Government and Information Security - Cyber Security Informer

Welcoming the Czech Republic Government to Have I Been Pwned

Troy Hunt

SEPTEMBER 6, 2021

For the last few years, I've been welcome national governments to Have I Been Pwned (HIBP) and granting them full and free access to domain-level searches via a dedicated API. Data breaches impact all of us in one way or another, and government agencies are no exception.

Government

Government Data breaches Internet Internet

Rhysida Ransomware gang claims the hack of the Government of Peru

Security Affairs

MAY 3, 2025

The Rhysida Ransomware gang claims the hack of the Government of Peru, the gang breached Gob.pe, the Single Digital Platform of the Peruvian State. The Rhysida ransomware gang claims responsibility for hacking the Government of Peru, breaching Gob.pe, which is the country’s official digital platform.

Government

Government Ransomware Hacking Manufacturing

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Security Affairs

NOVEMBER 21, 2024

Mexico’s president announced the government is investigating an alleged ransomware hack that targeted the administration’s legal affairs office. The authorities launched an investigation after the ransomware gang Ransomhub claimed the attack and published samples of personal information from a database of government.

Government

Government Hacking Ransomware Insurance

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Security Affairs

APRIL 28, 2025

Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asias government and telecom sectors. Earth Kurma particularly targeted the Philippines, Vietnam, Thailand, and Malaysia.

Telecommunications

Telecommunications Government Malware Hacking

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. The former head of Poland’s internal security service was arrested Monday and brought before parliament to testify about prior government use of spyware against hundreds of individuals.

Spyware

Spyware Government Surveillance Hacking

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The cyber spies stole information belonging to targeted individuals that was subject to U.S. broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Telecommunications Surveillance Risk

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

The Last Watchdog

JUNE 12, 2023

Information privacy and information security are two different things. Related: Tapping hidden pools of security talent Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers. still available for you to use.

Information Security

Information Security Data breaches CISO Encryption

Information Security Manual (ISM)

Security Boulevard

JANUARY 20, 2025

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats.

Information Security

Information Security Healthcare Cyber threats Government

Information Security Manual (ISM)

Centraleyes

JANUARY 20, 2025

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats.

Information Security

Information Security Cyber threats Government Small Business

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Joseph Steinberg

NOVEMBER 17, 2021

He is also the inventor of several information-security technologies widely used today; his work is cited in over 500 published patents. His opinions are also frequently cited in books, law journals, security publications, and general interest periodicals.

Cybersecurity

Cybersecurity Artificial Intelligence Government Information Security

Montenegro is the Victim of a Cyberattack

Schneier on Security

SEPTEMBER 2, 2022

Details are few, but Montenegro has suffered a cyberattack : A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. […].

Retail

Retail Government Ransomware Information Security

Texas is the first state to ban DeepSeek on government devices

Security Affairs

FEBRUARY 2, 2025

Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks. Texas and other states banned TikTok on government devices. The AI-powered chatbot, recently launched globally, has rapidly gained popularity reaching millions of users.

Government

Government Artificial Intelligence Media Data collection

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

Security Affairs

FEBRUARY 26, 2025

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader.

Government

Government Cyber threats Malware Phishing

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

Security Affairs

APRIL 16, 2025

funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. government funding for MITRE s CVE program , a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption. MITREs U.S.-funded

Government

Government Risk Cybersecurity Media

How boards can manage digital governance in the age of AI

BH Consulting

MARCH 26, 2025

In a presentation titled Digital governance for boards and senior executives: AI, cybersecurity, and privacy , she called on her extensive experience advising boards on these areas. Boards and senior executives face several questions about how best to approach the challenges of cybersecurity, privacy, and AI governance.

Government

Government Artificial Intelligence Risk Digital transformation

Newsweek Expert Forum Welcomes Cyber Security Expert Joseph Steinberg

Joseph Steinberg

JUNE 23, 2021

Steinberg, who serves as a cybersecurity expert witness, a cybersecurity advisor to both businesses and governments, and a popular columnist, has led organizations within the cybersecurity industry for over two decades. He amassed millions of readers as a regular columnist for Forbes and Inc.

Artificial Intelligence

Artificial Intelligence CISO Technology Cybersecurity

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

France blames Russia-linked APT28 for cyberattacks targeting or compromising a dozen French government bodies and other entities. The Russia-linked APT28 group has targeted or compromised a dozen government organizations and other French entities, the French Government states.

