 4, 2021

Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks. In response to the intrusion, as a precaution, the Stormshild experts reset the passwords of all accounts and enhanced the security measures to protect the portal. ” continues Stormshield.

Access

Access Data breaches Passwords Government

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

The US government released a joint advisory that provides technical details about the operation of the Lockbit 3.0 “The Federal Bureau of Investigation (FBI), CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a joint cybersecurity advisory (CSA), #StopRansomware: LockBit 3.0. ransomware.

Ransomware

Ransomware Encryption Passwords Cybersecurity

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Security Affairs

JANUARY 3, 2024

Victims are tricked into installing this fake app under the guise of confirming their OTP (One-Time Password), which is then intercepted and transmitted to a command-and-control (C2C) server managed by the attacker. Recognition of specific objects and targets through text processing and document analysis.

Artificial Intelligence

Artificial Intelligence Phishing Government Cybersecurity

Iran-linked APT34 group is targeting US federal workers

Security Affairs

JANUARY 30, 2020

based research company that provides services to businesses and government organizations. Security experts from Intezer observed targeted attacks on a US-based research company that provides services to businesses and government organizations. ” reads the analysis p ublished by Intezer. ” continues the analysis. .

Passwords

Passwords Communications Government Phishing

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

NYDFS clarified that where a cybersecurity program or part of a cybersecurity program is adopted from an affiliate, the “senior governing body” ( e.g. , a board or equivalent governing body) may be that of the affiliate. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

According to coordinated reports published by FireEye and Pulse Secure in April, the two hacking groups have exploited the CVE-2021-22893 zero-day vulnerability in Pulse Secure VPN devices to access the networks of US defense contractors and government organizations worldwide. and Europe.”

Security

Security Passwords Cybersecurity Government

Earth Krahang APT breached tens of government organizations worldwide

Technical analysis of China-linked Earth Preta APT’s infection chain

Webinars

Trending Sources

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Webinars

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Hundreds of network operators’ credentials found circulating in Dark Web

ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia

DEA Investigating Breach of Law Enforcement Data Portal

“Collection #1” Data Breach Analysis – Part 2

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

GUEST ESSAY: NewsCorp hack shows cyber espionage, squelching of press freedom on the rise

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

China-linked APT Curious Gorge targeted Russian govt agencies

3.5m IP cameras exposed, with US in the lead

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Three Top Russian Cybercrime Forums Hacked

US govt agencies share details of the China-linked espionage malware Taidoor

PureCrypter used to deliver AgentTesla to govt organizations

Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached

FBI and CISA warn of attacks by Rhysida ransomware gang

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Owowa, a malicious IIS Server module used to steal Microsoft Exchange credentials

CISA analyzed stealthy malware found on compromised Pulse Secure devices

US Govt agencies detail North Korea-linked HIDDEN COBRA malware

FBI warns of attacks on unsecured SonarQube used by US govt agencies and businesses

These are the sources of DDoS attacks against Russia, local NCCC warns

New Graphiron info-stealer used in attacks against Ukraine

Previously undetected Earth Longzhi APT group is a subgroup of APT41

E-Verify’s “SSN Lock” is Nothing of the Sort

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

China-linked APT41 group spotted using open-source red teaming tool GC2

Connecticut Tightens its Data Breach Notification Laws

How to write an ISO 27001 access control policy – free template

Unprotected server of Oklahoma Department of Securities exposes millions of government files

Germany’s cyber security authority criticised for failing to disclose data breach

CERT-UA warns of malspam attacks distributing the Jester info stealer

Hackers accessed Stormshield data, including source code of ANSSI certified products

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Iran-linked APT34 group is targeting US federal workers

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

China-linked APT groups targets orgs via Pulse Secure VPN devices

Stay Connected