Cyber Security Informer

Juniper Support Portal Exposed Customer Device Info

Krebs on Security

FEBRUARY 9, 2024

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Sunnyvale, Calif.

Artificial Intelligence

Artificial Intelligence Healthcare Accountability Banking

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Krebs on Security

MARCH 5, 2021

Cybersecurity & Infrastructure Security Agency (CISA), other government agencies, and security companies, to ensure it is providing the best possible guidance and mitigation for its customers. Microsoft’s initial advisory about the Exchange flaws credited Reston, Va. based Volexity for reporting the vulnerabilities.

Hacking

Hacking Software Government Internet

Threat actors breached two crucial systems of the US CISA

Security Affairs

MARCH 9, 2024

One of the systems impacted by the incident is used to facilitate the sharing of cyber and physical security assessment tools among federal, state, and local officials. Threat actors hacked the systems of the Cybersecurity and Infrastructure Security Agency (CISA) by exploiting Ivanti flaws.

Hacking

Hacking Government Cybersecurity Software

Governnment Software Vendor Tyler Technologies Announces Breach

Adam Levin

SEPTEMBER 28, 2020

federal, state, and local government agencies, announced that its internal systems were hacked last week. . None of our products is a system of record for voting or any other election- or voting-related activities,” the company statement specified. Tyler Technologies, a software and technology provider for U.S.

Technology

Technology Software Government Ransomware

Cyberattack halted the production at the Iranian state-owned Khuzestan Steel company

Security Affairs

JUNE 27, 2022

Iranian state-owned Khuzestan Steel Company was hit by a cyber attack that forced the company to halt its production. The Khuzestan Steel Company is one of the major steel companies owned by the Iranian government. The company was forced to halt production due to a cyberattack. Pierluigi Paganini. Pierluigi Paganini.

Cyber Attacks

Cyber Attacks Government Hacking Information Security

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

Security Affairs

FEBRUARY 15, 2024

The botnet was used by the Russian state-sponsored hackers to carry out a broad range of attacks. “These crimes included vast spearphishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. ” reads the press release published by DoJ.

Firewall

Firewall Government Malware Hacking

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh , which claims to be based in the United States. state of Delaware, where it is registered, an omission which could violate state law,” Reuters reported.

Mobile

Mobile Malware Technology Government

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

SEPTEMBER 21, 2023

Organizations gathered to discuss courses and programs to address the critical cybersecurity workforce needs in the United States. Organizations gathered to discuss courses and programs to address the critical cybersecurity workforce needs in the United States. Chicago, Ill., Funding for this program is in part from a Federal grant.

Manufacturing

Manufacturing Cybersecurity Artificial Intelligence Education

US urges mayors to confer with states on cyber posture, but can more be done?

SC Magazine

JULY 9, 2021

Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger, who advised them on the current ransomware epidemic and requested that city leaders “convene heads of state agencies to review their cybersecurity posture and continuity plans,” according to a White House press release. Members of the U.S.

CISO

CISO Government Cryptocurrency Ransomware

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

Security Affairs

FEBRUARY 12, 2023

Australia’s Defense Department announced that they will remove surveillance cameras made by Chinese firms linked to the government of Beijing. Australia’s Defense Department is going to replace surveillance cameras made by Chinese firms Hikvision and Dahua, who are linked to the government of Beijing. ” reported The Guardian. .”

Surveillance

Surveillance Government Manufacturing Risk

NSA, CISA release guidance on hardening remote access via VPN solutions

Security Affairs

SEPTEMBER 29, 2021

Multiple attacks against private organizations and government entities, especially during the pandemic, were carried out by threat actors by exploiting vulnerabilities in popular VPN systems. ” states the joint announcement published by the US agencies. . ” states the joint announcement published by the US agencies.

VPN

VPN Government Firmware Authentication

CISA compiled a list of free cybersecurity tools and services

Security Affairs

FEBRUARY 19, 2022

The list includes open source tools and free resources provided by government organizations and private cybersecurity firms. CISA pointed out that it does not endorse any commercial product or service. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience.

Cybersecurity

Cybersecurity Threat Detection Government Risk

North Korea-linked hackers stole $626 million in virtual assets in 2022

Security Affairs

DECEMBER 22, 2022

The Government of Pyongyang focuses on crypto hacking to fund its military program following harsh U.N. North Korea cannot export its products due to the U.N. Government experts noticed that nation-state actors are not immediately cashing out all the stolen crypto to create a crypto fund reserve. trillion won ($1.2

Cryptocurrency

Cryptocurrency Cybercrime Media Government

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Policy trends: where are we today on regulation in cyberspace?

