Document, Government, Manufacturing and Security

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe. “The data leakage affected all products and classified documents of the company.

Military

Military Manufacturing Ransomware Mining

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? Also, in September 2020, it was reported that Russian hackers targeted government agencies in NATO member countries, and nations who cooperate with NATO -> Link.” Pierluigi Paganini.

Military

Military Manufacturing Phishing Government

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually. Acting on a tip from Milwaukee, Wis.-based

Ransomware

Ransomware Security Agriculture Cybersecurity

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 1, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Patch your TeamCity instance to avoid server hack Is Gelsemium APT behind a targeted attack in Southeast Asian Government? A new round of the weekly SecurityAffairs newsletter arrived!

Artificial Intelligence

Artificial Intelligence Security Ransomware Data breaches

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

JANUARY 22, 2021

As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point. While it’s a progressive step for the network security of the U.S. government, standards will not apply to the IoT market at-large.

IoT

IoT Cybersecurity Manufacturing Government

The proposed EU Cyber Resilience Act: what it is and how it may impact the supply chain

Data Protection Report

OCTOBER 17, 2022

The CRA introduces common cybersecurity rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software. These security requirements are high level and drafted broadly. The CRA complements the “NIS2 Directive” which is also going through the EU legislative process.

Manufacturing

Manufacturing IT Cybersecurity Marketing

Analyzing IoT Security Best Practices

Schneier on Security

JUNE 25, 2020

New research: " Best Practices for IoT Security: What Does That Even Mean? " Confusion is evident from guidelines that conflate desired outcomes with security practices to achieve those outcomes. Back in 2017, I catalogued nineteen security and privacy guideline documents for the Internet of Things.

IoT

IoT Security Manufacturing Government

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs

MAY 22, 2020

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. This actor was first spotted by PaloAlto’s UNIT42 in 2018 during wide scale operations against technology, retail, manufacturing, and local government industries in the US, Europe and Asia.

Manufacturing

Manufacturing e-Delivery IT Security

Hacked Cellebrite and MSAB Software Released

Schneier on Security

JANUARY 16, 2023

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. Someone has released software and documentation from both companies. MSAB is a Swedish company that does the same thing.

Manufacturing

Manufacturing Government

Security Affairs newsletter Round 303

Security Affairs

FEBRUARY 28, 2021

Every week the best security articles from Security Affairs free for you in your email box. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. The post Security Affairs newsletter Round 303 appeared first on Security Affairs. Pierluigi Paganini.

Security

Security Blockchain Manufacturing Analytics

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Security Affairs

NOVEMBER 27, 2023

“The Defence Intelligence of Ukraine informs that as a result of a successful complex special operation in cyberspace, a large volume of confidential documents of the structural subdivision of the Russian Ministry of Transport – the Federal Air Transport Agency (Rosaviatsia) – is now acquired.”

Military

Military Manufacturing Government Authentication

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

eSecurity Planet

MARCH 3, 2023

The new document spells out an ambitious plan for implementing national cybersecurity controls and laws. The initiatives that stand out the most — critical infrastructure security standards, a national data privacy and security law, and liability for security failures — will likely take time and the support of Congress to implement.

Cybersecurity

Cybersecurity Government Manufacturing Personal data

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide. .

Energy and Utilities

Energy and Utilities Military Government Phishing

APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

Security Affairs

AUGUST 17, 2023

The documents used in the campaign used the “Farewell to Ambassador of Germany” and “Day of German Unity” themes. “EclecticIQ Analysts assess with high confidence that the identified pdf documents are part of a wider campaign targeting diplomatic corps across the globe. zulipchat[.]com) ” concludes the report.

Phishing

Phishing Manufacturing Government Authentication

Japan suspects HGV missile data leak in Mitsubishi security breach

Security Affairs

MAY 21, 2020

In January, the company disclosed a security breach that might have exposed personal and confidential corporate data, at the time, it claimed that attackers did not obtain sensitive information about defense contracts. Mitsubishi Electric had also already notified members of the Japanese government and the Ministry of Defense.

