Accountability, Education and Information Security

Alabama State Department of Education suffered a data breach following a blocked attack

Security Affairs

JULY 7, 2024

Alabama’s education superintendent disclosed a data breach following a hacking attempt on the Alabama State Department of Education. The Alabama State Department of Education announced it had thwarted a ransomware attack on June 17, however, threat actors accessed some data and disrupted services before the attack was stopped.

Education

Education Data breaches Banking Hacking

Difference between Information Security and Cybersecurity

CyberSecurity Insiders

OCTOBER 3, 2022

There is a confusion among a few that the terms Information Security and Cybersecurity are the same as the two areas take the same strides to a large extent. Information Security- Protection of information and the information storing systems from unauthorized access accounts to Information Security.

Information Security

Information Security Cybersecurity Computers and Electronics InfoSec

An educational robot security research

SecureList

FEBRUARY 27, 2024

” For instance, educational robots that connect to the internet and support video calls. Subject of the study: educational robot The toy is designed to educate and entertain children; it is an interactive device running the Android operating system. In other words, this is a “tablet on wheels.”

Education

Education Manufacturing Internet Internet

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

The FBI has issued an alert to warn about an increase in PYSA ransomware attacks on education institutions in the US and UK. The FBI has issued Tuesday an alert to warn about an increase in PYSA ransomware attacks against education institutions in the United States and the United Kingdom. Pierluigi Paganini.

Education

Education Ransomware Encryption Antivirus

Security awareness training: An educational asset you can’t be without

Webroot

JANUARY 19, 2022

Through a series of effective delivery modules, SAT provides employees with relevant information and knowledge on topics like social engineering, malware, compliance and information security. Effective security awareness training can significantly boost your organization’s security posture. Trackable campaigns.

Security Awareness

Security Awareness Education Phishing Social Engineering

Moodle flaw exposed users to account takeover

Security Affairs

APRIL 8, 2021

Wizcase experts discovered a security flaw in the open-source learning platform Moodle that could allow accounts takeover. At the beginning of October 2020, the Wizcase cyber research team, led by Ata Hakcil, discovered a security vulnerability in the open-source learning platform Moodle. Student account takeover.

Accountability

Accountability Passwords Education Risk

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

Security Affairs

FEBRUARY 10, 2022

Spanish National Police has arrested eight alleged members of a crime organization who were able to steal money from the bank accounts of the victims through SIM swapping attacks. Once hijacked a SIM, the attackers can steal money, cryptocurrencies and personal information, including contacts synced with online accounts.

Banking

Banking Accountability Mobile Cryptocurrency

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Educate your employees on threats and risks such as phishing and malware. Enforce strong passwords and implement multi-factor authentication (MFA) — by educating users about using a unique password for each account and enforcing higher security for privileged accounts (administrators, root).

Cybersecurity

Cybersecurity Cybercrime Education Government

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

The Last Watchdog

FEBRUARY 15, 2021

Companies must take this into account and consider extending employee training to also promote security and privacy habits among all family members, especially children. Cybersecurity education for kids is therefore a smart investment. Incorporate security education into corporate volunteer or mentoring programs.

Education

Education CISO Security Awareness Cybersecurity

Google Authenticator App now supports Google Account synchronization

Security Affairs

APRIL 25, 2023

Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization. Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes to their Google Account.

Authentication

Authentication Accountability Backups Education

Google banned 173k developer accounts in 2022

Security Affairs

MAY 1, 2023

The IT giant also announced it has banned 173k developer accounts and prevented over $2 billion in fraudulent and abusive transactions. ” The company explained that in 2022, the App Security Improvements program helped developers to address approximately 500K security weaknesses affecting approximately 300K apps. .”

Accountability

Accountability Education Media Hacking

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

APRIL 11, 2024

New York City based Sisense has more than 1,000 customers across a range of industry verticals, including financial services, telecommunications, healthcare and higher education. ” “We are taking this matter seriously and promptly commenced an investigation,” Dash continued.

