Authentication, Government and IT - Information Management Today

Canadian government impacted by data breaches of two of its contractors

Security Affairs

NOVEMBER 20, 2023

The Canadian government discloses a data breach after threat actors hacked two of its contractors. Data belonging to current and former Government of Canada employees, members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel have been also exposed. Both contractors suffered a security breach in October.

Data breaches

Data breaches Government IT Ransomware

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government Authentication Cybersecurity Data breaches

CISA Urges Exchange Online Authentication Update

eSecurity Planet

JUNE 30, 2022

Cybersecurity and Infrastructure Security Agency (CISA) is recommending that government agencies and private organizations that use Microsoft’s Exchange cloud email platform migrate users and applications to Modern Auth before Basic Auth is deprecated in October. How to Migrate Exchange Authentication. Click Save. date and time).

Authentication

Authentication Libraries Cloud Passwords

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Jeremy Grant: Why the US Government Embraced FIDO Standards

Data Breach Today

JANUARY 17, 2023

Push Technology and One-Time Passcodes for MFA Just Aren't Secure Enough Attackers have caught up with legacy multifactor authentication tools that use push technology or one-time passcodes, boosting the need for phishing-resistant MFA, says Jeremy Grant.

Government

Government Phishing Authentication Security

News Alert: W3C advances technology to streamline payment authentication

The Last Watchdog

JUNE 15, 2023

The World Wide Web Consortium today announced a standardization milestone for a new browser capability that helps to streamline user authentication and enhance payment security during Web checkout. Customer authentication For the past 15 years, e-commerce has increased as a percentage of all retail sales.

Authentication

Authentication Communications Financial Services Retail

IT Governance Podcast Episode 4: Ransomware advice, MFA phishing and The Art of Cyber Security

IT Governance

JULY 21, 2022

This week, we discuss NCSC and ICO advice to the legal profession, a new phishing campaign that bypasses multifactor authentication, and the huge increase in the number of ransomware and phishing attacks this year. Plus, we talk to Gary Hibberd about his new book, The Art of Cyber Security.

Phishing

Phishing Ransomware Government IT

Collibra wins prestigious 2024 Communicator Award for AI Governance campaign

Collibra

MAY 21, 2024

Our mission focused on positioning Collibra as a thought leader in the industry and highlighting how enterprises everywhere can ‘do more’ with Collibra, and especially Collibra AI Governance. AI governance is essential for the safe and effective deployment of AI technologies, including generative AI applications.

Communications

Communications Government B2B Marketing

VMware fixed a critical flaw in Aria Automation. Patch it now!

Security Affairs

JANUARY 16, 2024

VMware Aria Automation (formerly vRealize Automation ) is a modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud infrastructure and applications. VMware warns customers of a critical vulnerability impacting its Aria Automation multi-cloud infrastructure automation platform.

IT

IT Cloud Authentication Access

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. The exploit was used to steal the Zimbra authentication token.

Government

Government Authentication Phishing IT

Twitter to Charge Users for SMS Two-Factor Authentication in Apparent Security Crackdown

IT Governance

FEBRUARY 23, 2023

In yet another controversial policy move, Twitter announced this week that it’s removing text-based 2FA (two-factor authentication) for non-paying users. It has focused on the costs that Twitter incurs as a result of SMS-based authentication, when the real threat is to users. Twitter has instructed users to remove SMS authentication.

Authentication

Authentication Security Passwords Risk

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication.

Government

Government Authentication Communications Access

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. This year, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) coordinate the collaboration between the government and industry, running a human-centric campaign themed “See Yourself in Cyber”.

Authentication

Authentication Passwords Cybersecurity Personal data

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Security Affairs

APRIL 19, 2024

“Starting in January 2024, a threat actor performed reconnaissance of our networks, exploited one of our Virtual Private Networks (VPNs) through two Ivanti Connect Secure zero-day vulnerabilities , and skirted past our multi-factor authentication using session hijacking. . ” reads a post published by the organization on Medium.

IT

IT Authentication Cybersecurity Security

Ivanti fixed a new critical Sentry API authentication bypass flaw

Security Affairs

AUGUST 21, 2023

Ivanti warned customers of a new critical Sentry API authentication bypass vulnerability tracked as CVE-2023-38035. The zero-day vulnerability CVE-2023-35078 was exploited by threat actors in recent attacks against the ICT platform used by twelve ministries of the Norwegian government.

