Data collection and Groups - Information Management Today

META hit with privacy complaints by EU consumer groups

Security Affairs

MARCH 4, 2024

This is my interview with TRT International on the Meta dispute with EU consumer groups, which are calling on the bloc to sanction the company EU consumer groups are calling on the bloc to sanction the company Meta – which owns Facebook, Instagram and WhatsApp – for allegedly breaching privacy rules.

Privacy

Privacy GDPR Personal data Data collection

UK data bill favours big business and ‘shady’ tech firms, rights group claims

The Guardian Data Protection

AUGUST 6, 2023

Data protection and digital information bill changes wording on which requests for personal data can be refused Individuals’ control over and access to their data is being undermined by a post-Brexit bill that favours big business and “shady” technology companies, a digital rights group has claimed. Continue reading.

Data collection

Data collection Personal data Access IT

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

JUNE 19, 2021

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. South Korean representatives declared on Friday that North Korea-linked APT group Kimsuky is believed to have breached the internal network of the South Korean Atomic Energy Research Institute (KAERI).

Phishing

Phishing Government Data collection Cybersecurity

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Groups Call for Ethical Guidelines on Location-Tracking Tech

WIRED Threat Level

MARCH 25, 2021

The Locus Charter asks companies to commit to 10 principles, including minimizing data collection and actively seeking consent from users.

Data collection

Data collection Privacy Security

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Security Affairs

DECEMBER 12, 2023

North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs).

Agriculture

Agriculture Data collection Access Manufacturing

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Security Affairs

FEBRUARY 3, 2022

A China-linked APT group tracked as Antlion used a custom backdoor called xPack that was undetected for months. A China-linked APT group tracked as Antlion is using a custom backdoor called xPack in attacks aimed at financial organizations and manufacturing companies, Symantec researchers reported. Pierluigi Paganini.

Manufacturing

Manufacturing Data collection Encryption Passwords

Ransomfeed – Third Quarter Report 2023 is out!

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. Throughout this period, the platform diligently tracked 185 criminal groups operating worldwide, meticulously tracing 342 servers employed for ransomware activities.

Ransomware

Ransomware Data collection Cybersecurity Information Security

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

Carrefour France and Carrefour Banque are both affiliates of the French retail group, the Carrefour Group. The group has diversified its activities into the banking and insurance, travel agency and e-commerce sectors. The CNIL carried out online inspections on the carrefour.fr and carrefour-banque.fr and carrefour-banque.fr

GDPR

GDPR Personal data Data collection Marketing

DRM Report Q2 2023 – Ransomware threat landscape

Security Affairs

OCTOBER 4, 2023

Within these pages, we delve into a world where cybercriminals operate with audacity, tracking the activities of 165 criminal groups across the globe. The data collected paints a vivid picture, revealing 1,736 ransomware claims, with 53 incidents specifically targeting Italy.

Ransomware

Ransomware Data collection Cybersecurity Security

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Security Affairs

JUNE 21, 2019

Russia-Linked cyberespionage group Turla uses a new toolset and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. In June, ESET researchers observed the Russia-linked cyberespionage group using weaponizing PowerShell scripts in attacks against EU diplomats. ” Symantec concludes. Pierluigi Paganini.

Communications

Communications Government Data collection Education

Two hacker groups attacked Russian banks posing as the Central Bank of Russia

Security Affairs

NOVEMBER 15, 2018

Group-IB has detected massive campaigns targeting Russian financial institutions posing as the Central Bank of Russia. Group-IB experts have discovered that the attack on 15 November could have been carried out by the hacker group Silence , and the one on 23 October by MoneyTaker. November attack: Silence.

Phishing

Phishing Computer and Electronics Data collection Access

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world. Espionage as one of the main APT groups’ goals.