Security

Security Military Manufacturing Personal data

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

NOVEMBER 1, 2021

Experts uncovered a new threat actor, tracked as Balikbayan Foxes, that is impersonating the Philippine government to spread malware. . The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. ” reads the analysis published by the experts. . Pierluigi Paganini.

Healthcare

Healthcare Phishing Manufacturing Government

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia

Security Affairs

MAY 16, 2021

The Avaddon ransomware gang is giving Acer Finance 240 hours to communicate and cooperate with them before start leaking the stolen valuable company documents. As proof of the hack, the group published several ID cards, personal documents, contracts, and a screenshot of the folders containing stolen data. Pierluigi Paganini.

Ransomware

Ransomware Manufacturing Communications Risk

Cyber Essentials is Updating its Technical Requirements

IT Governance

MARCH 2, 2023

The NCSC (National Cyber Security Centre) has announced a major update to the technical controls of Cyber Essentials. For instance, documentation would specify that organisations not only have a certain number of laptops but that they were manufactured by, say, Dell and running on Windows 10 Pro 21H2.

IT

IT Manufacturing Government Security

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

Security Affairs

DECEMBER 7, 2021

APT15 has been active since at least 2010, it conducted cyber espionage campaigns against targets worldwide in several industries, including defense, high tech, energy, government, aerospace, and manufacturing. ” reads the post published by Microsoft. ” reads the post published by Microsoft. Pierluigi Paganini.

Manufacturing

Manufacturing Phishing Government Security

NHTSA Publishes Final Cybersecurity Best Practices

Hunton Privacy

SEPTEMBER 26, 2022

The 2022 Best Practices also is an update to NHTSA’s first cybersecurity best practices document, which was issued in 2016. .

Cybersecurity

Cybersecurity Manufacturing Risk Information Security

OpenText World Europe 2024 has taken flight

OpenText Information Management

APRIL 15, 2024

Help-desk employees can now find very specific, summarized answers from a deep repository of private, secured, semi-structured information in minutes instead of days. Automotive and manufacturing companies can use OpenText Aviator to reimagine their business intelligence and process automation. Prioritize trust Secure and govern data.

Cloud

Cloud Compliance Government Retail

China planted tiny chips on US computers for cyber espionage

Security Affairs

OCTOBER 4, 2018

China used tiny chips implanted on computer equipment manufactured for US companies and government agencies to steal secret information. Amazon discovered the tiny chips when it acquired software firm Elemental and conducted a security assessment of equipment made for Elemental by California-based Supermicro. government.”

Manufacturing

Manufacturing Government Security IT

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. It includes multi-disciplinary risk and compliance management solutions and tools, including: IT & security risk management. Third-party governance.

Compliance

Compliance Risk Government Retail

APT32 state hackers target human rights defenders with spyware

Security Affairs

FEBRUARY 24, 2021

“Amnesty Tech’s Security Lab found technical evidence in phishing emails sent to two prominent Vietnamese human rights defenders, one of whom lives in Germany, and a Vietnamese NGO based in the Philippines, showing that Ocean Lotus is responsible for the attacks between 2018 and November 2020.” Pierluigi Paganini.

Phishing

Phishing Manufacturing Government Privacy

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs

OCTOBER 7, 2020

Malwarebytes researchers Hossein Jazi and Jérôme Segura have documented a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER) service. Upon opening the document, a macro is triggered, the malicious code uses a custom version of the CactusTorch VBA module to perform a fileless attack.

Phishing

Phishing Manufacturing Archiving Government

Everteam Solutions for Enhanced Cyber Security

Everteam

JULY 11, 2019

Having this value and playing this massive role, data must be well managed and highly secured, especially that today’s data is digitized and stored in virtual repositories that might become vulnerable and risky with the fast evolvement of technology. Cyber Attacks and Cyber Security Threats . Everteam Security .

