Blog and Information Security - Cyber Security Informer

Determining FedRAMP Risk Impact Levels and Data Security Categories

Security Boulevard

SEPTEMBER 8, 2022

The Federal Information Security Modernization Act of 2002 (FISMA) requires all federal agencies and their contractors to implement. The post Determining FedRAMP Risk Impact Levels and Data Security Categories appeared first on Hyperproof.

Risk

Risk Information Security Data privacy

FISMA Compliance: A Complete Guide to Navigating Low, Moderate, and High Levels

Centraleyes

APRIL 22, 2024

The Federal Information Security Modernization Act (FISMA) establishes a comprehensive strategy for enhancing the cybersecurity posture of federal agencies. This categorization and implementing appropriate security controls are crucial for achieving FISMA compliance. Moderate potential impact from a loss of integrity.

Risk

Risk Information Security Encryption Cybersecurity

DoD Adds Two More (ISC)² Certifications to Requirements for Cybersecurity Staff

CyberSecurity Insiders

JUNE 30, 2021

This means that the entire roster of (ISC)² certifications are now required for different security workforce categories within the Department, depending on the functional area the role covers. The HCISPP has been approved for the following categories: Information Assurance Manager Level 1 (IAM 1). IAM Level II (IAM II).

Cybersecurity

Cybersecurity Healthcare Engineering Government

Black Basta ransomware now supports encrypting VMware ESXi servers

Security Affairs

JUNE 8, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Encryption

Encryption Ransomware Malware Hacking

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Security Affairs

MAY 30, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Scams

Scams Accountability Mobile Hacking

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Security Affairs

MAY 28, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

DDOS

DDOS Malware Phishing Hacking

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Security Affairs

JUNE 6, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking

Hacking Ransomware Cybersecurity Cybercrime

Multiple Microsoft Office versions impacted by an actively exploited zero-day

Security Affairs

MAY 30, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Cybersecurity

Cybersecurity Hacking Information Security Malware

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 25, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Software

Software Hacking Cybersecurity Risk

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Encryption Malware Hacking

GitLab addressed critical account take over via SCIM email change

Security Affairs

JUNE 4, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Accountability

Accountability Hacking Cybersecurity Information Security

Google announced its Mobile VRP (vulnerability rewards program)

Security Affairs

MAY 23, 2023

Please vote for Security Affairs ( [link] ) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini Please nominate Security Affairs as your favorite blog.

Mobile

Mobile Hacking Accountability Cybersecurity

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

Security Affairs

MAY 19, 2022

This year, 17 contestants are attempting to exploit 21 targets across multiple categories. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Hacking

Hacking Cybersecurity Information Security

Reuters: Russia-linked APT behind Brexit leak website

Security Affairs

MAY 28, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Authentication

Authentication Hacking Cybersecurity Accountability

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Security Affairs

MAY 22, 2022

This year, 17 contestants are attempted to exploit 21 targets across multiple categories and Trend Micro and ZDI awarded $1,155,000! Pwn2Own Vancouver 2022 hacking contest ended, it was the 15th edition of the important event organized by Trend Micro’s Zero Day Initiative (ZDI). They wan $270,000 and 27 points during the contest.

Hacking

Hacking Cybersecurity Information Security

Clipminer Botnet already allowed operators to make at least $1.7 Million

Security Affairs

JUNE 3, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Malware Hacking Software

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Security Affairs

JUNE 21, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Authentication

Authentication Hacking Cybersecurity Information Security

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Security Affairs

JUNE 5, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing

Phishing Hacking Accountability Scams

LockBit ransomware attack impacted production in a Mexican Foxconn plant

Security Affairs

JUNE 2, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Manufacturing Cybersecurity Hacking

Pro-Russian hacker group KillNet plans to attack Italy on May 30

Security Affairs

MAY 29, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Banking

Banking Cyber Attacks Media Hacking

US man sentenced to 4 years in prison for his role in Infraud scheme

Security Affairs

MAY 29, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Cybercrime

Cybercrime Hacking Malware Cybersecurity

Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability

Security Affairs

JUNE 13, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Media

Media Government Hacking Cybersecurity

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware DNS Cybercrime Hacking

Unknown APT group is targeting Russian government entities

Security Affairs

MAY 25, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Government

Government Malware Phishing Hacking

DOD ADDS TWO MORE (ISC)² CERTIFICATIONS TO REQUIREMENTS FOR CYBERSECURITY STAFF

CyberSecurity Insiders

JULY 2, 2021

This means that the entire roster of (ISC)² certifications are now required for different security workforce categories within the Department, depending on the functional area the role covers. The HCISPP has been approved for the following categories: Information Assurance Manager Level 1 (IAM 1). IAM Level II (IAM II).

