Education, Manufacturing, Security and Tools - Information Management Today

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

However, there’s still a long way to go to achieve deep interoperability of interconnected services in a way that preserves privacy and is very secure. This is precisely what the consortium of software companies and device manufacturers, led Google, Amazon and Apple, set out to achieve when Matter was conceived four years ago.

Security

Security Manufacturing Authentication Marketing

The Weeks in Cyber Security and Data Privacy: 18 – 31 December 2023

IT Governance

JANUARY 3, 2024

billion records The security researcher Jeremiah Fowler discovered an unprotected database exposing more than 1.5 Fowler contacted the company, which secured the database. The security researcher Bob Diachenko identified the leak in September and contacted TuneFab, which fixed the misconfiguration within 24 hours.

Data Privacy

Data Privacy Insurance Manufacturing Retail

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Security Affairs

APRIL 9, 2023

The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. manufacturers on behalf of Russian end-users, including defense contractors and other Russian government agencies. “Shevlyakov also attempted to acquire computer hacking tools.”

Computer and Electronics

Computer and Electronics Military Manufacturing Government

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

21, 2023 — MxD, the Digital Manufacturing and Cybersecurity Institute, today hosted a roundtable discussion with the White House Office of the National Cyber Director. Each participating organization is committed to developing cyber skills and programs to train the workforce across a wide range of industries, including manufacturing.

Cybersecurity

Cybersecurity Manufacturing Military Artificial Intelligence

FBI and CISA warn of attacks by Rhysida ransomware gang

Security Affairs

NOVEMBER 15, 2023

The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The group relies on living off-the-land techniques such as native (built into the operating system) network administration tools to perform malicious operations.

Ransomware

Ransomware Manufacturing Education Passwords

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

IT Governance

FEBRUARY 21, 2024

Fowler sent a responsible disclosure notice when he discovered the database and it was secured the following day. Source New Manufacturing USA Yes 20,415 TECA Srl Source New Transport Italy Yes 16.7 Known records breached Zenlayer Source New Telecoms USA Yes 384,658,212 ASA Electronics Source New Engineering USA Yes 2.7

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

The Week in Cyber Security and Data Privacy: 11 – 18 December 2023

IT Governance

DECEMBER 19, 2023

An investigation determined that personal data, including names, addresses, phone numbers, Social Security numbers, dates of birth and bank account numbers, belonging to nearly 15 million people was obtained by an unauthorised party between 30 October and 1 November. GB Coca-Cola Singapore Source (New) Manufacturing Singapore Yes 413.92

Data Privacy

Data Privacy Manufacturing Privacy Energy and Utilities

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

IT Governance

FEBRUARY 14, 2024

Compromised data includes policyholders’ and their families’ civil status, dates of birth and social security numbers, as well as the name of their health insurer and information relating to their contracts. It has since been confirmed by Anukul Peedkaew, the permanent secretary of social development and human security.

Data Privacy

Data Privacy Manufacturing Privacy Security

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

IT Governance

FEBRUARY 6, 2024

Source 1 ; source 2 (New) Professional services USA Yes 11,556 Poder Judicial de Santa Cruz Source (New) Legal Argentina Yes 8,732 J.D.

Data Privacy

Data Privacy Privacy Insurance Security

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. This is not an idle concern.

Ransomware

Ransomware Encryption Manufacturing Phishing

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

Security Affairs newsletter Round 282

Security Affairs

SEPTEMBER 20, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 282 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Ransomware Data breaches Manufacturing

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Security Affairs

SEPTEMBER 25, 2023

The activity was characterized by the use of a combination of rare tools and techniques to gain access to the target network and collect intelligence from sensitive IIS server. The previous campaigns associated with this group targeted government, education, and electronic manufacturers in East Asia and the Middle East.

Government

Government Manufacturing Education Access

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Security Affairs

AUGUST 31, 2023

On its digital platform, NSC provides online resources for its nearly 55,000 members spread across different businesses, agencies, and educational institutions. The National Safety Council (NSC) is a non-profit organization in the United States providing workplace and driving safety training.

