Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Cybercriminals Have a Heyday with WinRAR Bug in Fresh Campaigns

Threatpost

With new attacks on the Israeli military and social-work educators, exploitation of the 19-year-old flaw shows no signs of slowing down. Vulnerabilities Web Security active exploits backdoor campaigns FireEye in the wild israeli military vulnerability WinRAR

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Security Affairs newsletter Round 253

Security Affairs

The best news of the week with Security Affairs. Google sued by New Mexico attorney general for collecting student data through its Education Platform. European Commission has chosen the Signal app to secure its communications. A new round of the weekly newsletter arrived!

China Issues Draft Data Security Law

Hunton Privacy

China has lacked a comprehensive data protection and data security law that regulates in detail requirements and procedures relating to the collection, processing, control and storage of personal data. Promotion of Data Usage While Maintaining Data Security.

Ministry of Defence academy hit by state-sponsored hackers

Security Affairs

The Defence Academy of the United Kingdom provides higher education for personnel in the British Armed Forces, Civil Service, other government departments and service personnel from other nations. If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

US Agencies and FireEye were hacked with a supply chain attack on SolarWinds Software

Security Affairs

The cyber espionage group has tampered with updates released by IT company SolarWinds, which provides its products to government agencies, military, and intelligence offices, two people familiar with the matter told the Reuters agency. .

Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy

Security Affairs

Included in the breaches were Italy’s National Research Center , The Institute for Education Technologies , the ILIESI Institute for the European Intellectual Lexicon , National Mining Office for Hydrocarbons and Geo-resources , Ministry of Economic Development , State Police Association , Fratelli D’Italia , Lega Nord Trentino , Partito Democratico Siena , TV Trentino , Technapoli Equitalia , State Archives S.I.A.S. Military Personnel.

Symantec uncovered the link between China-Linked Thrip and Billbug groups

Security Affairs

Experts at Symantec first exposed the activity of the Chinese-linked APT Thrip in 2018, now the security firm confirms that cyber espionage group has continued to carry out attacks in South East Asia. The group has continued launching attacks against entities in Southeast Asia, including military, satellite communications, media and educational organizations. Security experts at Symantec speculate that Thrip is a sub-group of Billbug.

Group-IB Hi-Tech Crime Trends 2020/2021 report

Security Affairs

For IT directors, heads of cybersecurity teams, SOC analysts, and incident response specialists, the report Hi-Tech Crime Trends 2020/2021 is a practical guide for strategic and tactical planning and offers analytical instruments that help adjust and fine-tune corporate security systems.

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

Snyder says his experience as head of Gateway Computers and as an investor in tech security startups, prior to entering politics, gave him an awareness of why putting Michigan ahead of the curve, dealing with cyber threats, would be vital. “I Given his tech background, Snyder foresaw that any drive to revitalize and diversify Michigan’s economy could only truly work if business networks generally got a lot more secure than they were at that time.

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Security Affairs

CENTCOM requisition form for use of military aircraft. We predict that this problem is likely to get worse as more companies add sandboxing to their security pipeline, underscoring the importance of educating employees now.” Malware Analysis Sandboxes could expose sensitive data of your organization appeared first on Security Affairs.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. This could be in high security areas, relating to the government or military, or you might be in different countries, where secure Internet connections are not available. You need to rely on external storage to securely transport your data.

Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

Security Affairs

The STRONTIUM APT group (aka APT28 , Fancy Bear , Pawn Storm , Sofacy Group , and Sednit ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. “In April, security researchers in the Microsoft Threat Intelligence Center discovered infrastructure of a known adversary communicating to several external devices.” link] #MSFTatBlackHat — Security Response (@msftsecresponse) August 5, 2019.

IoT 66

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

The groups targeted organizations in the business services, financial, health, retail/consumer, aero-military, engineering and manufacturing, government, education, transportation, and utilities industries. orgs with 3 malware appeared first on Security Affairs.

Vermont’s Amendments to Data Breach Law and New Student Privacy Law Effective July 1, 2020

Hunton Privacy

Security Breach Notice Act. Expand the definition of a breach to include login credentials, meaning “a consumer’s user name or e-mail address, in combination with a password or an answer to a security question, that together permit access to an online account.” Security Breach U.S.

