IT, Military and Risk - Information Management Today

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. The compromise of email servers poses a substantial risk, especially during a conflict such as Russia-Ukraine.

Military

Military Government Access Risk

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

JULY 5, 2022

The top reason, chosen from a proved list of ten, was ‘increased cyber security risks’, followed by the related concern, ‘new and/or increased data privacy regulations’. Context of risk. The Ukraine-Russia war is a grim example of geopolitical risk intersecting with cyber security risk. Cyber in a silo?

Risk

Risk Military Marketing Data Privacy

From Cybercrime Saul Goodman to the Russian GRU

Krebs on Security

FEBRUARY 7, 2024

The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. One representation of the leaked Mazafaka database. As a result, it can be difficult to tell which members are the earliest users.

Military

Military IT Communications Risk

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Maze ransomware operators stole data from US military contractor Westech

Security Affairs

JUNE 6, 2020

Hackers have stolen confidential documents from the US military contractor Westech, which provides critical support for US Minuteman III nuclear deterrent. The post Maze ransomware operators stole data from US military contractor Westech appeared first on Security Affairs. The LGM-30 Minuteman is a U.S. Pierluigi Paganini.

Military

Military Ransomware Encryption Risk

Biden AI Order Enables Agencies to Address Key Risks

Hunton Privacy

OCTOBER 31, 2023

It marks the Biden Administration’s most comprehensive action on artificial intelligence policy, building upon the Administration’s Blueprint for an AI Bill of Rights (issued in October 2022) and its announcement (in July 2023) of securing voluntary commitments from 15 leading AI companies to manage AI risks. New standards.

Risk

Risk Artificial Intelligence Privacy Military

NATO Warns it Will Consider a Military Response to Cyber-Attacks via Information Security Magazine

IG Guru

JUNE 25, 2021

The post NATO Warns it Will Consider a Military Response to Cyber-Attacks via Information Security Magazine appeared first on IG GURU. Check out the article here.

Military

Military Information Security IT Security

Work from Everywhere, Securely

Data Breach Today

SEPTEMBER 23, 2021

military and the private sector. Experienced in building cyber risk and IT security programs with highly effective teams focused on reducing the risks of security breaches, minimizing disruptions to preserve brand reputation and build client confidence. She has more than 30 years of experience in the U.S.

Security

Security Financial Services Military Risk

GAO: Pentagon's Cyber Hygiene Programs Come Up Short

Data Breach Today

APRIL 17, 2020

Defense Department needs to improve its cybersecurity training programs for civilian and military employees to reduce the risks that common security incidents pose, a new audit from the Government Accountability Office finds. Audit Finds DoD Would Benefit From Better Security Training The U.S.

Military

Military Cybersecurity Risk Government

Don’t use AI-based apps, Philippine defense ordered its personnel

Security Affairs

OCTOBER 23, 2023

The Philippine defense warned of the risks of using AI-based applications to generate personal portraits and ordered its personnel to stop using them. The order remarks that these AI-based applications pose significant privacy and security risks. On October 14, Defense Secretary Gilberto Teodoro Jr. issued the order in an Oct.

IT

IT Data collection Phishing Risk

Snatch gang claims the hack of the Department of Defence South Africa

Security Affairs

AUGUST 22, 2023

Snatch gang claims the hack of the Department of Defence South Africa and added the military organization to its leak site. The group claims to have stolen Military contracts, internal call signs and personal data, for a total of 1.6 HENSOLDT is a company specializing in military and defense electronics. TB of data.

Computer and Electronics

Computer and Electronics Military Ransomware Personal data

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 4, 2023

Proofpoint researchers recently reported that a Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. reads the post published by Proofpoint.

IT

IT Military Phishing Passwords

Sweden bans Huawei and ZTE from building its 5G infrastructure

Security Affairs

OCTOBER 21, 2020

The decision is the result of assessments made by the Swedish military and security service. In April 2018, the UK GCHQ intelligence agency warned UK telcos firms of the risks of using ZTE equipment and services for their infrastructure. ” reads a press release published by the Swedish Post and Telecom Authority.

