Government - Cyber Security Informer

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government

Government Spyware Mobile Hacking

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. trillion in annual federal payments.

Government

Government Artificial Intelligence Banking Software

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. The authorities launched an investigation after the ransomware gang Ransomhub claimed the attack and published samples of personal information from a database of government.

Government

Government Hacking Ransomware Insurance

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. Poland’s government has been investigating the alleged misuse of Pegasus spyware by the previous administration and arrested the former head of Poland’s internal security service Piotr Pogonowski.

Spyware

Spyware Government Surveillance Hacking

Enhance Innovation and Governance Through the Cloud Development Maturity Model

By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows.

Government

U.S. Lawmakers Push to Ban DeepSeek from Government Devices

SecureWorld News

FEBRUARY 6, 2025

Representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) introduced the bipartisan No DeepSeek on Government Devices Act, seeking to prohibit federal employees from using the AI-powered application DeepSeek on government-issued devices. On February 6, 2025, U.S. Federal Communications Commission (FCC) for security concerns.

Government

Government Artificial Intelligence Data privacy Mobile

3 Ways the UK Government Plans to Tighten Cyber Security Rules with New Bill

Tech Republic Security

APRIL 2, 2025

government has set out the scope of its upcoming Cyber Security and Resilience Bill for the first time. Amid a sharp spike in ransomware attacks disrupting essential services and critical infrastructure, the U.K.

Government

Government Ransomware

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Telecommunications Surveillance Risk

Critical Infrastructure Seeing Benefits of Government Program, CISA Says

Security Boulevard

JANUARY 14, 2025

The post Critical Infrastructure Seeing Benefits of Government Program, CISA Says appeared first on Security Boulevard.

Government

Government Security Awareness Risk Malware

Beware of Pixels & Trackers on U.S. Healthcare Websites

This report offers insights for cybersecurity, compliance, and privacy executives at healthcare organizations, as well as for policymakers and auditors.

Healthcare

AI Disruption: The DeepSeek Effect on Wall Street, Governments and Beyond

Lohrman on Security

FEBRUARY 2, 2025

So what lessons can we learn from this whirlwind of media stories and the corresponding reactions from governments and Wall Street? The past week has been full of headlines regarding DeepSeek AI.

Government

Government Media

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

SecureWorld News

FEBRUARY 17, 2025

Cybersecurity governance has undergone a dramatic transformation over the past few decades. From its early days, where security was an afterthought to business operations, to the present, where it has become a board-level discussion, governance has had to adapt to an ever-evolving digital landscape.

Government

Government Cybersecurity Risk CISO

Arguing Against CALEA

Schneier on Security

APRIL 8, 2025

This is the access that the Chinese threat actor Salt Typhoon used to spy on Americans: The Wall Street Journal first reported Friday that a Chinese government hacking group dubbed Salt Typhoon broke into three of the largest U.S. government’s investigation is in its early stages.

Telecommunications

Telecommunications Internet Internet Government

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Telecommunications Surveillance Risk

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S.

Cybersecurity

Zero-Trust Architecture in Government: Spring 2025 Roundup

Lohrman on Security

MARCH 16, 2025

Where do things stand with the deployment of zero-trust architectures in federal, state and local governments across the country and the world? Heres a March 2025 roundup.

Architecture

Architecture Government

CVE Program Almost Unfunded

Schneier on Security

APRIL 16, 2025

It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now. My guess is that we will somehow figure out how to continue this program without the US government.

CSO

CSO Government Software Cybersecurity

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Government contractor Conduent disclosed a data breach

Security Affairs

APRIL 16, 2025

The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that personal information, including names and Social Security numbers, was stolen in a January cyberattack.

Data breaches

Data breaches Government Cyber Insurance Business Services

Zero Trust Mandate: The Realities, Requirements and Roadmap

Government agencies can no longer ignore or delay their Zero Trust initiatives. The DHS compliance audit clock is ticking on Zero Trust. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc.,

Cybersecurity

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

OCTOBER 17, 2024

government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. The government isn’t saying where the Omed brothers are being held, only that they were arrested in March 2024 and have been in custody since. A statement by the U.S.

DDOS

DDOS Government Internet Internet

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

Krebs on Security

FEBRUARY 26, 2025

government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military. ” prosecutors in the case said Wednesday.