Security

Security Encryption Archiving Phishing

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Security Affairs

JUNE 17, 2022

Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. The malware samples analyzed impersonated the applications of telecommunications companies or smartphone manufacturers. ” continues the report.

Military

Military Manufacturing Government Security

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

APRIL 20, 2023

ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the bank’s clients. In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security.

Personal data

Personal data Phishing Risk Financial Services

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

IT Governance

MARCH 1, 2023

IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.

Data breaches

Data breaches Ransomware e-Delivery Government

Ransomware at IT Services Provider Synoptek

Krebs on Security

DECEMBER 27, 2019

-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software. When the site was first set up on Dec.

Ransomware

Ransomware IT Phishing Financial Services

Vietnam-linked APT32 group launches COVID-19-themed attacks against China

Security Affairs

APRIL 23, 2020

The APT32 group has been active since at least 2012, it has targeted organizations across multiple industries and foreign governments, dissidents, and journalists. Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors.

Phishing

Phishing Government Manufacturing Cybersecurity

UK NCSC releases the Vulnerability Disclosure Toolkit

Security Affairs

SEPTEMBER 15, 2020

The British National Cyber Security Centre (NCSC) released a guideline, dubbed The Vulnerability Disclosure Toolkit, for the implementation of a vulnerability disclosure process. Having a clearly signposted reporting process demonstrates that your organisation takes security seriously. ” states the document.

Communications

Communications Risk Manufacturing Government

Key aerospace player Safran Group leaks sensitive data

Security Affairs

MARCH 15, 2023

It collaborates with Airbus, the second-largest aerospace company globally after Boeing, to manufacture aerospace equipment. Also, the company manufactures surface-to-air defense systems and missiles. It is crucial to ensure that leaked keys are in longer bit-lengths and encoded using secure encryption/hashing algorithms.

Manufacturing

Manufacturing Access Risk IT

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

MAY 5, 2021

“For example, UNC2529 used a unique username, masquerading as an account executive for a small California-based electronics manufacturing company, which Mandiant identified through a simple Internet search.” In some attacks, the threat actors used weaponized Excel documents as a downloader. Pierluigi Paganini.

Manufacturing

Manufacturing Phishing Military Retail

Data security: Why a proactive stance is best

IBM Big Data Hub

JULY 7, 2023

But with a proactive approach to data security, organizations can fight back against the seemingly endless waves of threats. IBM Security X-Force found the most common threat on organizations is extortion, which comprised more than a quarter (27%) of all cybersecurity threats in 2022. Where do data breaches originate?

Security

Security Data breaches Data Privacy Compliance

Risk Management under the DORA Regulation

IT Governance

NOVEMBER 23, 2023

You’d therefore expect that the sector fares better at data security than your average organisation. The public data set on the ICO (Information Commissioner’s Office) website shows that data security isn’t necessarily better for financial organisations. What do the statistics say? million (about £4.70

Risk

Risk Data breaches Authentication Financial Services

Mitsubishi Electric discloses data breach, media blame China-linked APT

Security Affairs

JANUARY 20, 2020

Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate information. Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data. The amount of unauthorized access is approximately 200 megabytes, mainly for documents.”

Data breaches

Data breaches Computer and Electronics Government Manufacturing

UK: New National Strategy for Health Data

DLA Piper Privacy Matters

JULY 13, 2022

The UK’s Department for Health and Social Care (“ DHSC ”) has published a major strategy document (‘ Data saves lives: reshaping health and social care with data ’) outlining the government’s plans for the regulation and use of data in healthcare. Secure Data Environments. Author: James Clark. Fair Terms for Data Partnerships.

Artificial Intelligence

Artificial Intelligence Privacy Government Access

IS THE EVOLUTION OF THE DMS SCANNER TAKING ITS CUES FROM MFP DESIGNS?

Info Source

JULY 13, 2023

In the past, the aesthetics of a product were not considered to be high on the priority list of manufacturers – these were office devices and functionality, and performance were the key defining features. Therefore, PC-less scanning is now a key differentiating factor for manufacturers in this competitive sector of the market.

