Education, Groups, Security and Tools - Information Management Today

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Since at least June 2020, and possibly earlier, the cyberespionage group has used the tool GooseEgg to exploit the CVE-2022-38028 vulnerability.

Military

Military File names Education Phishing

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization. Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization.

Phishing

Phishing Cloud Government Education

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Security Affairs

MAY 12, 2023

CISA and FBI warned of attacks conducted by the Bl00dy Ransomware Gang against the education sector in the country. The FBI and CISA issued a joint advisory warning that the Bl00dy Ransomware group is actively targeting the education sector by exploiting the PaperCut remote-code execution vulnerability CVE-2023-27350.

Education

Education Ransomware Encryption Communications

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 25, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions.

IT

IT Education Cybersecurity Risk

AuKill tool uses BYOVD attack to disable EDR software

Security Affairs

APRIL 24, 2023

Ransomware operators use the AuKill tool to disable EDR software through Bring Your Own Vulnerable Driver (BYOVD) attack. Sophos researchers reported that threat actors are using a previously undocumented defense evasion tool, dubbed AuKill, to disable endpoint detection and response (EDR) software.

Ransomware

Ransomware Education Security Cybersecurity

Vice Society gang is using a custom PowerShell tool for data exfiltration

Security Affairs

APRIL 17, 2023

Vice Society ransomware operators have been spotted using a PowerShell tool to exfiltrate data from compromised networks. Threat actors are using the PowerShell tool to evade software and/or human-based security detection mechanisms. The CreateJobLocal function receives groups of directories, often in groups of five.

Ransomware

Ransomware Education Cybersecurity Security

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Krebs on Security

OCTOBER 14, 2021

Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. Louis Post-Dispatch for reporting a security vulnerability that exposed teacher SSNs.

Security

Security Education Computer and Electronics Access

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

Security Affairs

JANUARY 13, 2023

A Pro-Russian group named NoName057(16) is targeting organizations in Ukraine and NATO countries with DDoS attacks. A Pro-Russian cybercrime group named NoName057 (16) (aka 05716nnm or Nnm05716) is behind a wave of DDoS attacks against organizations in Ukraine and NATO countries, SentinelOne researchers reported.

Education

Education Government Security IT

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with ransomware groups.

Ransomware

Ransomware Manufacturing Education Passwords

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Security Affairs

NOVEMBER 7, 2023

Iran-linked Agonizing Serpens group has been targeting Israeli organizations with destructive cyber attacks since January. The researchers observed the Unit 42 researchers using three previously unknown wipers named MultiLayer, PartialWasher, and a custom tool named Sqlextractor used to extract information from database servers.

Education

Education Ransomware Access Security

Purple Lambert, a new malware of CIA-linked Lambert APT group

Security Affairs

APRIL 29, 2021

Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection of malware samples, some of them cannot be associated with the activity of known APT groups. . These malware strains did not present any similarities with malware associated with other APT groups.

Cybersecurity

Cybersecurity Government Education Security

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

Security Affairs

APRIL 24, 2023

The company received two vulnerability reports from the cybersecurity firm Trend Micro ) for high/critical severity security issues in PaperCut MF/NG. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities Catalog. ” reads the advisory published by PaperCut. Last week, the U.S.

Cybersecurity

Cybersecurity Ransomware Education Authentication

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

However, there’s still a long way to go to achieve deep interoperability of interconnected services in a way that preserves privacy and is very secure. It’s important that as consumers are shopping for these smart home devices that they learn to recognize the Matter trademark so that they can make educated decisions.”

Security

Security Manufacturing Authentication Marketing

Linux Patch Management: Tools, Issues & Best Practices

eSecurity Planet

JUNE 21, 2023

Compared to other operating systems, Linux patch management is unique because of its open-source nature, which enables a sizable community of developers and security professionals to find vulnerabilities, examine the code, and submit patches.

