2022, Authentication, Government and IT - Information Management Today

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. government inboxes. But on Sept. defense contractors. Department of Defense.

Passwords

Passwords Authentication Sales Data breaches

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Krebs on Security

FEBRUARY 1, 2024

Three Americans were charged this week with stealing more than $400 million in a November 2022 SIM-swapping attack. government did not name the victim organization, but there is every indication that the money was stolen from the now-defunct cryptocurrency exchange FTX , which had just filed for bankruptcy on that same day.

Blockchain

Blockchain Ransomware Retail Analytics

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. The exploit was used to steal the Zimbra authentication token.

Government

Government Authentication Phishing IT

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

technology companies during the summer of 2022. stole at least $800,000 from at least five victims between August 2022 and March 2023. The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. A graphic depicting how 0ktapus leveraged one victim to attack another.

Passwords

Passwords Phishing Access Encryption

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. Tue, 10/04/2022 - 05:20. The 2022 Thales Consumer Digital Trust Index data , based on an Opinium survey conducted in 11 countries with more than 21K participants, attempts to answer these questions.

Authentication

Authentication Passwords Cybersecurity Personal data

Experts warn of mass exploitation of an RCE flaw in Zimbra Collaboration Suite

Security Affairs

AUGUST 12, 2022

Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass affecting Zimbra Collaboration Suite, tracked as CVE-2022-27925, is actively exploited to hack ZCS email servers worldwide.

Authentication

Authentication Military Security IT

Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers

Security Affairs

JUNE 29, 2022

Researchers discovered a new flaw in RARlab’s UnRAR utility, tracked CVE-2022-30333, that can allow to remotely hack Zimbra Webmail servers. Zimbra is an enterprise-ready email solution used by over 200,000 businesses, government and financial institutions. 2022-05-05 RarLab sends us a patch for review.

Archiving

Archiving Authentication Communications Security

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

Data Matters

JANUARY 28, 2022

The advisory was promptly endorsed by the National Cyber Security Centre, a division of Government Communications Headquarters (“GCHQ”), a UK intelligence agency. government, especially in light of ongoing tensions between the U.S. Require multi-factor authentication (MFA) for all users. and Russia in Ukraine.

Cybersecurity

Cybersecurity Financial Services Authentication Government

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. “This is reachable pre-authentication, on every SSL VPN appliance,” French vulnerability researcher Charles Fol tweeted.

Risk

Risk Ransomware Cybersecurity Access

Hacker breaches key Russian ministry in blink of an eye

Security Affairs

MARCH 16, 2022

No wonder Russia has been preparing to cut itself off from the global internet, hoping to move key government institutions to a sovereign Runet – a pan-Russian web limited to the Federation – to make them less prone to cyber attacks. pic.twitter.com/wOCdRqOJej — NEXTA (@nexta_tv) March 6, 2022. Original post at [link].

Authentication

Authentication Access Systems administration Military

Are Retailers Shopping for a Cybersecurity Breach?

Thales Cloud Protection & Licensing

NOVEMBER 22, 2022

Wed, 11/23/2022 - 07:07. The 2022 Thales Data Threat Report: Retail Edition , finds that 45% of retail respondents reported that the volume, severity and/or scope of cyberattacks had increased in the previous 12 months. Are Retailers Shopping for a Cybersecurity Breach? Cybersecurity breach statistics to destroy your appetite".

Retail

Retail Cybersecurity Ransomware Authentication

Consumers have their Say about Protection of Personal Data – Call for More Stringent Controls

Thales Cloud Protection & Licensing

OCTOBER 10, 2022

Tue, 10/11/2022 - 06:46. We live in a digital world in which we engage with significant social, government, retail, business and entertainment services now delivered without any direct human service management. The global study that informs the Index involved more than 21,000 participants across 11 countries.

Personal data

Personal data Data breaches Government Authentication

FTC Issues Business Alert on Illegal Use and Sharing of Location, Health and other Sensitive Data

Hunton Privacy

JULY 13, 2022

On July 11, 2022, the Federal Trade Commission’s Bureau of Consumer Protection issued a business alert on businesses’ handling of sensitive data, with a particular focus on location and health data. According to the alert, the combination of location and health data “creates a new frontier of potential harms to consumers.”.

