Hunton Privacy

JULY 26, 2022

On July 1, 2022, amendments to Florida’s State Cybersecurity Act (the “Act”) took effect, imposing certain ransomware reporting obligations on state agencies, counties and municipalities and prohibiting those entities from paying cyber ransoms. accidental or deliberate, of information technology resources, security, policies, or practices.”

Ransomware 107

Ransomware Cybersecurity Government Cloud 107

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. Below is the timeline for this issue: 12 Sep 2022: Vulnerability reported to ZyXEL. 13 Sep 2022: ZyXEL asks for detail in order to replicate the vulnerability.

Passwords 98

Passwords Cybersecurity Security Access 98

Security Affairs

MAY 28, 2022

On April 12, the company launched an investigation into a series of unauthorized access to data stored in repositories of dozens of organizations. The experts first detected the intrusion on April 12 when the company’s security team identified unauthorized access to their npm production infrastructure using a compromised AWS API key.

Metadata 139

Metadata Passwords Archiving Access 139

Security Affairs

APRIL 6, 2023

The group published a series of screenshots of the company’s CTMS and ERP databases The Money Message group threatens to publish the stolen files by Wednesday, April 12, 2023, if the company will not pay the ransom. BleepingComputer reported that the ransomware gang has demanded a ransom payment of $4,000,000.

Ransomware 78

Ransomware IT Manufacturing Education 78

Security Affairs

APRIL 19, 2023

The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-12 [$1000][ 1430644 ] Medium CVE-2023-2137: Heap buffer overflow in sqlite.

Libraries 91

Libraries Education Access Cybersecurity 91

Krebs on Security

APRIL 20, 2023

3CX says it has more than 600,000 customers and 12 million users in a broad range of industries, including aerospace, healthcare and hospitality. “Eventually, the threat actor was able to compromise both the Windows and macOS build environments,” 3CX said in an April 20 update on their blog. Microsoft Corp.

Security 287

Security Encryption Passwords IT 287

Security Affairs

MAY 27, 2022

The malware is available for rent on underground forums for $5000 per month since March 2022. Available for rent on underground forums for $5K/month since March 2022, ERMAC 2.0 ESETresearch @LukasStefanko 1/3 pic.twitter.com/hGeD4ZSwve — ESET research (@ESETresearch) May 18, 2022. A new #Android banker ERMAC 2.0

Phishing 141

Phishing Security Cybersecurity IT 141

Security Affairs

JUNE 16, 2022

Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco addressed a critical bypass authentication vulnerability affecting Email Security Appliance (ESA) and Secure Email and Web Manager. 12 Migrate to fixed release. Pierluigi Paganini.

Authentication 89

Authentication Security Access Cybersecurity 89

Security Affairs

MAY 16, 2023

The company earned $770 million in 2022. The company announced the closure of the plant on May 12, the response to the incident suggest it was the victim of a ransomware attack. “It should be noted that the activity of these three sites represents 19% of the group’s total sales in 2022.

Manufacturing 85

Manufacturing Ransomware Sales Encryption 85

Security Affairs

MAY 12, 2023

billion in revenue for 2022. Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. In November 2022, Sentinel Labs researchers reported having found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7.

Ransomware 87

Ransomware Phishing Access Cybersecurity 87

Security Affairs

APRIL 17, 2023

The mass e-mail campaign began at 12:00 p.m. For the next few days new messages kept coming, and soon, on the evening of April 12 we discovered another upsurge with 2,000 more letters sent to our customers.” on the following day and continued until 9:00 p.m. During that time we detected an approximate total of 1,000 letters.

e-Delivery 91

e-Delivery Archiving Education Passwords 91

IT Governance

MAY 15, 2024

Physical access control, physical security monitoring, CCTV, and more When we hear the term ‘information security’ – or, for that matter, ‘ISO 27001’ – our thoughts usually turn straight to cyber security. However, physical security is also an important aspect of information and data security.

Security 52

Security Information Security Access Cloud 52

Security Affairs

APRIL 17, 2022

On April 12, the company launched an investigation into a series of unauthorized access to data stored in repositories of dozens of organizations. The experts first detected the intrusion on April 12 when the company’s security team identified unauthorized access to their npm production infrastructure using a compromised AWS API key.