Cloud

Cloud Security Risk Compliance

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

A joint advisory published by CISA, the FBI, Europol, and the Netherlands’ National Cyber Security Centre (NCSC-NL) revealed that since early 2023, Akira ransomware operators received $42 million in ransom payments from more than 250 victims worldwide. ” reads the report. It was this first time that the operators adopted this tactic.

Ransomware

Ransomware Encryption Education Phishing

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs.

Ransomware

Ransomware Encryption Government Retail

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

eSecurity Planet

SEPTEMBER 22, 2022

To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Sentinel Labs reported the new trend earlier this month, as ransomware groups have adopted the latest technology. Some are written on Go and can be customized.

Encryption

Encryption Ransomware Cybersecurity Education

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Security Affairs

MARCH 25, 2020

The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. ” reads the advisory published by FireEye.

Healthcare

Healthcare Education Manufacturing Government

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

US cyber and law enforcement agencies warn of Phobos ransomware attacks

Security Affairs

MARCH 2, 2024

US CISA, the FBI, and MS-ISAC issued a joint CSA to warn of attacks involving Phobos ransomware variants observed as recently as February 2024 US CISA, the FBI, and MS-ISAC issued a joint cyber security advisory (CSA) to warn of attacks involving Phobos ransomware variants such as Backmydata , Devos, Eight, Elking, and Faust.

Ransomware

Ransomware Education Phishing Authentication

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems. based Volexity for reporting the vulnerabilities.

Cleanup

Cleanup Cybersecurity Government Cloud

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

National Student Clearinghouse data breach impacted approximately 900 US schools

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. The security breach resulted from a cyber attack exploiting a vulnerability in the MOVEit managed file transfer (MFT).- The issue occurred on or around May 30, 2023.”

Data breaches

Data breaches Education Ransomware Cybersecurity

Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple

The Security Ledger

OCTOBER 4, 2023

Tanya Janca of the group We Hack Purple, talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code. Read the whole entry. »

Education

Education IoT Security IT

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Cybersecurity Authentication

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Cybersecurity

China-linked Flax Typhoon APT targets Taiwan

Security Affairs

AUGUST 25, 2023

China-linked APT group Flax Typhoon targeted dozens of organizations in Taiwan as part of a suspected espionage campaign. The group relies on tools built into the operating system, along with some legitimate software. The group primarily relies on living-off-the-land techniques and hands-on-keyboard activity.

Manufacturing

Manufacturing Education Access Government

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs

NOVEMBER 12, 2023

The State of Maine was the victim of the large-scale hacking campaign that targeted organizations using the MOVEit file transfer tool. The security breach took place in the State between May 28, 2023, and May 29, 2023. ” reads the notice of Security Incident. ” reads the notice of Security Incident.

Data breaches

Data breaches Insurance Education Cybersecurity

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. ” reads the report.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! billion rubles.

Security

Security Computer and Electronics Ransomware Marketing

What Are You Doing for Cyber Security Awareness Month?

IT Governance

OCTOBER 6, 2022

This October is Cyber Security Awareness Month, an event designed to educate people about information security and the steps they can take to stay safe online. Now in its nineteenth year, the campaign provides tools and resources to help people learn more about the cyber security industry and the ways they can get involved.

Security awareness

Security awareness Security Phishing Passwords

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The China-linked APT group Thrip is continuing to target entities in Southeast Asia even after its activity was uncovered by Symantec. Experts at Symantec first exposed the activity of the Chinese-linked APT Thrip in 2018, now the security firm confirms that cyber espionage group has continued to carry out attacks in South East Asia.

Military

Military Communications Government Education

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

The Last Watchdog

NOVEMBER 27, 2018

The vast majority of cyber attacks against organizations pivot off the weakest security link: employees. The good news is that companies today have ready access to a wide variety of tools that can simulate common types of attacks and boost employee awareness. Here’s a guide to five such services.

Phishing

Phishing Education Ransomware Security awareness

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

DECEMBER 14, 2023

Consumers will begin to see their favorite applications touting “quantum-secure encryption.” GenAI holds immense potential to supercharge productivity, but if you forget basic security hygiene, you’re opening yourself up to significant risk. But they also increase the potential for security flaws and data privacy violations.