Authentication

Authentication Risk Access Government

U.S. Government Issues Warning of Threat Against U.S. Critical Infrastructure

Data Matters

MARCH 3, 2022

Specifically, CISA advises that companies stay vigilant and well-informed about threats and cyberattacks and adopt best practices such as ensuring all software is updated, multi-factor authentication is enabled, and data has been backed up. Government Issues Warning of Threat Against U.S. See also our prior post in Data Matters, U.S.

Government

Government Cybersecurity Authentication Information Security

Two-Factor Authentication – What Is It and Why You Should Use It via PixelPrivacy

IG Guru

MAY 20, 2020

This article does a good job of explaining two-factor authentication, covers how-too’s and the risks. The post Two-Factor Authentication – What Is It and Why You Should Use It via PixelPrivacy appeared first on IG GURU. Article here.

Authentication

Authentication IT Risk Information governance

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. These infected websites host a PHP script which displays a seemingly authentic update. implacavelvideos[.]com).

Education

Education Government Business Services Archiving

Chinese hackers compromised emails of U.S. Government agencies

Security Affairs

JULY 13, 2023

Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks. The attackers forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key. ” reported the Washington Post.

Government

Government Authentication Cloud Access

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. The last stage malware is the PHP-based SYS01stealer malware which is able to steal browser cookies and abuse authenticated Facebook sessions to steal information from the victim’s Facebook account.

Government

Government Manufacturing Authentication Cybersecurity

CISA adds second Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

AUGUST 1, 2023

” Ivanti states that an attacker can chain this vulnerability with CVE-2023-35078 to bypass administrator authentication and ACLs restrictions (if applicable). The vulnerability is an authentication bypass issue impacting Ivanti Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).

IT

IT MDM Authentication Cybersecurity

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

The Last Watchdog

MARCH 4, 2020

First, the identities of any two digital entities – a sensor and a control server, for instance, or even a microservice and a container — must be authenticated, and, second, the data exchanged between any two such digital instances must be encrypted. And if you’re not doing integrity checks, you’ll be exposed.”

IoT

IoT Authentication Security Encryption

DEA Investigating Breach of Law Enforcement Data Portal

Krebs on Security

MAY 12, 2022

KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. ” The DEA’s EPIC portal login page. . ” The DEA’s EPIC portal login page.

Authentication

Authentication Passwords Government Access

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

By redirecting the pointer to the Line Dancer interpreter, attackers can interact with the device through POST requests without authentication. CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog. Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

IT

IT Authentication Access Security

How FIDO 2 authentication can help achieve regulatory compliance

Thales Cloud Protection & Licensing

JUNE 24, 2021

How FIDO 2 authentication can help achieve regulatory compliance. Businesses are governed by an increasingly complex network of regulations, jurisdictions, and standards which dictate security and privacy requirements. One common denominator in all regulations is the need for strong authentication. Thu, 06/24/2021 - 07:22.

Authentication

Authentication Compliance GDPR Personal data

Medibank Defends its Security Practices as its Ransomware Woes Worsen

IT Governance

NOVEMBER 17, 2022

Medibank faced angry questioning during its annual general meeting yesterday as shareholders sought explanations for the organisation’s response to last month’s cyber attack. The Australian health insurance giant fell victim to ransomware in October, as a result of which the personal data of 9.7 million current and former customers was compromised.

IT

IT Ransomware Security Data breaches

How better key management can close cloud security gaps troubling US government (Part 1 of 2)

Thales Cloud Protection & Licensing

NOVEMBER 27, 2023

How better key management can close cloud security gaps troubling US government (Part 1 of 2) sparsh Tue, 11/28/2023 - 05:20 Bruce Schneier recently blogged : A bunch of networks, including US Government networks , have been hacked by the Chinese. But “negligent security practices” are not a new concern for the US Government.

Cloud

Cloud Government Security Marketing

BlueZone Web: Multi-factor authentication

Rocket Software

JULY 24, 2020

Millions of users around the globe—in verticals including finance, manufacturing and government—rely on Rocket to manage, access and modernize their mission-critical data on IBM Mainframe, IBM Power Systems and VT based systems. . The multi-factor authentication market is expected to reach 21 billion USD by 2025.

