Education, Information Security and Military - Information Management Today

UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2)

Security Affairs

FEBRUARY 24, 2023

This year, 750 cyber specialists have participated in the military cyberwarfare exercise. We must innovate to stay ahead of those that would wish us harm and Defence Cyber Marvel 2 is the next evolution of our pioneering collective education.” ” reads the press release published by the UK Ministry of Defence.

Military

Military Education Government IT

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Microsoft has observed APT28 using GooseEgg in post-compromise activities against various targets, including government, non-governmental, education, and transportation sector organizations in Ukraine, Western Europe, and North America. This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions.

Military

Military File names Education Phishing

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Educate your employees on threats and risks such as phishing and malware. Enable auto-update features if available.

Cybersecurity

Cybersecurity Military Passwords Education

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

. “As early as 2022, APT28 actors had utilized compromised EdgeRouters to facilitate covert cyber operations against governments, militaries, and organizations around the world.” and foreign governments and military, security, and corporate organizations. ” reads the joint report.

Energy and Utilities

Energy and Utilities Military Government Phishing

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Finance USA Yes 3,494 Woodruff Sawyer Source (New) Insurance USA Yes 3,087 Blackburn College Source (New) Education USA Yes 3,039 CAIRE Inc. Source (New) Professional services Netherlands Yes 28.3 Source (New) Professional services Netherlands Yes 28.3 Source (New) Professional services Netherlands Yes 28.3

Data Privacy

Data Privacy Privacy Security Data breaches

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

made electronics on behalf of the Russian government and military. The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. Andrey Shevlyakov, an Estonian national, was charged in the US with conspiracy and other charges related to acquiring U.S.-made

Computer and Electronics

Computer and Electronics Military Manufacturing Government

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60% of observed Russian targeting. The group targeted multiple sectors, including government, defense, energy, transportation/logistics, education, and humanitarian organizations.

Phishing

Phishing Military Ransomware Education

Ministry of Defence academy hit by state-sponsored hackers

Security Affairs

MARCH 22, 2021

The Defence Academy of the United Kingdom provides higher education for personnel in the British Armed Forces, Civil Service, other government departments and service personnel from other nations.

Education

Education Military Government IT

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. reads the post published by Proofpoint.

IT

IT Military Phishing Passwords

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Systems administration

Systems administration Military Phishing Government

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Military

Military Access Cybersecurity Education

White hat hackers showed how to take over a European Space Agency satellite

Security Affairs

APRIL 30, 2023

Cyber security of satellite systems is becoming crucial due to the growing number of commercial and military applications that rely on them. .” Thales pointed out that throughout the entire exercise, ESA had access to the satellite’s systems to retain control. ” said Pierre-Yves Jolivet, VP Cyber Solutions, Thales.

Cybersecurity

Cybersecurity Military Access Education

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

However, the attackers chose a domain name that gives the impression of a connection to the South African military. This domain has been hosted on eight other IPs throughout its history, none of these IPs were directly affiliated with the South African government. Experts added that the IP 196.216.136[.]139 139 resolved to vpn729380678.softether[.]net

Communications

Communications Military Government Libraries

China Issues Draft Data Security Law

Hunton Privacy

JULY 7, 2020

The Central Military Commission will develop the measures regulating military Data Activities. Promotion of Data Usage While Maintaining Data Security. Data Security Regulatory System. reporting to competent Chinese regulatory authorities upon request by regulatory authorities abroad.

Security

Security Military Government Risk

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

Security Affairs

APRIL 19, 2023

“Microsoft assesses that Mint Sandstorm is associated with an intelligence arm of Iran’s military, the Islamic Revolutionary Guard Corps (IRGC), an assessment that has been corroborated by multiple credible sources including Mandiant , Proofpoint , and SecureWorks.” ” reads the report published by Microsoft.

Energy and Utilities

Energy and Utilities Military Education Phishing

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

DECEMBER 14, 2020

The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. .

Military

Military Cybersecurity Communications Government

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) is warning of the North Korea-linked ARCHIPELAGO group that is targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere.

Phishing

Phishing Passwords Military Education

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

SEPTEMBER 9, 2019

The group has continued launching attacks against entities in Southeast Asia, including military, satellite communications, media and educational organizations. Security experts at Symantec speculate that Thrip is a sub-group of Billbug. Researchers discovered that Sagerunex borrows code from an older Billbug tool dubbed Evora.

