Government and Network Security - Cyber Security Informer

Hackers Exploiting Microsoft Flaw to Attack Governments, Businesses

Security Boulevard

JULY 21, 2025

The post Hackers Exploiting Microsoft Flaw to Attack Governments, Businesses appeared first on Security Boulevard. It also gives them persistence in the systems even after reboots and updates.

Government

Government Data privacy Security Awareness Mobile

Critical Infrastructure Seeing Benefits of Government Program, CISA Says

Security Boulevard

JANUARY 14, 2025

CISA in two years has seen the number of critical infrastructure organizations signing up for its CPG services double, which has improved the overall security in most sectors, but more needs to be done to strengthen what has become a target adversarial state-sponsored threat groups.

Government

Government Security Awareness Risk Malware

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures.

Telecommunications

Telecommunications Government Mobile Cyber threats

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Security Affairs

FEBRUARY 27, 2025

. “The timing of the attack was especially unfortunate, as we were in the midst of a major recruitment drive following the previous government’s decision to almost double our workforce,” an anonymous intelligence source told Le Soir. “We thought we had bought a bulletproof vest, only to find a gaping hole in it.”

Malware

Malware Government Hacking Phishing

Top 9 Trends In Cybersecurity Careers for 2025

eSecurity Planet

OCTOBER 18, 2024

Security Administrator In addition to identifying vulnerabilities and, in general, enforcing the organization’s security posture, security administrators or managers also manage the security and/or information systems team. Network giant Cisco Systems Inc. Salary: $150,000 to $225,000, Mondo.

Cybersecurity

Cybersecurity Artificial Intelligence Penetration Testing CISO

China, Russia, North Korea Hackers Exploit Windows Security Flaw

Security Boulevard

MARCH 20, 2025

Amost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. The post China, Russia, North Korea Hackers Exploit Windows Security Flaw appeared first on Security Boulevard.

Government

Government Social Engineering Engineering Malware

Huge Leak of Customer Data Includes Military Personnel Info

Security Boulevard

NOVEMBER 25, 2024

EnamelPins, which manufactures and sells medals, pins, and other emblematic accessories, for months left open an Elasticsearch instance that exposed 300,000 customer emails, including 2,500 from military and government personnel. The post Huge Leak of Customer Data Includes Military Personnel Info appeared first on Security Boulevard.

Manufacturing

Manufacturing Government Security Awareness Phishing

UK Cybersecurity Weekly News Roundup – 9 March 2025

Security Boulevard

MARCH 9, 2025

With a background in IT and a Master's degree in computer science, Masrani secured an internship and later a full-time position at AWS, focusing on data and network security. The breach highlights vulnerabilities in ticketing platforms and the need for robust cybersecurity measures to protect consumer interests.

Cybersecurity

Cybersecurity Engineering Big data Cryptocurrency

MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’

Security Boulevard

APRIL 16, 2025

government funding for the Common Vulnerabilities and Exposures program expires April 16. The post MITRE Crisis: CVE Cash Ends TODAY CISA says No Lapse appeared first on Security Boulevard. These are interesting times: U.S.

Government

Government Data privacy Technology IoT

Why I Refused to Say “People Are the Weakest Link in Cyber”

Jane Frankland

JUNE 24, 2025

And today, with an increasing volume of digital challenges – from malicious to mistakes and malfunction, it’s vital we move beyond this narrative and focus on governance and empowerment instead. But a governance issue that sits squarely with those who lead. a failure of governance. The good news? Change is happening.

Cyber Risk

Cyber Risk Security Awareness Risk Government

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

VPN Infrastructures Allure for Threat Actors PNs have become a fundamental part of network security for organizations worldwide, enabling secure remote access to systems, encrypting sensitive data during transmission, and protecting internal networks from unauthorized access.

VPN

VPN Authentication Ransomware Risk

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

Security Affairs

DECEMBER 5, 2024

Secret Blizzard and Storm-0156 chain of compromise – Source Microsoft The Russia-linked threat actor used Storm-0156 C2 infrastructure to target Afghan government entities, including the Ministry of Foreign Affairs and intelligence agencies. The threat actor was able to download their tools to compromised devices.

Penetration Testing

Penetration Testing Hacking Government Network Security

FDA Playbook Engineers Safety Into Medical Device Manufacturing

SecureWorld News

JUNE 25, 2025

The shift toward a secure-by-design philosophy reflects broader federal cybersecurity guidance and is echoed in frameworks from U.S. As an industry , there is a need to unleash innovation by defining new ways to manufacture these devices keeping in mind security and technological advancements in the era of accelerating risk.

