Cyber Security Informer

Securing Public Sector Against IoT Malware in 2024

Security Boulevard

JANUARY 11, 2024

The rapid proliferation of the Internet of Things (IoT) represents vast opportunities for the public sector. Security has often been an afterthought in the design of IoT devices, if a thought at all, and connected devices introduce new vulnerabilities and vectors for attack by the day, if not minute.

IoT

IoT Malware Education Government

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

The Last Watchdog

FEBRUARY 21, 2024

The tech sector has been preaching this for several years, acknowledging the fact that preserving trust, as digital services advance, is proving to be extremely difficult — yet crucial nonetheless. They’re able to connect people through trusted experiences.” Trust has become absolutely paramount in the world,” Nelson observes.

Energy and Utilities

Energy and Utilities IoT Healthcare Manufacturing

MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024

The Last Watchdog

DECEMBER 27, 2023

Solar Winds hack (2020) Supply chain connections for thousands of federal agencies and large enterprises get swiftly, deeply compromised. -• MOVEit hack (2023) File sharing hook-ups for thousands of enterprises get compromised, triggering class action lawsuits. I’ll keep watch and keep reporting.

Cybersecurity

Cybersecurity Cyber Attacks Government Hacking

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

The Last Watchdog

MAY 23, 2022

Modern digital systems simply could not exist without trusted operations, processes and connections. It used to be that trusting the connection between a workstation and a mainframe computer was the main concern. Our smart buildings, smart transportation systems and smart online services are all network-connected at multiple levels.

Digital transformation

Digital transformation Computers and Electronics Cybersecurity Encryption

Pro-Russia hackers target critical infrastructure in North America and Europe

Security Affairs

MAY 2, 2024

Pro-Russia hacktivists have been targeting and compromising small-scale Operational Technology (OT) systems in North American and European Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture Sectors. The malicious activity began in 2022 and is still ongoing. ” reads the joint advisory.

Passwords

Passwords Internet Internet Software

Hackers Seek to Score Against Super Bowl Cyber Defense

SecureWorld News

FEBRUARY 8, 2024

Major sporting events like the Super Bowl face elevated cyber risks due to the proliferation of connected networks and devices used by venues, teams, vendors, media, and attendees. Fans will overwhelm cellular networks while simultaneously connecting to insecure public Wi-Fi networks at hotels, airports, and fan events.

Penetration Testing

Penetration Testing Surveillance Cyber Risk Malware

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Security Affairs

DECEMBER 25, 2023

Microsoft says the APT33 (aka Peach Sandstorm , Holmium , Elfin , and Magic Hound ) Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack against organizations in the Defense Industrial Base (DIB) sector. ” reads the report published by Microsoft. South Korea, and Europe.

Passwords

Passwords Accountability Authentication Malware

News Alert: Utimaco finds regional disparities in consumers’ level of trust in digital security

The Last Watchdog

JULY 10, 2023

Digital connections aren’t just in the mobile devices owned by 66% of the world’s population – they’re in streets, vehicles, traffic systems and in dozens of places throughout our homes. 41% of respondents believe that a connected world would make their everyday lives easier. Today it is everywhere.

Identity Theft

Identity Theft IoT Banking Internet

News alert: Risk Ledger secures £6.25 million to prevent cyber attacks on enterprise supply chains

The Last Watchdog

NOVEMBER 7, 2023

Risk Ledger offers an innovative social network approach to supply chain risk management, allowing organisations to use the platform as both clients and suppliers, able to share with connected organisations a single profile of their controls across 12 security domains, including ESG and financial risk.

Cyber Attacks

Cyber Attacks Risk Financial Services Media

Passwords a Threat to Public Infrastructure

Security Boulevard

MAY 6, 2021

With this year’s World Password Day upon us, it’s high time to take a good look at the critical infrastructure sector and the password-related security vulnerabilities that are in dire need of an update. The post Passwords a Threat to Public Infrastructure appeared first on Security Boulevard. While the Biden.

Passwords

Passwords CISO Risk Government

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Krebs on Security

DECEMBER 13, 2022

Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. InfraGard , a program run by the U.S.

Hacking

Hacking Energy and Utilities Cybercrime Accountability

New Alert: Quantexa, Carahsoft partner to modernize investigative services for federal agencies

The Last Watchdog

JUNE 27, 2023

June 27, 2023 — Quantexa , a global leader in Decision Intelligence (DI) solutions for the public and private sectors, and Carahsoft Technology Corp , The Trusted Government IT Solutions Provider ® , today announced a partnership. Mary Lange, Vice President of Public Relations. New York and Reston, Virg.,

Big data

Big data Artificial Intelligence Government Marketing

U.S. Government Issues an Executive Order for Zero-Trust Architecture

Doctor Chaos

MARCH 8, 2022

Zero trust includes real-time, continuous identity verification for all parties and products connected to a network. ? Some of the largest private companies and public infrastructure systems recently revealed themselves as particularly vulnerable to domestic and foreign interference. Protecting the Public and Leading by Example.