IT

IT Manufacturing Marketing Computer and Electronics

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

Data Matters

FEBRUARY 14, 2019

On January 28, 2019, the Healthcare and Public Health Sector Coordinating Council released the “ Medical Device and Health IT Joint Security Plan ” (“JSP” or “Plan”)—cybersecurity recommendations for medical device manufacturers, healthcare information technology vendors, and healthcare providers. Design Control.

Cybersecurity

Cybersecurity IT Manufacturing Risk

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

A hacker managed to identify a weak spot in a security camera model. Usually, the default settings are not focused on security. Furthermore, consumers believe that companies and services have the responsibility of keeping their data secure. Users could leave all the responsibility to governments and other institutions.

IoT

IoT Cybersecurity Manufacturing Passwords

Pre-Installed malware spotted on other Android phones sold in US

Security Affairs

JULY 9, 2020

Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. The post Pre-Installed malware spotted on other Android phones sold in US appeared first on Security Affairs. ” continues Malwarebytes. Pierluigi Paganini.

Manufacturing

Manufacturing Government Security IT

Hacker breached Perceptics, a US maker of license plate readers

Security Affairs

MAY 26, 2019

The company was hacked and attackers stole data and offered business plans, financial documents, and personal information for free on the dark web. LPRs manufactured by Perceptics are installed at all land border crossing lanes for privately owned vehicle traffic (POV) in the United States, Canada, and for the most critical lanes in Mexico.

File names

File names Data breaches Manufacturing Cybersecurity

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

Security Affairs

DECEMBER 21, 2018

The US Department of Justice charged two Chinese hackers for hacking numerous companies and government agencies in a dozen countries, US Indicts Two Chinese Government Hackers Over Global Hacking Campaign. ” reads the press release published by the DoJ. Department of Energy’s Lawrence Berkeley National Laboratory.

Computer and Electronics

Computer and Electronics Healthcare Manufacturing Government

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Researchers found alleged sensitive documents of NATO and Turkey

Webinars

Trending Sources

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Webinars

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

The IoT Cybersecurity Act of 2020: Implications for Devices

The proposed EU Cyber Resilience Act: what it is and how it may impact the supply chain

Analyzing IoT Security Best Practices

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Hacked Cellebrite and MSAB Software Released

Security Affairs newsletter Round 303

Ukraine’s intelligence service hacked Russia’s Federal Air Transport Agency, Rosaviatsia

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

APT29 is targeting Ministries of Foreign Affairs of NATO-aligned countries

Japan suspects HGV missile data leak in Mitsubishi security breach

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Avaddon Ransomware gang hacked France-based Acer Finance and AXA Asia

Cyber Essentials is Updating its Technical Requirements

Microsoft seized 42 domains used by the China-linked APT15 cyberespionage group

NHTSA Publishes Final Cybersecurity Best Practices

OpenText World Europe 2024 has taken flight

China planted tiny chips on US computers for cyber espionage

Top 10 Governance, Risk and Compliance (GRC) Vendors

APT32 state hackers target human rights defenders with spyware

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Everteam Solutions for Enhanced Cyber Security

Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company

Multinational ICICI Bank leaks passports and credit card numbers

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

Ransomware at IT Services Provider Synoptek

Vietnam-linked APT32 group launches COVID-19-themed attacks against China

UK NCSC releases the Vulnerability Disclosure Toolkit

Key aerospace player Safran Group leaks sensitive data

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Data security: Why a proactive stance is best

Risk Management under the DORA Regulation

Mitsubishi Electric discloses data breach, media blame China-linked APT

UK: New National Strategy for Health Data

IS THE EVOLUTION OF THE DMS SCANNER TAKING ITS CUES FROM MFP DESIGNS?

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Pre-Installed malware spotted on other Android phones sold in US

Hacker breached Perceptics, a US maker of license plate readers

US DoJ indicts Chinese hackers over state-sponsored cyber espionage

Stay Connected