Hacking

Hacking Government Identity Theft Accountability

RSAC 2025 Innovation Sandbox | EQTY Lab: Governance Pioneer and Technical Architecture for Building a Trusted AI Ecosystem

Security Boulevard

APRIL 22, 2025

Company Overview Founded in 2022 and headquartered in Los Angeles, California, USA, EQTY Lab AG is a technology company focusing on AI governance and security. The post RSAC 2025 Innovation Sandbox | EQTY Lab: Governance Pioneer and Technical Architecture for Building a Trusted AI Ecosystem appeared first on Security Boulevard.

Architecture

Architecture Government Cyber Attacks Technology

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

DECEMBER 4, 2024

government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies. government’s “Wanted” poster for him.

Cybercrime

Cybercrime Ransomware Cryptocurrency Government

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Advertiser: Revenera

This IDC report addresses several key topics: Risks involved with using open-source software (OSS) How to manage these risks, including OSS license compliance Business benefits to the organization beyond risk mitigation Software supply chain best practices Key trends in industry and government regulation

Risk

Perfectl Malware

Schneier on Security

OCTOBER 14, 2024

Something this complex and impressive implies that a government is behind this. North Korea is the government we know that hacks cryptocurrency in order to fund its operations. Aqua Security researchers have also observed the malware serving as a backdoor to install other families of malware. But this feels too complex for that.

Malware

Malware Cryptocurrency Internet Internet

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

Schneier on Security

FEBRUARY 3, 2025

Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks. ” It is not clear who was behind the attack.

Spyware

Spyware Government Hacking Software

Delivering Malware Through Abandoned Amazon S3 Buckets

Schneier on Security

FEBRUARY 12, 2025

The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines—and then abandoned.

Malware

Malware Software Internet Internet

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Cybersecurity reporter Kim Zetter notes that DHS didn’t cite any specific justification for its ban in 2017, but media reports quoting anonymous government officials referenced two incidents. government for its hacking operations, CEO Eugene Kaspersky says he ordered workers to delete the code. Last year, the U.S.

Malware

Malware Antivirus Software DDOS

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

He will also dive into topic definitions, governance structures, and framework components for success. This exclusive webinar with William Hord, Senior VP of Risk & Professional Services, will explore the answers to these questions and other foundational elements you need to start or validate your ERM program. Register today!

Banking

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Security Affairs

APRIL 16, 2025

government funding for MITRE s CVE program , a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption. The CVE program is supported by a network of CVE Numbering Authorities (CNAs), which include major technology companies, research organizations, and government agencies.

Government

Government Risk Cybersecurity Media

Silk Typhoon Hackers Indicted

Schneier on Security

MARCH 11, 2025

. […] According to prosecutors, the group as a whole has targeted US state and federal agencies, foreign ministries of countries across Asia, Chinese dissidents, US-based media outlets that have criticized the Chinese government, and most recently the US Treasury, which was breached between September and December of last year.

Government

Government Media Hacking

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

In some jurisdictions, this line is most-effectively drawn by a government-appointed privacy commissioner who is required to remain neutral and yet ultimately serves the citizens of its country. Set clear standards on what is required by the private sector, and what the government will do to assist with cybersecurity.

CISO

CISO CSO Risk Cyber threats

Weekly Update 429

Troy Hunt

DECEMBER 7, 2024

The Armenian Government is now the 37th to have free and open access to their domains on HIBP (this gives them API-level domain searches to their gov TLD) After two and a bit years on sale, we're now giving away "Pwned" the book, for free (go grab it in PDF or EPUB format) Is your recovery? Protect your data in the cloud.

InfoSec

InfoSec Government Accountability

A few thoughts on CVE

Adam Shostack

APRIL 15, 2025

Finding support from outside the government was, as I recall, harder because MITRE is Congressionally chartered and has difficulty taking money from anyone but the US Government. CVE achieved public good status exceptionally quickly, in part because of support from thoughtful leaders like Tony Sager while he was at NSA.

Government

Government Malware

MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’

Security Boulevard

APRIL 16, 2025

government funding for the Common Vulnerabilities and Exposures program expires April 16. These are interesting times: U.S. The post MITRE Crisis: CVE Cash Ends TODAY CISA says No Lapse appeared first on Security Boulevard.

Government

Government Data privacy Technology IoT

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. In September 2024, Ukraines National Coordination Centre for Cybersecurity (NCCC) banned the Telegram messaging app on government agencies, military, and critical infrastructure, due to national security concerns. continues the announcement.

