Education, Groups, Industry and Security - Information Management Today

News Alert: CybSafe CEO Oz Alashe MBE recognized as “Security Industry Innovator” for 2023

The Last Watchdog

JULY 11, 2023

Boston, July 7, 2023 — CybSafe, the human risk management platform, has today announced CEO Oz Alashe MBE has been named as a SecurityInfoWatch.com , Security Business and Security Technology Executive magazines’ 2023 Security Industry Innovator Award winner.

Security

Security Risk Education Marketing

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Security Affairs

OCTOBER 16, 2023

Microsoft thwarted a large-scale hacking campaign carried out by Akira ransomware operators targeting an unknown industrial organization. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers. ” reads the analysis published by Microsoft.

Ransomware

Ransomware Education Encryption Access

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security

Security Phishing Communications Financial Services

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

However, there’s still a long way to go to achieve deep interoperability of interconnected services in a way that preserves privacy and is very secure. It’s important that as consumers are shopping for these smart home devices that they learn to recognize the Matter trademark so that they can make educated decisions.”

Security

Security Manufacturing Authentication Marketing

News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac

The Last Watchdog

FEBRUARY 15, 2024

Through its Breach Coach ® designation, NetDiligence recognizes Harter Secrest & Emery as an industry leader and enhances the firm’s reputation as a trusted resource for clients navigating the complex landscape of data incident response. Greene Led by partner F.

Data breaches

Data breaches Financial Services Big data Retail

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Security Affairs

MARCH 25, 2020

The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. Pierluigi Paganini.

Healthcare

Healthcare Education Manufacturing Government

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

Security Affairs

JANUARY 13, 2023

A Pro-Russian group named NoName057(16) is targeting organizations in Ukraine and NATO countries with DDoS attacks. A Pro-Russian cybercrime group named NoName057 (16) (aka 05716nnm or Nnm05716) is behind a wave of DDoS attacks against organizations in Ukraine and NATO countries, SentinelOne researchers reported.

Education

Education Government Security IT

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

Security Affairs

FEBRUARY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. The issue was listed by CISA as known to be used in ransomware campaigns, but the agency did not reveal which ransomware groups are actively exploiting the issue.

Ransomware

Ransomware Cybersecurity Education Passwords

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks against organizations across multiple industry sectors.

Ransomware

Ransomware Manufacturing Education Passwords

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups. . These malware strains did not present any similarities with malware associated with other APT groups.

Cybersecurity

Cybersecurity Government Education Security

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs.

Ransomware

Ransomware Encryption Government Retail

Save the Children confirms it was hit by cyber attack

Security Affairs

SEPTEMBER 12, 2023

The company disclosed the security incident after the ransomware gang BianLian listed the organization on its Tor leak site. The BianLian extortion group claims to have stolen 6,8 TB of documents, including International HR data, international personal data.

IT

IT Ransomware Education Data breaches

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

Security Affairs

DECEMBER 22, 2023

The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. ” reads the message published by the group on its data leak site. Nissan already notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre.

Ransomware

Ransomware Data breaches Financial Services Archiving

News alert: Hornetsecurity launches new podcast series all about overcoming cybersecurity risks

The Last Watchdog

AUGUST 31, 2023

31, 2023 – Hornetsecurity has recently launched The Security Swarm podcast series to shed light on the latest cybersecurity issues. This podcast is one of many new approaches we have introduced to support and educate cybersecurity decision-makers across the world.” Hannover, Germany, Aug.

Cybersecurity

Cybersecurity Risk Education Security awareness

New Ransom Payment Schemes Target Executives, Telemedicine

Krebs on Security

DECEMBER 8, 2022

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. Alex Holden is founder of Hold Security , a Milwaukee-based cybersecurity firm. “ TA505 “), and a newer ransom group known as Venus.

Ransomware

Ransomware Metadata Insurance Encryption

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. ” reads the report. It was this first time that the operators adopted this tactic.

Ransomware

Ransomware Encryption Education Phishing

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Security Affairs

SEPTEMBER 8, 2023

Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Ransomware

Ransomware Authentication Access Education

What Are You Doing for Cyber Security Awareness Month?

