Education, Manufacturing and Security - Information Management Today

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

However, there’s still a long way to go to achieve deep interoperability of interconnected services in a way that preserves privacy and is very secure. This is precisely what the consortium of software companies and device manufacturers, led Google, Amazon and Apple, set out to achieve when Matter was conceived four years ago.

Security

Security Manufacturing Authentication Marketing

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. Source New Manufacturing USA Yes 20,415 TECA Srl Source New Transport Italy Yes 16.7 Known records breached Zenlayer Source New Telecoms USA Yes 384,658,212 ASA Electronics Source New Engineering USA Yes 2.7

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

21, 2023 — MxD, the Digital Manufacturing and Cybersecurity Institute, today hosted a roundtable discussion with the White House Office of the National Cyber Director. Each participating organization is committed to developing cyber skills and programs to train the workforce across a wide range of industries, including manufacturing.

Cybersecurity

Cybersecurity Manufacturing Military Artificial Intelligence

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

Compromised data includes policyholders’ and their families’ civil status, dates of birth and social security numbers, as well as the name of their health insurer and information relating to their contracts. It has since been confirmed by Anukul Peedkaew, the permanent secretary of social development and human security.

Data Privacy

Data Privacy Manufacturing Privacy Security

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

IT Governance

JANUARY 9, 2024

LockBit claims responsibility for Capital Health security incident The LockBit ransomware group has claimed responsibility for an attack on Capital Health , a healthcare provider in Pennington, New Jersey, last November. KG Source 1 ; source 2 (New) Manufacturing Germany Yes 1.1 They accessed 41.5 Data breached: 41,500,000 records.

Data Privacy

Data Privacy Privacy Manufacturing Data breaches

To Make the Internet of Things Safe, Start with Manufacturing

Thales Cloud Protection & Licensing

SEPTEMBER 11, 2018

Achieving the IoT’s bold objective requires not only bringing many small things together and carefully orchestrating their interconnections, but also the assurance that their integrity and the data they collect remains secure and trustworthy. Therefore, manufacturing is the first critical link in the chain to establish trust across the IoT.

Manufacturing

Manufacturing IoT Authentication Paper

CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

KnowBe4

OCTOBER 19, 2023

October 18, 2023, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One.

Phishing

Phishing Manufacturing Education Ransomware

MSI confirms security breach after Money Message ransomware attack

Security Affairs

APRIL 7, 2023

Multinational IT corporation MSI (Micro-Star International) confirms security breach after Money Message ransomware gang claimed the hack. Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally.

Ransomware

Ransomware Security Manufacturing Cybersecurity

News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac

The Last Watchdog

FEBRUARY 15, 2024

Paul Greene , CIPP/US, CIPP/E, CIPM, FIP, Harter Secrest & Emery’s Privacy and Data Security practice group helps clients respond to data security incidents of all kinds. NetDiligence-authorized Breach Coach ® firms are selected based on their experience, competency, thought leadership, and industry engagement.

Data breaches

Data breaches Financial Services Big data Retail

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. PuTTY.exe Rhysida actors have been observed creating Secure Shell (SSH) PuTTy connections for lateral movement. The victims of the group are “targets of opportunity.”

Ransomware

Ransomware Manufacturing Education Passwords

Security Affairs newsletter Round 282

Security Affairs

SEPTEMBER 20, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 282 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Ransomware Data breaches Manufacturing

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Security Affairs

AUGUST 31, 2023

On its digital platform, NSC provides online resources for its nearly 55,000 members spread across different businesses, agencies, and educational institutions. The National Safety Council (NSC) is a non-profit organization in the United States providing workplace and driving safety training.

Passwords

Passwords Healthcare Manufacturing Access

Nexx bugs allow to open garage doors, and take control of alarms and plugs

Security Affairs

APRIL 5, 2023

A series of vulnerabilities in multiple smart devices manufactured by Nexx can be exploited to remotely open garage doors, and take control of alarms and plugs. “I have independently verified Nexx has purposefully ignored all our attempts to assist with remediation and has let these critical flaws continue to affect their customers.”

Manufacturing

Manufacturing Cybersecurity Education Authentication

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

JANUARY 22, 2021

As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point. While it’s a progressive step for the network security of the U.S. While it’s a progressive step for the network security of the U.S.

IoT

IoT Cybersecurity Manufacturing Government

Money Message ransomware group claims to have hacked IT giant MSI

Security Affairs

APRIL 6, 2023

Micro-Star International AKA MSI designs, manufactures, and sells motherboards and graphics cards for customers in the United States, Canada, and internationally. Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). MSI is headquartered in Taipei, Taiwan.