Manufacturing

Manufacturing Engineering Healthcare Risk

Q&A: Cybersecurity in ‘The Intelligent Era’

IT Security Guru

MARCH 26, 2025

At an individual level, this will change how we interact with each other as citizens, with our governments, perform our jobs and consume goods and services. Therefore, the cybersecurity community must upskill in network security, threat detection, post-quantum ready encryption, and uncovering vulnerabilities to minimise zero-day scenarios.

Cybersecurity

Cybersecurity Encryption Threat Detection Authentication

Key Cybersecurity Trends for 2025. My Predictions

Jane Frankland

JANUARY 12, 2025

These policies emphasise consumer data protection, network security, and incident reporting. UAEs Comprehensive Cybersecurity Policies The UAE Cybersecurity Council is spearheading new initiatives targeting key areas like cloud computing security, IoT device protections, and cybersecurity operation centers.

Cybersecurity

Cybersecurity CISO Insurance IoT

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

This information was disseminated, making the vulnerable systems high-visibility targets for threat actors, especially as Fortinet products are commonly found in government, healthcare, and other critical sectors. Fortinet products are integral to many organizations’ network security. Why does it matter?

Internet

Internet Internet Risk Social Engineering

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

Structured learning paths cover essential skills in network security implementation and monitoring system setup, giving users real-world experience with the tools and techniques required for CMMC compliance. demands a structured approach to implementation and preparation.

Password Management

Password Management Architecture Threat Detection Cybersecurity

China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws

Security Affairs

FEBRUARY 14, 2025

China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) and has been active since at least 2019 and targeted government entities and telecom companies. In December, Lumen announced that the Salt Typhoon APT group, was locked out of its network, TechCrunch reported. reads the joint advisory.

Telecommunications

Telecommunications Government Hacking Internet

China-linked Salt Typhoon APT compromised more US telecoms than previously known

Security Affairs

JANUARY 6, 2025

China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) and has been active since at least 2019 and targeted government entities and telecom companies. Lumen last week announced that the Salt Typhoon APT group, was locked out of its network, TechCrunch reported. reported Bloomberg. reads the joint advisory.

Telecommunications

Telecommunications Government Hacking Data breaches

The Network Security Business System of Low-altitude Economy

Security Boulevard

FEBRUARY 1, 2025

Previous post on security risks of low-altitude Economy: [link] How to construct a comprehensive network security business system in the field of low-altitude economy? The purpose of network data security is to prevent leakage, resist attack and protect system and privacy.

Network Security

Network Security Cyber Attacks Risk CISO

China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm

Security Affairs

DECEMBER 29, 2024

China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) and has been active since at least 2019 and targeted government entities and telecom companies. The government of Bejing denied responsibility for the hacking campaign. ” reported Bloomberg. reads the joint advisory. continues the advisory.

Telecommunications

Telecommunications Government Hacking Cyber threats

Cybersecurity Certifications: The Key to Advancing Your Career in 2025

SecureWorld News

FEBRUARY 27, 2025

Further classifications may be based on your area of specialization, which can include network security, ethical hacking, cloud security, and more. Security+ by CompTIA: Another highly useful certification for beginners, Security+ focuses on the key principles required to achieve network security.

Cybersecurity

Cybersecurity Information Security Penetration Testing Backups

Who is Hero?

Security Boulevard

JUNE 26, 2025

Social Engineering

Social Engineering Data privacy Security Awareness Mobile

2025 Cybersecurity Predictions: Not Getting Easier; But There is Hope

SecureWorld News

DECEMBER 27, 2024

Zero Trust isn't just a framework anymoreit's becoming a baseline expectation for securing modern enterprises.' Greater Collaboration Between Governments and the Private Sector: Initiatives to share threat intelligence will strengthen, fostering a collective defense strategy against increasingly sophisticated cyber adversaries.

Cybersecurity

Cybersecurity CISO Government Risk

Combatting the Security Awareness Training Engagement Gap

Security Boulevard

JANUARY 1, 2025

Despite years of security awareness training, close to half of businesses say their employees wouldnt know what to do if they received a phishing email. According to a US government-backed study, one of the main reasons for the lack of impact of cyber security training is waning engagement and growing indifference.

Security Awareness

Security Awareness Phishing Government Network Security

Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1

Security Boulevard

APRIL 16, 2025

This research led to the discovery of new ToneShell variants and several previously undocumented tools.

