Accountability, Government and Information Security

Russia-linked APT Star Blizzard targets WhatsApp accounts

Security Affairs

JANUARY 16, 2025

The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection.

Accountability

Accountability Phishing Government Hacking

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

The chief information security officer for a large academic healthcare system affected by the breach told KrebsOnSecurity they participated in a call with the FBI and were told a third party partner managed to recover at least four terabytes of data that was exfiltrated from Change by the cybercriminal group. .”

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

The Last Watchdog

JUNE 12, 2023

Information privacy and information security are two different things. Related: Tapping hidden pools of security talent Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers.

Information Security

Information Security Data breaches CISO Encryption

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

OCTOBER 20, 2022

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. LinkedIn declined to answer questions about the account purges, saying only that the company is constantly working to keep the platform free of fake accounts. The next day, half of those profiles no longer existed.

Accountability

Accountability Cryptocurrency Scams CISO

Hackers stole millions of dollars from Uganda Central Bank

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The Daily Monitor newspaper reported that the attackers stole 47.8

Banking

Banking Government Accountability Hacking

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape.

Cybercrime

Cybercrime Social Engineering Accountability Government

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. Strategic Cyber Warfare In geopolitical conflicts, access to Telegram accounts and devices could provide military and intelligence advantages, such as intercepting sensitive communications, and identifying informants. continues the announcement.

Government

Government Surveillance Mobile Hacking

How boards can manage digital governance in the age of AI

BH Consulting

MARCH 26, 2025

In a presentation titled Digital governance for boards and senior executives: AI, cybersecurity, and privacy , she called on her extensive experience advising boards on these areas. Boards and senior executives face several questions about how best to approach the challenges of cybersecurity, privacy, and AI governance.

Government

Government Artificial Intelligence Risk Digital transformation

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing

Phishing Authentication Telecommunications Accountability

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government VPN Accountability Authentication

Chinese threat actors use Quad7 botnet in password-spray attacks

Security Affairs

NOVEMBER 3, 2024

The operators maintain the botnet to launch distributed brute-force attacks on VPNs, Telnet, SSH, and Microsoft 365 accounts. These routers are used to relay brute-force attacks on Microsoft 365 accounts. In the majority of the campaigns, about 80 percent, CovertNetwork-1658 makes only one sign-in attempt per account per day.

Passwords

Passwords Wireless VPN Accountability

Exclusive: NASA Director Twitter account hacked by Powerful Greek Army

Security Affairs

JANUARY 2, 2022

The Twitter account of NASA Director Parimal Kopardekar (@nasapk) was hacked by the Powerful Greek Army group. The Twitter account of the NASA Director and Sr Technologist for Air Transporation Sytem Mr. Parimal Kopardekar ( @nasapk ) was hacked by the Powerful Greek Army group. NASA Director account hacked by PGA!

Accountability

Accountability Hacking Banking Government

Canadian government impacted by data breaches of two of its contractors

Security Affairs

NOVEMBER 20, 2023

The Canadian government discloses a data breach after threat actors hacked two of its contractors. Data belonging to current and former Government of Canada employees, members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel have been also exposed. Both contractors suffered a security breach in October.

Data breaches

Data breaches Government Hacking Backups

DNA testing company vanishes along with its customers’ genetic data

Malwarebytes

NOVEMBER 12, 2024

All the company’s social media accounts haven’t been updated since 2023 at the latest. Only share the personal information you absolutely have to provide with the genetic testing company. Lie if you must and create a separate free email account so the information can’t be tied to your main account.

Insurance

Insurance Accountability Risk Data breaches

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

state privacy laws, the EUs governance of ethical AI deployment, and updated regulations in India and Japan. Similarly, software bills of materials (SBOMs) underscore the need for better accountability in third-party software. The SEC Cybersecurity Disclosure Rule highlights transparency in governance.

Cybersecurity

Cybersecurity CISO Risk Government

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

Until being contacted by this reporter on Monday, the state of Vermont had at least five separate Salesforce Community sites that allowed guest access to sensitive data, including a Pandemic Unemployment Assistance program that exposed the applicant’s full name, Social Security number, address, phone number, email, and bank account number.

Banking

Banking Government Information Security Authentication

Government of Bermuda blames Russian threat actors for the cyber attack

Security Affairs

SEPTEMBER 23, 2023

The Government of Bermuda believes that the recent cyberattack against its IT infrastructure was launched by Russian threat actors. This week a cyber attack hit the Government of Bermuda causing the interruption of internet/email and phone services. The attack impacted all the government departments. ” said Burt.