Passwords

Passwords Healthcare Manufacturing Access

China-linked Flax Typhoon APT targets Taiwan

Security Affairs

AUGUST 25, 2023

The group relies on tools built into the operating system, along with some legitimate software. Microsoft has not observed The group has been active since mid-2021, it focuses on government agencies and education, critical manufacturing, and information technology organizations in Taiwan. ” continues the report.

Manufacturing

Manufacturing Education Access Government

Cybersecurity agencies published a joint LockBit ransomware advisory

Security Affairs

JUNE 15, 2023

& international partners, we published a joint advisory on LockBit Ransomware: [link] The advisory includes the common tools, exploitations, & TTPs used by LockBit affiliates. The group targeted municipal governments, county governments, public higher education and K-12 schools, and emergency services (e.g., law enforcement).

Ransomware

Ransomware Cybersecurity Agriculture Education

Operation Cronos: law enforcement disrupted the LockBit operation

Security Affairs

FEBRUARY 19, 2024

Since January 2020, affiliates utilizing LockBit have targeted organizations of diverse sizes spanning critical infrastructure sectors such as financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. on January 5, 2020.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Financial Services

Volvo retailer leaks sensitive files

Security Affairs

APRIL 15, 2023

The Brazilian retail arm of car manufacturing giant Volvo leaked sensitive files, putting its clientele in the vast South American country in peril. Other research by Cybernews has revealed that BMW , a German luxury vehicle manufacturer producing around 2.5 The issue causing the leak has been fixed.

Retail

Retail Manufacturing Communications Passwords

FBI chief says China is preparing to attack US critical infrastructure

Security Affairs

APRIL 19, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The group also relies on customized versions of open-source tools for C2 communications and to stay under the radar.

Energy and Utilities

Energy and Utilities Communications Military Manufacturing

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. Once obtained access to the City’s network, the group performed reconnaissance and information-gathering activities using legitimate third-party remote management tools.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Security Affairs

FEBRUARY 21, 2024

LockBit had a bespoke data exfiltration tool, known as Stealbit, which was used by affiliates to steal victim data. The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. reads the NCA’s announcement. “The reads the press release published by DoJ.

Energy and Utilities

Energy and Utilities Ransomware Agriculture Manufacturing

Catches of the Month: Phishing Scams for October 2023

IT Governance

OCTOBER 13, 2023

October is both Cybersecurity Awareness Month in the US and European Cyber Security Month in the EU – twin campaigns on either side of the Atlantic that aim to improve awareness of the importance of cyber security both at work and at home, and provide tips on how to stay secure.

Phishing

Phishing Financial Services Manufacturing Personal data

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

The City confirmed the security incident and is working to recover from the ransomware attack that impacted its services, including the police department. Once compromised a victim’s network, threat actors deploy the post-exploitation tool Cobalt Strike to maintain persistence and perform lateral movements. reads the alert.

Ransomware

Ransomware IT Encryption Education

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

JANUARY 22, 2021

As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point. While it’s a progressive step for the network security of the U.S. While it’s a progressive step for the network security of the U.S.

IoT

IoT Cybersecurity Manufacturing Government

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

Cybersecurity and Infrastructure Security Agency (CISA) is warning of the capabilities of the recently emerged Royal ransomware. Once compromised a victim’s network, threat actors deploy the post-exploitation tool Cobalt Strike to maintain persistence and perform lateral movements. ” reads the alert.

Ransomware

Ransomware Encryption Cybersecurity Communications

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Security Affairs

OCTOBER 30, 2021

MITRE and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) have announced the release of the “2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses” list. CIOs and security managers could also use the list to assess the efficiency of their program to secure hardware within in their organizations.

Manufacturing

Manufacturing Education Access Security

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

Data privacy regulations like the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) can be hard to navigate for businesses of any size, but GRC tools can simplify and streamline compliance with all of the requirements. Contents: Top GRC tools comparison. Top GRC tools comparison.