Phishing

Phishing Manufacturing Marketing Blockchain

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Security Affairs

OCTOBER 17, 2023

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

Authentication

Authentication Passwords Data collection Communications

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

OCTOBER 10, 2018

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Group-IB, an international company that specializes in preventing cyber attacks, has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 Targeted attacks on banks: Active groups and withdrawal methods. million (2.96 million (2.96

Phishing

Phishing Sales Security Data collection

Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world

Security Affairs

JANUARY 27, 2020

More details emerged from the recently disclosed Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of e-commerce. Operators of the JavaScript-sniffer family, dubbed «GetBilling» by Group-IB, were arrested in Indonesia. Group-IB has been tracking the GetBilling JS-sniffer family since 2018.

e-Discovery

e-Discovery Personal data Marketing Cybersecurity

CHINA: Clarifications of data classification and grading requirements

DLA Piper Privacy Matters

OCTOBER 3, 2022

Given data classification and grading are mandatory requirements under the Data Security Law and Personal Information Protection Law, organisations should prioritise understanding their data collected and data processing activities within the coming months. Data classification.

Data collection

Data collection Personal data Access Compliance

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

Security Affairs

JANUARY 10, 2023

The StrongPity APT group targeted Android users with a trojanized version of the Telegram app served through a website impersonating a video chat service called Shagle. ESET researchers reported that StrongPity APT group targeted Android users with a trojanized version of the Telegram app. ” concludes the report.

Data collection

Data collection Access Communications IT

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

Security Affairs

SEPTEMBER 26, 2023

The organization confirmed that it was the victim of the massive hacking campaign targeting Progress MOVEit transfer systems that was conducted by the Clop ransomware group. In June, the Clop ransomware group claimed to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability.

Data breaches

Data breaches Ransomware Data collection Cybersecurity

China-linked hackers target telcos to steal 5G secrets

Security Affairs

MARCH 17, 2021

Chinese APT groups are targeting telecom companies in cyberespionage campaigns collectively tracked as Operation Diànxùn, to steal 5G secrets. Mustang Panda past operations include attacks on NGOs, the group used malware commonly associated with China-linked APT groups, such as Poison Ivy or PlugX.

Data collection

Data collection Phishing Government Security

Advisory note: ?Contact Tracing? for librarians and information professionals

CILIP

JULY 7, 2020

CILIP has provided this advisory note in response to the call for libraries and information services, particularly public libraries, to undertake data-collecting activity as part of the Government?s or vulnerable groups. The data collecting activity must not present a deterrent ? or vulnerable groups.

Libraries

Libraries Data collection Risk Privacy

Avast details Worok espionage group’s compromise chain

Security Affairs

NOVEMBER 15, 2022

Cyber espionage group Worok abuses Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. Researchers from cybersecurity firm Avast observed the recently discovered espionage group Worok abusing Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files.

Communications

Communications Metadata Data collection Cybersecurity

New Version of Meduza Stealer Released in Dark Web

Security Affairs

DECEMBER 29, 2023

The author behind Meduza distributed the following notification about the update on multiple underground communities and Telegram group: Attention! Under Christmas tree you can find great gifts such as significant improvements of user interface (panel), modal windows on loading and expansion of data collection objects.

Passwords

Passwords Authentication Data collection Privacy

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing

Phishing Healthcare Military Data collection

Power Generator in South Africa hit with DroxiDat and Cobalt Strike

Security Affairs

AUGUST 11, 2023

” reads the report published by Data collected related to multiple incidents analyzed by Kaspersky suggest the attack was conducted by the Russian-speaking RaaS cybercrime Pistachio Tempest or FIN12. The group focuses on healthcare industry and frequently used SystemBC alongside CS Beacon to deploy ransomware.

Ransomware

Ransomware Data collection Sales Security

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

The Last Watchdog

JUNE 20, 2022

Data collections released after ransomware attacks. The rise in Initial Access Brokers (IAB) markets give criminal groups easy access to purchase stolen credentials for a small fee. Databases with critical IP and/or PII. Chatter about the best methods to attack your business.

Ransomware

Ransomware Access Marketing Data collection

NEW TECH: How a ‘bio digital twin’ that helps stop fatal heart attacks could revolutionize medicine

The Last Watchdog

DECEMBER 7, 2021

A digital twin is a virtual duplicate of a physical entity or a process — created by extrapolating data collected from live settings. As data collection and computer modeling have advanced apace, so have the use-cases for digital twin technology. NTT Research is in the thick of this budding revolution.

