Education, Information Security, IT and Military

UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2)

Security Affairs

FEBRUARY 24, 2023

This year, 750 cyber specialists have participated in the military cyberwarfare exercise. We must innovate to stay ahead of those that would wish us harm and Defence Cyber Marvel 2 is the next evolution of our pioneering collective education.” ” reads the press release published by the UK Ministry of Defence. .”

Military

Military Education Government IT

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Microsoft has observed APT28 using GooseEgg in post-compromise activities against various targets, including government, non-governmental, education, and transportation sector organizations in Ukraine, Western Europe, and North America. This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions.

Military

Military File names Education Phishing

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Educate your employees on threats and risks such as phishing and malware. Cyber attack targets. Accounting for humans.

Cybersecurity

Cybersecurity Military Passwords Education

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The goal of this activity is assessed to be gaining access to the emails of military, government, and diplomatic organizations across Europe involved in the Russia Ukrainian War.”

IT

IT Military Phishing Passwords

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. . “the U.S. In fact, the U.S. ” continues the alert. ” U.S. ” U.S.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Ministry of Defence academy hit by state-sponsored hackers

Security Affairs

MARCH 22, 2021

The Defence Academy of the United Kingdom provides higher education for personnel in the British Armed Forces, Civil Service, other government departments and service personnel from other nations. “Staff were told the hack was by a foreign power, making Russia and China suspects.” They said it’s the work of a foreign power.”

Education

Education Military Government IT

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. The group targeted multiple sectors, including government, defense, energy, transportation/logistics, education, and humanitarian organizations.

Phishing

Phishing Military Ransomware Education

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. ” continues the alert.

Systems administration

Systems administration Military Phishing Government

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. Andrey Shevlyakov, an Estonian national, was charged in the US with conspiracy and other charges related to acquiring U.S.-made

Computer and Electronics

Computer and Electronics Military Manufacturing Government

White hat hackers showed how to take over a European Space Agency satellite

Security Affairs

APRIL 30, 2023

Cyber security of satellite systems is becoming crucial due to the growing number of commercial and military applications that rely on them. According to classified U.S. intelligence documents , China is developing capabilities to seize control of satellites operated by hostile states. ” continues the report.

Cybersecurity

Cybersecurity Military Access Education

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. . Threat actors carried out a highly-sophisticated supply chain attack.

Military

Military Cybersecurity Communications Government

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

However, the attackers chose a domain name that gives the impression of a connection to the South African military. The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. Experts also found PingPull variants that use HTTPS and TCP for C2 communications instead of ICMP. softether[.]net

Communications

Communications Military Government Libraries

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “Weak SNMP community strings, including the default “public,” allowed APT28 to gain access to router information.

Military

Military Access Cybersecurity Education

China Issues Draft Data Security Law

Hunton Privacy

JULY 7, 2020

On June 28 to June 30, 2020, the 20th Session of the 13th Standing Committee of the National People’s Congress of China (the “NPC”) deliberated on the draft of the Data Security Law (the “Draft”), and on July 3, published the Draft on the NPC’s official website for public comment. Promotion of Data Usage While Maintaining Data Security.

Security

Security Military Government Risk

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

“Microsoft assesses that Mint Sandstorm is associated with an intelligence arm of Iran’s military, the Islamic Revolutionary Guard Corps (IRGC), an assessment that has been corroborated by multiple credible sources including Mandiant , Proofpoint , and SecureWorks.” ” reads the report published by Microsoft.

Energy and Utilities

Energy and Utilities Military Education Phishing

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

KnowBe4

APRIL 4, 2023

But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes. According to Abnormal Security, nearly every aspect of the request looked legitimate. The email attaches a legitimate-looking payoff letter complete with loan details.

Phishing

Phishing Security awareness Cybersecurity Education

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

Experts at Symantec first exposed the activity of the Chinese-linked APT Thrip in 2018, now the security firm confirms that cyber espionage group has continued to carry out attacks in South East Asia. Security experts at Symantec speculate that Thrip is a sub-group of Billbug. ” concludes the report.