Military

Military Communications Government Education

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

KnowBe4

APRIL 4, 2023

The voices of third sector representatives (NGOs, foundations, and educational institutions) are considered by government officials when justifying policy positions and determining how resources and political capital are spent. Education about cybersecurity needs to start early," Karabin says. The genie's out of the box.

Phishing

Phishing Security awareness Cybersecurity Education

Cyber is Cyber is Cyber

Lenny Zeltser

JUNE 2, 2018

Information security? Computer security, perhaps? If we examine the factors that influence our desire to use one security title over the other, we’ll better understand the nature of the industry and its driving forces. Paul Melson and Loren Dealy Mahler viewed cybersecurity as a subset of information security.

Computer and Electronics

Computer and Electronics Information Security Cybersecurity Communications

Security Affairs newsletter Round 253

Security Affairs

MARCH 1, 2020

The best news of the week with Security Affairs. Google sued by New Mexico attorney general for collecting student data through its Education Platform. Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates. A new round of the weekly newsletter arrived!

Security

Security Ransomware Military Data breaches

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Security

Security Ransomware Data breaches Cybersecurity

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

AUGUST 6, 2019

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

IoT

IoT Military Access Education

List of data breaches and cyber attacks in February 2022 – 5.1 million records breached

IT Governance

MARCH 1, 2022

Morrow, OD notifies patients of data security incident (unknown) Ukrainian websites struck by DDoS attacks as Russia launches invasion (unknown) Cookware distribution giant Meyer discloses data breach (unknown) CVS Pharmacy discloses security incident (6,221) Ethos Technologies targeted in ‘sophisticated’ cyber attack (13,300) South Shore Hospital (..)

Data breaches

Data breaches Ransomware Government Blockchain

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

ForAllSecure

AUGUST 18, 2021

She is a daughter of a military father and so she went to West Point Academy, as one of the first female cadets. The Cybersecurity and Infrastructure Security Agency is relatively new. It’s first directory, Chris Krebs, was fired by then-president Tump for saying that the 2020 election was the most secure election in history.

Cybersecurity

Cybersecurity Mining Military Education

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Security Affairs

APRIL 9, 2023

billion rubles.

Security

Security Computer and Electronics Ransomware Marketing

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Security Affairs

AUGUST 19, 2019

The experts also discovered a large number of insurance certificates that expose various personally identifiable information (PII), such as names, phone numbers, postal and email addresses. CENTCOM requisition form for use of military aircraft. One of the files exposed via the malware analysis sandboxes appeared to be a U.S.

Military

Military Insurance Education Phishing

Spotlight: Operationalizing Deep Web and Dark Web Intelligence

The Security Ledger

NOVEMBER 28, 2018

. » Related Stories Spotlight Podcast: Flashpoint’s Allison Nixon on SIM Swapping and the Looming Online Identity Crisis Taking the Long View of Breach Fallout Analysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top Targets. See also: Military documents about MQ-9 Reaper drone leaked on dark web.

Military

Military Education Passwords Privacy

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

US govt is hunting a Chinese malware that can interfere with its military operations

Security Affairs

AUGUST 1, 2023

The US newspaper refers to the malware as a “ticking time bomb” that could be activated to disrupt the military. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.” military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.”

Military

Military IT Communications Government

House Passes Two Cybersecurity Bills

Hunton Privacy

MAY 1, 2012

3523), which is aimed at facilitating the exchange of cyber threat intelligence information between the government and certain private entities. In addition, the House approved the Federal Information Security Amendments Act of 2012 (H.R. Federal Information Security Amendments Act.

Cybersecurity

Cybersecurity Information Security Libraries Sales

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Google , Clearview AI , and Meta all receives hefty penalties in 2022, demonstrating the continued important of effective information security. But these were far from the only notable cyber security headlines of the year. Tensions rose throughout February as the Russian military amassed across the Ukrainian border.

Security

Security Data breaches Ransomware Military

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

JULY 21, 2020

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Or maybe, just maybe back in 2014, West Point and other military service academies, are on to something really important. The military has these massive computer networks.