Authentication

Authentication Data breaches Marketing Manufacturing

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

The Last Watchdog

APRIL 11, 2022

While it’s nice to see law enforcement and governments go after the gangs, that won’t stop the monster that has grown out of control, that we, as an industry, continue to feed. They’re easier to attack and provide moderate consistent payouts with little retribution from law enforcement or governments. Bricks in the wall.

Ransomware

Ransomware IT Passwords Government

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

SEPTEMBER 13, 2023

Credentials stolen by info-stealers often end up for sale on cybercrime shops that peddle purloined passwords and authentication cookies (these logs also often show up in the malware scanning service VirusTotal ). government inboxes. But on Sept. defense contractors. USDoD’s avatar used to be the seal of the U.S. Microsoft Corp.

Passwords

Passwords Authentication Sales Data breaches

CISA adds Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

JULY 26, 2023

The vulnerability is an authentication bypass issue impacting Ivanti Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core). The vulnerability is an authentication bypass issue impacting Ivanti Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core). and 11.10.0.2

IT

IT Authentication Risk Access

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

NYDFS clarified that where a cybersecurity program or part of a cybersecurity program is adopted from an affiliate, the “senior governing body” ( e.g. , a board or equivalent governing body) may be that of the affiliate. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

The Impact of AI-assisted Call Spoofing and What We Can Do About It

Thales Cloud Protection & Licensing

OCTOBER 4, 2023

Spoofing a number from a company or a government agency you may already know and trust. Professionals from all involved industries agree that, for a start, governments must make sure any new legislation is fit for a digital world. Multi-factor authentication should be a prerequisite for every account and online transaction.

IT

IT Authentication Artificial Intelligence Government

News alert: SSH announces another US financial institution selects PrivX as its PAM solution

The Last Watchdog

SEPTEMBER 22, 2023

Benefits of PrivX •Eliminates static credentials with passwordless authentication and just-in-time access, enabling easy implementation of Zero Trust access management solution. We have 5,000+ customers worldwide, including 40 percent of Fortune 500 companies and major organizations in the Finance, Government, Retail, and Industrial segments.

IT

IT Retail Communications Access

A flaw in India Digilocker could?ve been exploited to bypass authentication

Security Affairs

JUNE 8, 2020

The Indian Government fixed a flaw in the secure document wallet service Digilocker that could have potentially allowed anyone’s access without password. DigiLocker is an online service provided by Ministry of Electronics and IT (MeitY), Government of India under its Digital India initiative.

Authentication

Authentication Passwords Encryption Access

Flaw allowing identity spoofing affects authentication based on German eID cards

Security Affairs

NOVEMBER 22, 2018

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. tax service).

Authentication

Authentication Communications Security IT

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Security Affairs

SEPTEMBER 19, 2023

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. . “Meanwhile, the structure of SprySOCKS’s command-and-control (C&C) protocol is similar to one used by the RedLeaves backdoor , a remote access trojan (RAT) reported to be infecting Windows machines.

IT

IT Encryption Authentication Communications

Password Security: Single Factor, 2FA and Multi-Factor Authentication

Rocket Software

MAY 15, 2020

For systems such as the IBM Z, which is used by the healthcare industry, financial institutions and governments, maintaining data security is of the utmost importance. Below, we’ll outline different authentication options on the IBM Z and on other work devices, and how to keep them secure. Single-Factor Authentication.

Authentication

Authentication Passwords Security Access

What Is the CIA Triad and Why Is It Important?

IT Governance

FEBRUARY 14, 2023

For example, say an organisation implements multifactor authentication on a piece of third-party software. But doing so hampers the availability of data, because employees now need to complete an authentication process to access the software. The second element of the CIA triad is integrity.

IT

IT Risk GDPR Information Security

New EU Strong Customer Authentication Standards: Implications for Payment Service Providers

Data Matters

SEPTEMBER 18, 2019

Under the revised Payment Services Directive (2015/2366) (PSD2), the European Banking Authority (EBA) and the European Commission were required to develop and adopt regulatory technical standards on strong customer authentication and common and secure open standards of communication. STRONG CUSTOMER AUTHENTICATION. What is SCA?

