Document and Technology - Cyber Security Informer

Ransomware attack hit Indian multinational Tata Technologies

Security Affairs

FEBRUARY 1, 2025

Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack. Threat actors hit the company’s information technology (IT) infrastructure.

Technology

Technology Ransomware Engineering Manufacturing

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

SEPTEMBER 23, 2020

Tyler Technologies , a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. Tyler Technologies declined to say how the intrusion is affecting its customers.

Technology

Technology Ransomware Software Government

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Dropbox isn’t sharing all of your documents with OpenAI. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced , but there’s still a lot of confusion. It seems not to be true.

Government

Government Banking Risk Internet

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

based technology companies. The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. Others simply sell access to hacked government or police email accounts, and leave it up to the buyer to forge any needed documents. Reset as you please.

Hacking

Hacking Accountability Government Social Engineering

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

They also enrich documents with metadata and place them in crypto-containers, access to which is only granted by permission. However, all of these solutions are powerless when it comes to photographing a document with a smartphone and compromising printed copies of documents. There are more exotic ways of protecting documents.

Marketing

Marketing Software Surveillance Information Security

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

JULY 21, 2021

And this is why DigiCert recently introduced DigiCert® Document Signing Manager (DSM) – an advanced hosted service designed to increase the level of assurance of the identities of persons signing documents digitally. Trzupek outlined how DSM allows for legally-binding documents with auditability and management of signers. “It

Computers and Electronics

Computers and Electronics Authentication Digital transformation Internet

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. TB of stolen data. The group claims the theft of 1.4

Technology

Technology Ransomware Engineering Manufacturing

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

DevHub is a platform designed for developers to access resources, tools, and APIs to build and integrate applications with Cisco’s technologies. It provides a range of development resources, including SDKs (Software Development Kits), documentation, sample code, and learning materials for networking, security, and cloud infrastructure.

Cybercrime

Cybercrime Data breaches Technology Banking

US Schools Are Buying Cell Phone Unlocking Systems

Schneier on Security

DECEMBER 18, 2020

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology.

Surveillance

Surveillance Mobile Accountability Technology

Encryption & Privacy Policy and Technology

Adam Shostack

JANUARY 2, 2025

The Open Technology Institute has an Open Letter to Law Enforcement in the U.S., In closely related news, nominations for the 2020 Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies are open. Lastly, the Port of Seattle is considering putting rules in place around facial recognition technology.

Technology

Technology Encryption Internet Internet

Data leak at fintech giant Direct Trading Technologies

Security Affairs

JANUARY 31, 2024

Sensitive data and trading activity of over 300K traders leaked online by international fintech firm Direct Trading Technologies. Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover.

Technology

Technology Identity Theft Backups Passwords

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers.

Password Management

Password Management Architecture Threat Detection Cybersecurity

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

The spyware’s deployment relied on Cellebrite’s unlocking process, combining two invasive technologies to compromise the journalists digital privacy comprehensively. NoviSpy can extract sensitive data from compromised Android devices, including screenshots, location data, audio recordings, files, and photos.

Spyware

Spyware Surveillance Technology Mobile

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S.

Computers and Electronics

Computers and Electronics Software Engineering Accountability

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

An analysis of their technology infrastructure shows that all of these exchanges use Russian email providers, and most are directly hosted in Russia or by Russia-backed ISPs with infrastructure in Europe (e.g. A machine-translated version of Flymoney, one of dozens of cryptocurrency exchanges apparently nested at Cryptomus. in Vancouver, BC.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Related: Technology and justice systems The U.S. Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches linked to the SolarWinds Orion hack, impacting investor trust and highlighting the critical importance of clear, truthful communication.

CISO

CISO CSO Risk Cyber threats

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. Recently, tesearchers from Positive Technologies warned that unknown threat actors have attempted to exploit the now-patched vulnerability CVE-2024-37383 (CVSS score: 6.1)

VPN

VPN Firewall Technology Passwords

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

Centraleyes

FEBRUARY 17, 2025

Yet, many organizations struggle with a disjointed approachpolicies scattered across departments, processes misaligned, and technology underutilized. Technology Architecture: Leverage a central policy management platform that integrates with other business systems, provides AI-driven insights, and enhances accessibility.

Architecture

Architecture Government Risk Technology

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

Hacker's King

FEBRUARY 9, 2025

Technology is also evolving rapidly in this fast-evolving world, where everything is changing briskly. To make it user-friendly for both beginners and experts, clear commands and comprehensive documentation are incorporated in this tool. Check the documentation for detailed instructions.