Military

Military Communications Government Education

List of data breaches and cyber attacks in February 2022 – 5.1 million records breached

IT Governance

MARCH 1, 2022

You can find out more about the cyber security implications of the Ukraine by registering for our special presentation hosted by IT Governance’s founder and executive chairman, Alan Calder. It will take place on Thursday, 3 March at 3pm, and you can register for on our website.

Data breaches

Data breaches Ransomware Government Blockchain

Security Affairs newsletter Round 253

Security Affairs

MARCH 1, 2020

The best news of the week with Security Affairs. Google sued by New Mexico attorney general for collecting student data through its Education Platform. European Commission has chosen the Signal app to secure its communications. Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates.

Security

Security Ransomware Military Data breaches

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) is warning of the North Korea-linked ARCHIPELAGO group that is targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere.

Phishing

Phishing Passwords Military Education

Cyber is Cyber is Cyber

Lenny Zeltser

JUNE 2, 2018

Information security? Computer security, perhaps? If we examine the factors that influence our desire to use one security title over the other, we’ll better understand the nature of the industry and its driving forces. Paul Melson and Loren Dealy Mahler viewed cybersecurity as a subset of information security.

Computer and Electronics

Computer and Electronics Information Security Cybersecurity Communications

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

IoT

IoT Military Access Education

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Although there have still been a few surprises, with the death of Queen Elizabeth II and blazing heatwaves across the UK to name but two, it was a familiar year in the cyber security landscape. Google , Clearview AI , and Meta all receives hefty penalties in 2022, demonstrating the continued important of effective information security.

Security

Security Data breaches Ransomware Military

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

ForAllSecure

AUGUST 18, 2021

She is a daughter of a military father and so she went to West Point Academy, as one of the first female cadets. The Cybersecurity and Infrastructure Security Agency is relatively new. It’s first directory, Chris Krebs, was fired by then-president Tump for saying that the 2020 election was the most secure election in history.

Cybersecurity

Cybersecurity Mining Military Education

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

billion rubles.

Security

Security Computer and Electronics Ransomware Marketing

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Cybersecurity

Spotlight: Operationalizing Deep Web and Dark Web Intelligence

The Security Ledger

NOVEMBER 28, 2018

. » Related Stories Spotlight Podcast: Flashpoint’s Allison Nixon on SIM Swapping and the Looming Online Identity Crisis Taking the Long View of Breach Fallout Analysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top Targets. And what value does the information gathered there have to a security-conscious organization?

Military

Military Education Passwords Privacy

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

I didn’t know either of them, but I have been writing about cryptography, security, and privacy for decades. I paged through weekly reports, presentation slides from status meetings, and general briefings to educate visitors. But I had a more personal involvement as well. I wrote the essay below in September 2013. It made sense.

Computer and Electronics

Computer and Electronics Encryption Government Privacy

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

JULY 21, 2020

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Or maybe, just maybe back in 2014, West Point and other military service academies, are on to something really important. The military has these massive computer networks.

Military

Military Passwords Cybersecurity IT

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

JULY 21, 2020

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Or maybe, just maybe back in 2014, West Point and other military service academies, are on to something really important. The military has these massive computer networks.

Military

Military Passwords Cybersecurity IT

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

JULY 21, 2020

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Or maybe, just maybe back in 2014, West Point and other military service academies, are on to something really important. The military has these massive computer networks.

Military

Military Passwords Cybersecurity IT

US govt is hunting a Chinese malware that can interfere with its military operations

Security Affairs

AUGUST 1, 2023

The US newspaper refers to the malware as a “ticking time bomb” that could be activated to disrupt the military. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.” military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.”

Military

Military IT Communications Government

House Passes Two Cybersecurity Bills

Hunton Privacy

MAY 1, 2012

3523), which is aimed at facilitating the exchange of cyber threat intelligence information between the government and certain private entities. In addition, the House approved the Federal Information Security Amendments Act of 2012 (H.R. Federal Information Security Amendments Act.

Cybersecurity

Cybersecurity Information Security Libraries Sales

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

The Last Watchdog

FEBRUARY 21, 2022

Start by assessing what critical information your organization needs to protect and maintain access to in order to provide services. A data inventory allows you to focus the greatest security (and monitoring) where it needs to be. Educate employees. Related: High-profile healthcare hacks in 2021. Create an asset inventory.