CISO

CISO Encryption Telecommunications Financial Services

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

Security Affairs

APRIL 30, 2023

Threat actors are gaining access to AT&T email accounts in an attempt to hack into the victim’s cryptocurrency exchange accounts. Hackers are breaking into the AT&T email accounts and then using the access they are logging into the victim’s cryptocurrency exchange accounts to drain their crypto funds, TechCrunch reported.

Cryptocurrency

Cryptocurrency Accountability Passwords Hacking

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

Security Affairs

APRIL 11, 2023

A flaw in Microsoft Azure could be exploited by attackers to gain access to storage accounts, perform lateral movements, and even execute remote code. Researchers from the security firm Orca demonstrated how to abuse Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets.

Accountability

Accountability Education Media Authentication

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. Ahead of the U.S. The phishing attacks began in February 2023, the IT giant reported. LNK) files.

Accountability

Accountability Phishing Financial Services Surveillance

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI.

Cybercrime

Cybercrime Education Accountability Phishing

Passwordless sign-in with passkeys is now available for Google accounts

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Japan have already deployed to streamline sign-in for their users. ” continues the post.

Accountability

Accountability Passwords Password Management Phishing

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

Use a password manager to make and store good passwords that are different for every account/device. The second most important thing to do is make sure you keep all your computers and devices updated with security fixes. If you did just those two things you’d be more secure than 95% of home users out there.

Passwords

Passwords DNS Accountability IoT

MY TAKE: Study shows most folks haven’t considered bequeathing their ‘digital’ inheritances

The Last Watchdog

JULY 15, 2024

The results revealed that 67 percent of respondents have a plan to share banking account information, but only 24 percent include online account details in their wills. Furthermore, only 30 percent of people in relationships say their partner could easily access their online accounts in the event of their death.

Password Management

Password Management Passwords Accountability Banking

“My Slice”, an Italian adaptive phishing campaign

Security Affairs

JANUARY 22, 2024

“My slice”, the details of the Italian campaign Last year, a highly targeted phishing campaign that I renamed “My slice” (derived from the name of a variable in the javascript code of the landing page) targeted e-mail account holders of Italian organisations. Education improves awareness” is his slogan.

Phishing

Phishing Education Social Engineering Media

Credential Flusher, understanding the threat and how to protect your login data

Security Affairs

SEPTEMBER 18, 2024

Why and how to protect ourselves Once the credentials are stolen, hackers can use them to access various online accounts, including banking, e-mail, and social media accounts. Regularly update software: Keep your operating system and all applications updated to fix any security vulnerabilities.

Passwords

Passwords Identity Theft Education Authentication

Iran-linked group APT33 adds new Tickler malware to its arsenal

Security Affairs

AUGUST 28, 2024

The group continued to carry out password spray attacks targeting the educational sector for infrastructure procurement and focused on the satellite, government, and defense sectors for intelligence gathering. They also leveraged compromised accounts from educational institutions to create additional Azure tenants.

Malware

Malware Social Engineering Education Government

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

FEBRUARY 22, 2024

barely and cannot afford to leave the camp, nor to operate his own bank account but only to survive miserably. “ Do you ensure that you do not run away with the money once it is received in your bank account? ”. “ The 419 scam is very widespread and dangerous, and can cause serious economic and psychological damage to victims.

Scams

Scams Banking Computers and Electronics Accountability

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Security Affairs

APRIL 3, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Moobot botnet) The post Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover appeared first on Security Affairs. Below is the disclosure timeline: Jan.

Accountability

Accountability Education Media Authentication

Social Engineering from the Attacker Perspective

Security Through Education

FEBRUARY 9, 2022

Education and security culture at your company. For example, do you post on a public social media account all about your love for CrossFit? Many people in the information security industry have different approaches to reducing your potential attack surface. Education is Key. Breaking it Down.

Social Engineering

Social Engineering Engineering Scams Education

GUEST ESSAY: The case for network defenders to focus on leading — not lagging — indicators

The Last Watchdog

JANUARY 17, 2022

Accountability for software security often falls under the Chief Information Security Officer (CISO). Keeping current with the myriad of technologies, compliance requirements and growing security vulnerabilities requires your experts’ full-time focus. Effective leading indicators.