Penetration Testing

Penetration Testing Architecture Cybercrime Cybersecurity

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

Hacker's King

FEBRUARY 9, 2025

Technology is also evolving rapidly in this fast-evolving world, where everything is changing briskly. To make it user-friendly for both beginners and experts, clear commands and comprehensive documentation are incorporated in this tool. Check the documentation for detailed instructions.

Penetration Testing

Penetration Testing Architecture Cybercrime Cybersecurity

Atlas of Surveillance

Schneier on Security

FEBRUARY 17, 2025

The EFF has released its Atlas of Surveillance , which documents police surveillance technology across the US.

Surveillance

Surveillance Technology

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

SecureWorld News

DECEMBER 23, 2024

Manufacturing systems, especially the ones that work with SCADA technology (Supervisory Control and Data Acquisition), IoT devices, and other critical technologies, depend heavily on efficient IT support to ensure that the downtime is minimal, and the performance is optimal.

Manufacturing

Manufacturing IoT Data collection Technology

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

SEPTEMBER 8, 2021

warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. “The attacker would then have to convince the user to open the malicious document. Microsoft Corp.

Software

Software Engineering Internet Internet

The Limits of Cyber Operations in Wartime

Schneier on Security

MAY 31, 2022

Underlying these expectations are broadly shared assumptions that information technology increases operational effectiveness. Qualitative analysis leverages original data from field interviews, leaked documents, forensic evidence, and local media. The reason for this shortfall is their subversive mechanism of action.

Media

Media Technology Risk

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.

Malware

Malware Software Technology Accountability

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

DevHub is a platform designed for developers to access resources, tools, and APIs to build and integrate applications with Ciscos technologies. It provides a range of development resources, including SDKs (Software Development Kits), documentation, sample code, and learning materials for networking, security, and cloud infrastructure.

Data breaches

Data breaches Cybercrime Authentication Technology

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Security Affairs

JANUARY 18, 2025

Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., government systems, including the recent targeting of Treasurys information technology (IT) systems, as well as sensitive U.S. telecommunication and internet service providers. critical infrastructure.”

Cybersecurity

Cybersecurity Telecommunications Government Healthcare

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

AUGUST 14, 2020

The “RCM” portion of its name refers to “revenue cycle management,” an industry which tracks profits throughout the life cycle of each patient, including patient registration, insurance and benefit verification, medical treatment documentation, and bill preparation and collection from patients.

Ransomware

Ransomware Healthcare Insurance Phishing

SideWinder targets the maritime and nuclear sectors with an updated toolset

SecureList

MARCH 10, 2025

The document uses the remote template injection technique to download an RTF file stored on a remote server controlled by the attacker. The documents used various themes to deceive victims into believing they are legitimate. Some documents concerned nuclear power plants and nuclear energy agencies. pro document-viewer[.]info

Energy and Utilities

Energy and Utilities Malware Government Phishing

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

“My nickname was MikeMike, and I worked with Dmitri Golubov and made technologies for him,” Shefel said. “I’m also godfather of his second son.” ” Dmitri Golubov, circa 2005. Image: U.S. Postal Investigative Service.

Retail

Retail Advertising Cryptocurrency Marketing

U.S. cannabis dispensary STIIIZY disclosed a data breach

Security Affairs

JANUARY 11, 2025

We have determined that certain of our customers personal information and documents was acquired by the threat actors.” The companyalso filed documents with regulators in California warning impacted customers. The exposed information varies for each individual case.

Data breaches

Data breaches Retail Cybercrime Government

Self-Driving Cars Are Surveillance Cameras on Wheels

Schneier on Security

JULY 3, 2023

. “We’re supposed to be able to go about our business in our day-to-day lives without being surveilled unless we are suspected of a crime, and each little bit of this technology strips away that ability.”

Surveillance

Surveillance Marketing Technology

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world.

VPN

VPN Mobile Government Technology

US Citizen Hacked by Spyware

Schneier on Security

MARCH 21, 2023

and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.

Spyware

Spyware Hacking Government Technology

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Security Affairs

JANUARY 18, 2025

Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., government systems, including the recent targeting of Treasurys information technology (IT) systems, as well as sensitive U.S. telecommunication and internet service providers. critical infrastructure.”

Cybersecurity

Cybersecurity Telecommunications Government Healthcare

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON , a technology company headquartered in Shanghai that is perhaps best known for providing cybersecurity training courses throughout China. i-SOON CEO Wu Haibo, in 2011. Image: nattothoughts.substack.com.

