Document and Technology - Cyber Security Informer

Ransomware attack hit Indian multinational Tata Technologies

Security Affairs

FEBRUARY 1, 2025

Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack. Threat actors hit the company’s information technology (IT) infrastructure.

Technology

Technology Ransomware Engineering Manufacturing

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

SEPTEMBER 23, 2020

Tyler Technologies , a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. Tyler Technologies declined to say how the intrusion is affecting its customers.

Technology

Technology Ransomware Software Government

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Dropbox isn’t sharing all of your documents with OpenAI. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced , but there’s still a lot of confusion. It seems not to be true.

Government

Government Banking Risk Internet

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

based technology companies. The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. Others simply sell access to hacked government or police email accounts, and leave it up to the buyer to forge any needed documents. Reset as you please.

Hacking

Hacking Accountability Government Social Engineering

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

The Last Watchdog

JANUARY 6, 2022

They also enrich documents with metadata and place them in crypto-containers, access to which is only granted by permission. However, all of these solutions are powerless when it comes to photographing a document with a smartphone and compromising printed copies of documents. There are more exotic ways of protecting documents.

Marketing

Marketing Software Surveillance Information Security

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

The Last Watchdog

JULY 21, 2021

And this is why DigiCert recently introduced DigiCert® Document Signing Manager (DSM) – an advanced hosted service designed to increase the level of assurance of the identities of persons signing documents digitally. Trzupek outlined how DSM allows for legally-binding documents with auditability and management of signers. “It

Computers and Electronics

Computers and Electronics Authentication Digital transformation Internet

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Security Affairs

MARCH 5, 2025

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. TB of stolen data. The group claims the theft of 1.4

Technology

Technology Ransomware Engineering Manufacturing

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

Security Affairs

FEBRUARY 13, 2025

Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies. Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies. ” reads the report published by Resecurity.

Technology

Technology Surveillance Manufacturing Cyber threats

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

DevHub is a platform designed for developers to access resources, tools, and APIs to build and integrate applications with Cisco’s technologies. It provides a range of development resources, including SDKs (Software Development Kits), documentation, sample code, and learning materials for networking, security, and cloud infrastructure.

Cybercrime

Cybercrime Data breaches Technology Banking

US Schools Are Buying Cell Phone Unlocking Systems

Schneier on Security

DECEMBER 18, 2020

Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology.

Surveillance

Surveillance Mobile Accountability Technology

Encryption & Privacy Policy and Technology

Adam Shostack

JANUARY 2, 2025

The Open Technology Institute has an Open Letter to Law Enforcement in the U.S., In closely related news, nominations for the 2020 Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies are open. Lastly, the Port of Seattle is considering putting rules in place around facial recognition technology.

Technology

Technology Encryption Internet Internet

Data leak at fintech giant Direct Trading Technologies

Security Affairs

JANUARY 31, 2024

Sensitive data and trading activity of over 300K traders leaked online by international fintech firm Direct Trading Technologies. Direct Trading Technologies, an international fintech company, jeopardized over 300K traders by leaking their sensitive data and trading activity, thereby putting them at risk of an account takeover.

Technology

Technology Identity Theft Backups Passwords

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers.

Password Management

Password Management Architecture Threat Detection Cybersecurity

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

The spyware’s deployment relied on Cellebrite’s unlocking process, combining two invasive technologies to compromise the journalists digital privacy comprehensively. NoviSpy can extract sensitive data from compromised Android devices, including screenshots, location data, audio recordings, files, and photos.

Spyware

Spyware Surveillance Technology Mobile

Sealed U.S. Court Records Exposed in SolarWinds Breach

Krebs on Security

JANUARY 7, 2021

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S.

Computers and Electronics

Computers and Electronics Software Engineering Accountability

Rhysida Ransomware gang claims the hack of the Government of Peru

Security Affairs

MAY 3, 2025

pic.twitter.com/6fsczNSrwu — Dominic Alvieri (@AlvieriD) May 2, 2025 The group published the images of multiple documents allegedly stolen from the Peruvian government platform. The Government of Peru has been breached by Rhysida Ransomware. The Rhysida ransomware group has been active since May 2023.

Government

Government Ransomware Hacking Manufacturing

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

An analysis of their technology infrastructure shows that all of these exchanges use Russian email providers, and most are directly hosted in Russia or by Russia-backed ISPs with infrastructure in Europe (e.g. A machine-translated version of Flymoney, one of dozens of cryptocurrency exchanges apparently nested at Cryptomus. in Vancouver, BC.

Cryptocurrency

Cryptocurrency Banking Cybercrime Advertising

Atlas of Surveillance

Schneier on Security

FEBRUARY 17, 2025

The EFF has released its Atlas of Surveillance , which documents police surveillance technology across the US.

