US Sanctions 3 North Korean Hacking Groups

Data Breach Today

government's continuing efforts to highlight the North Korean government's cyberattacks, the U.S. Treasury Department has sanctioned three alleged North Korean hacking groups that have been blamed for the WannaCry ransomware, online bank heists and destructive malware attacks

Russian APT groups target European governments ahead of May Elections

Security Affairs

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. According to experts from FireEye, Russia-linked APT28 (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) and Sandworm Team (also TeleBots ) cyberespionage groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections.

U.S. Sanctions North Korean Group Behind WannaCry, Sony Hacks

Threatpost

Three North Korean threat groups have been sanctioned in the U.S. Government Hacks Andariel bangladesh central bank Bluenoroff hack Lazarus Group North Korea ransomware Sony picture hack SWIFT threat group US us sanctions wannacry attack

Phishing Campaigns Spoof Government Agencies: Report

Data Breach Today

Proofpoint Research Points to More Sophisticated Techniques A newly discovered hacking group is using an array of sophisticated spoofing and social engineering techniques to imitate government agencies, including the U.S.

Chinese APT Group Began Targeting SSL VPN Flaws in July

Data Breach Today

Pulse Secure and Fortinet Released Critical Fixes Months Ago, But Patching Lags A hacking group known as APT5 - believed to be affiliated with the Chinese government - has been targeting serious flaws in Pulse Secure and Fortinet SSL VPNs for more than six weeks, security experts warn.

Access 216

Cyber-Intelligence Firm NSO Group Tries to Boost Reputation

Data Breach Today

Critics Questions Whether Israeli Firm's Moves Will Have an Impact Israel-based cyber-intelligence firm NSO Group, which has been accused of selling technology that enables governments to spy on citizens, is pledging to adopt human rights guidelines developed by the United Nations.

'Fancy Bear' Hacking Group Adds New Capabilities, Targets

Data Breach Today

Russia-Backed APT Groups Compete With Each Other: Report

Data Breach Today

Researchers Find That State-Sponsored Cyberespionage Groups Seldom Share Code APT groups that are backed by the Russian government rarely share code with each other, fostering a competitive landscape, according to a new report.

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Security Affairs

The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. Since August of 2015, the Buhtrap group has conducted 13 successful attacks against financial institutions stealing more than ?1.

Members of Chinese Espionage Group Develop a 'Side Business'

Data Breach Today

Emissary Panda APT group hit Government Organizations in the Middle East

Security Affairs

Chinese Cyber-Spies Target Government Organizations in Middle East. Chinese APT group Emissary Panda has been targeting government organizations in two different countries in the Middle East.

Israel surveillance firm NSO group can mine data from major social media

Security Affairs

The Israeli surveillance firm NSO Group informed its clients that it is able to scoop user data by mining from major social media. The Financial Times reported that the Israeli surveillance firm NSO Group informed its clients that it is able to mine user data from major social media.

Mining 111

Lazarus Group Widens Tactics in Cryptocurrency Attacks

Threatpost

Cryptography Government Malware Web Security apt campaign Cryptocurrency Lazarus Group macos users North Korea South Korea widened tactics WindowsMacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.

EVERTEAM HAS BEEN CHOSEN BY GROUPE PSA TO REDESIGN ITS INFORMATION GOVERNANCE SYSTEM

Everteam

Paris, 10 September, 2019 – Everteam, a leading provider of Enterprise Content management and Information Governance software, announces that it has been selected by Groupe PSA as part of its strategic program to overhaul the information governance system.

Data Governance 2.0: The CIO’s Guide to Collaborative Data Governance

erwin

In the data-driven era, CIO’s need a solid understanding of data governance 2.0 … Data governance (DG) is no longer about just compliance or relegated to the confines of IT. Today, data governance needs to be a ubiquitous part of your organization’s culture.

Chinese Spy Group Mixes Up Its Malware Arsenal with Brand-New Loaders

Threatpost

Government Malware APT10 China espionage loader new malware variants PlugX quasar rat spy groupNew campaigns also show modified versions of known payloads.

IT 108

Microsoft says Russian APT28 espionage group hit Democratic Institutions in Europe

Security Affairs

Microsoft says Russian APT28 group carried out multiple cyberattacks on democratic institutions in Europe between September and December 2018. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Are You Ever Finished With Information Governance?

Weissman's World

We at Holly Group spend our days working with clients to help them improve their Current State of information and move them towards their desired Future State. The post Are You Ever Finished With Information Governance? appeared first on Holly Group.

Details on Uzbekistan Government Malware: SandCat

Schneier on Security

Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers.

Group-IB identifies leaked credentials of 40,000 users of government websites in 30 countries

Security Affairs

Group-IB, an international company that specializes in preventing cyberattacks , has detected more than 40 000 compromised user credentials of online government services in 30 countries around the world. CERT-GIB (Group-IB’s Computer Emergency Response Team) upon identification of this information promptly warned CERTs of the affected countries about the threat so that risks could be mitigated. About the author: Group-IB.

