Information Security, Manufacturing and Meeting

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

Security Affairs

NOVEMBER 9, 2020

The Taiwanese electronics manufacture Compal suffered a ransomware attack over the weekend, media blames the DoppelPaymer ransomware gang. It is the second-largest contract laptop manufacturer in the world behind Quanta Computer. Acer, Lenovo, Dell, Toshiba, Hewlett-Packard and Fujitsu. It also licenses brands of its clients.

Manufacturing

Manufacturing Ransomware Computer and Electronics Information Security

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

JANUARY 26, 2023

The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe. ” reads the message published on the leak site.

Military

Military Manufacturing Ransomware Mining

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Thales Cloud Protection & Licensing

APRIL 29, 2024

When enforced, the regulation will mandate manufacturers to prioritize security from the design stage and throughout the product's entire lifecycle. The Act is expected to enter into force in 2024, and manufacturers must apply the rules 36 months after they enter into force.

Compliance

Compliance Cybersecurity Risk Manufacturing

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Boeing confirmed its services division suffered a cyberattack

Security Affairs

NOVEMBER 2, 2023

The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors. Boeing confirmed it is facing a cyber incident that hit its global services division, the company pointed out that flight safety isn’t affected. In 2022, Boeing recorded $66.61

IT

IT Ransomware Manufacturing Military

New California Legislation Adds to Existing Smart Device Labeling Requirements

Hunton Privacy

SEPTEMBER 16, 2022

AB-2392, which has not yet been signed by Governor Newsom, would allow Internet-connected device manufacturers to satisfy existing device labeling requirements by complying with National Institute of Standards and Technology (“NIST”) standards for consumer Internet of Things (“IoT”) products.

Manufacturing

Manufacturing IoT Access Security

LockBit ransomware gang leaked data stolen from Boeing

Security Affairs

NOVEMBER 13, 2023

The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors. A cyber gang with Russian ties, known as Lockbit, claimed in a post on the dark web last week that it would start releasing “sensitive data” if the aerospace and defense giant didn’t meet a ransom demand by Nov.

Ransomware

Ransomware Authentication Manufacturing Sales

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

SEPTEMBER 16, 2020

Over the years, experts observed several attacks employing rootkits that were specifically developed to target the firmware to achieve persistence and bypassing security solutions. The Secure Boot mechanism allows the execution of only software that is trusted by the Original Equipment Manufacturer (OEM). . Pierluigi Paganini.

Security

Security Manufacturing IT Data breaches

Glowworm Attack allows sound recovery via a device’s power indicator LED

Security Affairs

AUGUST 14, 2021

of the virtual meeting (1) which is played by the connected speakers creates changes in the power consumption of the power indicator LED of a (2) connected peripheral (e.g., About 50% of the devices analyzed by the researchers are vulnerable to the Glowworm attack, below is a list of some of the vulnerable manufacturers:?.

Manufacturing

Manufacturing Security IT Information Security

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

However, Macron said that France will favor European providers of 5G technology due to security concerns. The Macron’s announcement comes after the meeting, held in Paris last week, with visiting Chinese Foreign Minister Wang Yi. In July, the French information security agency ANSSI announced that Huawei Technologies Ltd.

IT

IT Military Manufacturing Risk

Unraveling the truth behind the DDoS attack from electric toothbrushes

Security Affairs

FEBRUARY 8, 2024

. “What the Fortinet headquarters in California is now calling a “translation problem” sounded completely different during the research: Swiss Fortinet representatives described the toothbrush case as a real DDoS at a meeting that discussed current threats -Attack described.” ” reads the update provided by the newspaper.

IoT

IoT Cybersecurity Manufacturing Security

Holy Ghost ransomware operation is linked to North Korea

Security Affairs

JULY 15, 2022

The list of victims includes manufacturing organizations, banks, schools, and event and meeting planning companies. The Holy Ghost ransomware gang has been active since June 2021 and it conducted ransomware attacks against small businesses in multiple countries.

Ransomware

Ransomware Encryption Government Manufacturing

Organisations need to prepare for “cyber shocks”

IT Governance

JANUARY 22, 2018

Strengthening digital society against cyber shocks , which analyses key findings from the 2018 Global State of Information Security ® Survey (GSISS), focuses on the effects of massive incidents such as NotPetya and WannaCry. 48% said they don’t have an employee security awareness training programme. What damage can they cause?