Surveillance

Surveillance Technology

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Related: Technology and justice systems The U.S. Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches linked to the SolarWinds Orion hack, impacting investor trust and highlighting the critical importance of clear, truthful communication.

CISO

CISO CSO Risk Cyber threats

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. Recently, tesearchers from Positive Technologies warned that unknown threat actors have attempted to exploit the now-patched vulnerability CVE-2024-37383 (CVSS score: 6.1)

VPN

VPN Firewall Technology Passwords

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

Centraleyes

FEBRUARY 17, 2025

Yet, many organizations struggle with a disjointed approachpolicies scattered across departments, processes misaligned, and technology underutilized. Technology Architecture: Leverage a central policy management platform that integrates with other business systems, provides AI-driven insights, and enhances accessibility.

Architecture

Architecture Government Risk Technology

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

Hacker's King

FEBRUARY 9, 2025

Technology is also evolving rapidly in this fast-evolving world, where everything is changing briskly. To make it user-friendly for both beginners and experts, clear commands and comprehensive documentation are incorporated in this tool. Check the documentation for detailed instructions.

Penetration Testing

Penetration Testing Architecture Cybercrime Cybersecurity

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

Hacker's King

FEBRUARY 9, 2025

Technology is also evolving rapidly in this fast-evolving world, where everything is changing briskly. To make it user-friendly for both beginners and experts, clear commands and comprehensive documentation are incorporated in this tool. Check the documentation for detailed instructions.

Penetration Testing

Penetration Testing Architecture Cybercrime Cybersecurity

The Limits of Cyber Operations in Wartime

Schneier on Security

MAY 31, 2022

Underlying these expectations are broadly shared assumptions that information technology increases operational effectiveness. Qualitative analysis leverages original data from field interviews, leaked documents, forensic evidence, and local media. The reason for this shortfall is their subversive mechanism of action.

Media

Media Technology Risk

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

SecureWorld News

DECEMBER 23, 2024

Manufacturing systems, especially the ones that work with SCADA technology (Supervisory Control and Data Acquisition), IoT devices, and other critical technologies, depend heavily on efficient IT support to ensure that the downtime is minimal, and the performance is optimal.

Manufacturing

Manufacturing IoT Data collection Technology

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Krebs on Security

SEPTEMBER 8, 2021

warns that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. “The attacker would then have to convince the user to open the malicious document. Microsoft Corp.

Software

Software Engineering Internet Internet

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

APRIL 20, 2023

3CX hired incident response firm Mandiant , which released a report on Wednesday that said the compromise began in 2022 when a 3CX employee installed a malware-laced software package distributed via an earlier software supply chain compromise that began with a tampered installer for X_TRADER , a software package provided by Trading Technologies.

Malware

Malware Software Technology Accountability

Cisco states that the second data leak is linked to the one from October

Security Affairs

DECEMBER 30, 2024

DevHub is a platform designed for developers to access resources, tools, and APIs to build and integrate applications with Ciscos technologies. It provides a range of development resources, including SDKs (Software Development Kits), documentation, sample code, and learning materials for networking, security, and cloud infrastructure.

Data breaches

Data breaches Cybercrime Authentication Technology

SideWinder targets the maritime and nuclear sectors with an updated toolset

SecureList

MARCH 10, 2025

The document uses the remote template injection technique to download an RTF file stored on a remote server controlled by the attacker. The documents used various themes to deceive victims into believing they are legitimate. Some documents concerned nuclear power plants and nuclear energy agencies. pro document-viewer[.]info

Energy and Utilities

Energy and Utilities Malware Government Phishing

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Security Affairs

JANUARY 18, 2025

Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., government systems, including the recent targeting of Treasurys information technology (IT) systems, as well as sensitive U.S. telecommunication and internet service providers. critical infrastructure.”

Cybersecurity

Cybersecurity Telecommunications Government Healthcare

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

AUGUST 14, 2020

The “RCM” portion of its name refers to “revenue cycle management,” an industry which tracks profits throughout the life cycle of each patient, including patient registration, insurance and benefit verification, medical treatment documentation, and bill preparation and collection from patients.

Ransomware

Ransomware Healthcare Insurance Phishing

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Security Affairs

APRIL 16, 2025

The CVE program is supported by a network of CVE Numbering Authorities (CNAs), which include major technology companies, research organizations, and government agencies. These CNAs are authorized to assign CVE IDs to vulnerabilities discovered in their respective domains, ensuring timely and accurate documentation of security issues.

Government

Government Risk Cybersecurity Media

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

“My nickname was MikeMike, and I worked with Dmitri Golubov and made technologies for him,” Shefel said. “I’m also godfather of his second son.” ” Dmitri Golubov, circa 2005. Image: U.S. Postal Investigative Service.

