Document and Security - Information Management Today

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Passwords

Passwords Ransomware Personal data Risk

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. at the end of October. reported 404 Media. “The

Encryption

Encryption Passwords Security Communications

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

Security Affairs

JUNE 11, 2025

INTERPOL announced that a joint operation code-named Operation Secure took down 20,000+ malicious IPs/domains tied to 69 info-stealers. Between January and April 2025, INTERPOL led Operation Secure, a global effort that took down over 20,000 malicious IPs and domains linked to information-stealing malware.

Security

Security Data collection Phishing Access

Webinars

How to Start Virtual Care the Right Way: A Proven Roadmap for 2025 and Beyond

MORE WEBINARS

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Security Affairs

NOVEMBER 8, 2024

Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media.

Communications

Communications Passwords Security IT

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

” Immediately, the company launched an investigation, which is still ongoing, into the alleged security incident. ” reads the Reports of Security Incident published by the company. ” reads the Reports of Security Incident published by the company.

Data breaches

Data breaches Access Cloud Security

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Security Affairs

FEBRUARY 11, 2025

Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. With over 90% of enterprises storing at least some of their data in the cloud, AIs ability to enhance security across complex, distributed environments is more vital than ever.

Artificial Intelligence

Artificial Intelligence Security Unstructured data Cloud

Your Android phone is getting a huge security upgrade for free - what's new

Collaboration 2.0

JUNE 11, 2025

But often an employee's phone is unmanaged and uncontrolled, leading to security weaknesses that can be exploited by hackers and attackers. Security features Advanced protection: Employees can better thwart targeted attacks through strong mobile device protection. Here's what they do.

Security

Security Passwords Artificial Intelligence Digital transformation

AI in the Cloud: The Rising Tide of Security and Privacy Risks

Security Affairs

MAY 16, 2025

Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise growing concerns over data security and privacy risks. While these tools deliver clear productivity gains, they also expose businesses to complex new risks, particularly around data security and privacy.

Risk

Risk Privacy Cloud Security

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. It also offers various economic services, including equipment maintenance, building upkeep, load securing, and quality control. The Port of Rijeka (Luka Rijeka d.d.),

Ransomware

Ransomware Personal data Security IT

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

Then he requested help from Amnesty Internationals Security Lab fearing to be the target of surveillance software like other journalists in Serbia. After the police released him, Milanov noticed suspicious changes to his phone settings, such as disabled data and Wi-Fi. ” reads the report published by Amnesty.

Personal data

Personal data Encryption Security Privacy

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Security Affairs

MAY 18, 2025

“However, rogue communication devices not listed in product documents have been found in some Chinese solar power inverters by U.S experts who strip down equipment hooked up to grids to check for security issues, the two people said.” Representative August Pfluger, a Republican member of the Committee on Homeland Security.

Energy and Utilities

Energy and Utilities Manufacturing Communications Government

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs

MAY 11, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components Stealthy Linux backdoor leveraging (..)

Security

Security Ransomware Access Data breaches

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

Security Affairs

APRIL 6, 2025

The document is realistic enough to bypass automated Know Your Customer (KYC) checks, the expert states. Experts are calling for stronger defenses, including broader use of NFC-based verification and electronic identity documents (eIDs), which offer more resilient, hardware-level authentication. ” Musielak wrote on X.

Insurance

Insurance Authentication Compliance IT

News alert: INE Security debuts advanced eMAPT certification to close mobile security talent gap

The Last Watchdog

JULY 10, 2025

Cary, NC, July 10, 2025, CyberNewsire — INE Security , a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing) certification.

Security

Security Communications Cybersecurity Education

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

TopSec is also a Tier 1 vulnerability supplier for China’s intelligence ministry and has provided cloud and IT security monitoring services nationwide since 2004. The data leak includes infrastructure details and work logs from employees of a state-affiliated private sector security firm in China.

Cybersecurity

Cybersecurity Government Cloud Security

Cisco fixed tens of vulnerabilities, including an actively exploited one

Security Affairs

OCTOBER 24, 2024

Cisco addressed multiple vulnerabilities in Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Firepower Threat Defense (FTD) products, including an actively exploited flaw tracked as CVE-2024-20481. The vulnerability CVE-2024-20481 (CVSS score of 5.8) ” continues the advisory.

Passwords

Passwords Authentication Access Security

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

The group claimed to have stolen 500GB of data including Finacial data, Organisation data, Users data and personal documents, NDA’s, Confidential data, and more. As proof of the data breach, the group published multiple screenshots, including pictures of passports and other documents.

Ransomware

Ransomware Blockchain Insurance Data breaches

From Risk Assessment to Action: Improving Your DLP Response

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. They typically include an evaluation of data handling practices, security policies, and DLP solutions to identify and remediate any vulnerabilities that could result in a data breach.