Ransomware

Ransomware IT Manufacturing Education

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads. . That InfraGard member, who is head of security at a major U.S. Department of Defense.

Sales

Sales Energy and Utilities Communications Data breaches

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

The Brazilian retail arm of car manufacturing giant Volvo leaked sensitive files, putting its clientele in the vast South American country in peril. Other research by Cybernews has revealed that BMW , a German luxury vehicle manufacturer producing around 2.5 The issue causing the leak has been fixed.

Retail

Retail Manufacturing Communications Passwords

The Week in Cyber Security and Data Privacy: 16–22 October 2023

IT Governance

OCTOBER 24, 2023

Incident details: Network security incident, where allegedly AlphV gained unauthorised access and made demands to the hospital’s leadership, suggesting a ransomware attack. D-Link Corporation Provides Details about an Information Disclosure Security Incident Date of breach: 2 October 2023. Records breached: Around 700 records.

Data Privacy

Data Privacy Privacy Security Data breaches

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. This is not an idle concern.

Ransomware

Ransomware Encryption Manufacturing Phishing

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

The Last Watchdog

FEBRUARY 20, 2023

One report showed ransomware attacks increased by 80 percent in 2022, with manufacturing being one of the most targeted industries. The Glenn County Office of Education in California suffered an attack limiting access to its own network. So wWhy would a business pay out money instead of cleaning up the mess and securing its systems?

Ransomware

Ransomware Cleanup Education Manufacturing

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

Security Affairs

OCTOBER 14, 2023

Vulnerable systems were hosted in the networks of organizations in the energy, education facilities, healthcare and public health, and water systems industries. ” concludes the announcement. . ” concludes the announcement.

Ransomware

Ransomware Manufacturing Education Risk

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

Help us #StopRansomware by visiting [link] pic.twitter.com/G5jpxtB0Fw — Cybersecurity and Infrastructure Security Agency (@CISAgov) June 14, 2023 The LockBit ransomware operation was the most active in 2022 and according to the researchers it is one of the most prolific RaaS in 2023. law enforcement). was the prevalent variant in 2023.

Ransomware

Ransomware Cybersecurity Agriculture Education

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

FTC Recommends Steps to Improve Mobile Device Security Update Practices

Hunton Privacy

MARCH 6, 2018

On February 28, 2018, the Federal Trade Commission issued a report, titled Mobile Security Updates: Understanding the Issues (the “Report”), that analyzes the process by which mobile devices sold in the U.S. receive security updates and provides recommendations for improvement.

Manufacturing

Manufacturing Security Education Communications

News alert: Flexxon welcomes distinguished industry veteran Ravi Agarwal to its advisory board

The Last Watchdog

OCTOBER 25, 2023

Agarwal An active contributor to the community, Mr Agarwal spearheaded a mentorship program for under-privileged college students in partnership with the Ministry of Education in Singapore. This time, in its approach to securing data centers and servers. For more information, please visit:Flexxon: flexxon.com

IT

IT Cybersecurity Marketing Manufacturing

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

The previous campaigns associated with this group targeted government, education, and electronic manufacturers in East Asia and the Middle East. appeared first on Security Affairs. Gelsemium is a group focused on cyberespionage that has been active since at least 2014.

Government

Government Manufacturing Education Access

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

IT Governance

NOVEMBER 28, 2023

The post The Week in Cyber Security and Data Privacy: 20 – 26 November 2023 appeared first on IT Governance UK Blog. We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place for you. In the meantime, if you missed it, check out last week’s round-up.

Data Privacy

Data Privacy Privacy Energy and Utilities Data breaches

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

OCTOBER 30, 2021

MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. CIOs and security managers could also use the list to assess the efficiency of their program to secure hardware within in their organizations.

Manufacturing

Manufacturing Education Access Security

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies. electronics manufacturers and distributors between approximately October 2012 and January 2022. hacking tools and electronics appeared first on Security Affairs. ” reads a press release published by DoJ.

Computer and Electronics

Computer and Electronics Military Manufacturing Government

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

China-linked Flax Typhoon APT targets Taiwan

Security Affairs

AUGUST 25, 2023

Microsoft has not observed The group has been active since mid-2021, it focuses on government agencies and education, critical manufacturing, and information technology organizations in Taiwan. The group relies on tools built into the operating system, along with some legitimate software.