Encryption

Encryption Malware Accountability Government

What Is Single Sign-On (SSO)?

eSecurity Planet

FEBRUARY 6, 2025

In addition, as most network breaches occur through stolen or hacked passwords, multi-factor authentication and network access controls increasingly complement single sign-on. Finally, MFA is often a requirement for regulated data as a way of satisfying government mandates.

Authentication

Authentication Passwords Mobile Encryption

Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods

Security Boulevard

APRIL 4, 2025

In addition to the six critical security controls, SANS also offers advice for deploying AI models, recommending that organizations do it gradually and incrementally, starting with non-critical systems; that they establish a central AI governance board; and that they draft an AI incident response plan. Check out what they said. (41

Cybersecurity

Cybersecurity DNS Government Authentication

Treasury Moves to Ban Huione Group for Laundering $4 Billion

Security Boulevard

MAY 2, 2025

The post Treasury Moves to Ban Huione Group for Laundering $4 Billion appeared first on Security Boulevard. The Treasury Department is moving to cut off Huione Group, a Cambodian conglomerate, from the U.S.

Scams

Scams Social Engineering Engineering Mobile

AI Slop is Hurting Security — LLMs are Dumb and People are Dim

Security Boulevard

DECEMBER 12, 2024

The post AI Slop is Hurting Security LLMs are Dumb and People are Dim appeared first on Security Boulevard. Artificial stupidity: Large language models are terrible if you need reasoning or actual understanding.

Artificial Intelligence

Artificial Intelligence Social Engineering Data privacy IoT

Rhode Island Benefits and Services Systems Hit by Ransomware

Security Boulevard

DECEMBER 16, 2024

The post Rhode Island Benefits and Services Systems Hit by Ransomware appeared first on Security Boulevard.

Ransomware

Ransomware Data breaches Social Engineering Data privacy

‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS

Security Boulevard

JULY 16, 2025

The post ‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS appeared first on Security Boulevard. BCH vs. SDR, AAR vs. CISA: Railroad industry first warned about this nasty vulnerability in 2005.

Wireless

Wireless IoT Security Awareness Software

The Battle for Attention: How Cybersecurity Fights for Truth in a World of Noise

Jane Frankland

JUNE 27, 2025

Build Collaborative Ecosystems Cybersecurity isn’t a problem any one organisation, industry, or government can solve alone. By uniting behind clear, outcome-focused frameworks, we can deter fragmented policies that hinder progress.

Cybersecurity

Cybersecurity Risk Phishing Education

IBM Addresses AI, Quantum Security Risks with New Platform

Security Boulevard

OCTOBER 23, 2024

IBM is rolling out Guardian Data Security Center, a framework designed to give enterprises the tools they need to address the emerging cyberthreats that come the ongoing development of generative AI and quantum computing. The post IBM Addresses AI, Quantum Security Risks with New Platform appeared first on Security Boulevard.

Risk

Risk Data privacy Mobile Government

Ô! China Hacks Canada too, Says CCCS

Security Boulevard

NOVEMBER 1, 2024

Plus brillants exploits: Canadian Centre for Cyber Security fingers Chinese state sponsored hackers. China Hacks Canada too, Says CCCS appeared first on Security Boulevard. The post Ô!

Hacking

Hacking Social Engineering Cyber Attacks Data privacy

Trade Wars: How U.S. Tariffs Are Reshaping Cyber Risk and Resilience

SecureWorld News

MARCH 5, 2025

Trade disputes impact the cost and security of IT supply chains, alter the accessibility of cybersecurity tools, and could even lead to retaliatory cyberattacks from nation-state actors. This article explores how the latest tariffs could reshape cybersecurity for enterprises, cybersecurity vendors, and government agencies.

Cyber Risk

Cyber Risk Risk Cyber Insurance Small Business

App Stores OK’ed VPNs Run by China PLA

Security Boulevard

APRIL 3, 2025

The post App Stores OKed VPNs Run by China PLA appeared first on Security Boulevard. Bad Apple: Chinese firm banned by the U.S. is the shady entity behind a clutch of free VPN appswith over a million downloads.

VPN

VPN Social Engineering Data privacy Security Awareness

100 MILLION Americans in UnitedHealth PII Breach

Security Boulevard

OCTOBER 25, 2024

The post 100 MILLION Americans in UnitedHealth PII Breach appeared first on Security Boulevard. Not cute: $UNH’s Change Healthcare unit paid a big ransom—its IT was as weak as a kitten.

Healthcare

Healthcare Social Engineering Authentication Data privacy

Security Roundup April 2025

BH Consulting

APRIL 30, 2025

The original plan outlined 28 objectives aimed at enhancing security; five are almost complete and 11 have made significant progress. The report also details progress across six engineering pillars: protecting identities and secrets, tenant isolation, network security, engineering systems, threat detection, and incident response.