CISO

CISO Software B2B Marketing

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

While the protection of the company’s assets can never be completely guaranteed, security awareness training should be a top priority for business owners. In addition, educating employees about cybersecurity issues can help to reinforce the security-minded culture of the organization and change employee behaviour.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

Thousands Zoom credentials available on a Dark Web forum

Security Affairs

APRIL 12, 2020

The archive included credentials for Zoom accounts belonging to organizations in various industries, including banking, consultancy, healthcare software companies. ” reads the report published by security firm IntSights. ” reads the report published by security firm IntSights.

Healthcare

Healthcare Accountability Phishing Banking

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

The ransomware was originally written in Go language and was employed in attacks aimed at healthcare and education sectors in countries like Thailand and Indonesia. Unlike past variants, the Rust version of the Agenda ransomware is able to terminate the Windows AppInfo process and disable User Account Control (UAC). AGENDA.THIAFBB.”

Ransomware

Ransomware Encryption Healthcare Education

Online job offers, the reshipping and money mule scams

Security Affairs

JUNE 17, 2024

The term money mules refers to those individuals who are recruited by criminals to transfer illicit money through their bank accounts in exchange for a commission. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”. Education improves awareness” is his slogan.

Scams

Scams Marketing Education Banking

National Student Clearinghouse data breach impacted approximately 900 US schools

Security Affairs

SEPTEMBER 24, 2023

educational nonprofit organization National Student Clearinghouse disclosed a data breach that impacted approximately 900 US schools. National Student Clearinghouse encourages impacted individuals to remain vigilant by reviewing their account statements and monitoring their free credit reports for suspicious activity.

Data breaches

Data breaches Education Ransomware Software

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Security Affairs

DECEMBER 17, 2020

The FBI PIN, Number 20201210-001, was issued on December 10, 2020, and provides details about Doppelpaymer’s criminal activity and the sectors on which the group focuses (Healthcare, Emergency Services, and Educational Institutions). PIN Number 20201210-001. Patch operating systems, software, firmware, and endpoints. Pierluigi Paganini.

Ransomware

Ransomware Backups Firmware Accountability

Hackers are taking advantage of the interest in generative AI to install Malware

Security Affairs

MAY 3, 2023

In March, security experts at Meta found multiple malware posing as ChatGPT or similar AI tools. “Since March alone, our security analysts have found around 10 malware families posing as ChatGPT and similar tools to compromise accounts across the internet. ” reads the Meta’s Q1 2023 Security Reports.

Malware

Malware Education Accountability Media

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. In some attacks, threat actors created an administrative account named itadm.

Ransomware

Ransomware Encryption Antivirus VPN

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

Security Affairs

OCTOBER 16, 2023

The Akira ransomware has been active since March 2023, the threat actors behind the malware claim to have already hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group has developed a Linux encryptor to target VMware ESXi servers.

Engineering

Engineering Ransomware Hacking Education

A Cybersecurity Role Has Topped List of Best Jobs

CyberSecurity Insiders

JANUARY 14, 2022

“Information security analyst” tops the U.S. The list ranks the 100 best jobs across 17 sectors including business, healthcare and technology, taking into account factors such as growth potential, salary and work-life balance. News & World Report 2022 Best Jobs list. Tough Contenders.

Cybersecurity

Cybersecurity Healthcare Information Security CISO

Google Gmail client-side encryption is available globally

Security Affairs

FEBRUARY 28, 2023

Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers. Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus, Education Plus, and Education Standard customers.

Encryption

Encryption Education Digital transformation Hacking

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

SecureWorld News

DECEMBER 12, 2024

Trey Ford, Chief Information Security Officer at Bugcrowd, observed, "This incident may not have been made public if it wasn't for the Form 8-K requirement." Scobey recommends: Privileged Access Management (PAM): Restrict access to sensitive systems to essential personnel and monitor privileged accounts for unusual activity.

Password Management

Password Management Passwords CISO Cybersecurity

ToxicEye RAT exploits Telegram communications to steal data from victims

Security Affairs

APRIL 24, 2021

“The attacker first creates a Telegram account and a Telegram ‘bot.’ A Telegram bot account is a special remote account with which users can interact by Telegram chat or by adding them to Telegram groups, or by sending requests directly from the input field by typing the bot’s Telegram username and a query.”