Cybersecurity

Cybersecurity Encryption Marketing Risk

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

The LockBit ransomware group successfully extorted roughly $91 million from approximately 1,700 U.S. According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. organizations since 2020. organizations since 2020.

Ransomware

Ransomware Cybersecurity Agriculture Education

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center

Security Affairs

DECEMBER 16, 2023

Its mission is to improve the lives of people worldwide through research, clinical care and education. In a notice of security incident published on its website, Fred Hutch pointed out that all clinics are open and actively serving patients. ” reported the Seattle Times. “If ” Robert M. Who is Hunters International?

Ransomware

Ransomware Insurance Education Marketing

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Security Affairs

JUNE 21, 2019

Russia-Linked cyberespionage group Turla uses a new toolset and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Russia-linked Turla cyberspies used a new set of tools in new attacks and hijacked command and control infrastructure operated by Iran-Linked OilRig APT.

Communications

Communications Government Data collection Education

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. “These senseless acts of targeting those who are unable to respond are the motivation for this research, analysis, tools, and blog post.

Ransomware

Ransomware Encryption Manufacturing Phishing

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

MAY 14, 2021

The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates. ” DarkSide organizers also said they were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid.

Ransomware

Ransomware Education Communications Access

News alert: SandboxAQ launches new open source framework to simplify cryptography management

The Last Watchdog

AUGUST 8, 2023

Steel “Modern cryptography management and cryptographic agility are essential for organizations of all sizes; however, there has been a distinct lack of open-source tools for developers to support these features,” said Graham Steel, Head of Product for SandboxAQ’s security group. A broad range of U.S.

Libraries

Libraries Encryption Access Cybersecurity

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Security Affairs

APRIL 25, 2023

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. capital used in the stage-one dropper. Jamf concludes.

Education

Education Communications Marketing Cloud

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

Security Affairs

AUGUST 22, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Ransomware

Ransomware Education Encryption Authentication

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. Source New Telecoms USA Yes 6,158 Nabholz Construction Company Employee Welfare Health Plan Source 1 ; source 2 New Healthcare USA Yes 5,326 Dawson James Securities, Inc. North Hill Home Health Care, Inc.,

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

China-linked APT41 group spotted using open-source red teaming tool GC2

Webinars

Trending Sources

Bl00dy Ransomware Gang actively targets the education sector exploiting PaperCut RCE

Webinars

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

AuKill tool uses BYOVD attack to disable EDR software

Vice Society gang is using a custom PowerShell tool for data exfiltration

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

Pro-Russia group NoName057(16) targets Ukraine and NATO countries

FBI and CISA warn of attacks by Rhysida ransomware gang

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Purple Lambert, a new malware of CIA-linked Lambert APT group

Russian cybercrime group likely behind ongoing exploitation of PaperCut flaws

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

Linux Patch Management: Tools, Issues & Best Practices

Akira ransomware received $42M in ransom payments from over 250 victims

PYSA ransomware gang is the most active group in November

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

US cyber and law enforcement agencies warn of Phobos ransomware attacks

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

FBI chief says China is preparing to attack US critical infrastructure

National Student Clearinghouse data breach impacted approximately 900 US schools

Episode 253: DevSecOps Worst Practices With Tanya Janca of We Hack Purple

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

China-linked Flax Typhoon APT targets Taiwan

The State of Maine disclosed a data breach that impacted 1.3M people

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

What Are You Doing for Cyber Security Awareness Month?

Symantec uncovered the link between China-Linked Thrip and Billbug groups

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

Cybersecurity agencies published a joint LockBit ransomware advisory

Hunters International ransomware gang claims to have hacked the Fred Hutch Cancer Center

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Researchers Quietly Cracked Zeppelin Ransomware Keys

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

News alert: SandboxAQ launches new open source framework to simplify cryptography management

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

Akira ransomware gang spotted targeting Cisco VPN products to hack organizations

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Stay Connected