Government

Government Phishing DNS VPN

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

The chief information security officer for a large academic healthcare system affected by the breach told KrebsOnSecurity they participated in a call with the FBI and were told a third party partner managed to recover at least four terabytes of data that was exfiltrated from Change by the cybercriminal group.

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

Russian cyber spies stole data and emails from UK government systems

Security Affairs

AUGUST 8, 2024

Earlier this year, Russian cyber spies breached UK government systems and stole sensitive data and emails, reported The Record media. Earlier this year, Russia’s foreign intelligence service stole internal emails and data on individuals from the UK government. ” reported The Record Media. .

Government

Government Media Accountability Data breaches

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

state privacy laws, the EUs governance of ethical AI deployment, and updated regulations in India and Japan. The SEC Cybersecurity Disclosure Rule highlights transparency in governance. Seara Jose Seara , CEO, DeNexus Recent regulatory updates highlight a shift toward robust cyber risk governance, requiring organizations to adapt.

Cybersecurity

Cybersecurity CISO Risk Government

Ukraine bans Telegram for government agencies, military, and critical infrastructure

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” Despite the ban on military and government devices, Ukrainian users rely heavily on Telegram to communicate and receive news on ongoing conflicts.

Government

Government Phishing Hacking Malware

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government

Government Phishing Malware Banking

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. Given Telegrams end-to-end encryption and widespread use, an exploit that bypasses its security could be a game-changer for cyber espionage. The Russian firm seeks up to $500K for one-click RCE, $1.5M The ban does not affect Ukrainian citizens.

Government

Government Surveillance Mobile Hacking

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

JUNE 5, 2024

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings.

Government

Government Hacking Media Passwords

Hackers stole millions of dollars from Uganda Central Bank

Security Affairs

NOVEMBER 30, 2024

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The syndicate reportedly received $6M in Japan, according to the Monitor. “It

Banking

Banking Government Accountability Hacking

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

Security Affairs

OCTOBER 22, 2024

” Chinese law requires researchers to disclose zero-day vulnerabilities to the government. Experts speculate that the Chinese government was aware of the flaw and may have exploited it as a zero-day.

Hacking

Hacking Government Software Information Security

The ‘Groove’ Ransomware Gang Was a Hoax

Krebs on Security

NOVEMBER 2, 2021

government interests online. It now appears that Groove was all a big hoax designed to toy with security firms and journalists. 22 post from Groove calling for attacks on the United States government sector. government sector and they eat it up. Triggering the directors of information security companies.

Ransomware

Ransomware Cybercrime VPN Media

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

DECEMBER 2, 2024

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Tor Project maintainers are urging users to deploy 200 WebTunnel bridges by year-end allow users in Russia to bypass government censorship. ” reads the announcement published by Tor Project.

Government

Government Internet Internet Hacking

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

Security Affairs

NOVEMBER 10, 2024

South Korea’s government blames pro-Russia threat actors for an intensification of cyberattacks on national sites after it decided to monitor North Korean troops in Ukraine. “The government is actively responding to distributed denial of service (DDoS) attacks targeting some public and private websites.

DDOS

DDOS Government Cyber threats Hacking

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., European, and Asian entities. systems. .”

Malware

Malware Government Hacking Cybersecurity

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures.

Telecommunications

Telecommunications Government Mobile Cyber threats

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.”

Government

Government Hacking Cyber threats Mobile

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

APRIL 27, 2023

This misconfigured Salesforce Community site from the state of Vermont was leaking pandemic assistance loan application data, including names, SSNs, email address and bank account information. Unfortunately, I did not receive any responses from government organizations.” As a result, five companies eventually fixed the problem.

Banking

Banking Government Information Security Authentication

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Security Affairs

NOVEMBER 2, 2024

Sophos, with the help of other cybersecurity firms, government, and law enforcement agencies investigated the cyber attacks and attributed them multiple China-linked APT groups, such as Volt Typhoon , APT31 and APT41 / Winnti. The Chinese hackers have also ramped up the use of zero-day vulnerabilities in targeted devices.

Firmware

Firmware Government Firewall Malware

Pro-Russia group NoName targeted the websites of Italian airports

Security Affairs

DECEMBER 28, 2024

With the renewed support for Ukraine from the Italian government, this group has resumed targeting certain Italian websites.” ” The group published a list of targets on its Telegram channel, which includes government and institutional websites.