IT Governance

OCTOBER 6, 2022

This October is Cyber Security Awareness Month, an event designed to educate people about information security and the steps they can take to stay safe online. Now in its nineteenth year, the campaign provides tools and resources to help people learn more about the cyber security industry and the ways they can get involved.

Security awareness

Security awareness Security Phishing Passwords

How CyBOK Can Help You Develop Your Cyber Security Career

IT Governance

OCTOBER 27, 2022

million more workers are required to meet the global cyber security skills gap. This is a huge employment opportunity, but do you know what knowledge and skills you need to develop your career as a cyber security professional? What is cyber security? What do cyber security professionals need to know?

Security

Security Paper Education Government

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Cybersecurity

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Krebs on Security

MARCH 2, 2021

today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.

Education

Education Access Authentication Communications

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware Authentication Cybersecurity Education

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

Compromised data includes policyholders’ and their families’ civil status, dates of birth and social security numbers, as well as the name of their health insurer and information relating to their contracts. It has since been confirmed by Anukul Peedkaew, the permanent secretary of social development and human security.

Data Privacy

Data Privacy Manufacturing Privacy Security

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems. Microsoft’s initial advisory about the Exchange flaws credited Reston, Va.

Cleanup

Cleanup Cybersecurity Government Cloud

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Ransomware

Ransomware Education Encryption Authentication

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. Source New Telecoms USA Yes 6,158 Nabholz Construction Company Employee Welfare Health Plan Source 1 ; source 2 New Healthcare USA Yes 5,326 Dawson James Securities, Inc. North Hill Home Health Care, Inc.,

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

BlueCharlie changes attack infrastructure in response to reports on its activity

Security Affairs

AUGUST 6, 2023

Russia-linked APT group BlueCharlie was observed changing its infrastructure in response to recent reports on its activity. The APT group has been active since at least 2017, its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft. Some examples are cloudrootstorage[.]com,

IT

IT Phishing Authentication Education

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

The Last Watchdog

FEBRUARY 20, 2023

One report showed ransomware attacks increased by 80 percent in 2022, with manufacturing being one of the most targeted industries. The Glenn County Office of Education in California suffered an attack limiting access to its own network. So wWhy would a business pay out money instead of cleaning up the mess and securing its systems?

Ransomware

Ransomware Cleanup Education Manufacturing

News alert: Beazley reports on how AI, new tech distract businesses as cyber risk intensifies

The Last Watchdog

JULY 13, 2023

Is business becoming dulled to the cyber security threat As cyber fears decrease, the technological risk landscape has fragmented, with executives nearly as concerned about the perceived threat posed by disruptive new technologies, such as AI, as the risk of cybercrime.

Risk

Risk Insurance Energy and Utilities Marketing

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

Each participating organization is committed to developing cyber skills and programs to train the workforce across a wide range of industries, including manufacturing. The program will offer 22 additional training pathways that prepare learners for 16 cybersecurity work roles and 17 industry certifications.

Cybersecurity

Cybersecurity Manufacturing Military Artificial Intelligence

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Thales Cloud Protection & Licensing

MARCH 23, 2022

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies. Malware and accidental human error are the biggest security threats. When asked about the most frequent types of attacks, 56% of global respondents ranked malware as the leading source of security attacks. Thu, 03/24/2022 - 05:00. 2021 Report.

Risk

Risk Security Encryption Ransomware

Security Affairs newsletter Round 292

Security Affairs

DECEMBER 6, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 292 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Security

Security Healthcare Ransomware Education

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024 The operation led to the arrest of two members of the ransomware gang in Poland and Ukraine and the seizure of hundreds of crypto wallets used by the group.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Security Affairs

AUGUST 31, 2023

Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Threat actors are conducting credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. ” reads a post published by Cisco PSIRT. 200 and 162.35.92[.]242

Authentication

Authentication Ransomware Access Education

Akira ransomware targets Finnish organizations

Security Affairs

JANUARY 13, 2024

” The ransomware attack reported in late 2023, targeted organizations’ networks using poorly secured VPN gateway on Cisco ASA or FTD devices. The attackers exploited the vulnerability CVE-2023-20269 in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD).