Security awareness

Security awareness Information Security Manufacturing Data breaches

Key aerospace player Safran Group leaks sensitive data

Security Affairs

MARCH 15, 2023

It collaborates with Airbus, the second-largest aerospace company globally after Boeing, to manufacture aerospace equipment. Also, the company manufactures surface-to-air defense systems and missiles.

Manufacturing

Manufacturing Access Risk IT

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

NOVEMBER 1, 2021

Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t. Both Remcos and NanoCore are used for information gathering, data exfiltration, surveillance, and control of the victims’ computers. . Victims of the group are located in North America, Europe, and Southeast Asia. .

Healthcare

Healthcare Phishing Manufacturing Government

Australian beverages firm Lion hit for the second time in a few days by a cyber attack

Security Affairs

JUNE 20, 2020

At the time of the first attack, the security breach caused the disruption of manufacturing processes and customer service. ” The Sydney Morning Herald reported. ” According to the media, the Lion’s IT staff is now focusing on defence efforts over restoration from the previous ransomware attack.

Ransomware

Ransomware Manufacturing Marketing Government

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

Security Affairs

SEPTEMBER 23, 2023

MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. million to mitigate the May Royal ransomware attack appeared first on Security Affairs. City of Dallas An image of the ransomware note received by the City of Dallas J.D.

Ransomware

Ransomware Encryption Systems administration Cybersecurity

China-linked APT10 leverages ZeroLogon exploits in recent attacks

Security Affairs

NOVEMBER 18, 2020

Targeted sectors include: Automotive Clothing Conglomerates Electronics Engineering General Trading Company Government Industrial Products Managed Service Providers Manufacturing Pharmaceutical Professional Services. The latest campaign has been active since mid-October in 2019 and appears to be still ongoing. ” Pierluigi Paganini.

Healthcare

Healthcare Archiving Cloud Manufacturing

UNECE Vehicle Regulations: UN R155 & UN R156

ForAllSecure

MARCH 11, 2022

By ensuring that vehicles meet a set of standards for Vehicle Cybersecurity, the UNECE Vehicle Regulations play an important role in improving safety on our roads. Vehicle manufacturers should work with suppliers to ensure the security of vehicles. A critical point in allowing for the free flow of goods across borders.

Cybersecurity

Cybersecurity Manufacturing Compliance Information Security

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Security Affairs

DECEMBER 31, 2021

“The Micron Flex Capacity feature is designed to unleash the true capabilities of storage media by giving IT administrators the ability to tune their SSDs to meet specific workload characteristics such as performance, capacity and endurance.”

Paper

Paper Access Manufacturing Security

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

MILES/CBS NEWS TEXAS The Royal ransomware group is behind the attack and threatens to publish stolen data if the City will not meet its ransom demand. City of Dallas An image of the ransomware note received by the City of Dallas. Source J.D. reads the alert.

Ransomware

Ransomware IT Encryption Education

Russian military plans to replace Windows with Astra Linux

Security Affairs

MAY 31, 2019

Astra Linux is a Debian-based distro developed in Russia by the Scientific/Manufacturing Enterprise Rusbitech RusBITech about ten years ago. “Astra Linux is a RussianLinux -based computer operating system developed to meet the needs of the Russian army, other armed forces and intelligence agencies.

Military

Military Government Manufacturing Data Privacy

NSA and ODNI analyze potential risks to 5G networks

Security Affairs

MAY 12, 2021

The report also highlights the risks for the 5G supply chain such us the introduction of malicious software and hardware, counterfeit components, poor designs, manufacturing processes, and maintenance procedures. 5G system architectures use a growing number of ICT designed to meet increasing data, capacity, and communications requirements.

Risk

Risk Communications Cybersecurity Manufacturing

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

The Last Watchdog

APRIL 30, 2024

in different industries, including energy, manufacturing, and healthcare. The CMMC program includes a progressive framework to ensure vendors meet National Institutes of Standards and Technology (NIST) cybersecurity standards. About the essayist : Joseph Bell is Chief Information Security Officer at Everfox.

Security

Security Cybersecurity Unstructured data Cloud

Vulnerability Management Policy Template

eSecurity Planet

MAY 12, 2023

Our recommendations are independent of any commissions, and we only recommend solutions we have personally used or researched and meet our standards for inclusion. For example, a vulnerability in a wi-fi router firewall configuration may expose Windows 95 machines required to run manufacturing equipment.

Risk

Risk Compliance Security IT

Weekly podcast: Equifax once more, Bristol Airport, Smeg and Mirai creators

IT Governance

SEPTEMBER 20, 2018

Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers’ expectations. Equifax Ltd showed a serious disregard for their customers and the personal information entrusted to them, and that led to today’s fine.”. Well, that’ll do for this week.