Artificial Intelligence

Artificial Intelligence Data collection Data Privacy IT

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Security Affairs

JULY 30, 2020

The threat actors’ job postings messages were crafted to target the following specific US defense programs and groups: F-22 Fighter Jet Program Defense, Space and Security (DSS) Photovoltaics for space solar cells Aeronautics Integrated Fighter Group Military aircraft modernization programs.

Military

Military Data collection Phishing Ransomware

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

OCTOBER 31, 2022

Security experts say the passwords and other data stolen by Raccoon malware were often resold to groups engaged in deploying ransomware. gov — that allows visitors to check whether their email address shows up in the data collected by the Raccoon Stealer service.

Military

Military Passwords Data collection Ransomware

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Security Affairs

FEBRUARY 28, 2020

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates. In December 2016 , the Turkish blocked social media in the country to prevent the sharing of a video of the executions of Turkish soldiers by the IS group.

Military

Military Data collection Government Access

LLM Summary of My Book Beyond Fear

Schneier on Security

SEPTEMBER 15, 2023

Where possible, favor openness and transparency over aggressive data collection or restrictions which erode civil liberties. Privacy Rights – Pervasive monitoring and data collection erode privacy rights and dignity. Focus only on proportional responses. Surveillance creep risks violating autonomy.

Data collection

Data collection Risk Privacy Manufacturing

Volt Typhoon Disrupts US Organizations, CISA Issues Alerts

eSecurity Planet

FEBRUARY 16, 2024

Volt Typhoon, a notorious cyber group linked to the People’s Republic of China, has expanded its operations beyond illegal access and data theft. Microsoft then dubbed the group “Volt Typhoon,” describing its meticulous approach to identifying and exploiting vulnerabilities.

Cybersecurity

Cybersecurity Access Security Data collection

HONG KONG: Increased Enforcement Action?

DLA Piper Privacy Matters

NOVEMBER 17, 2022

On 14 November 2022, the Office of the Privacy Commissioner for Personal Data (“PCPD”) published two investigation reports for non-compliance of the Personal Data (Privacy) Ordinance (“PDPO”): EC Healthcare’s failure to obtain consent for the use, disclosure, and transfer of patient’s personal data across its group entities; and.

Personal data

Personal data Data Privacy Compliance Privacy

Almost Half of All Chrome Extensions Are Potentially High-Risk

eSecurity Planet

NOVEMBER 29, 2022

Over 14 percent of the extensions studied by the researchers collect PII, more than 6 percent collect authentication data, 2.51 percent collect personal communications, and 1.21 percent collect financial and payment information. Chrome extensions used to aid in writing are the most data-hungry (79.5

Risk

Risk Passwords Data collection Access

Security Affairs newsletter Round 304

Security Affairs

MARCH 7, 2021

jailbreaking tool Attackers took over the Perl.com domain in September 2020 Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw Clop ransomware gang leaks data allegedly stolen from cybersecurity firm Qualys Cyber Defense Magazine – March 2021 has arrived.

Security

Security Data breaches Ransomware Cybersecurity

China Emphasizes Protection of Personal Data by Issuing a New Circular

Hunton Privacy

FEBRUARY 18, 2020

Collection of personal information must be compliant with the Personal Information Security Specification, a non-binding national standard, and be restricted to the minimum required. The government encourages capable companies to utilize big data to support the control and prevention of epidemics and disease. Given that 99.1%

Personal data

Personal data Big data Data collection Cybersecurity

Getting Started with Rapid7 InsightIDR: A SIEM Tutorial

eSecurity Planet

JUNE 8, 2022

Once you are ready to install the collector role, first log into the InsightIDR portal : From the menu on the left side of the screen, click Data Collection. Once the collector installation is complete, head back to the InsightIDR portal, and from the menu on the left side of the screen, click Data Collection again.

Data collection

Data collection Access Passwords Marketing

Websites that Collect Your Data as You Type

Schneier on Security

MAY 19, 2022

After specifically crawling sites for password leaks in May 2021, the researchers also found 52 websites in which third parties, including the Russian tech giant Yandex, were incidentally collecting password data before submission. The group disclosed their findings to these sites, and all 52 instances have since been resolved.