Passwords

Passwords Cybersecurity Education Phishing

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

We also found 14 organisations providing a significant update on a previously disclosed incident. Organisation(s) Sector Location Data breached? Source 1 ; source 2 (Update) IT services Taiwan Yes 2,451,197 RMH Franchise Corporation Source (New) Hospitality USA Yes 1.5 TB Paysign, Inc. TB Paysign, Inc.

Data Privacy

Data Privacy Privacy Security Data breaches

Pro-Russia hackers launched a massive attack against the EUROCONTROL agency

Security Affairs

APRIL 21, 2023

The organisation works with national authorities, air navigation service providers, civil and military airspace users, airports, and other organisations. Pro-Russia hackers KillNet launched a massive DDoS attack against Europe’s air-traffic agency EUROCONTROL. ” reads the statement published by the agency on its website.

Military

Military Education Access Cybersecurity

The Hacker Mind Podcast: Hacking Communities

ForAllSecure

JULY 14, 2021

As one of the founders of BSides and as a community advocate for Tenable, Jack provides guidance on how we can re-emerge and successfully amplify and support people of different ethnicities, faiths, and genders within our infosec communities without being patronizing. I'm attending in person this year, as are a lot of people in the InfoSec world.

Mining

Mining IT Security Education

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Security Affairs

APRIL 18, 2023

In 2022, the Citizen Lab analyzed the NSO Group activity after finding evidence of attacks on members of Mexico’s civil society, including two human rights defenders from Centro PRODH, which represents victims of military abuses in Mexico. This zero-click exploit has been used against iPhones running iOS 15 since at least June 2022.

Military

Military Risk Education Security

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Perimeter security tools include: Firewalls: Filter traffic and monitor access based upon firewall rules and policies for the network, network segment, or assets protected by different types of firewalls. Cybersecurity training should apply equally to basic users and advanced security professionals and be tailored to their needs.

Security

Security Cloud Cybersecurity Risk

The Hacker Mind: Hackers Wanted: Filling the Cybersecurity Skills Gap

ForAllSecure

APRIL 12, 2022

I guess the answer is what I usually say to a security question: It depends. Clearing you don’t want someone off the street coming in as a Level 2 security analyst. Then again, you might want someone --anyone -- to come in as a Level 1 security analyst so your current Level 1s can advance. I was a paid writer--whoo, whoo.

Cybersecurity

Cybersecurity Military IT Security

The Hacker Mind Podcast: How To Become A 1337 Hacker

ForAllSecure

SEPTEMBER 14, 2022

Hammond: I tend to, I guess, try and explain capture the flag is sort of gamified cybersecurity education. Vamosi: Like a lot of you, I run marathons. Thirteen by my last count. That’s something that’s true in the real world. And it’s something that is often missing in computer science programs--creativity.

Military

Military IT Education Cybersecurity

UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2)

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Trending Sources

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Ministry of Defence academy hit by state-sponsored hackers

FBI chief says China is preparing to attack US critical infrastructure

Google TAG warns of Russia-linked APT groups targeting Ukraine

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

White hat hackers showed how to take over a European Space Agency satellite

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

China Issues Draft Data Security Law

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

Symantec uncovered the link between China-Linked Thrip and Billbug groups

List of data breaches and cyber attacks in February 2022 – 5.1 million records breached

Security Affairs newsletter Round 253

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Cyber is Cyber is Cyber

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

2022 Cyber Security Review of the Year

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Spotlight: Operationalizing Deep Web and Dark Web Intelligence

Snowden Ten Years Later

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure Launches The Hacker Mind Podcast

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

ForAllSecure Launches The Hacker Mind Podcast

US govt is hunting a Chinese malware that can interfere with its military operations

House Passes Two Cybersecurity Bills

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Pro-Russia hackers launched a massive attack against the EUROCONTROL agency

The Hacker Mind Podcast: Hacking Communities

PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022

Network Security Architecture: Best Practices & Tools

The Hacker Mind: Hackers Wanted: Filling the Cybersecurity Skills Gap

The Hacker Mind Podcast: How To Become A 1337 Hacker

Stay Connected