Military

Military Passwords Cybersecurity IT

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

JULY 21, 2020

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Or maybe, just maybe back in 2014, West Point and other military service academies, are on to something really important. The military has these massive computer networks.

Military

Military Passwords Cybersecurity IT

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

JULY 21, 2020

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Or maybe, just maybe back in 2014, West Point and other military service academies, are on to something really important. The military has these massive computer networks.

Military

Military Passwords Cybersecurity IT

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

The Last Watchdog

FEBRUARY 21, 2022

Educate employees. Many security programs focus on employee education (creating a strong password, being aware of phishing, etc.). military exercise their plans often – it builds human muscle memory and increases comfort and resiliency in the people working through these crises.

Passwords

Passwords Cybersecurity Education Phishing

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

I paged through weekly reports, presentation slides from status meetings, and general briefings to educate visitors. Those of us in the information security community had long assumed that the NSA was doing things like this. The meeting presenters try to spice things up. I wasn’t sleeping well, either.

Computer and Electronics

Computer and Electronics Encryption Government Privacy

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk.

Cybersecurity

Cybersecurity Risk Passwords Authentication

A Flurry of Recent Cybersecurity Activity from the Trump Administration

Data Matters

JUNE 25, 2018

Products should be secured during all stages of the lifecycle ,” as it is too easy to assemble botnets when devices lack the ability for effective patching or “remain in service after vendor support ends.”. Increase awareness and education across the ecosystem.”. in isolation.”. State Department Reports. On May 31, 2018, the U.S.

Cybersecurity

Cybersecurity Government Risk Marketing

CyberheistNews Vol 13 #27 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains

KnowBe4

JULY 5, 2023

CISSP, Chief Information Security Officer The 10 Interesting News Items This Week Chinese malware intended to infect USB drives accidentally infects networked storage too: [link] Ukraine Cracks Down on Investment Scams, Raids Call Centers: [link] EncroChat takedown led to 6,500(!) ." - T.K.,

Phishing

Phishing Security awareness Passwords Computer and Electronics

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

Data Matters

JANUARY 24, 2020

OCIE also will focus on recommendations and advice provided to retail investors, with a particular emphasis on seniors, retirees, teachers and military personnel, as well as products that the SEC considers higher risk (e.g., Information Security . Additional Focus Areas Specific to Broker-Dealers.

Cybersecurity

Cybersecurity Retail Compliance Marketing

SEC and FINRA Issue 2020 Examination Priorities for Broker-Dealers and Investment Advisers

Data Matters

FEBRUARY 20, 2020

Information Security . OCIE will continue to examine municipal advisors (including broker-dealers and RIAs dually registered as municipal advisors) for compliance with registration, professional qualification and continuing education requirements. Additional Focus Areas Specific to Broker-Dealers.

Retail

Retail Compliance Marketing Risk

UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2)

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Webinars

Trending Sources

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Webinars

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Google TAG warns of Russia-linked APT groups targeting Ukraine

Ministry of Defence academy hit by state-sponsored hackers

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

FBI chief says China is preparing to attack US critical infrastructure

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

White hat hackers showed how to take over a European Space Agency satellite

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

China Issues Draft Data Security Law

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Symantec uncovered the link between China-Linked Thrip and Billbug groups

CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist

Cyber is Cyber is Cyber

Security Affairs newsletter Round 253

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

List of data breaches and cyber attacks in February 2022 – 5.1 million records breached

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Spotlight: Operationalizing Deep Web and Dark Web Intelligence

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

US govt is hunting a Chinese malware that can interfere with its military operations

House Passes Two Cybersecurity Bills

2022 Cyber Security Review of the Year

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure Launches The Hacker Mind Podcast

GUEST ESSAY: 6 steps any healthcare organization can take to help mitigate inevitable cyber attacks

Snowden Ten Years Later

An Approach to Cybersecurity Risk Oversight for Corporate Directors

A Flurry of Recent Cybersecurity Activity from the Trump Administration

CyberheistNews Vol 13 #27 [Heads Up] Massive Impersonation Phishing Campaign Imitates Over 100 Brands and Thousands of Domains

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

SEC and FINRA Issue 2020 Examination Priorities for Broker-Dealers and Investment Advisers

Stay Connected