Architecture

Architecture Government Digital transformation Risk

FBI Disrupts Chinese Botnet Targeting U.S. Critical Infrastructure

SecureWorld News

FEBRUARY 1, 2024

The attackers used the network of infected routers to disguise further intrusion attempts into utilities, communications firms, and other critical sectors. Agents proceeded to send commands to infected routers to uninstall malware, sever connections to the botnet, and block further malicious communications.

Energy and Utilities

Energy and Utilities Government Hacking Malware

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader. is a command injection vulnerability in web components of Ivanti Connect Secure (9.x, A remote attacker can trigger the vulnerability to access restricted resources by bypassing control checks.

VPN

VPN Malware Authentication Small Business

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

The FBI has issued a Private Industry Notification (PIN) about cybercriminal actors targeting the food and agriculture sector with ransomware attacks. Ransomware attacks targeting the food and agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain. We had like the keys to the kingdom.

Ransomware

Ransomware Manufacturing Passwords Internet

Adoption of Secure Cloud Services in Critical Infrastructure

CyberSecurity Insiders

OCTOBER 28, 2022

UK’s CPNI agency also lists about 13 sectors or industries which have a significant overlap with the US list, with several industries offering essential public services directly (such as Water, Food, Health) [iv]. This has in several cases, resulted in loss of continuum of public services that are offered to common citizens.

IoT

IoT Architecture Energy and Utilities Firewall

NIST Unveils Cybersecurity Framework 2.0 with Key Upgrades

SecureWorld News

MARCH 5, 2024

of its landmark Cybersecurity Framework (CSF), a comprehensive update aimed at helping organizations better manage and reduce cybersecurity risks across all sectors and sizes. This function connects both the business/organizational aspect to cybersecurity, for relevance and prioritization." Key updates in CSF 2.0

Cybersecurity

Cybersecurity Risk Government Cyber Risk

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

The Last Watchdog

JANUARY 11, 2022

This push is coming from the corporate sector. Even so, for a variety of reasons, healthcare sectors in the U.S. There has long been plenty of patient data from traditional sources; and there’s a rising tide of fresh data pouring in from mobile apps, smart wristwatches and Internet-connected gym equipment. Uphill climb.

Big data

Big data Healthcare Technology Government

Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)

SecureList

DECEMBER 21, 2023

As mentioned in part one of our study that discussed CLFS internals, BLF files are written/read in 0x200 byte sectors , the last two bytes of the sector are used to store the sector signature , and the original bytes are stored in the location specified by the SignaturesOffset field in the block header.

Ransomware

Ransomware Technology Malware

ENISA – The need for Incident Response Capabilities in the health sector

Security Affairs

NOVEMBER 14, 2021

ENISA analyzed the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive. The Agency remarks the need to set up solid Incident Response Capabilities (IRC) in the health sector. ” reads the report. ” concludes the report. ” [link].

Healthcare

Healthcare Artificial Intelligence Cyber threats Big data

‘Ransomed.vc’ in the Spotlight – What is Known About the Ransomware Group Targeting Sony and NTT Docomo

Security Affairs

SEPTEMBER 27, 2023

Notably, the announcement came almost synchronously with the publication of the new leaked data from Sony shedding some light on the precursor of the data breach. Collectively, their activities range from attacks on various governments to the publication of sensitive data from enterprises. released a 2.4

Ransomware

Ransomware Telecommunications Data breaches Government

AI to Aid Democracy

Schneier on Security

APRIL 26, 2023

Public debate may be overwhelmed by industrial quantities of autogenerated argument. could advance the public good, not private profit, and bolster democracy instead of undermining it. This public option is within reach if we want it. options that are both public goods and directed toward public good.

Technology

Technology Government Education Marketing

Access Management is Essential for Strengthening OT Security

Thales Cloud Protection & Licensing

MAY 23, 2022

We have reached the point where highly connected cyber-physical systems are the norm, and the lines between information technology (IT) and operational technology (OT) are blurred. Attacks against the food sector. Healthcare sector. Transportation sector. NEW Cooperative refused to pay the $5.9 This included $91.6

Healthcare

Healthcare Ransomware Authentication Threat Reports

Thousands of Data Center Management Apps Exposed to Internet

eSecurity Planet

FEBRUARY 2, 2022

Researchers with cybersecurity firm Cyble this week said that along with the public-facing data center infrastructure management (DCIM) software, they also found intelligent monitoring devices, thermal cooling management and power monitors for racks vulnerable to cyberattacks. Public-Facing Software a Threat.