SecureList

NOVEMBER 22, 2022

1 Fragmentation shifting to polarization: governments and multistakeholder communities are all the more divided — and have formed into groups based on like-mindedness. 1 Fragmentation shifting to polarization: governments and multistakeholder communities are all the more divided — and have formed into groups based on like-mindedness.

Government

Government Marketing Cybersecurity Software

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

Experts observed a 400% increase in the number of attacks, compared with October, that hit government organizations. Experts observed a 400% increase in the number of attacks, compared with October, that hit government organizations. CERT-FR’s alert states that the Pysa ransomware code is based on public Python libraries.

Ransomware

Ransomware Penetration Testing Healthcare Government

Preparing Microsoft cloud networks for regional disruptions

CSO Magazine

MARCH 16, 2022

Apple and Google announced similar positions halting product and advertising sales, respectively. Any international business must think about local security and privacy policies and regulations they must follow to be compliant everywhere they operate. Have customers in California? To read this article in full, please click here

Advertising

Advertising Internet Internet Government

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

eSecurity Planet

MARCH 3, 2023

” To that end, the Biden-Harris administration suggested in a statement , “[W]e must make fundamental shifts in how the United States allocates roles, responsibilities, and resources in cyberspace.” The White House’s National Cybersecurity Strategy unveiled yesterday is an ambitious blueprint for improving U.S.

Cybersecurity

Cybersecurity Government Data privacy Software

Another nation-state actor exploits Microsoft Follina to attack European and US entities

Security Affairs

JUNE 6, 2022

A nation-state actor is attempting to exploit the Follina flaw in a recent wave of attacks against government entities in Europe and the U.S. An alleged nation-state actor is attempting to exploit the recently disclosed Microsoft Office Follina vulnerability in attacks aimed at government entities in Europe and the U.S.

Phishing

Phishing Government Cybersecurity Hacking

Security in a World of Physically Capable Computers

Schneier on Security

OCTOBER 12, 2018

Stories like the recent Facebook hack , the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. The government needs to step in and regulate this increasingly dangerous space. They might make headlines for a few days, but they're just the newsworthy tip of a very large iceberg.

Government

Government Internet Internet Marketing

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. states VMware. VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.”

Authentication

Authentication Healthcare Education Cybersecurity

Toyota Motors halted production due to a cyber attack on a supplier

Security Affairs

FEBRUARY 28, 2022

Japanese carmaker Toyota Motors was forced to stop car production due to a cyberattack against one of its suppliers. Japanese carmaker Toyota Motors was forced to halt its production due to a cyber attack that suffered by one of its suppliers, Kojima Industries. “The government is confirming the actual situation.”

Cyber Attacks

Cyber Attacks Media Hacking Government

Threat Group Continuously Updates Malware to Evade Antivirus Software

eSecurity Planet

NOVEMBER 7, 2022

Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. Researchers even found an update that skips machines with the “en_US” locale: In LODEINFO v0.6.2 They observed another spear-phishing campaign in March 2022.

Antivirus

Antivirus Software Malware Phishing

GUEST ESSAY: What it will take to train the next generation of cybersecurity analysts

The Last Watchdog

OCTOBER 4, 2021

This shortage is significantly impacting corporate America, and it is particularly dire across federal, state and local governments. While most cyber security vendors are focused on point products, PhishCloud and Four18 Intelligence are training the next generation of cyber security analysts! Growing need.

Cybersecurity

Cybersecurity Cyber threats Education Cybercrime

Ransomware attack disrupted store operations in the Netherlands and Germany

Security Affairs

NOVEMBER 8, 2021

“The cash registers can only scan and accept physical products from the stores. . “The cash registers can only scan and accept physical products from the stores. The stores will remain open, but can only sell products that are physically in the store. ” reported the local outlet RTLNieuws. .”

Computers and Electronics

Computers and Electronics Ransomware Retail Spyware

Wanted! US offers $10m bounty for ransomware kingpins

Malwarebytes

NOVEMBER 5, 2021

The US State Department is offering a massive $10 million reward if you can help bring DarkSide to justice. DarkSide is thought to have originated in the Russian Federation and/or Ukraine, and was first observed in the wild in August 2020 and is thought to be a product of the FIN7 group.