Access 104

Access Cybersecurity Security Authentication 104

Security Affairs

MAY 19, 2022

or above” The vulnerability was reported by the security researcher Tamjid Al Rahat on March 12, the issue was awarded $5,000 as part of the company bug bounty program. We recommend upgrading to version 1.33.3 Google addressed the issue with the release of the version 1.33.3 To nominate, please visit:? Pierluigi Paganini.

Libraries 117

Libraries Authentication Cybersecurity Security 117

IT Governance

NOVEMBER 23, 2023

Although the total number of data breaches – or rather, in those reported – decreased by 24% between 2019 and 2022 in the finance sector, the number of incidents increased by 99%. So to account for seasonality, we’ve only looked at Q2–Q4 for all four years (2019–2022). million (about £4.70

Risk 99

Risk Data breaches Authentication Financial Services 99

Thales Cloud Protection & Licensing

SEPTEMBER 18, 2023

According to the 2022 Thales Data Threat Report – Financial Services Edition , 52% of U.S. was released on March 31, 2022, and before we know it, businesses will face the compliance deadline of March 31, 2024. financial services organizations report that they have experienced a data breach in the past. Requirement 12.5

Compliance 77

Compliance Financial Services Data breaches Encryption 77

IT Governance

JANUARY 19, 2023

Gen Digital, the parent company behind NortonLifeLock, confirmed that the breach began on 1 December 2022 and that all affected accounts have since between secured. It’s one of several measures that we recommend in our Information Security and Cyber Security Staff Awareness E-Learning Course. How did this happen?

Passwords 105

Passwords Phishing Risk Access 105

Security Affairs

APRIL 20, 2023

Wiz reported the flaws to the Alibaba Cloud in December 2022 and the company fixed them on April 12, 2023. With write permissions, an attacker can overwrite container images and potentially carry out a supply-chain attack on the entire service and other services’ images.

Cloud 70

Cloud Access Cybersecurity Education 70

Security Affairs

MAY 15, 2023

. “The investigation determined that an unknown third party accessed our computer systems from March 12-13, 2023, and that certain personal information may have been obtained from our systems as a part of the incident.” million individuals appeared first on Security Affairs.

Data breaches 86

Data breaches Cybersecurity Insurance Ransomware 86

Security Affairs

APRIL 18, 2022

April 12 – Russia-linked Sandworm APT targets Ukrainian energy facilities with wipers. Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict. April 15 – Threat actors use Zimbra exploits to target Ukrainian organizations. Feb 27- Mar 05 Ukraine – Russia the silent cyber conflict. To nominate, please visit:?

Ransomware 90

Ransomware Phishing Cybersecurity Government 90

Security Affairs

APRIL 4, 2023

SentinelOne is tracking the malicious activity as SmoothOperator, the company speculates that the threat actor behind the attack has set up its infrastructure starting as early as February 2022. The impact of the attack could be devastating because the company claims that 3CX has 600,000 customer companies with 12 million daily users.

Manufacturing 80

Manufacturing Cybersecurity Education Security 80

Security Affairs

DECEMBER 24, 2022

Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. Below is the timeline for this issue: 12 Sep 2022: Vulnerability reported to ZyXEL. 13 Sep 2022: ZyXEL asks for detail in order to replicate the vulnerability.

Passwords 52

Passwords Cybersecurity Security Access 52

Security Affairs

APRIL 27, 2022

The attack took place during the night between April 11 and 12, the company switched off remote data monitoring connections to the wind turbines for security reasons. German wind turbine giant Deutsche Windtechnik announced that some of its systems were hit by a targeted professional cyberattack earlier this month.

Manufacturing 83

Manufacturing Ransomware Cybersecurity Security 83

Security Affairs

JULY 11, 2022

A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. As observed, 12 target banks operating in Portugal are listed in this specific campaign.