Ransomware

Ransomware Authentication Cybersecurity Education

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

According to the security firm, the group is financially motivated, its cyberespionage campaign hit high value targets such as government and educational institutions, religious movements, pro-democracy and human rights organisations in Hong Kong, Covid-19 research organisations, gambling and cryptocurrency companies, and the media.

Healthcare

Healthcare Phishing Archiving Education

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

. “The Department of State is announcing reward offers totaling up to $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware group.”

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

DECEMBER 14, 2023

Consumers will begin to see their favorite applications touting “quantum-secure encryption.” GenAI holds immense potential to supercharge productivity, but if you forget basic security hygiene, you’re opening yourself up to significant risk. But they also increase the potential for security flaws and data privacy violations.

Cybersecurity

Cybersecurity Encryption Marketing Risk

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

DTrack is a modular backdoor used by the Lazarus group since 2019 , it was employed in attacks against a wide variety of targets, from financial environments to a nuclear power plan. The second stage payload is a heavily obfuscated shellcode, the APT group used an encryption method different for each sample. Pierluigi Paganini.

Manufacturing

Manufacturing Education Encryption IT

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

The technology industry has met the dramatic rise in ransomware and other cyber attacks with an impressive set of tools to help companies mitigate the risks. The increase in remote workforces and difficulty enforcing security controls with expanding perimeters has played a role in the rise of ransomware. Preventing ransomware.

Ransomware

Ransomware Education Phishing Financial Services

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide. .

Energy and Utilities

Energy and Utilities Military Government Phishing

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The Qilin ransomware-as-a-service (RaaS) group uses a double-extortion model, with most of the victims in the manufacturing and IT industries. The ransomware was originally written in Go language and was employed in attacks aimed at healthcare and education sectors in countries like Thailand and Indonesia. AGENDA.THIAFBB.”

Ransomware

Ransomware Encryption Passwords Education

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. The group rapidly weaponized N-day vulnerabilities in popular enterprise applications by using publicly disclosed POCs. ” reads the report published by Microsoft.

Energy and Utilities

Energy and Utilities Military Education Phishing

The Sheriffs are in Town: Recent Developments in Initial Coin Offerings (ICO) Enforcement and Investor Education

Data Matters

SEPTEMBER 11, 2018

In the months following director William Hinman’s noteworthy speech on whether and when a digital asset is subject to securities laws, U.S. regulators have continued their stern warnings regarding the importance of compliance with the securities laws. securities laws. Convertible Equity Securities.

Education

Education Blockchain Sales Mining

News Alert: CybSafe CEO Oz Alashe MBE recognized as “Security Industry Innovator” for 2023

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Webinars

Trending Sources

Unmasking 2024’s Email Security Landscape

Webinars

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

FBI and CISA warn of attacks by Rhysida ransomware gang

Purple Lambert, a new malware of CIA-linked Lambert APT group

PYSA ransomware gang is the most active group in November

Save the Children confirms it was hit by cyber attack

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

News alert: Hornetsecurity launches new podcast series all about overcoming cybersecurity risks

New Ransom Payment Schemes Target Executives, Telemedicine

Akira ransomware received $42M in ransom payments from over 250 victims

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

What Are You Doing for Cyber Security Awareness Month?

How CyBOK Can Help You Develop Your Cyber Security Career

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Akira ransomware targets Finnish organizations

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

BlueCharlie changes attack infrastructure in response to reports on its activity

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

News alert: Beazley reports on how AI, new tech distract businesses as cyber risk intensifies

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

Shifting Risk and Business Environment Demand creates a Shift in Security Strategies

Security Affairs newsletter Round 292

More details about Operation Cronos that disrupted Lockbit operation

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Akira ransomware targets Finnish organizations

Financially motivated Earth Lusca threat actors targets organizations worldwide

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Experts spotted a variant of the Agenda Ransomware written in Rust

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

The Sheriffs are in Town: Recent Developments in Initial Coin Offerings (ICO) Enforcement and Investor Education

Stay Connected