Information Security, InfoSec and VPN - Cyber Security Informer

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Security Affairs

JANUARY 10, 2020

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability. SecurityAffairs – Pulse Secure VPN , hacking). Pierluigi Paganini.

VPN

VPN InfoSec Advertising Cybersecurity

The CPRA: What You Should Know as an InfoSec Professional

SecureWorld News

DECEMBER 1, 2022

A panel of practitioner experts breaks it all down in our recent Remote Sessions webcast, "Countdown to CPRA: What Information Security Professionals Need to Know Now," now available on-demand. Training for employees (awareness). Privacy training, specifically. Well documented policies and standards for employees (data handling).

InfoSec

InfoSec Cyber Insurance Consumer Protection Insurance

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

Upon achieving an MFA push acceptance, the attacker had access to the VPN in the context of the targeted user. “Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account. ” reads the analysis published by Cisco Talos.

Ransomware

Ransomware Hacking VPN Phishing

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS

DDOS VPN Data breaches Cybercrime

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

JULY 18, 2021

Read more at [link] #Cybersecurity #InfoSec #Ransomware — US-CERT (@USCERT_gov) July 15, 2021. Other groups targeted known vulnerabilities in SonicWall devices in the past, such as the UNC2447 cybercrime gang that exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deliver the FiveHands ransomware.

Ransomware

Ransomware Firmware Mobile InfoSec

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

ransomfeed #security #infosec #energychina pic.twitter.com/deRRximVPd — Ransomfeed (@ransomfeed) November 25, 2023 The China Energy Engineering Corporation (CEEC) is a state-owned company in China that operates in the energy and infrastructure sectors. Energy China [link] TL;DR That's huuuge!

Ransomware

Ransomware Hacking Engineering Manufacturing

Charting a Course to Zero Trust Maturity: 5 Steps to Securing User Access to Apps

Duo's Security Blog

OCTOBER 6, 2023

For example, outcomes like adapting to external events, creating a security culture, and cost-effective programs, all improve when organizations make progress towards zero trust security (based on survey responses from 4,751 active information security and privacy professionals from 26 countries).

Authentication

Authentication Risk Social Engineering InfoSec

Lapsus$ gang claims to have hacked Microsoft source code repositories

Security Affairs

MARCH 21, 2022

Notably, the actors are looking to buy remote VPN access and asking potential insiders to contact them privately via Telegram, they then reward them by paying for the access granted. campuscodi @vxunderground #cybersecurity #infosec @Microsoft pic.twitter.com/FAYl9Y29QT — Dominic Alvieri (@AlvieriD) March 20, 2022.

Hacking

Hacking InfoSec Telecommunications Cybercrime

An initial access broker claims to have hacked Deutsche Bank

Security Affairs

NOVEMBER 11, 2022

We can provide VDI & VPN + all passwords of domain dump (with DA usr’s) Their funds is in B$ Price 7.5BTC We will request for proof that one can afford to avoid time wasters etc…” reads the announcement. Breaking Deutsche Bank allegedly breached and for sale by the same access broker that sold access to Medibank.

Banking

Banking Hacking InfoSec Insurance

DNA testing company fined after customer data theft

Malwarebytes

FEBRUARY 22, 2023

The company will pay a total fine of $400,000 for Ohio and Pennsylvania—and has promised to tighten its information security. According to the investigation, an attacker logged into the old VPN (virtual private network) that DDC used before migrating to a new one using a compromised employee account.

Penetration Testing

Penetration Testing InfoSec Accountability Authentication

Water utility CISO offers tips to stay secure as IT and OT converge

SC Magazine

APRIL 26, 2021

As critical infrastructure facilities increasingly converge their IT and OT systems, visibility into traditionally isolated operational systems is turning into a key security challenge. The same philosophy applies to ABCWUA’s installation of its cloud-based enterprise network security software.

CISO

CISO IoT VPN InfoSec

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

Further evolution of cyberthreats as a response to infosec tools and measures. And plans to improve information security and introduce new protection tools and measures are predicated, in some way, on the chosen adversary model. Update firewalls and SSL VPN gateways in good time. Actions of various attacker categories.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

The Hacker Mind Podcast: Shall We Play A Game?

ForAllSecure

JANUARY 27, 2021

Whether it’s designing or just playing CTFs, John Hammond knows a lot about the gamification of infosec. In the moment you’ll meet someone who’s been gamifying infosec for years. The general goal with Cyberstakes is to first and foremost to introduce and educate people with basic infosec skills.

Computers and Electronics

Computers and Electronics InfoSec Hacking Education

The Hacker Mind Podcast: Shall We Play A Game?

ForAllSecure

JANUARY 27, 2021

Whether it’s designing or just playing CTFs, John Hammond knows a lot about the gamification of infosec. In the moment you’ll meet someone who’s been gamifying infosec for years. The general goal with Cyberstakes is to first and foremost to introduce and educate people with basic infosec skills.

Computers and Electronics

Computers and Electronics InfoSec Hacking Education

Was This the World's First Fatal Cyberattack?

SecureWorld News

SEPTEMBER 21, 2020

Germany's Federal Office for Information Security (BSI) says the attack occurred through a Citrix VPN vulnerability that has been known about since last year. The BSI would like to emphasize that a vulnerability ( CVE-2019-19781 ) known since December 2019 in VPN products from Citrix for Cyber -Attacks is being exploited.".

Ransomware

Ransomware Marketing VPN Healthcare

The Hacker Mind Podcast: The Fog of Cyber War

ForAllSecure

JULY 6, 2022

There’s an online war in Ukraine, one that you haven’t heard much about because that country is holding its own with an army of infosec volunteers worldwide. Vamosi: The slogan of the RSA Conference is “Where the World Talks Security,” and, in general. RSAC also attracts some of the top researchers in infosec.

Cybercrime

Cybercrime Government Ransomware Hacking

Cisco’s CISO of the Month – Esmond Kane

Cisco Security

JUNE 25, 2021

First of all, while I am honoured and deeply thankful for the recognition, I believe strongly that Security is a team effort and I must acknowledge the superb InfoSec team in Steward but also the Steward workforce. I thank you all for keeping our patients safe and secure! My story is the same as millions of emigrants to the US.

CISO

CISO Healthcare InfoSec Computers and Electronics

Cyber Security Informer

CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

The CPRA: What You Should Know as an InfoSec Professional

Trending Sources

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

HelloKitty ransomware gang targets vulnerable SonicWall devices

Rhysida ransomware gang claimed China Energy hack

Charting a Course to Zero Trust Maturity: 5 Steps to Securing User Access to Apps

Lapsus$ gang claims to have hacked Microsoft source code repositories

An initial access broker claims to have hacked Deutsche Bank

DNA testing company fined after customer data theft

Water utility CISO offers tips to stay secure as IT and OT converge

Threats to ICS and industrial enterprises in 2022

The Hacker Mind Podcast: Shall We Play A Game?

The Hacker Mind Podcast: Shall We Play A Game?

Was This the World's First Fatal Cyberattack?

The Hacker Mind Podcast: The Fog of Cyber War

Cisco’s CISO of the Month – Esmond Kane

Stay Connected