DDOS

DDOS Artificial Intelligence Government Cybercrime

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

FEBRUARY 25, 2025

” NKTsKI recommends organizations to strengthen monitoring of threats and information security events in systems provided by LANIT. LANIT Group (Laboratory of New Information Technologies) is one of Russia’s largest IT service and software providers.

Telecommunications

Telecommunications Software Technology Healthcare

ChatGPT SSRF bug quickly becomes a favorite attack vector

Security Affairs

MARCH 18, 2025

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations. “Top targeted industry and geo are Government organisations in the US.” ” reads the advisory. .” ” conclude the report.“Security

Government

Government Healthcare Authentication Hacking

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement and other government agencies to illicitly forward Emergency Data Requests (EDRs) to major online platforms.

Cybercrime

Cybercrime Social Engineering Accountability Government

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises.

Government

Government Malware Phishing Hacking

Chinese man charged for spear-phishing against NASA and US Government

Security Affairs

SEPTEMBER 17, 2024

” The man, who remails at large, used fake email accounts posing as US-based researchers and engineers to target government personnel to obtain software and source code created by the National Aeronautics and Space Administration (“NASA”), research universities, and private companies. Air Force, Navy, Army, and the FAA.”

Phishing

Phishing Government Identity Theft Engineering

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

Security Affairs

FEBRUARY 6, 2025

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S. Targe including the U.S. Army, UN, NATO, and other agencies.

Cybercrime

Cybercrime Government Data breaches Information Security

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

Security Affairs

MARCH 16, 2025

A Micronesian state suffered a ransomware attack and was forced to shut down all computers of its government health agency. A state in Micronesia, the state of Yap, suffered a ransomware attack, forcing the shutdown of all computers in its government health agency. The Department will issue updates as the situation develops.”

Ransomware

Ransomware Government Internet Internet

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

Security Affairs

NOVEMBER 18, 2024

telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The US agencies confirmed that Chinese threat actors had compromised the private communications of a “limited number” of government officials following the compromise of multiple U.S.

Mobile

Mobile Telecommunications Data breaches Hacking

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Joseph Steinberg

DECEMBER 11, 2023

Veteran cybersecurity expert witness executive will help strengthen law enforcement capabilities to prevent, investigate, and prosecute information-age crimes. His opinions are frequently cited in books, law journals, security publications, and general interest periodicals; his cybersecurity-related inventions appear in over 500 U.S.

Cybersecurity

Cybersecurity Artificial Intelligence CISO Technology

Welcoming the Czech Republic Government to Have I Been Pwned

Rhysida Ransomware gang claims the hack of the Government of Peru

Webinars

Trending Sources

Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office

Webinars

Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia

Poland probes Pegasus spyware abuse under the PiS government

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

Information Security Manual (ISM)

Information Security Manual (ISM)

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Montenegro is the Victim of a Cyberattack

Texas is the first state to ban DeepSeek on government devices

New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus

CISA’s 11-Month extension ensures continuity of MITRE’s CVE Program

How boards can manage digital governance in the age of AI

Newsweek Expert Forum Welcomes Cyber Security Expert Joseph Steinberg

France links Russian APT28 to attacks on dozen French entities

Change Healthcare Breach Hits 100M Americans

Russian cyber spies stole data and emails from UK government systems

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Ukraine bans Telegram for government agencies, military, and critical infrastructure

CERT-UA warns of a phishing campaign targeting government entities

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Cisco addressed Webex flaws used to compromise German government meetings

Hackers stole millions of dollars from Uganda Central Bank

VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812

The ‘Groove’ Ransomware Gang Was a Hoax

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

FBI deleted China-linked PlugX malware from over 4,200 US computers

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

New Leak Shows Business Side of China’s APT Menace

Many Public Salesforce Sites are Leaking Private Data

Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Pro-Russia group NoName targeted the websites of Italian airports

Russia warns financial sector organizations of IT service provider LANIT compromise

ChatGPT SSRF bug quickly becomes a favorite attack vector

EDR-as-a-Service makes the headlines in the cybercrime landscape

Awaken Likho APT group targets Russian government with a new implant

Chinese man charged for spear-phishing against NASA and US Government

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

International Association of Chiefs of Police (IACP) Appoints CyberSecurity Expert Witness Joseph Steinberg To Computer Crime & Digital Evidence Committee

Stay Connected