Data breaches

Data breaches Scams Cybercrime CSO

Schneider Electric Confirms Ransom Hack — Hellcat Demands French Bread as ‘Joke’

Security Boulevard

NOVEMBER 6, 2024

The post Schneider Electric Confirms Ransom Hack — Hellcat Demands French Bread as ‘Joke’ appeared first on Security Boulevard. That’s a lot of pain: $125,000 ransom seems small—but why do the scrotes want it paid in baguettes?

Hacking

Hacking Cryptocurrency Data privacy Risk

China-linked Salt Typhoon APT compromised more US telecoms than previously known

Security Affairs

JANUARY 6, 2025

China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) and has been active since at least 2019 and targeted government entities and telecom companies. Lumen last week announced that the Salt Typhoon APT group, was locked out of its network, TechCrunch reported. reported Bloomberg. reads the joint advisory.

Telecommunications

Telecommunications Government Hacking Data breaches

Proofpoint Boosting Data Security with Normalyze Acquisition

Security Boulevard

OCTOBER 30, 2024

The post Proofpoint Boosting Data Security with Normalyze Acquisition appeared first on Security Boulevard.

Cybersecurity

Cybersecurity Social Engineering Security Awareness Engineering

Here’s Yet Another D-Link RCE That Won’t be Fixed

Security Boulevard

NOVEMBER 21, 2024

D-Licious: Stubborn network device maker digs in heels and tells you to buy new gear. The post Here’s Yet Another D-Link RCE That Won’t be Fixed appeared first on Security Boulevard.

Internet

Internet Internet IoT Data privacy

Almost 10% of GenAI Prompts Include Sensitive Data: Study

Security Boulevard

JANUARY 21, 2025

A study by cybersecurity startup Harmonic Security found that 8.5% The post Almost 10% of GenAI Prompts Include Sensitive Data: Study appeared first on Security Boulevard.

Risk

Risk Cybersecurity Data privacy Security Awareness

Hackers Exploiting Microsoft Flaw to Attack Governments, Businesses

Critical Infrastructure Seeing Benefits of Government Program, CISA Says

Trending Sources

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

China-linked threat actors stole 10% of Belgian State Security Service (VSSE)’s staff emails

Top 9 Trends In Cybersecurity Careers for 2025

China, Russia, North Korea Hackers Exploit Windows Security Flaw

Huge Leak of Customer Data Includes Military Personnel Info

UK Cybersecurity Weekly News Roundup – 9 March 2025

MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’

Why I Refused to Say “People Are the Weakest Link in Cyber”

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Russia-linked APT Secret Blizzard spotted using infrastructure of other threat actors

FDA Playbook Engineers Safety Into Medical Device Manufacturing

Q&A: Cybersecurity in ‘The Intelligent Era’

Key Cybersecurity Trends for 2025. My Predictions

Story of the Year: global IT outages and supply chain attacks

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws

China-linked Salt Typhoon APT compromised more US telecoms than previously known

The Network Security Business System of Low-altitude Economy

China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm

Cybersecurity Certifications: The Key to Advancing Your Career in 2025

Who is Hero?

2025 Cybersecurity Predictions: Not Getting Easier; But There is Hope

Combatting the Security Awareness Training Engagement Gap

Latest Mustang Panda Arsenal: ToneShell and StarProxy | P1

What Is Single Sign-On (SSO)?

Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods

Treasury Moves to Ban Huione Group for Laundering $4 Billion

AI Slop is Hurting Security — LLMs are Dumb and People are Dim

Rhode Island Benefits and Services Systems Hit by Ransomware

‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS

The Battle for Attention: How Cybersecurity Fights for Truth in a World of Noise

IBM Addresses AI, Quantum Security Risks with New Platform

Ô! China Hacks Canada too, Says CCCS

Trade Wars: How U.S. Tariffs Are Reshaping Cyber Risk and Resilience

App Stores OK’ed VPNs Run by China PLA

100 MILLION Americans in UnitedHealth PII Breach

Security Roundup April 2025

Schneider Electric Confirms Ransom Hack — Hellcat Demands French Bread as ‘Joke’

China-linked Salt Typhoon APT compromised more US telecoms than previously known

Proofpoint Boosting Data Security with Normalyze Acquisition

Here’s Yet Another D-Link RCE That Won’t be Fixed

Almost 10% of GenAI Prompts Include Sensitive Data: Study

Stay Connected