Ransomware

Ransomware Government Backups Accountability

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

CERT France is warning of a new wave of attacks using Pysa ransomware (Mespinoza) that is targeting local governments. CERT France cyber-security agency is warning about a new wave of ransomware attack that is targeting the networks of local government authorities. ” reads the issued by French CERT.

Government

Government Ransomware Encryption Penetration Testing

State auditor’s office clashes with file transfer service provider after breach

SC Magazine

FEBRUARY 2, 2021

The Washington State Capitol Building in Olympia. 25 stole millions of unemployment applicants’ data from the Washington State Auditor’s Office (SAO) via a zero-day vulnerability in a 20-year-old file transfer service from Accellion, Inc. Pastajosh, CC BY-SA 4.0, via Wikimedia Commons). Malicious actors last Dec.

Government

Government CISO Media Encryption

3 Top Reasons America Is Under a 'Ransomware Siege'

SecureWorld News

JULY 28, 2021

For the most part, criminal and nation-state actors continue to launch attacks with little fear of getting in trouble. For the most part, criminal and nation-state actors continue to launch attacks with little fear of getting in trouble. And he emphasized one thing the headlines already tell us: "Year-over-year, the U.S.

Ransomware

Ransomware Cybercrime Cryptocurrency Healthcare

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. In March 2020, CERT France cyber-security agency warned about a new wave of ransomware attack that was targeting the networks of local government authorities.

Education

Education Ransomware Encryption Antivirus

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. The current prices for 911’s proxies.

VPN

VPN Computers and Electronics Antivirus Software

Monsido Meets Digital Sovereignty Requirements with Cloud Key Management

Thales Cloud Protection & Licensing

NOVEMBER 6, 2023

Digital sovereignty enables enterprises to have better localized enforcement of privacy laws to maintain safe data stewardship of sensitive and publicly identifiable information (PII) to adhere to different privacy, data security and resilience regulations worldwide.

Encryption

Encryption Government Technology Marketing

Enhancing Data Sovereignty: VMware Sovereign Cloud and Thales Join Forces

Thales Cloud Protection & Licensing

NOVEMBER 8, 2023

Additionally, in highly regulated sectors such as finance or healthcare or state and local government entities, organizations need to meet additional compliance laws and mandates. All data remains subject to the laws and regulations of its home country, regardless of where it resides.

Encryption

Encryption Healthcare Government Data breaches

Vietnam-linked APT32 group launches COVID-19-themed attacks against China

Security Affairs

APRIL 23, 2020

The APT32 group has been active since at least 2012, it has targeted organizations across multiple industries and foreign governments, dissidents, and journalists. Since at least 2014, experts at FireEye have observed APT32 targeting foreign corporations with an interest in Vietnam’s manufacturing, consumer products, and hospitality sectors.

Government

Government Advertising Phishing Malware

CISA encourages everyone to follow updated guidance for Microsoft Exchange fixes

SC Magazine

APRIL 1, 2021

CISA encourages all organizations to fix Microsoft Exchange vulnerabilities in the wake of massive exploitation campaigns targeting the software. Coolcaesar, CC BY-SA 4.0 link] , via Wikimedia Commons). The post CISA encourages everyone to follow updated guidance for Microsoft Exchange fixes appeared first on SC Media.

Firewall

Firewall Government Media Cybersecurity

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

There’s oil in the state of Maryland – “cyber oil.” With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” The state counts approximately 109,000 cyber engineers.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

Alibaba Punished By The Chinese Government For Failing To Tell It About The Log4Shell Flaw First

Hacker Combat

DECEMBER 24, 2021

However, the ministry issued a statement that stated that they will be pulling back from the partnership for a while. . The Chinese government says that they were not the first to be informed by the firm when the vulnerability Log4Shell was discovered. . Alibaba Cloud is an intelligence firm that deals with cyber threats.

Government

Government Malware Media Cyber threats

Secret Scanner for Jira and Confluence: CVE-2023–22515 Defense in Depth

Pen Test

NOVEMBER 7, 2023

It is a widely recognized best practice for Product Security Engineers to conduct scans of the software codebase in search of potential inadvertent secret leaks. This practice is acceptable for local testing, with the intention of removing the secret prior to pushing the final code to Source Code Management (e.g.,

Passwords

Passwords Software Engineering Government

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443. The joint alert also states that attackers scanning also enumerated devices for the CVE-2020-12812 and CVE-2019-5591 flaws.