IT

IT Military Manufacturing Risk

Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

The Security Ledger

FEBRUARY 21, 2024

Paul speaks with Gary McGraw of the Berryville Institute of Machine Learning (BIML), about the risks facing large language model machine learning and artificial intelligence, and how organizations looking to leverage artificial intelligence and LLMs can insulate themselves from those risks. The post Episode 256: Recursive Pollution?

Artificial Intelligence

Artificial Intelligence Risk Military Security

Connecticut Tightens its Data Breach Notification Laws

Data Protection Report

OCTOBER 3, 2021

The amendment: Expands the definition of “personal information”; Shortens the notification deadline after discovery of a breach from 90 to 60 days; Removes the requirement to consult with law enforcement as part of a risk assessment; Deems compliant any person subject to and in compliance with HIPAA and HITECH; and. 1] [link]. [2]

Data breaches

Data breaches IT Insurance Passwords

Autoclerk travel reservations platform data leak also impacts US Government and military

Security Affairs

OCTOBER 22, 2019

. “The data Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements to locations around the world, both past and future.” The list of affected users includes the US government, military, and Department of Homeland Security (DHS). .

Military

Military Government Cloud Archiving

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Cybersecurity and Infrastructure Security Agency (CISA) has started a campaign to increase awareness of these risks to U.S.

Cybersecurity

Cybersecurity Military Passwords Education

France will not ban Huawei from its upcoming 5G networks

Security Affairs

SEPTEMBER 1, 2020

Anyway, the French government will not allow the Chinese giant to provide equipment that will be used in protect military bases, nuclear installations and other sensitive and critical infrastructures. However, Macron said that France will favor European providers of 5G technology due to security concerns. Pierluigi Paganini.

IT

IT Military Manufacturing Risk

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Security

Security Military Data breaches Ransomware

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

The Last Watchdog

SEPTEMBER 27, 2021

Assessing the risks involved in using the latest technology is something our culture had to adopt in the early days of the computer. New technologies come with risks — there’s no denying that. military officials hired data analysts to crack the Japanese secret code known as JN-25. After the devastating blow of Pearl Harbor, U.S.

Cybersecurity

Cybersecurity Military Encryption Risk

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

Over the past 20 months, the group targeted at least 30 organizations within 14 nations that are probably of strategic intelligence significance to the Russian government and its military. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Military

Military Government Phishing Authentication

SHARED INTEL: How Russia’s war mongering compromises those holding security clearances

The Last Watchdog

APRIL 19, 2022

While global commerce is an important aspect of the world economy, individuals who hold national security clearances need to be aware that some of the activities they engage in could pose a security risk and may negatively impact their security clearances. Related: Russia takes steps to radicalize U.S. national security secrets. Nerney, Esq.

Security

Security Risk Military Government

Feel Good Ukraine Tractor Story Highlights Ag Cyber Risk

The Security Ledger

MAY 3, 2022

The post Feel Good Ukraine Tractor Story Highlights Ag Cyber Risk appeared first on The Security Ledger with Paul F. Related Stories DEF CON: Security Holes in Deere, Case IH Shine Spotlight on Agriculture Cyber Risk Episode 235: Justine Bone of MedSec on Healthcare Insecurity Episode 234: Rep. The bad news?

Agriculture

Agriculture Risk Military Manufacturing

Pentagon’s Warning on DNA Testing is Applicable to all Consumers

ARMA International

JANUARY 30, 2020

On December 23, Yahoo News [1] reported on a Department of Defense memo [2] warning military personnel that using direct-to-consumer (DTC) DNA testing could pose “personal and operational risks.” Notably, in its opening paragraph, the missive cites “unintended security consequences and increased risk to the joint force and mission.”.

Military

Military Privacy Risk Insurance

The NSA on the Risks of Exposing Location Data

Schneier on Security

AUGUST 6, 2020

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Users should be aware of these risks and take action based on their specific situation and risk tolerance. It's hard to be clandestine in our always connected world.

Risk

Risk Communications IT Security

News Alert: Devo, Cybermindz partner to improve mental health of cybersecurity pros in the U.S.

The Last Watchdog

AUGUST 1, 2023

Cybermindz implements the evidence-based iRest protocol , which has found success within the US Military for almost 20 years and is used to treat conditions like anxiety, depression, and post-traumatic stress. Founded in Australia just over one year ago, Cybermindz entered the U.S. in April to expand its global reach.