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ, as part of the celebration of its centenary , has released emulators for World War II cipher machines that can be executed in the encryption app CyberChef released for educational purposes. The GCHQ developed emulators for Enigma, Typex and the Bombe that could be executed in the CyberChef , The Enigma machines were used by the German military to protect communications during the Second World War. Security Affairs – GCHQ , CyberChef ).

Attention U.S. Veterans: The CIP Exam Has Been Approved for Reimbursement Under the GI Bill

AIIM

I am very pleased to announce that the Certified Information Professional (CIP) exam has been approved for reimbursement under the Veterans Education Benefit program for Licensing and Certification reimbursements administered by the U.S. When I got out of the Marine Corps, I wasn't sure what I wanted to do, but I knew that I had the GI Bill to help fund my education and professional development.

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Security Affairs

Later, security experts from McAfee reported that attackers are continuing in exploiting the WinRAR flaw, they identified more than “100 unique exploits and counting” in the first week since the vulnerability was publicly disclosed. This campaign was carried out by threat actors impersonating an educational accreditation council to hit users in the United States. The post WinRAR CVE-2018-20250 flaw exploited in multiple campaigns appeared first on Security Affairs.

The U.S. Innovation and Competition Act: Senate Passes Sweeping $250 Billion Bill to Bolster Scientific Innovation and Compete With China

Data Matters

semiconductor production, scientific research, development of artificial intelligence, and space exploration in the face of growing economic, technological, and military competition from China. Beyond investments in scientific research and development, the bill includes various national security measures designed to thwart cyberattacks, foreign infiltration of domestic supply chains, and exfiltration of U.S. Cybersecurity National Security Policy

ROUNDTABLE: Experts react to President Biden’s exec order in the aftermath of Colonial Pipeline hack

The Last Watchdog

While some of the measures stipulated in the order are considered table stakes like multi-factor authentication, the fact that the order exists will help to raise the collective security posture of products and services. Keatron Evans, principal security researcher, Infosec Institute. President Biden’s executive order sets clear asks and timelines for an up-to-date, modern cyber security approach. Deepika Gajaria , vice president of product, Tala Security.

It’s Time to Combine Security Awareness and Privacy Awareness

MediaPro

He’s got info security folks requiring him to take annual training, posting educational videos, and sending simulated phishing email all the time. But when it gets right down to it, Bob doesn’t understand quite where security ends and privacy begins. When he asks, the privacy and security folks are perfectly happy to go on at length about how different their two domains are—but it often sounds like an old Miller Lite beer ad: “Tastes great!”

Jen Easterly Takes Charge of CISA At Black Hack USA 2021

ForAllSecure

The new Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, opened Day 2 of Black Hat USA 2021 with a remote presentation on Hacking the Cybersecurity Puzzle. The Cybersecurity and Infrastructure Security Agency is relatively new.

We Can Do It!: World War II Posters at the Still Picture Branch

Unwritten Record

The messages range from the promotion of Victory Gardens to recruitment for the various branches of the military. posters recruiting for the military, and promotion of the war effort on the homefront. “We Can Do It!” ” 179-WP-1563, NAID: 535413.

List of data breaches and cyber attacks in August 2020 – 36.6 million records breached

IT Governance

There were a massive 99 data breaches and cyber attacks in August, making it the third-biggest monthly total of the year by number of security incidents.

What is personal information under the CCPA?

Collibra

Characteristics of protected classifications under California or federal law such as race, ancestry, national origin, religion, age, mental and physical disability, sex, sexual orientation, gender identity, medical condition, genetic information, marital status, or military status.

First Cyber Defence & Information Assurance courses to receive CILIP accreditation

CILIP

As with our information and knowledge Learning Providers, these degrees have been judged against the Professional Knowledge and Skills Base tool (PKSB) and demonstrate the breadth of experience and attributes required for a skilled information professional in the security sector? Cranfield has always been at the forefront of Defence and Security. First Cyber Defence & Information Assurance courses to receive CILIP accreditation.