Risk

Risk Cybersecurity Cloud Compliance

184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach

Collaboration 2.0

JUNE 20, 2025

The file was completely exposed - no encryption, no password protection, no security - just a plain text document containing millions of sensitive data entries.

Passwords

Passwords Data breaches Encryption Security

Canada bans Hikvision over national security concerns

Security Affairs

JUNE 30, 2025

Canada bans Hikvision over national security concerns, ordering the company to stop operations and barring its tech from government use. Canada ordered Chinese surveillance firm Hikvision to cease all operations in the country, citing national security concerns. to cease all operations in Canada and close its Canadian business. .’s

Security

Security Government Manufacturing Military

Your Android phone is getting new security protections - and it's a big deal for enterprises

Collaboration 2.0

JUNE 10, 2025

But often an employee's phone is unmanaged and uncontrolled, leading to security weaknesses that can be exploited by hackers and attackers. Security features Advanced protection: Employees can better thwart targeted attacks through strong mobile device protection. Here's what they do.

Security

Security IT Passwords Artificial Intelligence

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Government

Government Phishing Cybersecurity Access

News alert: Reflectiz expands Datadog’s security scope to cover client-side web vulnerabilities

The Last Watchdog

JULY 9, 2025

(NASDAQ: DDOG), the monitoring and security platform for cloud applications. This integration combines advanced website security intelligence with enterprise-grade observability, empowering organizations with continuous visibility and control over their expanding attack surface. vendors used by your vendors). “By

Security

Security Risk Financial Services Compliance

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The use of popular instant messaging apps on both mobile and desktop devices broadens the attack surface, creating uncontrolled information exchange channels that bypass security measures. DCRat first appeared in the threat landscape in 2018, but a year later it was redesigned and relaunched.

Computer and Electronics

Computer and Electronics Archiving Passwords Government

A new fileless variant of Remcos RAT observed in the wild

Security Affairs

NOVEMBER 11, 2024

The phishing messages contain a malicious Excel document disguised as an order file to trick the recipient into opening the document. Threat actors use Remcos to steal sensitive information and control victims’ computers for malicious activities. Upon opening the file, the RCE vulnerability CVE-2017-0199 is exploited.

Phishing

Phishing Metadata Encryption IT

U.S. cannabis dispensary STIIIZY disclosed a data breach

Security Affairs

JANUARY 11, 2025

The security breach exposed customer data and IDs between October 10 and November 10, 2024. After discovering the security breach, the company investigated the incident and notified law enforcement. We have determined that certain of our customers personal information and documents was acquired by the threat actors.”

Data breaches

Data breaches Retail Sales Government

Strategies for Securing Your Supply Chain

IT Governance

OCTOBER 23, 2024

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. How can you secure a ‘supply loop’?

Security

Security Information Security Risk Access

Pentagon Cuts Threaten Programs That Secure Loose Nukes and Weapons of Mass Destruction

WIRED Threat Level

MARCH 6, 2025

Documents obtained by WIRED show the US Department of Defense is considering cutting up to 75 percent of workers who stop the spread of chemical, biological, and nuclear weapons.

Security

Fidelity Investments suffered a second data breach this year

Security Affairs

OCTOBER 14, 2024

An investigation was promptly launched with assistance from external security experts.” ” Compromised information includes names, Social Security numbers, financial account data, and drivers license information. We detected this activity on August 19 and immediately took steps to terminate the access.

Data breaches

Data breaches Financial Services Access Security

Google Pixel 9 supports new security features to mitigate baseband attacks

Security Affairs

OCTOBER 6, 2024

Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks. Pixel phones are known for their strong security features, particularly in protecting the cellular baseband, which is the processor handling LTE, 4G, and 5G communications. ” concludes the announcement.

Security

Security Communications IT Access

Coinbase disclosed a data breach after an extortion attempt

Security Affairs

MAY 15, 2025

“These instances of such personnel accessing data without business need were independently detected by the Companys security monitoring in the previous months. ” The security breach did not expose passwords, private keys, or customer funds. and adding stronger security controls and monitoring across all locations.

Data breaches

Data breaches Retail Access Passwords

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Security Affairs

MAY 13, 2025

Ransomware attacks on defense contractors and their supply chains have profound implications for national security, operational efficiency, financial stability, trust and brand reputation.

Ransomware

Ransomware Military Risk Cybersecurity

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Security Affairs

APRIL 16, 2025

-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. The 25-year-old program has assigned over 274,000 CVE IDs for public security vulnerabilities. cybersecurity agency told media [ 1 , 2 ].

Cybersecurity

Cybersecurity Government Risk Security

Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware

Security Affairs

JANUARY 14, 2025

The experts observed a cyber espionage campaign using weaponized Kazakh Ministry of Foreign Affairs documents to gather intelligence on Central Asia’s diplomatic and economic ties. Upon enabling the macro in the weaponized documents, the malicious code creates a second blank document in the C:Users[USER]AppDataLocalTemp folder.