Internet

Internet Internet Passwords Software

Iranian Hackers Target U.S. Water Facility

SecureWorld News

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) responded to an active cyberattack on a water facility in western Pennsylvania, shedding light on the exploitation of Unitronics programmable logic controllers (PLCs) within the Water and Wastewater Systems (WWS) sector. The utility's general manager, Robert J.

Energy and Utilities

Energy and Utilities VPN Authentication Passwords

Bridging the IT/OT gap with Tripwire’s Industrial Solutions

Security Boulevard

JUNE 7, 2022

Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. Cybersecurity has, since its inception, been a corporate-based problem.

Cybercrime

Cybercrime Internet Internet Cybersecurity

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

Patch it now! million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8 million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Artificial Intelligence

Artificial Intelligence VPN Hacking Firewall

Cyber threat to Electric Vehicles

CyberSecurity Insiders

MARCH 2, 2022

A recent online survey conducted for Hartford Steam Boiler Inspection and Insurance Company (HSB) suggests that over 74% of prospective owners of Electric Vehicles(EVs) are in a fear that their vehicles might fall prey to ransomware, state funded campaigns and other variants of cyber attack when connected to public charging stations.

Cyber threats

Cyber threats Cyber Attacks Retail Insurance

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Krebs on Security

MARCH 2, 2021

“Hafnium primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs,” Microsoft said.

Internet

Internet Internet Software Education

Iranian Peach Sandstorm group behind recent password spray attacks

Security Affairs

SEPTEMBER 16, 2023

The APT33 group has been around since at least 2013, since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production. The cyber espionage activity attacks are aimed at organizations in the satellite, defense, and pharmaceutical sectors. South Korean, and Europe.

Passwords

Passwords Accountability Authentication Hacking

DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

Security Affairs

FEBRUARY 10, 2023

The joint CSA about ongoing ransomware activity against Healthcare and Public Health Sector organizations and other critical infrastructure sector entities is the result of the collaboration between the United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. .

Ransomware

Ransomware Healthcare Cryptocurrency Government

Auth0 Public Sector Index Shows Governments Struggle to Provide Trustworthy Online Citizen Services

CyberSecurity Insiders

JANUARY 12, 2022

.–( BUSINESS WIRE )– Auth0 , a product unit within Okta (NASDAQ: OKTA), today released the findings of its first Public Sector Identity Index , a global research report that provides government technology leaders with insight into the identity maturity of public sector organizations around the world.

Government

Government Digital transformation Technology Education

Joint Industry statement of support for Consumer IoT Security Principles

Google Security

OCTOBER 25, 2023

Amidst a number of important cybersecurity discussions, we want to highlight progress on connected device security demonstrated by joint industry principles for IoT security transparency. The future of connected devices offers tremendous potential for innovation and quality of life improvements.

IoT

IoT Education Engineering Authentication

Hive Ransomware? Let’s Learn All About It

CyberSecurity Insiders

MAY 19, 2023

By the end of 2022, the education sector had seen increased ransomware attacks. We now know that Hive was behind a couple of those attacks because they leaked the stolen data on their public leak site. When the victim has clicked the link, Hive’s ransomware group gets connected directly to the victim.

Ransomware

Ransomware Encryption Healthcare Education

IoT Security: How Far We've Come, How Far We Have to Go

Dark Reading

DECEMBER 24, 2019

As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.

IoT

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

The College of Lake County (CLC) in Grayslake, IL, commits to using funds received through a Federal grant to convene a group of 50 manufacturing employers to grow the manufacturing sector and expand education and training, including cyber skill development, in the second largest manufacturing county in the state of Illinois.

Manufacturing

Manufacturing Cybersecurity Artificial Intelligence Education

Report: Attackers Move Lightning Fast to Capitalize on Vulnerabilities

SecureWorld News

DECEMBER 18, 2023

According to Qualys, a staggering 25 percent of vulnerabilities were exploited on the day of its publication. The data further shows that 75 percent of vulnerabilities were exploited within 19 days (approximately three weeks) of publication. One-third of high-risk vulnerabilities impacted network devices and web applications.