Phishing 100

Phishing Access Information Security Encryption 100

Security Affairs

MAY 8, 2022

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict. government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers who are members of the Sandworm APT group. Feb 27- Mar 05 Ukraine – Russia the silent cyber conflict. Feb 7- Feb 27 Ukraine – Russia the silent cyber conflict.

Cybersecurity 91

Cybersecurity Government Security IT 91

Security Affairs

APRIL 24, 2022

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict. The Anonymous collective and affiliate groups intensify their attacks and claimed to have breached multiple organizations. Feb 27- Mar 05 Ukraine – Russia the silent cyber conflict. Feb 7- Feb 27 Ukraine – Russia the silent cyber conflict. To nominate, please visit:?

Phishing 82

Phishing Cybersecurity Security Information Security 82

Security Affairs

JUNE 15, 2022

The experts will present their findings at the 31st USENIX Security Symposium that will take place in Boston, 10–12 August 2022. ” The issue is tracked CVE-2022-23823 on AMD and CVE-2022-24436 on Intel, at this time there is no fix for the issue. ” reads the website set up to describe the attack.

Encryption 67

Encryption Libraries Security Cybersecurity 67

Security Affairs

APRIL 10, 2022

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict. Feb 7- Feb 27 Ukraine – Russia the silent cyber conflict. Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict. Mar 20- Mar 26 Ukraine – Russia the silent cyber conflict. Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict. To nominate, please visit:?

Military 93

Military Phishing Cybersecurity Government 93

Security Affairs

MAY 9, 2023

AndoryuBot supports 12 DDoS attack methods: tcp-raw, tcp-socket, tcp-cnc, tcp-handshake, udp-plain, udp-game, udp-ovh, udp-raw, udp-vse, udp-dstat, udp-bypass, and icmp-echo. .” The variant analyzed by the researchers targets multiple architectures, including arm, m68k, mips, mpsl, sh4, spc, and x86.

Communications 97

Communications Access Cybersecurity Security 97

Security Affairs

APRIL 24, 2023

com, was registered on April 12, 2023. Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, PaperCut ) The post Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws appeared first on Security Affairs.

Cybersecurity 75

Cybersecurity Ransomware Education Authentication 75

Security Affairs

APRIL 24, 2023

com, was registered on April 12, 2023. Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, PaperCut ) The post Experts released PoC Exploit code for actively exploited PaperCut flaw appeared first on Security Affairs.

Authentication 95

Authentication Cybersecurity Education Access 95

IT Governance

JUNE 8, 2023

It’s why, in this blog, we’ve collected the most crucial phishing statistics you need to understand the threat. million unique phishing websites in Q4 2022, which is the most it has ever recorded. million) in 2022. Research from APWG revealed that, in Q3 2022. APWG detected 1.3 million (£3.42 million) in 2021 to $4.35

Phishing 111

Phishing Data breaches Communications Government 111

Security Affairs

MAY 22, 2023

On December 13, 2022, the European Commission launched the formal process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework on December 13, 2022. billion fine for transferring European user data to the US appeared first on Security Affairs. The EU-U.S. Privacy Shield Framework was designed by the U.S.

GDPR 81

GDPR Personal data Privacy Data Privacy 81

Security Affairs

MAY 20, 2023

The issue affects Samsung mobile devices running Android 11, 12, and 13, it is described as an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. affecting Samsung devices to its Known Exploited Vulnerabilities Catalog.

Cybersecurity 91

Cybersecurity Security Risk Access 91

Security Affairs

MAY 4, 2023

com, was registered on April 12, 2023. Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, PaperCut ) The post Experts devised a new exploit for the PaperCut flaw that can bypass all current detection appeared first on Security Affairs.

Cybersecurity 93

Cybersecurity Education Access Passwords 93

Security Affairs

MAY 16, 2022

The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM,” the researchers said. The Low-Power Mode was implements with iOS 15, it is supported by iPhone 11, iPhone 12, and iPhone 13 devices.

Paper 96

Paper Encryption Access Security 96

Security Affairs

MAY 22, 2023

CISA orders federal agencies to fix this flaw by June 12, 2023. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog : We are in the final!

IT 86

IT Cybersecurity Security Risk 86