Personal data

Personal data Manufacturing Information Security Risk

China Publishes Draft Regulations on Protecting the Security of Key Information Infrastructure

Hunton Privacy

JULY 11, 2017

To be counted as “key information infrastructure,” however, the infrastructure must still meet the criterion that severe endangerment of national security, the national economy and the people’s livelihood and the public interest would result if the infrastructure suffers destruction, loss of functionality or leakage of data.

Energy and Utilities

Energy and Utilities Security Cybersecurity Manufacturing

OCR Provides Insight into Enforcement Priorities and Breach Trends

HL Chronicle of Data Protection

OCTOBER 21, 2019

The tool is intended to help organizations operationalize privacy risk management and meet the requirements of multiple legal frameworks. Its recommendations include the establishment of federal standards for health information security and privacy for health data registries, mobile device manufacturers, and mobile app creators.

Risk

Risk Compliance Privacy Phishing

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

The Riskonnect GRC platform has specific use cases for risk management, information security, compliance, and audit professionals in healthcare, retail, insurance, financial services, and manufacturing. It relies heavily on documenting all efforts to meet relevant standards, usually concerning data protection and privacy.

Compliance

Compliance Risk Government Retail

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

The Riskonnect GRC platform has specific use cases for risk management, information security, compliance, and audit professionals in healthcare, retail, insurance, financial services, and manufacturing. It relies heavily on documenting all efforts to meet relevant standards, usually concerning data protection and privacy.

Compliance

Compliance Risk Government Retail

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

IT Governance

MARCH 11, 2024

Source (New) Transport USA Yes 3,815 Okta Source 1 ; source 2 (Update) Cyber security USA Yes 3,800 Shah Dixit & Associates, P.C. We also found 14 organisations providing a significant update on a previously disclosed incident. Organisation(s) Sector Location Data breached? TB Paysign, Inc.

Data Privacy

Data Privacy Privacy Security Data breaches

White House Proposes Cybersecurity Legislation

Hunton Privacy

MAY 19, 2011

If enacted, this legislation will affect many government and private-sector owners and operators of cyber systems, including all critical infrastructure, such as energy, financial systems, manufacturing, communications and transportation. Puerto Rico and the U.S. Finally, the proposal also seeks to address privacy protection issues.

Cybersecurity

Cybersecurity Risk Privacy Data breaches

Article 29 Working Party and EDPS Release Opinions on the ePrivacy Directive

Hunton Privacy

JULY 29, 2016

According to the Working Party, “take it or leave it” approaches that do not give users free choice regarding processing rarely meet the requirements for freely given consent.

Communications

Communications GDPR Marketing Metadata

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

IT Governance is closing out the year by rounding up 2019’s biggest information security stories. There are plenty of cases where the extent of a breach isn’t known until the information resurfaces years later (as you might recall from Yahoo’s security meltdown ).

Data breaches

Data breaches GDPR Passwords Personal data

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. ” So it’s not surprising that this recording coincided with another major security event. “Hi, Rob.”

IT

IT Manufacturing Government Paper

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. ” So it’s not surprising that this recording coincided with another major security event. “Hi, Rob.”

IT

IT Manufacturing Government Paper

The Hacker Mind: Shattering InfoSec's Glass Ceiling

ForAllSecure

MARCH 8, 2023

What if you are a woman in information security? I’m Robert Vamosi, and in the episode I’m talking about diversity, equality, and inclusion in information security with one of the industries' most successful examples. Very interesting is I have another company called Clarity, which is in the OT security space.

Cloud

Cloud Marketing IT Security

Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition

Security Affairs

MAY 27, 2023

New Buhti ransomware operation uses rebranded LockBit and Babuk payloads New PowerExchange Backdoor linked to an Iranian APT group Dark Frost Botnet targets the gaming sector with powerful DDoS New CosmicEnergy ICS malware threatens energy grid assets D-Link fixes two critical flaws in D-View 8 network management suite Zyxel firewall and VPN devices (..)

Security

Security Ransomware Manufacturing Cybersecurity

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 13, 2020

Meet Stok; he’s one of them. In this episode, Stok talks about his beginnings in enterprise security and his transition into the top tier of bug bounty hunters. And in a moment, you’ll meet one of them. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work.

Communications

Communications IT Security Mining

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 12, 2020

Meet Stok; he’s one of them. In this episode, Stok talks about his beginnings in enterprise security and his transition into the top tier of bug bounty hunters. And in a moment, you’ll meet one of them. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work.