Compliance

Compliance Risk Government Retail

More details about Operation Cronos that disrupted Lockbit operation

Security Affairs

FEBRUARY 20, 2024

“LockBit had a bespoke data exfiltration tool, known as Stealbit, which was used by affiliates to steal victim data. The NCA and its global partners have secured over 1,000 decryption keys that will allow victims of the gang to recover their files for free. ” reads the NCA’s announcement. on January 5, 2020.

Energy and Utilities

Energy and Utilities Ransomware Manufacturing Agriculture

China-linked APT Volt Typhoon targets critical infrastructure organizations

Security Affairs

MAY 25, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The group also relies on customized versions of open-source tools for C2 communications and stay under the radar.

Communications

Communications Manufacturing Access Archiving

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

FEBRUARY 28, 2024

The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide. ” concludes the report.

Energy and Utilities

Energy and Utilities Military Government Phishing

Siemens Metaverse exposes sensitive corporate data

Security Affairs

APRIL 15, 2023

While metaverse is no longer a buzzword, amid the sudden popularity of ChatGPT and similar AI tools, those virtual worlds are still here, presenting exciting opportunities for companies, users, and, unfortunately, threat actors. More likely, they’ll plug in an infected USB drive that could eventually even lead to ransomware.

IoT

IoT Manufacturing Authentication Ransomware

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

Security Affairs

MAY 7, 2021

As of April 28, the site mentioned nine companies primarily from aviation, financial, education and manufacturing industries. This tool is also used for enabling lateral movement capability with obtained hashes and mimikatz’s sekurlsa::pth. In addition, the group leveraged some custom tools for network reconnaissance.

Ransomware

Ransomware Education Manufacturing Healthcare

New Linux Ransomware BlackSuit is similar to Royal ransomware

Security Affairs

JUNE 3, 2023

According to government experts, the Royal ransomware attacks targeted numerous critical infrastructure sectors including, manufacturing, communications, healthcare and public healthcare (HPH), and education. similarities in jumps based on BinDiff, a comparison tool for binary files.” similarities in blocks, and 98.9%

Ransomware

Ransomware Encryption File names Cybersecurity

China-linked APT Volt Typhoon linked to KV-Botnet

Security Affairs

DECEMBER 13, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The group also relies on customized versions of open-source tools for C2 communications and stay under the radar.

Communications

Communications Manufacturing Education Government

A Russian national charged for committing LockBit Ransomware attacks

Security Affairs

JUNE 16, 2023

In securing the arrest of a second Russian national affiliated with the LockBit ransomware, the Department has once again demonstrated the long arm of the law. We will continue to use every tool at our disposal to disrupt cybercrime, and while cybercriminals may continue to run, they ultimately cannot hide.” law enforcement).

Ransomware

Ransomware Agriculture Education Government

Hackers can hack organizations using data found on their discarded enterprise network equipment

Security Affairs

APRIL 24, 2023

This allowed ESET researchers to identify devices previously used in a data center/ cloud computing business (specifically, a router provisioning a university’s virtualized assets), a nationwide US law firm, manufacturing and tech companies, a creative firm, and a major Silicon Valleybased software developer, among others.”

Authentication

Authentication Marketing Cloud Manufacturing

Generative AI use cases for the enterprise

IBM Big Data Hub

FEBRUARY 13, 2024

Tools such as Midjourney and ChatGPT are gaining attention for their capabilities in generating realistic images, video and sophisticated, human-like text, extending the limits of AI’s creative potential. Harnessing the value of generative AI Generative AI is a potent tool, but how do organizations harness this power?