Malware

Malware Mobile Encryption Accountability

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

The Last Watchdog

MARCH 21, 2022

It underlies organizational accountability and is necessary to identify threats and uncover deficiencies. You almost certainly need a chief information security officer (CISO). Educate employees. Every employee has the ability to make data security stronger – or weaker. •Conduct risk analysis.

Encryption

Encryption Data privacy Cloud Migration Risk

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Security Affairs

FEBRUARY 8, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.

Energy and Utilities

Energy and Utilities VPN Manufacturing Firewall

2024 Cybersecurity Laws & Regulations

eSecurity Planet

SEPTEMBER 21, 2024

Each of these regulations addresses different aspects of cybersecurity and data protection, making it essential for businesses and organizations to stay informed and proactive. The act also requires institutions to allow customers to opt out of having their information shared with non-affiliated third parties.

Cybersecurity

Cybersecurity Computers and Electronics Cyber threats Healthcare

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Security Affairs

JANUARY 24, 2020

The Danish security researcher Ollypwn has published a proof-of-concept (PoC) denial of service exploit for the CVE-2020-0609 and CVE-2020-0610 vulnerabilities in the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices. ” reads the advisories published by Microsoft.

Advertising

Advertising Firewall Education Engineering

Law enforcement seized the Genesis Market cybercrime marketplace

Security Affairs

APRIL 5, 2023

The price for a stolen account was very cheap, paying a few dollars crooks were able to use it for a specific period. Genesis Market provided access to accounts of the most popular services, including Amazon, eBay, Facebook, Gmail, Netflix, PayPal, Spotify, and Zoom.

Marketing

Marketing Cybercrime Accountability Education

Alabama State Department of Education suffered a data breach following a blocked attack

Difference between Information Security and Cybersecurity

Trending Sources

An educational robot security research

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security awareness training: An educational asset you can’t be without

Moodle flaw exposed users to account takeover

Spanish police dismantled SIM swapping gang who stole money from victims’ bank accounts

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

Google Authenticator App now supports Google Account synchronization

Google banned 173k developer accounts in 2022

Why CISA is Warning CISOs About a Breach at Sisense

Crooks broke into AT&T email accounts to empty their cryptocurrency wallets

A “By-Design” flaw in Microsoft Azure can allow storage accounts takeover

Remcos RAT campaign targets US accounting and tax return preparation firms

FBI: Compromised US academic credentials available on various cybercrime forums

Passwordless sign-in with passkeys is now available for Google accounts

A 3-Tiered Approach to Securing Your Home Network

MY TAKE: Study shows most folks haven’t considered bequeathing their ‘digital’ inheritances

“My Slice”, an Italian adaptive phishing campaign

Credential Flusher, understanding the threat and how to protect your login data

Iran-linked group APT33 adds new Tickler malware to its arsenal

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Social Engineering from the Attacker Perspective

GUEST ESSAY: The case for network defenders to focus on leading — not lagging — indicators

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Thousands Zoom credentials available on a Dark Web forum

Experts spotted a variant of the Agenda Ransomware written in Rust

Online job offers, the reshipping and money mule scams

National Student Clearinghouse data breach impacted approximately 900 US schools

DoppelPaymer ransomware gang now cold-calling victims, FBI warns

Hackers are taking advantage of the interest in generative AI to install Malware

Akira ransomware received $42M in ransom payments from over 250 victims

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

A Cybersecurity Role Has Topped List of Best Jobs

Google Gmail client-side encryption is available globally

Sweet Treats, Sour Breach: Cyberattack Hits Krispy Kreme

ToxicEye RAT exploits Telegram communications to steal data from victims

GUEST ESSAY: Leveraging best practices and an open standard to protect corporate data

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

2024 Cybersecurity Laws & Regulations

Expert released DOS Exploit PoC for Critical Windows RDP Gateway flaws

Law enforcement seized the Genesis Market cybercrime marketplace

Stay Connected