Communications

Communications IT Security Mining

The Hacker Mind Podcast: Bug Bounty Hunters

ForAllSecure

NOVEMBER 12, 2020

Meet Stok; he’s one of them. In this episode, Stok talks about his beginnings in enterprise security and his transition into the top tier of bug bounty hunters. And in a moment, you’ll meet one of them. Vamosi: Like a lot of us, information security wasn’t necessarily our first line of work.

Communications

Communications IT Security Mining

The Hacker Mind Podcast: Hacking Industrial Control Systems

ForAllSecure

APRIL 26, 2022

So there’s a need, a definite need, for information security professionals to have access to industrial control systems -- not virtual, but actual hands on systems -- so they can learn. In a moment I’ll introduce you to someone who is trying to do that--bring ICS equipment to security conferences. That's great.

Energy and Utilities

Energy and Utilities Manufacturing Risk IT

US govt is hunting a Chinese malware that can interfere with its military operations

Security Affairs

AUGUST 1, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Military

Military IT Communications Government

The Hacker Mind Podcast: How To Get Paid To Hack

ForAllSecure

SEPTEMBER 29, 2022

And the rest, they say is this as a reporter, I was in a position to learn as I wrote about information security. So maybe you will start to look at Oh, this manufacturer of puzzles seems to do it almost the same every time because they have this framework that they use with tools tamped down and he looks the same.

Mining

Mining IT Communications Marketing

The Hacker Mind Podcast: DEF CON Villages

ForAllSecure

AUGUST 2, 2022

Anyone who has anyone in the information security community is usually melting under the hot Nevada sun. You know, you know, manufacturers aren't just one person, like, like big companies aren't one person. We're breathing, the mid afternoon monsoons, and from one year there even grasshoppers. I don't want you to miss out.

Computer and Electronics

Computer and Electronics IT Security Mining

Compal, the Taiwanese giant laptop manufacturer hit by ransomware

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Webinars

Trending Sources

The Evolving Legislative and Compliance Landscape: A Roadmap for Business Leaders

Webinars

Boeing confirmed its services division suffered a cyberattack

New California Legislation Adds to Existing Smart Device Labeling Requirements

LockBit ransomware gang leaked data stolen from Boeing

NSA publishes guidance on UEFI Secure Boot customization

Glowworm Attack allows sound recovery via a device’s power indicator LED

France will not ban Huawei from its upcoming 5G networks

Unraveling the truth behind the DDoS attack from electric toothbrushes

Holy Ghost ransomware operation is linked to North Korea

Organisations need to prepare for “cyber shocks”

Key aerospace player Safran Group leaks sensitive data

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Australian beverages firm Lion hit for the second time in a few days by a cyber attack

City of Dallas has set a budget of $8.5 million to mitigate the May Royal ransomware attack

China-linked APT10 leverages ZeroLogon exploits in recent attacks

UNECE Vehicle Regulations: UN R155 & UN R156

How to implant a malware in hidden area of SSDs with Flex Capacity feature

City of Dallas shut down IT services after ransomware attack

Russian military plans to replace Windows with Astra Linux

NSA and ODNI analyze potential risks to 5G networks

GUEST ESSAY: Recalibrating critical infrastructure security in the wake of evolving threats

Vulnerability Management Policy Template

Weekly podcast: Equifax once more, Bristol Airport, Smeg and Mirai creators

China Publishes Draft Regulations on Protecting the Security of Key Information Infrastructure

OCR Provides Insight into Enforcement Priorities and Breach Trends

Top GRC Tools & Software for 2021

Top 10 Governance, Risk and Compliance (GRC) Vendors

The Week in Cyber Security and Data Privacy: 4 – 10 March 2024

White House Proposes Cybersecurity Legislation

Article 29 Working Party and EDPS Release Opinions on the ePrivacy Directive

2019 end-of-year review part 1: January to June

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind: Shattering InfoSec's Glass Ceiling

Security Affairs newsletter Round 421 by Pierluigi Paganini – International edition

The Hacker Mind Podcast: Bug Bounty Hunters

The Hacker Mind Podcast: Bug Bounty Hunters

The Hacker Mind Podcast: Bug Bounty Hunters

The Hacker Mind Podcast: Hacking Industrial Control Systems

US govt is hunting a Chinese malware that can interfere with its military operations

The Hacker Mind Podcast: How To Get Paid To Hack

The Hacker Mind Podcast: DEF CON Villages

Stay Connected