Government

Government Surveillance Mobile Hacking

The Independent Op-Ed: Australia’s social media ban won’t protect kids – it’ll put them more at risk

Joseph Steinberg

DECEMBER 21, 2024

Australia recently enacted legislation to ban children under 16 from using social media a policy that the Australian government plans to enforce through the use of untested age-verification technology.

Media

Media Risk Artificial Intelligence Government

Hackers stole millions of dollars from Uganda Central Bank

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts. “It is true our accounts were hacked into but not to the extent of what is being reported.

Banking

Banking Government Accountability Hacking

China Possibly Hacking US “Lawful Access” Backdoor

Schneier on Security

OCTOBER 8, 2024

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994. It’s a weird story.

Hacking

Hacking Government

Federal Contractor Cybersecurity Vulnerability Reduction Act Passes in U.S. House

SecureWorld News

MARCH 6, 2025

government. This means that thousands of government contractors will soon be required to implement structured processes for identifying, reporting, and mitigating vulnerabilities, aligning them with U.S. government and among the many contractors and vendors that support federal agencies."

Cybersecurity

Cybersecurity Government Marketing Cyber threats

When Getting Phished Puts You in Mortal Danger

Krebs on Security

MARCH 27, 2025

Researchers at the security firm Silent Push mapped a network of several dozen phishing domains that spoof the recruitment websites of Ukrainian paramilitary groups, as well as Ukrainian government intelligence sites. The website legiohliberty[.]army army features a carbon copy of the homepage for the Freedom of Russia Legion (a.k.a.

Phishing

Phishing Government Engineering Internet

U.S. Confirms Chinese Hackers Compromised Telecommunications Networks

SecureWorld News

NOVEMBER 15, 2024

The breach granted these hackers access to sensitive communications and call records, focusing mainly on government officials and politically involved individuals. "We government and private-sector communications systems. According to the FBI and CISA , Salt Typhoon infiltrated major U.S.

Telecommunications

Telecommunications Government Surveillance Cybersecurity

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Security Affairs

JANUARY 18, 2025

government IT systems and critical infrastructure. government systems, including the recent targeting of Treasurys information technology (IT) systems, as well as sensitive U.S. BeyondTrust provides Privileged Access Management and secure remote access, serving sectors like government, healthcare, banking, and energy.

Cybersecurity

Cybersecurity Telecommunications Government Healthcare

NSO Group Spies on People on Behalf of Governments

DOGE as a National Cyberattack

Webinars

Trending Sources

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Webinars

Poland probes Pegasus spyware abuse under the PiS government

Enhance Innovation and Governance Through the Cloud Development Maturity Model

U.S. Lawmakers Push to Ban DeepSeek from Government Devices

3 Ways the UK Government Plans to Tighten Cyber Security Rules with New Bill

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Critical Infrastructure Seeing Benefits of Government Program, CISA Says

Beware of Pixels & Trackers on U.S. Healthcare Websites

AI Disruption: The DeepSeek Effect on Wall Street, Governments and Beyond

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

Arguing Against CALEA

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Cybersecurity Predictions for 2024

Zero-Trust Architecture in Government: Spring 2025 Roundup

CVE Program Almost Unfunded

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Government contractor Conduent disclosed a data breach

Zero Trust Mandate: The Realities, Requirements and Roadmap

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

RSAC 2025 Innovation Sandbox | EQTY Lab: Governance Pioneer and Technical Architecture for Building a Trusted AI Ecosystem

U.S. Offered $10M for Hacker Just Arrested by Russia

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Perfectl Malware

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

Delivering Malware Through Abandoned Amazon S3 Buckets

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

ERM Program Fundamentals for Success in the Banking Industry

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Silk Typhoon Hackers Indicted

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Weekly Update 429

A few thoughts on CVE

MITRE Crisis: CVE Cash Ends TODAY — CISA says ‘No Lapse’

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

The Independent Op-Ed: Australia’s social media ban won’t protect kids – it’ll put them more at risk

Hackers stole millions of dollars from Uganda Central Bank

China Possibly Hacking US “Lawful Access” Backdoor

Federal Contractor Cybersecurity Vulnerability Reduction Act Passes in U.S. House

When Getting Phished Puts You in Mortal Danger

U.S. Confirms Chinese Hackers Compromised Telecommunications Networks

U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon

Stay Connected