Retail

Retail Advertising Cryptocurrency Marketing

Self-Driving Cars Are Surveillance Cameras on Wheels

Schneier on Security

JULY 3, 2023

. “We’re supposed to be able to go about our business in our day-to-day lives without being surveilled unless we are suspected of a crime, and each little bit of this technology strips away that ability.”

Surveillance

Surveillance Marketing Technology

U.S. cannabis dispensary STIIIZY disclosed a data breach

Security Affairs

JANUARY 11, 2025

We have determined that certain of our customers personal information and documents was acquired by the threat actors.” The companyalso filed documents with regulators in California warning impacted customers. The exposed information varies for each individual case.

Data breaches

Data breaches Retail Cybercrime Government

US Citizen Hacked by Spyware

Schneier on Security

MARCH 21, 2023

and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.

Spyware

Spyware Hacking Government Technology

Open-Source LLMs

Schneier on Security

JUNE 2, 2023

And their results have been immediate, innovative, and an indication of how the future of this technology is going to play out. The large corporations that had controlled these models warn that this free-for-all will lead to potentially dangerous developments, and problematic uses of the open technology have already been documented.

Technology

Technology Internet Internet Government

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Security Affairs

JANUARY 18, 2025

Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., government systems, including the recent targeting of Treasurys information technology (IT) systems, as well as sensitive U.S. telecommunication and internet service providers. critical infrastructure.”

Cybersecurity

Cybersecurity Telecommunications Government Healthcare

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world.

VPN

VPN Mobile Government Technology

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

Scattered Spider is a loosely affiliated criminal hacking group whose members have broken into and stolen data from some of the world’s largest technology companies. Documents from the U.S. Convictions on the latter charge carry a minimum sentence of two years in prison. A preliminary hearing in the case is slated for May 6.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Krebs on Security

MAY 7, 2025

Mirza’s LinkedIn profile says he currently runs an educational technology/life coach enterprise called TheCoach360 , which purports to help young kids “achieve financial independence.” ” Reached via LinkedIn, Mr. Mirza denied having anything to do with eWorldTrade or any of its sister companies in Texas.

Scams

Scams Marketing Advertising Technology

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON , a technology company headquartered in Shanghai that is perhaps best known for providing cybersecurity training courses throughout China. i-SOON CEO Wu Haibo, in 2011. Image: nattothoughts.substack.com.

Government

Government Hacking Cyber threats Mobile

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

APRIL 9, 2024

” CVE-2024-29988 is a weakness that allows attackers to bypass Windows SmartScreen , a technology Microsoft designed to provide additional protections for end users against phishing and malware attacks. Adobe has since clarified that its apps won’t use AI to auto-scan your documents, as the original language in its FAQ suggested.

DNS

DNS Social Engineering Malware Media

2024 in AI: It’s changed the world, but it’s not all good

Malwarebytes

DECEMBER 27, 2024

And as long as we have been waiting for AI technology to become commonplace, if AI has taught us one thing this year, then its that when humans and AI cooperate, amazing things can happen. As with many developing technologies, sometimes the race to stay ahead is more important than security. But amazing is not always positive.

Scams

Scams Artificial Intelligence Media Technology

Ransomware attack hit Indian multinational Tata Technologies

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Webinars

Trending Sources

OpenAI Is Not Training on Your Dropbox Documents—Today

Webinars

FBI: Spike in Hacked Police Emails, Fake Subpoenas

GUEST ESSAY: Going beyond watermarks to protect sensitive documents from illegal access

NEW TECH: DigiCert Document Signing Manager leverages PKI to advance electronic signatures

Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

The Rise of Cyber Espionage: UAV and C-UAV Technologies as Targets

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

US Schools Are Buying Cell Phone Unlocking Systems

Encryption & Privacy Policy and Technology

Data leak at fintech giant Direct Trading Technologies

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Sealed U.S. Court Records Exposed in SolarWinds Breach

Rhysida Ransomware gang claims the hack of the Government of Peru

How Cryptocurrency Turns to Cash in Russian Banks

Atlas of Surveillance

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

SploitScan: Find Latest CVE Documentation and Exploitation With All Details

The Limits of Cyber Operations in Wartime

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

3CX Breach Was a Double Supply Chain Compromise

Cisco states that the second data leak is linked to the one from October

SideWinder targets the maritime and nuclear sectors with an updated toolset

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

An Interview With the Target & Home Depot Hacker

Self-Driving Cars Are Surveillance Cameras on Wheels

U.S. cannabis dispensary STIIIZY disclosed a data breach

US Citizen Hacked by Spyware

Open-Source LLMs

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Pakistani Firm Shipped Fentanyl Analogs, Scams to US

New Leak Shows Business Side of China’s APT Menace

April’s Patch Tuesday Brings Record Number of Fixes

2024 in AI: It’s changed the world, but it’s not all good

Stay Connected