IoT

IoT Authentication Risk Ransomware

AI Risks

Schneier on Security

OCTOBER 9, 2023

Beneath almost all of the testimony, the manifestoes, the blog posts, and the public declarations issued about AI are battles among deeply divided factions. These factions are in dialogue not only with the public but also with one another. The reality, unfortunately, is quite different. Ruha Benjamin called her organization the Ida B.

Risk

Risk Artificial Intelligence Technology Surveillance

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

The US agency has detected the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023. The attackers gained access to a web server hosting the public-facing application, Zoho ManageEngine ServiceDesk Plus. ” reads the alert published by the US CISA. ” continues the alert.

VPN

VPN Firewall Accountability Cybersecurity

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs

APRIL 27, 2020

The Israeli government has issued an alert to organizations in the water sector following a series of cyberattacks that targeted the water facilities. ” Organizations are recommended to implement supplementary security measures to protect SCADA systems used in the water and energy sectors.

Energy and Utilities

Energy and Utilities Government Cyber Attacks Architecture

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

DECEMBER 24, 2023

LockBit ransomware gang claims to have breached accountancy firm Xeinadin Mobile virtual network operator Mint Mobile discloses a data breach Akira ransomware gang claims the theft of sensitive data from Nissan Australia Member of Lapsus$ gang sentenced to an indefinite hospital order Real estate agency exposes details of 690k customers ESET fixed (..)

Ransomware

Ransomware Mobile Malware Marketing

Daixin Team targets health organizations with ransomware, US agencies warn

Security Affairs

OCTOBER 22, 2022

Healthcare and Public Health sector with ransomware. businesses, mainly in the Healthcare and Public Health (HPH) Sector, with ransomware operations. The actors have then used SSH to connect to accessible ESXi servers and deploy ransomware [ T1486 ] on those servers.” ” reads the alert.

Ransomware

Ransomware VPN Cybercrime Accountability

Regulation roundup part 2: opening the door to more data

BH Consulting

DECEMBER 13, 2022

Allow users of connected devices to gain access to data generated by them, which is often exclusively harvested by manufacturers. The Act will apply to device manufacturers, providers of digital services and connected products (such as the Internet of Things or IoT) as well as public authorities in the EU. Who does it apply to?

IoT

IoT Manufacturing Government Artificial Intelligence

Securing Public Sector Against IoT Malware in 2024

SHARED INTEL: Poll shows companies pursuing ‘Digital Trust’ reap benefits as laggards fall behind

Trending Sources

MY TAKE: Rising geopolitical tensions suggest a dire need for tighter cybersecurity in 2024

MY TAKE: ‘Digital trust’ has a huge role to play mitigating cybersecurity threats, going forward

Pro-Russia hackers target critical infrastructure in North America and Europe

Hackers Seek to Score Against Super Bowl Cyber Defense

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

News Alert: Utimaco finds regional disparities in consumers’ level of trust in digital security

News alert: Risk Ledger secures £6.25 million to prevent cyber attacks on enterprise supply chains

Passwords a Threat to Public Infrastructure

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

New Alert: Quantexa, Carahsoft partner to modernize investigative services for federal agencies

U.S. Government Issues an Executive Order for Zero-Trust Architecture

FBI Disrupts Chinese Botnet Targeting U.S. Critical Infrastructure

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

FBI warns of ransomware threat to food and agriculture

Adoption of Secure Cloud Services in Critical Infrastructure

NIST Unveils Cybersecurity Framework 2.0 with Key Upgrades

MY TAKE: What if Big Data and AI could be intensively focused on health and wellbeing?

Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)

ENISA – The need for Incident Response Capabilities in the health sector

‘Ransomed.vc’ in the Spotlight – What is Known About the Ransomware Group Targeting Sony and NTT Docomo

AI to Aid Democracy

Access Management is Essential for Strengthening OT Security

Thousands of Data Center Management Apps Exposed to Internet

Iranian Hackers Target U.S. Water Facility

Bridging the IT/OT gap with Tripwire’s Industrial Solutions

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Cyber threat to Electric Vehicles

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Iranian Peach Sandstorm group behind recent password spray attacks

DPRK fund malicious cyber activities with ransomware attacks on critical Infrastructure

Auth0 Public Sector Index Shows Governments Struggle to Provide Trustworthy Online Citizen Services

Joint Industry statement of support for Consumer IoT Security Principles

Hive Ransomware? Let’s Learn All About It

IoT Security: How Far We've Come, How Far We Have to Go

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

Report: Attackers Move Lightning Fast to Capitalize on Vulnerabilities

AI Risks

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Hackers targeted ICS/SCADA systems at water facilities, Israeli government warns

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

Daixin Team targets health organizations with ransomware, US agencies warn

Regulation roundup part 2: opening the door to more data

Stay Connected