Authentication

Authentication e-Delivery Risk Sales

Researchers: Chinese APT Espionage Campaign Bypasses 2FA

Data Breach Today

DECEMBER 26, 2019

Fox-IT Suspects APT20 Group Was Involved An advanced persistent threat espionage campaign with suspected ties to the Chinese government quietly targeted businesses and governments in 10 countries for two years, bypassing two-factor authentication, according to a report by Fox-IT.

Authentication

Authentication Government IT

Mastering identity security: A primer on FICAM best practices

IBM Big Data Hub

FEBRUARY 5, 2024

For federal and state governments and agencies, identity is the crux of a robust security implementation. Numerous individuals disclose confidential, personal data to commercial and public entities daily, necessitating that government institutions uphold stringent security measures to protect their assets.

Security

Security Authentication Compliance Access

Can two-factor authentication save us from our inability to create good passwords?

IT Governance

FEBRUARY 11, 2019

Perhaps it’s time we finally push for the widespread adoption of two-factor authentication. What is two-factor authentication? This may sound complicated, but anyone with a bank card has been using two-factor authentication for years. Authentication factor examples. Why you should use two-factor authentication.

Authentication

Authentication Passwords Phishing Access

Estonia ‘s police arrested a Tallin resident who stole 286K ID scans from a government DB

Security Affairs

JULY 30, 2021

Estonia ‘s police arrested a man from Tallinn that is suspected to be the hacker who stole 286K ID scans from the government systems. Estonian police arrested a man from Tallinn that is suspected to have stolen 286,438 belonging to Estonians citizens from the government systems. or take a new document photo. .”

Government

Government Sales Access Personal data

T-Mobile confirms Lapsus$ had access its systems

Security Affairs

APRIL 23, 2022

In most cases, this involved social engineering employees at the targeted firm into adding one of their computers or mobiles to the list of devices allowed to authenticate with the company’s virtual private network (VPN).” Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March.

Access

Access IT Authentication Government

Canadian government impacted by data breaches of two of its contractors

U.S. CISA: hackers breached a state government organization

Webinars

Trending Sources

CISA Urges Exchange Online Authentication Update

Webinars

Jeremy Grant: Why the US Government Embraced FIDO Standards

News Alert: W3C advances technology to streamline payment authentication

IT Governance Podcast Episode 4: Ransomware advice, MFA phishing and The Art of Cyber Security

Collibra wins prestigious 2024 Communicator Award for AI Governance campaign

VMware fixed a critical flaw in Aria Automation. Patch it now!

Zimbra zero-day exploited to steal government emails by four groups

Twitter to Charge Users for SMS Two-Factor Authentication in Apparent Security Crackdown

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

Ivanti fixed a new critical Sentry API authentication bypass flaw

U.S. Government Issues Warning of Threat Against U.S. Critical Infrastructure

Two-Factor Authentication – What Is It and Why You Should Use It via PixelPrivacy

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Chinese hackers compromised emails of U.S. Government agencies

SYS01 stealer targets critical government infrastructure

CISA adds second Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

DEA Investigating Breach of Law Enforcement Data Portal

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

How FIDO 2 authentication can help achieve regulatory compliance

Medibank Defends its Security Practices as its Ransomware Woes Worsen

How better key management can close cloud security gaps troubling US government (Part 1 of 2)

BlueZone Web: Multi-factor authentication

GUEST ESSAY: Defending ransomware boils down to this: make it very costly for cybercriminals

FBI Hacker Dropped Stolen Airbus Data on 9/11

CISA adds Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

The Impact of AI-assisted Call Spoofing and What We Can Do About It

News alert: SSH announces another US financial institution selects PrivX as its PAM solution

A flaw in India Digilocker could?ve been exploited to bypass authentication

Flaw allowing identity spoofing affects authentication based on German eID cards

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Password Security: Single Factor, 2FA and Multi-Factor Authentication

What Is the CIA Triad and Why Is It Important?

New EU Strong Customer Authentication Standards: Implications for Payment Service Providers

Researchers: Chinese APT Espionage Campaign Bypasses 2FA

Mastering identity security: A primer on FICAM best practices

Can two-factor authentication save us from our inability to create good passwords?

Estonia ‘s police arrested a Tallin resident who stole 286K ID scans from a government DB

T-Mobile confirms Lapsus$ had access its systems

Stay Connected