Paper

Paper Passwords Analytics Marketing

Hackers targeted the US Census Bureau network, DHS report warns

Security Affairs

OCTOBER 11, 2020

Data collected by the agency is used by the federal government to allocate over $675 billion in federal funds to tribal, local, and state governments every year. The HTA report warns of an intensification of malicious activities conducted by both nation-states and cybercrime groups. critical infrastructure.

Government

Government Data collection Access Communications

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Singapore, 09/18/2020 — Group-IB , a global threat hunting and intelligence company headquartered in Singapore, evidenced the transformation of the threat portfolio over the first half of 2020. About Group-IB. Group-IB is a Singapore-based provider of solutions aimed at detection and prevention of cyberattacks and online fraud.

Phishing

Phishing Ransomware Data collection Sales

The GDPR: Everything you need to know about data controllers and data processors

IT Governance

NOVEMBER 14, 2018

That’s why we’ve dedicated this blog to explaining everything you need to know about data controllers and data processors. In a nutshell, a data controller is the person or group that decides when and why an organisation collects data. Responsibilities of the data controller. The basics.

GDPR

GDPR Retail Data collection Personal data

Spotlight: 1950 Census Public Service Announcements

Unwritten Record

MARCH 22, 2022

Census Bureau now found in Record Group 29: Records of the Bureau of the Census, 1790-2007. Over time, the way people are counted and the data collected has changed. Currently, citizens, non-citizen legal residents, non-citizen long-term visitors and undocumented immigrants are all included in census data. For example.

Data collection

Data collection Archiving Libraries Education

U.S. Commerce Department Proposes Expansion of Information and Communications Technology and Services Review Process

Data Matters

DECEMBER 9, 2021

2 Specifically, the interim final rule would be amended to include transactions that involve “software, software program[s], or a group of software programs, that [are] designed to be used on an end-point computing device and include[] as an integral functionality, the ability to collect, process, or transmit data via the internet.”

Communications

Communications Manufacturing Risk Data collection

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

The Last Watchdog

APRIL 9, 2020

Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. And industry groups and government regulators are stepping up efforts to incentivize IoT device makers to embed security at the device level. There’s no stopping the Internet of Things now.

IoT

IoT Security Cloud Passwords

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Security Affairs

OCTOBER 27, 2022

DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin payload-related alert in the last 30 days.

Ransomware

Ransomware Access Encryption Manufacturing

META hit with privacy complaints by EU consumer groups

UK data bill favours big business and ‘shady’ tech firms, rights group claims

Webinars

Trending Sources

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Webinars

Groups Call for Ethical Guidelines on Location-Tracking Tech

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

Ransomfeed – Third Quarter Report 2023 is out!

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

DRM Report Q2 2023 – Ransomware threat landscape

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Two hacker groups attacked Russian banks posing as the Central Bank of Russia

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world

CHINA: Clarifications of data classification and grading requirements

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

China-linked hackers target telcos to steal 5G secrets

Advisory note: ?Contact Tracing? for librarians and information professionals

Avast details Worok espionage group’s compromise chain

New Version of Meduza Stealer Released in Dark Web

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Power Generator in South Africa hit with DroxiDat and Cobalt Strike

GUEST ESSAY: Threat hunters adapt personas, leverage AI to gather intel in the Dark Web

NEW TECH: How a ‘bio digital twin’ that helps stop fatal heart attacks could revolutionize medicine

Operation North Star – North-Korea hackers targeted US defense and aerospace companies

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

LLM Summary of My Book Beyond Fear

Volt Typhoon Disrupts US Organizations, CISA Issues Alerts

HONG KONG: Increased Enforcement Action?

Almost Half of All Chrome Extensions Are Potentially High-Risk

Security Affairs newsletter Round 304

China Emphasizes Protection of Personal Data by Issuing a New Circular

Getting Started with Rapid7 InsightIDR: A SIEM Tutorial

Websites that Collect Your Data as You Type

Hackers targeted the US Census Bureau network, DHS report warns

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

The GDPR: Everything you need to know about data controllers and data processors

Spotlight: 1950 Census Public Service Announcements

U.S. Commerce Department Proposes Expansion of Information and Communications Technology and Services Review Process

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

Stay Connected