Government

Government IT Security Information Security

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

Cisco confirmed the authenticity of the 4GB of leaked data, the data was compromised in a recent security breach, marking the second leak in the incident. Cisco confirmed the authenticity of the 4GB of leaked data, which was compromised in a recent security breach, marking it as the second leak in the incident.

Authentication

Authentication Data breaches Access Cloud

Coinbase data breach impacted 69,461 individuals

Security Affairs

MAY 21, 2025

These instances of such personnel accessing data without business need were independently detected by the Companys security monitoring in the previous months. The security breach did not expose passwords, private keys, or customer funds. and adding stronger security controls and monitoring across all locations. We said no.

Data breaches

Data breaches Communications Retail Access

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

Krebs on Security

JULY 15, 2024

Monahan said the migration has left domain owners with fewer options to secure and monitor their accounts. “If you bought Google Workspace via Google Domains, Squarespace is now your authorized reseller,” the help document explains. It’s easier to secure one account than two.”

Security

Security Passwords Access Phishing

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. European, and Asian entities. systems. .”

Government

Government Cybersecurity Access IT

CEO of cybersecurity firm charged with installing malware on hospital systems

Security Affairs

APRIL 26, 2025

Security footage reportedly shows the man attempting to access multiple offices before installing malicious software designed to capture screenshots every 20 minutes and transmit them to an external IP address. Bowie was arrested on April 14, following the issuance of an arrest warrant.

Cybersecurity

Cybersecurity Access Security IT

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Security Affairs

JUNE 24, 2025

While Signal itself remains secure, attackers are exploiting its growing popularity in official communications to make their phishing attempts more convincing. “Attackers, using Signal, delivered a malicious document titled “Акт.doc” containing a macro. The experts were not able to determine the initial infection vector.

Phishing

Phishing Encryption Military Communications

State-sponsored hackers compromised the email accounts of several Washington Post journalists

Security Affairs

JUNE 17, 2025

A cyberattack, likely carried out by state-sponsored hackers, compromised the Microsoft email accounts of Washington Post journalists, including reporters covering China and national security. The reporters targeted include those on the national-security and economic-policy teams, including some who write about China, the people said.”

Passwords

Passwords Access Cybersecurity Government

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Security

Security Phishing Encryption Ransomware

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

Earlier this month, the security firm Arctic Wolf warned about ClickFix attacks targeting people working in the healthcare sector. Malicious macros became such a common malware threat that Microsoft was forced to start blocking macros by default in Office documents that try to download content from the web.

Phishing

Phishing Passwords Security IT

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. million unfilled cyber security jobs, showing a big need for skilled professionals. Market Growth: AI cyber security technology is projected to grow by 23.6% The US topped the list at $5.09

Security

Security IoT Phishing Ransomware

FBI warns of malicious free online document converters spreading malware

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Webinars

Trending Sources

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

Webinars

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Artificial intelligence (AI) as an Enabler for Enhanced Data Security

Your Android phone is getting a huge security upgrade for free - what's new

AI in the Cloud: The Rising Tide of Security and Privacy Risks

8Base ransomware group hacked Croatia’s Port of Rijeka

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

News alert: INE Security debuts advanced eMAPT certification to close mobile security talent gap

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Cisco fixed tens of vulnerabilities, including an actively exploited one

Black Basta ransomware gang hit BT Group

From Risk Assessment to Action: Improving Your DLP Response

184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach

Canada bans Hikvision over national security concerns

Your Android phone is getting new security protections - and it's a big deal for enterprises

FBI: Spike in Hacked Police Emails, Fake Subpoenas

News alert: Reflectiz expands Datadog’s security scope to cover client-side web vulnerabilities

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

A new fileless variant of Remcos RAT observed in the wild

U.S. cannabis dispensary STIIIZY disclosed a data breach

Strategies for Securing Your Supply Chain

Pentagon Cuts Threaten Programs That Secure Loose Nukes and Weapons of Mass Destruction

Fidelity Investments suffered a second data breach this year

Google Pixel 9 supports new security features to mitigate baseband attacks

Coinbase disclosed a data breach after an extortion attempt

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware

Cisco states that the second data leak is linked to the one from October

Coinbase data breach impacted 69,461 individuals

Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks

FBI deleted China-linked PlugX malware from over 4,200 US computers

CEO of cybersecurity firm charged with installing malware on hospital systems

Russia-linked APT28 use Signal chats to target Ukraine official with malware

State-sponsored hackers compromised the email accounts of several Washington Post journalists

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

ClickFix: How to Infect Your PC in Three Easy Steps

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Stay Connected