Government

Government Hacking Cyber threats Mobile

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

APRIL 9, 2024

” CVE-2024-29988 is a weakness that allows attackers to bypass Windows SmartScreen , a technology Microsoft designed to provide additional protections for end users against phishing and malware attacks. Adobe has since clarified that its apps won’t use AI to auto-scan your documents, as the original language in its FAQ suggested.

DNS

DNS Social Engineering Malware Media

News alert: INE Security highlights why hands-on labs can help accelerate CMMC 2.0 compliance

The Last Watchdog

APRIL 11, 2025

” Bridging the implementation gap Recent industry data shows that organizations pursuing CMMC certification face significant challenges moving from documentation to implementation, particularly at Level 2 (Advanced), which requires adherence to 110 security controls from NIST SP 800-171.

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

OCTOBER 28, 2020

In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents — including schematics of client bank vaults and surveillance systems. What’s more, Syrén seemed to downplay the severity of the exposure.

Hacking

Hacking Ransomware Banking Accountability

RSAC insights: Concentric AI directs Google’s search techniques towards locking down data sprawl

The Last Watchdog

JUNE 1, 2022

To accomplish this, he says, it crawls data with advanced analysis technologies and brings “ deep learning ” data analytics to bear. Krishnan gave me the example of a technology company that was concerned about employees flouting a company ban on the use of personal email accounts to share proprietary documents.

Unstructured Data

Unstructured Data Government Internet Internet

Ten Ways AI Will Change Democracy

Schneier on Security

NOVEMBER 13, 2023

Some items on my list are still speculative, but none require science-fictional levels of technological advance. When reading about the successes and failures of AI systems, it’s important to differentiate between the fundamental limitations of AI as a technology, and the practical limitations of AI systems in the fall of 2023.

Artificial Intelligence

Artificial Intelligence Technology Government Education

News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’

The Last Watchdog

SEPTEMBER 10, 2024

This cutting-edge innovation combines Post-Quantum Cryptography (PQC)* — designed to withstand the security threats posed by future quantum computing—with the trusted SSL technology that secures websites worldwide. This unique feature allows for offline verification capability, making it adaptable to various environments.

Computers and Electronics

Computers and Electronics Encryption Government Authentication

Phish Leads to Breach at Calif. State Controller

Krebs on Security

MARCH 23, 2021

The source said the intruders stole several documents with personal and financial data on thousands of state employees, and then used the phished employee’s inbox to send targeted phishing emails to at least 9,000 California state workers and their contacts.

Phishing

Phishing Data breaches Accountability Technology

Conti’s Ransomware Toll on the Healthcare Industry

Krebs on Security

APRIL 18, 2022

The survey also found that just six percent or less of respondent’s information technology budgets were devoted to cybersecurity, although roughly 60 percent of respondents said their cybersecurity budgets would increase in 2022.

Healthcare

Healthcare Ransomware Cybersecurity Malware

Ransomware attack hit Indian multinational Tata Technologies

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Trending Sources

OpenAI Is Not Training on Your Dropbox Documents—Today

FBI: Spike in Hacked Police Emails, Fake Subpoenas

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

US Schools Are Buying Cell Phone Unlocking Systems

Encryption & Privacy Policy and Technology

Data leak at fintech giant Direct Trading Technologies

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Sealed U.S. Court Records Exposed in SolarWinds Breach

How Cryptocurrency Turns to Cash in Russian Banks

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

Atlas of Surveillance

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

The Limits of Cyber Operations in Wartime

3CX Breach Was a Double Supply Chain Compromise

Cisco states that the second data leak is linked to the one from October

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

SideWinder targets the maritime and nuclear sectors with an updated toolset

An Interview With the Target & Home Depot Hacker

U.S. cannabis dispensary STIIIZY disclosed a data breach

Self-Driving Cars Are Surveillance Cameras on Wheels

Popular VPNs are routing traffic via Chinese companies, including one with link to military

US Citizen Hacked by Spyware

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

New Leak Shows Business Side of China’s APT Menace

April’s Patch Tuesday Brings Record Number of Fixes

News alert: INE Security highlights why hands-on labs can help accelerate CMMC 2.0 compliance

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

RSAC insights: Concentric AI directs Google’s search techniques towards locking down data sprawl

Ten Ways AI Will Change Democracy

News alert: Seventh Sense unveils a revolutionary privacy solution — face-based PKI and ‘eID’

Phish Leads to Breach at Calif. State Controller

Conti’s Ransomware Toll on the Healthcare Industry

Stay Connected