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

Both were well-equipped to teach, test and train individuals ranging from teen-agers and non-technical adults, to working system administrators and even seasoned tech security pros. His task was to lead a team of students in improving the security posture of a fully mocked-up city network, called Alphaville, pumped into his high school lab courtesy of Merit. Veterans have an inclination to continually defend their country, and many have security clearances, he says. “We

Have We Become Apathetic About Breaches?

Thales Cloud Protection & Licensing

An incensed population began to demand companies secure their personal information, because the consumerization of the threat was a clear and present danger. One such example is the recent disclosure that military personnel wearing Strava devices are revealing highly sensitive information about their locations and activities. With more sophisticated attacks and the ensuing damage, why are people seemingly not more concerned about securing their data? Data security

IoT 75

List of data breaches and cyber attacks in April 2021 – 1 billion records breached

IT Governance

It was another busy month in the cyber security sector, as we discovered 143 incidents that resulted in 1,098,897,134 breached records. discloses security incident (unknown) St.

Government By Numbers: Some Interesting Insights

John Battelle's Searchblog

Examples include identity (from driver’s licenses and SSNs to Visa, MasterCard, Amex, and Facebook), delivery of important information and items (from the Post Office to Telcos, Internet, and FedEx and UPS), and protection (outsourcing both prisons and military jobs to private companies). Not to mention retirement (from Social Security to 401ks, etc.). Let’s take a look at some detail: Ahh… Education. Now, education is, in the main, a government enterprise.

Cyber is Cyber is Cyber

Lenny Zeltser

Information security? Computer security, perhaps? If we examine the factors that influence our desire to use one security title over the other, we’ll better understand the nature of the industry and its driving forces. Until recently, I’ve had no doubts about describing my calling as an information security professional. This might be because the industry continues to embrace the lexicon used in government and military circles, where cyber reigns supreme.

Spotlight: Operationalizing Deep Web and Dark Web Intelligence

The Security Ledger

Chris and I talk about how companies like Flashpoint monitor the dark web for intelligence and, then, how companies are able to operationalize that intelligence as part of their security and incident response programs. » Related Stories Spotlight Podcast: Flashpoint’s Allison Nixon on SIM Swapping and the Looming Online Identity Crisis Taking the Long View of Breach Fallout Analysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top Targets.

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

Data Matters

Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority (FINRA) recently published their examination priorities (together, the Examination Priorities) for the 2020 calendar year. OCIE also will focus on recommendations and advice provided to retail investors, with a particular emphasis on seniors, retirees, teachers and military personnel, as well as products that the SEC considers higher risk (e.g.,

Q&A: Cloud Providers and Leaky Servers

Thales Cloud Protection & Licensing

Hope isn’t considered a best security practice. A: AWS, Cloud Security Alliance, every analyst and every other cloud provider talks about “shared responsibility” for data security. This means that the customer is ultimately responsible for data security. A major driver to move to the cloud is to reduce capital and operations costs, but customers have to remember that they own data security and typically can’t transfer that liability. Data security

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Or maybe, just maybe back in 2014, West Point and other military service academies, are on to something really important.

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Or maybe, just maybe back in 2014, West Point and other military service academies, are on to something really important.

ForAllSecure Launches The Hacker Mind Podcast

ForAllSecure

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Or maybe, just maybe back in 2014, West Point and other military service academies, are on to something really important.

Victory at Yorktown

Unwritten Record

Between two lines of soldiers, one American and the other French, the British and Hessian soldiers proceed to an open field, known today as “Surrender field” to lay down their arms or “ground their firelocks,” in 18th-century military language.

The Hacker Mind Podcast: Shall We Play A Game?

ForAllSecure

Vamosi: Today, John has taken his juvenile curiosity in breaking things down to become a security researcher with Huntress Labs. Hammond: As a security researcher, I am hierarchically in their Threat OPs department. So, that’s the military.

The Hacker Mind Podcast: Shall We Play A Game?

ForAllSecure

Vamosi: Today, John has taken his juvenile curiosity in breaking things down to become a security researcher with Huntress Labs. Hammond: As a security researcher, I am hierarchically in their Threat OPs department. So, that’s the military.