Manufacturing

Manufacturing Education Access Government

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The Qilin ransomware-as-a-service (RaaS) group uses a double-extortion model, with most of the victims in the manufacturing and IT industries. The ransomware was originally written in Go language and was employed in attacks aimed at healthcare and education sectors in countries like Thailand and Indonesia. AGENDA.THIAFBB.”

Ransomware

Ransomware Encryption Passwords Education

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs

JUNE 6, 2022

The IT giant has seized the domains used by the threat actors employed in its attacks aimed at organizations in tech, transportation, government, and education sectors located in the U.S., Since February, the attacks targeted organizations in critical manufacturing, IT, and Israel’s defense industry. Middle East, and India.

Phishing

Phishing Manufacturing Education Cybersecurity

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices. The malicious code was used in attacks targeting multiple sectors including the gaming industry, technology industry, and luxury car manufacturers.

IoT

IoT Mining Manufacturing Education

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. To prevent the threat from spreading within the network, the City has shut down the impacted IT systems. reads the alert.

Ransomware

Ransomware IT Encryption Education

Hyundai suffered a data breach that impacted customers in France and Italy

Security Affairs

APRIL 12, 2023

In December 2019, German media reported that hackers suspected to be members of the Vietnam-linked APT Ocean Lotus ( APT32 ) group breached the networks of the car manufacturers BMW and Hyundai. The intrusion aimed at stealing automotive trade secrets.

Data breaches

Data breaches Manufacturing Cybersecurity Education

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. Today, additional criminal charges against Kondratyev were unsealed in the Northern District of California related to his deployment in 2020 of ransomware against a victim located in California.”

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Security Affairs

NOVEMBER 16, 2022

Kaspersky reported attacks against entities in multiple industries, including education, chemical manufacturing, governmental research centers and policy institutes, IT service providers, utility providers and telecommunications. “The DTrack backdoor continues to be used actively by the Lazarus group. .”

Manufacturing

Manufacturing Education Encryption IT

Siemens Metaverse exposes sensitive corporate data

Security Affairs

APRIL 15, 2023

Having access, they could exfiltrate a treasure trove of sensitive data, given that Siemens manufactures and maintains a lot of technologies and machines used by critical infrastructure.” “We sincerely hope that threat actors didn’t discover the leak before Siemens managed to fix it,” said Cybernews researchers.

IoT

IoT Manufacturing Authentication Ransomware

80% of organisations affected by cyber security skills gap

IT Governance

MARCH 22, 2018

Four out of five organisations can’t find qualified staff to fill cyber security positions, according to CyberEdge’s 2018 Cyberthreat Defense Report. The education sector (87.1%) is the most affected, followed by telecommunications and technology (85.1%), manufacturing (81.5%) and finance (81.4%).

Security

Security Education Manufacturing Information Security

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Communications

Communications Manufacturing Access Archiving

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Webinars

Trending Sources

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

Webinars

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

The Week in Cyber Security and Data Privacy: 1 – 7 January 2024

To Make the Internet of Things Safe, Start with Manufacturing

CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

MSI confirms security breach after Money Message ransomware attack

News alert: Harter Secrest & Emery announces designation as NetDiligence-authorized Breach Coac

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs newsletter Round 282

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Nexx bugs allow to open garage doors, and take control of alarms and plugs

The IoT Cybersecurity Act of 2020: Implications for Devices

Money Message ransomware group claims to have hacked IT giant MSI

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Volvo retailer leaks sensitive files

The Week in Cyber Security and Data Privacy: 16–22 October 2023

Researchers Quietly Cracked Zeppelin Ransomware Keys

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

Cybersecurity agencies published a joint LockBit ransomware advisory

Operation Cronos: law enforcement disrupted the LockBit operation

FBI chief says China is preparing to attack US critical infrastructure

FTC Recommends Steps to Improve Mobile Device Security Update Practices

News alert: Flexxon welcomes distinguished industry veteran Ravi Agarwal to its advisory board

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

The Week in Cyber Security and Data Privacy: 20 – 26 November 2023

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Catches of the Month: Phishing Scams for October 2023

China-linked Flax Typhoon APT targets Taiwan

Experts spotted a variant of the Agenda Ransomware written in Rust

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Updated Kmsdx botnet targets IoT devices

City of Dallas shut down IT services after ransomware attack

Hyundai suffered a data breach that impacted customers in France and Italy

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Lazarus APT uses DTrack backdoor in attacks against LATAM and European orgs

Siemens Metaverse exposes sensitive corporate data

80% of organisations affected by cyber security skills gap

China-linked APT Volt Typhoon targets critical infrastructure organizations

Stay Connected