Passwords

Passwords Government Firmware Accountability

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange

Security Affairs

MARCH 7, 2021

At least tens of thousands of Microsoft customers may have been hacked by allegedly China-linked threat actors since January, including business and government agencies. The attacks started in January, but the attackers’ activity intensified in recent weeks according to the experts at security firm Volexity. ” wrote Microsoft.

Hacking

Hacking Accountability Government Small Business

Quad9 to move offices to Switzerland, invites other privacy-focused firms to follow

SC Magazine

FEBRUARY 17, 2021

The company received a finding of law from the Swiss government that it will not be treated as a telecommunications provider, exempting it from laws that would mandate data collection. “All the big resolver operators of significance are based in the United States ,and furthermore, they’re based in California.

DNS

DNS Telecommunications Surveillance Data collection

Reassessing cyberwarfare. Lessons learned in 2022

SecureList

DECEMBER 14, 2022

For instance, according to the New York Times, in 2003, the United States made plans for a huge cyberattack to freeze billions of dollars in Saddam Hussein’s bank accounts and cripple his government before the invasion of Iraq. However, the plan was not approved because the government feared collateral damage.

DDOS

DDOS Ransomware Government Energy and Utilities

Massachusetts bets on cyber to boost economic recovery, add jobs

SC Magazine

MAY 20, 2021

“Cybersecurity is really critical for our innovation economy,” said Mike Kennealy, Massachusetts’ housing and economic development secretary, in an RSA Conference panel session examining how the state is making cyber resources available to its 351 cities and towns, while also collaborating with the private industry.

Technology

Technology Cybersecurity Internet Internet

Meet the 2021 SC Awards judges

SC Magazine

MAY 1, 2021

For 2021, the judges took on a record number of submissions, identifying which products, people and companies stood out during a tumultuous year. These organizations create opportunities for advanced research and education, as well as provide cybersecurity services for public sector organizations across the state of Texas.

Computers and Electronics

Computers and Electronics Technology Education Information Security

Juniper Support Portal Exposed Customer Device Info

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Trending Sources

Threat actors breached two crucial systems of the US CISA

Governnment Software Vendor Tyler Technologies Announces Breach

Cyberattack halted the production at the Iranian state-owned Khuzestan Steel company

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

US urges mayors to confer with states on cyber posture, but can more be done?

Australian Defense Department will replace surveillance cameras from Chinese firms Hikvision and Dahua

NSA, CISA release guidance on hardening remote access via VPN solutions

CISA compiled a list of free cybersecurity tools and services

North Korea-linked hackers stole $626 million in virtual assets in 2022

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Policy trends: where are we today on regulation in cyberspace?

PYSA ransomware gang is the most active group in November

Preparing Microsoft cloud networks for regional disruptions

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

Another nation-state actor exploits Microsoft Follina to attack European and US entities

Security in a World of Physically Capable Computers

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Toyota Motors halted production due to a cyber attack on a supplier

Threat Group Continuously Updates Malware to Evade Antivirus Software

GUEST ESSAY: What it will take to train the next generation of cybersecurity analysts

Ransomware attack disrupted store operations in the Netherlands and Germany

Wanted! US offers $10m bounty for ransomware kingpins

CERT France – Pysa ransomware is targeting local governments

State auditor’s office clashes with file transfer service provider after breach

3 Top Reasons America Is Under a 'Ransomware Siege'

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

A Deep Dive Into the Residential Proxy Service ‘911’

Monsido Meets Digital Sovereignty Requirements with Cloud Key Management

Enhancing Data Sovereignty: VMware Sovereign Cloud and Thales Join Forces

Vietnam-linked APT32 group launches COVID-19-themed attacks against China

CISA encourages everyone to follow updated guidance for Microsoft Exchange fixes

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

Alibaba Punished By The Chinese Government For Failing To Tell It About The Log4Shell Flaw First

Secret Scanner for Jira and Confluence: CVE-2023–22515 Defense in Depth

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange

Quad9 to move offices to Switzerland, invites other privacy-focused firms to follow

Reassessing cyberwarfare. Lessons learned in 2022

Massachusetts bets on cyber to boost economic recovery, add jobs

Meet the 2021 SC Awards judges

Stay Connected