Cyber Attacks

Cyber Attacks Government Internet Internet

Ex Twitter employee found guilty of spying for Saudi Arabian government

Security Affairs

AUGUST 10, 2022

In November 2019, the former Twitter employees Abouammo and the Saudi citizen Ali Alzabarah have been charged with spying on thousands of Twitter user accounts on behalf of the Saudi Arabian government. Of course, he was also able to unmask the identities of some users on behalf of the Saudi Arabian Government.

Government

Government Accountability Media Marketing

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government

Government Phishing Malware Banking

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Mobile

Mobile Telecommunications Data breaches Hacking

New SEC Rules around Cybersecurity Incident Disclosures

Schneier on Security

AUGUST 2, 2023

In an email newsletter, Melissa Hathaway wrote: Now that the rule is final, companies have approximately six months to one year to document and operationalize the policies and procedures for the identification and management of cybersecurity (information security/privacy) risks.

Cybersecurity

Cybersecurity Risk Government Information Security

US government imposed sanctions on six Iranian intel officials

Security Affairs

FEBRUARY 4, 2024

The US government issued sanctions against six Iranian government officials linked to cyberattacks against critical infrastructure organizations. The Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) is an organization within the Iranian government responsible for cybersecurity and cyber warfare.

Government

Government Manufacturing Hacking Ransomware

Chinese man charged for spear-phishing against NASA and US Government

Security Affairs

SEPTEMBER 17, 2024

” The man, who remails at large, used fake email accounts posing as US-based researchers and engineers to target government personnel to obtain software and source code created by the National Aeronautics and Space Administration (“NASA”), research universities, and private companies. Air Force, Navy, Army, and the FAA.”

Phishing

Phishing Government Identity Theft Engineering

From Compliance to Resilience: Cyber Governance as the Cornerstone of CISO Strategy

SecureWorld News

MAY 2, 2024

The role of a Chief Information Security Officer (CISO) is undeniably complex, yet incredibly rewarding. Similarly, SolarWinds and its Chief Information Security Officer faced fraud and internal control failure charges from the SEC. underscores the heightened emphasis on governance.

CISO

CISO Government CSO Artificial Intelligence

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

NOVEMBER 4, 2022

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc.

Scams

Scams Artificial Intelligence Cryptocurrency Accountability

Fake CISO Profiles on LinkedIn Target Fortune 500s

Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. If you were confused at this point, you might ask Google who it thinks is the current Chief Information Security Officer of Chevron. of spam and scam.”

CISO

CISO Cybercrime Accountability Information Security

Managed detection and response in 2024

SecureList

FEBRUARY 20, 2025

Kaspersky MDR customers by region Distribution of incidents by industry In 2024, the MDR team observed the highest number of incidents in the industrial (25.7%), financial (14.1%), and government (11.7%) sectors. in government, 17.8% However, if we consider only high-severity incidents, the distribution is somewhat different: 22.8%

Social Engineering

Social Engineering Phishing Government Threat Detection

USPS Site Exposed Data on 60 Million Users

Krebs on Security

NOVEMBER 21, 2018

Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. A USPS brochure advertising the features and benefits of Informed Visibility. Image: USPS.com.

Accountability

Accountability Authentication Identity Theft Advertising

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. The Government experts pointed out that in some cases the group did not deployed any backdoor in the compromised systems. ” reads trhe announcement published by DKWOC.

Accountability

Accountability Government Phishing Passwords

Privacy and Security of Data at Universities

Schneier on Security

NOVEMBER 9, 2018

This Article explores the competing values inherent in data stewardship and makes recommendations for practice by drawing on the pioneering work of the University of California in privacy and information security, data governance, and cyber risk.

Data collection

Data collection Cyber Risk Risk Government

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Security Affairs

NOVEMBER 15, 2024

The hackers stole 120,000 Bitcoin, and the Bitcoin value significantly dropped after the discovery of the security breach. Since the arrest of the couple, the government has seized another approximately $475 million tied to the cyber heist. Lichtenstein’s wife, Morgan, helped the man in laundering the stolen funds.