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns

Security Affairs

NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws. APT groups also exploit CVE-2018-13382, CVE-2018-13383, and CVE-2019-1579, in Palo Alto Networks products.

Buckeye APT group used Equation Group tools prior to ShadowBrokers leak

Security Affairs

China-linked APT group tracked as APT3 was using a tool attributed to the NSA-linked Equation Group more than one year prior to Shadow Brokers leak. The APT3 cyberespionage group had been active since at least 2009 and its last operation was uncovered in mid-2017.

EU Mass Surveillance Alive and Well, Privacy Groups Warn

Data Breach Today

Iran-linked Phosphorus group hit a 2020 presidential campaign

Security Affairs

Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35 , Charming Kitten , Newscaster , and Ajax Security Team) a 2020 presidential campaign. government officials, journalists covering global politics and prominent Iranians living outside Iran.”

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement.

Why Information Architecture is VITAL to Information Governance

Weissman's World

Our very own Kevin Parker has written another stellar piece on the importance of information architecture to information governance. The post Why Information Architecture is VITAL to Information Governance appeared first on Holly Group.

OilRig APT group: the evolution of attack techniques over time

Security Affairs

Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. I would define this group of references as reports. Those reports have been divided into 4 timing groups in order to simplify the evaluation process.

Machete cyber-espionage group targets Latin America military

Security Affairs

Security experts from ESET uncovered a cyber-espionage group tracked as Machete that stole sensitive files from the Venezuelan military. Security experts from ESET reported that a cyberespionage group tracked as Machete has stolen sensitive files from the Venezuelan military.

Reimagining Information Governance with Blockchain

Weissman's World

The post Reimagining Information Governance with Blockchain appeared first on Holly Group. Blockchain information governance

APT Groups Exploiting Flaws in Unpatched VPNs, Officials Warn

Threatpost

Government Hacks Vulnerabilities Web Security apt apt5 china state sponsored cybergroup cyberattack Fortinet NSA Palo Alto Networks pule secureand U.K. agencies warn consumers to update VPN technologies from Fortinet, Pulse Secure and Palo Alto Networks.

TA505 group updates tactics and expands the list of targets

Security Affairs

Recent campaigns show t hreat actors behind the Dridex and Locky malware families , the TA505 group, have updated tactics and expanded its target list. TA505 hacking group has been active since 2014 focusing on Retail and banking sectors.

'Highly Active' Seedworm Group Hits IT Services, Governments

Dark Reading

Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses

Creating data governance committees, forums and working groups

Information Management Resources

You may have a data governance forum, data steering group, or something similar. Data governance Data management Data strategyWhatever you call it is not important, it’s who sits on it and what it does that is.

Recent Andariel Group ActiveX Attacks Point to Future Targets

Threatpost

Changes in the group's script may indicate that the hackers may start using attack vectors other than ActiveX. Government Hacks ActiveX ActiveX vulnerability andariel group apt Code Injection Lazarus Group North Korea South Korea zero day

China-Linked APT15 group is using a previously undocumented backdoor

Security Affairs

ESET researchers reported that China-linked cyberespionage group APT15 has been using a previously undocumented backdoor for more than two years. Experts discovered that since December 2016, the APT15 group has been using the previously undocumented backdoor dubbed Okrum.

Hunting the ICEFOG APT group after years of silence

Security Affairs

A security researcher found new evidence of activities conducted by the ICEFOG APT group, also tracked by the experts as Fucobha. The cyber mercenaries were recruited by governments and private companies, it was composed of highly skilled hackers able to conduct sophisticated attacks.

U.S. Government Goes After North Korea’s Joanap Botnet

Threatpost

Government Malware botnet Hidden Cobra joanap botnet Lazarus Group Microsoft Windows North Korea park jin hyokThe Department of Justice is looking to dismantle the Joanap botnet, which has been built and controlled by North Korea-linked hackers since 2009.

5 Steps to Information Governance Success

Weissman's World

To hear some people tell it, the future of information governance is a complex, frightening place to ponder. The post 5 Steps to Information Governance Success appeared first on Holly Group. governance infogov information governance information management

APT40 cyberespionage group supporting growth of China’s naval sector

Security Affairs

A cyber-espionage group, tracked as APT40, apparently linked to the Chinese government is focused on targeting countries important to the country’s Belt and Road Initiative. The cyber-espionage group tracked as APT40 (aka TEMP.

Is Your Information Governance Mostly Sound and Fury?

Weissman's World

” Shakespeare penned these words as a metaphor for life (Macbeth, Act V, Scene V), but they relate equally well to information governance in that organizations often spend more time arguing over the particulars than actually doing much about them. appeared first on Holly Group.