Cybersecurity

Cybersecurity Healthcare Engineering Government

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security Affairs

MAY 25, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Hacking

Hacking Cybersecurity Information Security

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Security Affairs

MAY 30, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Cybercrime

Cybercrime Malware Hacking Cybersecurity

Microsoft seized 41 domains used by Iran-linked Bohrium APT

Security Affairs

JUNE 6, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing

Phishing Manufacturing Education Cybercrime

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer. The vendors are well-intentioned. This delivers the power of speed, choice and relevancy, while delivering ROI on time and investment.

eCommerce

eCommerce Cybersecurity B2B Marketing

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

Security Affairs

MAY 26, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Firewall

Firewall VPN Authentication Cyber Attacks

A Report Template for Incident Response

Lenny Zeltser

SEPTEMBER 13, 2023

I’m happy to share the public version of this template with the community in this blog post. The questions captured in this report template fall into these high-level categories in anticipation of what the report's readers expect to see: What happened and when? What was the root cause? What was and remains to be done?

Data privacy

Data privacy Cybersecurity Information Security

Security Affairs newsletter Round 368 by Pierluigi Paganini

Security Affairs

JUNE 5, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Spyware

Spyware Firmware Ransomware Scams

10 Reasons to Celebrate 2020

McAfee

DECEMBER 10, 2020

During RSA 2020, Cyber Defense Magazine, the industry’s leading electronic information security magazine, named McAfee the Most Innovative Company in its Cloud Security category for McAfee MVISION Cloud. CASB Category Winner. 2020 Gartner Peer Insights Customers’ Choice VOC for Secure Web Gateways.

Policy Compliance

Policy Compliance Technology Information Security Media

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Cybercrime

Cybercrime Education Accountability Phishing

Russia-linked Fronton botnet could run disinformation campaigns

Security Affairs

MAY 23, 2022

The botnet was developed to interact with multiple social media platforms, including Blog Sites, Media Sites, Forums (various engines), Sites (various engines). Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. ” continues the report. To nominate, please visit:?.

DDOS

DDOS Media Hacking Engineering

Black Basta ransomware operators leverage QBot for lateral movements

Security Affairs

JUNE 7, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Backups Malware Firewall

Russian APT28 hacker accused of the NATO think tank hack in Germany

Security Affairs

JUNE 20, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit: . Follow me on Twitter: @securityaffairs and Facebook.

Hacking

Hacking Accountability Malware Cybersecurity

Android pre-installed apps are affected by high-severity vulnerabilities

Security Affairs

MAY 27, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Mobile

Mobile Hacking Cybersecurity Information Security

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Internet

Internet Internet Authentication Hacking

Experts warn of ransomware attacks against government organizations of small states

Security Affairs

MAY 31, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Government

Government Ransomware Cybercrime Banking

Italy announced its National Cybersecurity Strategy 2022/26

Security Affairs

MAY 26, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”) To nominate, please visit:? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cybersecurity

Cybersecurity Cyber threats Technology Government

Malicious apps continue to spread through the Google Play Store

Security Affairs

JUNE 16, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Adware

Adware Antivirus Malware Software

New XLoader Botnet version uses new techniques to obscure its C2 servers

Security Affairs

JUNE 1, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Malware

Malware Hacking Cybersecurity Mobile

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

Authentication

Authentication Healthcare Education Cybersecurity

Determining FedRAMP Risk Impact Levels and Data Security Categories

FISMA Compliance: A Complete Guide to Navigating Low, Moderate, and High Levels

Trending Sources

DoD Adds Two More (ISC)² Certifications to Requirements for Cybersecurity Staff

Black Basta ransomware now supports encrypting VMware ESXi servers

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Multiple Microsoft Office versions impacted by an actively exploited zero-day

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

GitLab addressed critical account take over via SCIM email change

Google announced its Mobile VRP (vulnerability rewards program)

Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000

Reuters: Russia-linked APT behind Brexit leak website

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Clipminer Botnet already allowed operators to make at least $1.7 Million

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

LockBit ransomware attack impacted production in a Mexican Foxconn plant

Pro-Russian hacker group KillNet plans to attack Italy on May 30

US man sentenced to 4 years in prison for his role in Infraud scheme

Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability

Security Affairs newsletter Round 369 by Pierluigi Paganini

Unknown APT group is targeting Russian government entities

DOD ADDS TWO MORE (ISC)² CERTIFICATIONS TO REQUIREMENTS FOR CYBERSECURITY STAFF

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Microsoft seized 41 domains used by Iran-linked Bohrium APT

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

Zyxel addresses four flaws affecting APs, AP controllers, and firewalls

A Report Template for Incident Response

Security Affairs newsletter Round 368 by Pierluigi Paganini

10 Reasons to Celebrate 2020

FBI: Compromised US academic credentials available on various cybercrime forums

Russia-linked Fronton botnet could run disinformation campaigns

Black Basta ransomware operators leverage QBot for lateral movements

Russian APT28 hacker accused of the NATO think tank hack in Germany

Android pre-installed apps are affected by high-severity vulnerabilities

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Experts warn of ransomware attacks against government organizations of small states

Italy announced its National Cybersecurity Strategy 2022/26

Malicious apps continue to spread through the Google Play Store

New XLoader Botnet version uses new techniques to obscure its C2 servers

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Stay Connected