Cryptocurrency

Cryptocurrency Hacking Government Accountability

U.S. cannabis dispensary STIIIZY disclosed a data breach

Security Affairs

JANUARY 11, 2025

After discovering the security breach, the company investigated the incident and notified law enforcement. “On November 20, 2024, we were notified by a vendor of point-of-sale processing services for some of our retail locations that accounts with their organization had been compromised by an organized cybercrime group.”

Data breaches

Data breaches Retail Cybercrime Government

Earth Krahang APT breached tens of government organizations worldwide

Security Affairs

MARCH 19, 2024

The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities. “Earth Krahang abuses the trust between governments to conduct their attacks.

Government

Government Phishing Accountability VPN

A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia

Security Affairs

MARCH 25, 2025

Ukrzaliznytsia is investigating the attack and restoring the affected systems with the help of the Cyber Department of the Security Service of Ukraine. Source: Daryna Antoniuk’s X account “The online systems of Ukrzaliznytsia suffered a large-scale targeted cyberattack. ” reads the statement published by the company.

Backups

Backups Cyber Attacks Media Hacking

CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware

Security Affairs

APRIL 4, 2025

. “The Ukrainian government’s computer emergency response team, CERT-UA, is taking systematic measures to accumulate and analyze data on cyber incidents in order to provide up-to-date information on cyber threats.” ” Since fall 2024, threat actor used compromised accounts to send emails with links (e.g.,

Malware

Malware Cyber threats Government Hacking

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches

Data breaches Cybercrime Cyber Insurance Marketing

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. The post Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors appeared first on Security Affairs. com” domain. Pierluigi Paganini.

Scams

Scams Phishing Government Passwords

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. ” It remains unclear whether the stolen RDP credentials were a factor in this incident.

Hacking

Hacking Ransomware Banking Accountability

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Krebs on Security

OCTOBER 5, 2022

The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups. Another “swarm” of LinkedIn bot accounts flagged by Taylor’s group.

Accountability

Accountability Scams Artificial Intelligence Cryptocurrency

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

As organizations deal with such high volumes of dark and unstructured data, most of this data contains sensitive information , making it a primary target for data breach attacks. Consequently, organizations face various security, governance, privacy, and compliance risks. Today, data is not limited to on-premise or data stores.

Data privacy

Data privacy Unstructured Data Risk Data breaches

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Segment or isolate portions of your network that are critical to your business, process, or store sensitive information.

Cybersecurity

Cybersecurity Cybercrime Education Government

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

OCTOBER 13, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Cryptocurrency Artificial Intelligence Cybercrime

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Secure payment methods Ensure safe processing of financial transactions.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Russia-linked APT Star Blizzard targets WhatsApp accounts

Change Healthcare Breach Hits 100M Americans

Trending Sources

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Hackers stole millions of dollars from Uganda Central Bank

EDR-as-a-Service makes the headlines in the cybercrime landscape

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

How boards can manage digital governance in the age of AI

Storm-2372 used the device code phishing technique since August 2024

U.S. CISA: hackers breached a state government organization

Chinese threat actors use Quad7 botnet in password-spray attacks

Exclusive: NASA Director Twitter account hacked by Powerful Greek Army

Canadian government impacted by data breaches of two of its contractors

DNA testing company vanishes along with its customers’ genetic data

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Many Public Salesforce Sites are Leaking Private Data

Government of Bermuda blames Russian threat actors for the cyber attack

Ex Twitter employee found guilty of spying for Saudi Arabian government

CERT-UA warns of a phishing campaign targeting government entities

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

New SEC Rules around Cybersecurity Incident Disclosures

US government imposed sanctions on six Iranian intel officials

Chinese man charged for spear-phishing against NASA and US Government

From Compliance to Resilience: Cyber Governance as the Cornerstone of CISO Strategy

LinkedIn Adds Verified Emails, Profile Creation Dates

Fake CISO Profiles on LinkedIn Target Fortune 500s

Managed detection and response in 2024

USPS Site Exposed Data on 60 Million Users

New Leak Shows Business Side of China’s APT Menace

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Privacy and Security of Data at Universities

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

U.S. cannabis dispensary STIIIZY disclosed a data breach

Earth Krahang APT breached tens of government organizations worldwide

A cyberattack hits Ukraine’s national railway operator Ukrzaliznytsia

CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware

Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Glut of Fake LinkedIn Profiles Pits HR Against the Bots

Why DSPM is Essential for Achieving Data Privacy in 2024

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Stay Connected