Cybersecurity

Cybersecurity Analytics Military Cloud

UK Defence Secretary jet hit by an electronic warfare attack in Poland

Security Affairs

MARCH 15, 2024

” Steadfast Defender 2024 is NATO’s largest military exercise since the Cold War aimed at testing the alliance’s readiness and ability to defend itself across multiple domains. If confirmed an electronic warfare attack hit the jet, but did not impact the safety of the aircraft. ” reads the article published by The SUN.

Communications

Communications Military Risk IT

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS). The group was involved also in the string of attacks that targeted 2016 Presidential election. ” reads trhe announcement published by DKWOC.

Military

Military Government Phishing Access

Ukraine’s SBU said that Russia’s intelligence hacked surveillance cameras to direct a missile strike on Kyiv

Security Affairs

JANUARY 2, 2024

– You see, this is a risk, if this camera was located on some critical infrastructure object, there may be a question of what the employees of that side, the owners of that server see and how they use that information for military purposes. ” reads the announcement published by the SBU.

Military

Military Access Risk Security

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

Cybersecurity US holds conference on military AI use with dozens of allies to determine ‘responsible’ use DFSA’s Cyber Risk Management Guidelines: A Blueprint for Cyber Resilience? Is it a Russia’s weapon? Players hacked during the matches of Apex Legends Global Series.

Security

Security Passwords Military Marketing

NSA releases a guide to reduce location tracking risks

Security Affairs

AUGUST 5, 2020

The United States National Security Agency (NSA) is warning of risks posed by location services for staff who work in defence or national security. The United States National Security Agency (NSA) published a new guide to warn of the risks posed by location services for staff who work in defence or national security.

Risk

Risk Communications Security IT

When Your Smart ID Card Reader Comes With Malware

Krebs on Security

MAY 17, 2022

” The card reader Mark bought was sold by a company called Saicoo , whose sponsored Amazon listing advertises a “DOD Military USB Common Access Card (CAC) Reader” and has more than 11,700 mostly positive ratings. government smart cards. .” Windows suggested consulting the vendor’s website for newer drivers.

Government

Government Military Access Security

Nation-state malware could become a commodity on dark web soon, Interpol warns

Security Affairs

MAY 24, 2022

In the ongoing conflict between Russia and Ukraine, the malware developed by both nation-state actors and non state actors represents a serious risk for critical infrastructure and organizations worldwide. Threat actors could perform reverse engineering of military-made malicious code and use their own versions in attacks in the wild.

Military

Military Government Communications Security

Internet Backbone Giant Lumen Shuns.RU

Krebs on Security

MARCH 8, 2022

” “We decided to disconnect the network due to increased security risk inside Russia,” the statement continues. Monroe, La. But on Tuesday the company said it could no longer justify that stance. “The business services we provide are extremely small and very limited as is our physical presence. ru) from the Internet.

Military

Military Government Risk Business Services

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The French agency noticed that the threat actors used different techniques to avoid detection, including the compromise of low-risk equipment monitored and located at the edge of the target networks. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems.

Military

Military Phishing Government Security

Defense contractor Belcan leaks admin password with a list of flaws

Security Affairs

AUGUST 22, 2023

The most significant risk is state-sponsored advanced persistent threats (APT) driven by political and military objectives such as espionage, influence, or proxy warfare. Do you want to know why this leak poses a risk to the whole supply chain?

Passwords

Passwords Military Manufacturing Analytics

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

The Security Ledger

NOVEMBER 11, 2019

We're joined by Terry Dunlap the co-founder of ReFirm Labs to talk about why software supply chain risks. » Related Stories From China with Love: New York Firm sold millions in PRC Surveillance Gear to US Government, Military Episode 165: Oh, Canada! Read the whole entry. » In the meantime, the U.S.

Risk

Risk Military Government Manufacturing

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

The Last Watchdog

MAY 13, 2020

To make an impact, they must be able to address the audience in accessible business language and in risk language. Related: Why U.S. cybersecurity policy needs to match societal values CISOs must preserve and protect their companies in a fast-changing business environment at a time when their organizations are under heavy bombardment.

Security

Security Cybersecurity Military Risk

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Krebs on Security

OCTOBER 12, 2020

military’s Cyber Command carried out its own attack that sent all infected Trickbot systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control them. . However, it appears the operation has not completely disabled the botnet. Image: Microsoft.