Artificial Intelligence

Artificial Intelligence Marketing Sales Communications

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

The past week has been a busy one for cybersecurity vulnerabilities, with 34 vulnerable Windows drivers and four Microsoft Exchange flaws heading a long list of security concerns. The Problem: Three flaws discovered by the Kubernetes security community carry CVSS severity scores of 7.6 CVE-2022-4886 (Path Sanitization Bypass): This 8.8-level

Ransomware

Ransomware Authentication Cybersecurity Education

Data security: Why a proactive stance is best

IBM Big Data Hub

JULY 7, 2023

But with a proactive approach to data security, organizations can fight back against the seemingly endless waves of threats. IBM Security X-Force found the most common threat on organizations is extortion, which comprised more than a quarter (27%) of all cybersecurity threats in 2022. Where do data breaches originate?

Security

Security Data breaches Data Privacy Compliance

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

Security Affairs

AUGUST 13, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. Pierluigi Paganini.

Ransomware

Ransomware Encryption Communications Manufacturing

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

Security Affairs

MARCH 25, 2020

The group hit entities in several industries, including the gaming, healthcare, high-tech, higher education, telecommunications, and travel services industries. Unlike other China-based actors, the group used custom malware in cyber espionage operations, experts observed 46 different malware families and tools in APT41 campaigns.

Healthcare

Healthcare Education Manufacturing Government

List of Data Breaches and Cyber Attacks in January 2023 – 277.6 Million Records Breached

IT Governance

FEBRUARY 1, 2023

The new year comes with the promise of fresh beginnings and the promise to revolve the bad habits of our past, but we’ve had no such luck in the cyber security sector. Our research discovered 104 publicly disclosed security incidents, which accounted for 277,618,767 leaked records.

Data breaches

Data breaches Ransomware Insurance Government

The most valuable AI use cases for business

IBM Big Data Hub

FEBRUARY 14, 2024

Creative AI use cases Create with generative AI Generative AI tools such as ChatGPT, Bard and DeepAI rely on limited memory AI capabilities to predict the next word, phrase or visual element within the content it’s generating. Routine questions from staff can be quickly answered using AI.

Artificial Intelligence

Artificial Intelligence Retail Unstructured data Insurance

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Weeks in Cyber Security and Data Privacy: 18 – 31 December 2023

Webinars

Trending Sources

Estonian National charged with helping Russia acquire U.S. hacking tools and electronics

Webinars

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

FBI and CISA warn of attacks by Rhysida ransomware gang

The Week in Cyber Security and Data Privacy: 12 – 18 February 2024

The Week in Cyber Security and Data Privacy: 11 – 18 December 2023

The Week in Cyber Security and Data Privacy: 5 – 11 February 2024

The Week in Cyber Security and Data Privacy: 29 January – 4 February 2024

Researchers Quietly Cracked Zeppelin Ransomware Keys

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs newsletter Round 282

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

China-linked Flax Typhoon APT targets Taiwan

Cybersecurity agencies published a joint LockBit ransomware advisory

Operation Cronos: law enforcement disrupted the LockBit operation

Volvo retailer leaks sensitive files

FBI chief says China is preparing to attack US critical infrastructure

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

Catches of the Month: Phishing Scams for October 2023

City of Dallas shut down IT services after ransomware attack

The IoT Cybersecurity Act of 2020: Implications for Devices

The U.S. CISA and FBI warn of Royal ransomware operation

MITRE and CISA publish the 2021 list of most common hardware weaknesses

Top GRC Tools & Software for 2021

More details about Operation Cronos that disrupted Lockbit operation

China-linked APT Volt Typhoon targets critical infrastructure organizations

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Siemens Metaverse exposes sensitive corporate data

Connecting the Bots – Hancitor fuels Cuba Ransomware Operations

New Linux Ransomware BlackSuit is similar to Royal ransomware

China-linked APT Volt Typhoon linked to KV-Botnet

A Russian national charged for committing LockBit Ransomware attacks

Hackers can hack organizations using data found on their discarded enterprise network equipment

Generative AI use cases for the enterprise

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

Data security: Why a proactive stance is best

CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks

China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

List of Data Breaches and Cyber Attacks in January 2023 – 277.6 Million Records Breached

The most valuable AI use cases for business

Stay Connected