Marketing

Marketing Privacy Data collection Analytics

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

CVE-2022-4886 (Path Sanitization Bypass): This 8.8-level level vulnerability involves a lack of validation, which allows attackers to steal Kubernetes API credentials from the ingress controller, compromise the authentication process by modifying settings, and gain access to internal files including service account tokens. New CVSS 4.0

Ransomware

Ransomware Authentication Cybersecurity Education

A Cyber Insurance Backstop

Schneier on Security

FEBRUARY 28, 2024

After Merck filed its $700 million claim, the pharmaceutical giant’s insurers argued that they were not required to cover the malware’s damage because the cyberattack was widely attributed to the Russian government and therefore was excluded from standard property and casualty insurance coverage as a “hostile or warlike act.”

Insurance

Insurance Government Cybersecurity Risk

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

eSecurity Planet

JANUARY 30, 2024

Implement strong data governance policies, conduct regular compliance audits, and employ cloud services that offer features matched with industry standards. Verizon’s 2023 Data Breach Investigations Report (DBIR) also reveals that inside actors were responsible for 83% of 2022 data breaches. million records exposed.

Cloud

Cloud Risk Security Encryption

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Data Matters

MAY 17, 2022

*Reprinted with permission from the May 6, 2022 edition of the New York Law Journal © 202X ALM Global Properties, LLC. Attorney General described a recent takedown of a Russian government-sponsored botnet called Cyclops Blink before it was weaponized and caused damage. and foreign government agencies. All rights reserved.

Cybersecurity

Cybersecurity Government Authentication Ransomware

Types of Encryption, Methods & Use Cases

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Definition, How it Works, & Examples. Block ciphers process plain text in fixed-sized chunks for encryption.

Encryption

Encryption Authentication Passwords Communications

U.S. Security Agencies Warn About Russian Threat Gangs Amid Ukraine Tensions

eSecurity Planet

JANUARY 12, 2022

11 by the FBI, National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) comes as tensions rise between Russia, the United States and European countries over Russia’s military activities related to Ukraine. Also read: Best Password Managers & Tools for 2022. Tactics and Responses. Know the Enemy.

Security

Security Passwords Cybersecurity Ransomware

Positive disruption culture

CILIP

DECEMBER 12, 2022

As with so many things happening now – government cuts, cuts to libraries, the cuts to information profession, the casualisation of staff – we’ve lost confidence in ourselves, in the value we bring as a profession, so we try to add value by saying you must be a qualified librarian. "In YOUR workforce has been divided by Covid.

Libraries

Libraries Risk Digital transformation Artificial Intelligence

EP 49: LoL

ForAllSecure

JUNE 21, 2022

Kyle Hanslovan CEO of Huntress Labs joins The Hacker Mind to discuss recent LoL attacks, specifically the Microsoft Follina attack and the Kaseya ransomware attack, and how important it is for small and medium sized businesses to start using enterprise grade security, given the evolving nature of these attacks. Think of it as a Trojan horse.

Ransomware

Ransomware Marketing IT Libraries

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. AllegisCyber Capital. AllegisCyber Investments.

Cybersecurity

Cybersecurity Cloud Marketing Security

Information Management Today

FBI Hacker Dropped Stolen Airbus Data on 9/11

Arrests in $400M SIM-Swap Tied to Heist at FTX?

Webinars

Trending Sources

Zimbra zero-day exploited to steal government emails by four groups

Webinars

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords

Experts warn of mass exploitation of an RCE flaw in Zimbra Collaboration Suite

Path Traversal flaw in UnRAR utility can allow hacking Zimbra Mail servers

U.S. and Foreign Cybersecurity and Intelligence Agencies Recommend Measures to Counteract Threat of Russian Cyberattacks

CISA Order Highlights Persistent Risk at Network Edge

Hacker breaches key Russian ministry in blink of an eye

Are Retailers Shopping for a Cybersecurity Breach?

Consumers have their Say about Protection of Personal Data – Call for More Stringent Controls

FTC Issues Business Alert on Illegal Use and Sharing of Location, Health and other Sensitive Data

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

A Cyber Insurance Backstop

Top 7 Cloud Storage Security Issues & Risks (+ Mitigations)

Nation-State-Sponsored Attacks: Not Your Grandfather’s Cyber Attacks

Types of Encryption, Methods & Use Cases

U.S. Security Agencies Warn About Russian Threat Gangs Amid Ukraine Tensions

Positive disruption culture

EP 49: LoL

Top VC Firms in Cybersecurity of 2022

Stay Connected