Ransomware

Ransomware Military Passwords IT

Russia-linked Cold River APT targeted US nuclear research laboratories

Security Affairs

JANUARY 9, 2023

The researchers uncovered a phishing campaign conducted by the COLDRIVER (aka Calisto ) APT against a NATO Centre of Excellence and Eastern European militaries. Google experts pointed out that this is the first time that the cyber spies target NATO and the military of multiple Eastern European countries. labs occurred as U.N.

Military

Military Phishing Cybersecurity Passwords

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

Krebs on Security

SEPTEMBER 28, 2021

military computers in history” was traced back to a USB flash drive left in the parking lot of a U.S. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page — or to any other malicious website. But your average Good Samaritan might not know this.

Phishing

Phishing Communications Military Risk

News alert: Lumifi seeking to acquire MDR cybersecurity firms to accelerate growth

The Last Watchdog

OCTOBER 24, 2023

Security and risk management leaders must rethink their balance of investments across technology, structural, and human-centric elements as they design and implement their cybersecurity programs.” based cybersecurity analysts and former military and DoD experts. Scottsdale, Ariz.,

Cybersecurity

Cybersecurity Artificial Intelligence Military Risk

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

FEBRUARY 10, 2020

drone attack that killed Iranian military commander Qassem Suleimani. Immediately following Iran’s counterstrike against American military posts in Iraq, a tweet circulated claiming that more than 20 American soldiers had been killed. Cyberwar could be a life disrupter as well as a business killer. We’re all connected.

IT

IT Passwords Phishing Military

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

MiCODUS is used today by 420,000 customers in multiple industries, including government, military, law enforcement agencies, and Fortune 1000 companies. However, such functionality can introduce serious security risks. Data such as supply routes, troop movements, and recurring patrols could be revealed by exploiting these flaws-.

Passwords

Passwords Manufacturing Military Authentication

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. TAG sent a above average batch of government-backed security warnings yesterday. Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing Military Government Security

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

Webinars

Trending Sources

From Cybercrime Saul Goodman to the Russian GRU

Webinars

Maze ransomware operators stole data from US military contractor Westech

Biden AI Order Enables Agencies to Address Key Risks

NATO Warns it Will Consider a Military Response to Cyber-Attacks via Information Security Magazine

Work from Everywhere, Securely

GAO: Pentagon's Cyber Hygiene Programs Come Up Short

Don’t use AI-based apps, Philippine defense ordered its personnel

Snatch gang claims the hack of the Department of Defence South Africa

CISA adds Zimbra bug exploited in attacks against NATO countries to its Known Exploited Vulnerabilities catalog

Sweden bans Huawei and ZTE from building its 5G infrastructure

Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

Connecticut Tightens its Data Breach Notification Laws

Autoclerk travel reservations platform data leak also impacts US Government and military

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

France will not ban Huawei from its upcoming 5G networks

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

GUEST ESSAY – Notable events in hacking history that helped transform cybersecurity assessment

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

SHARED INTEL: How Russia’s war mongering compromises those holding security clearances

Feel Good Ukraine Tractor Story Highlights Ag Cyber Risk

Pentagon’s Warning on DNA Testing is Applicable to all Consumers

The NSA on the Risks of Exposing Location Data

News Alert: Devo, Cybermindz partner to improve mental health of cybersecurity pros in the U.S.

UK Defence Secretary jet hit by an electronic warfare attack in Poland

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Ukraine’s SBU said that Russia’s intelligence hacked surveillance cameras to direct a missile strike on Kyiv

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

NSA releases a guide to reduce location tracking risks

When Your Smart ID Card Reader Comes With Malware

Nation-state malware could become a commodity on dark web soon, Interpol warns

Internet Backbone Giant Lumen Shuns.RU

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Defense contractor Belcan leaks admin password with a list of flaws

Episode 167: Made in America? Trade Tensions highlight Supply Chain Risk

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Russia-linked Cold River APT targeted US nuclear research laboratories

Apple AirTag Bug Enables ‘Good Samaritan’ Attack

News alert: Lumifi seeking to acquire MDR cybersecurity firms to accelerate growth

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Google warns of APT28 attack attempts against 14,000 Gmail users

Stay Connected