Tag: government
-
Ransomware bei einem Krankenhaus auf den U.S. Virgin Islands
by
in SecurityNewsJFL Hospital Becomes Latest Government Entity Hit by Cyberattack Following V.I. Lottery Ransomware Incident First seen on viconsortium.com Jump to article: viconsortium.com/vi-government/virgin-islands-jfl-hospital-becomes-latest-government-entity-hit-by-cyberattack-following-v-i–lottery-ransomware-incident
-
Report: Musk-Led Task Force Gained Nuclear Network Accounts
by
in SecurityNewsEnergy Department Disputes Nuclear Access Breach Claims in Latest DOGE Controversy. Department of Government Efficiency staffers gained access to accounts on classified networks storing some of the nation’s top nuclear secrets according a report published concurrently with a lawsuit arguing the task force is unconstitutional and lacks congressional approval. First seen on govinfosecurity.com Jump to…
-
Gov.uk One Login yet to meet government cyber security standards for critical public services
by
in SecurityNewsThe government’s flagship digital identity system still does not fully conform to key national security standards three years after launch, while questions remain over whether historic security problems have been resolved First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623357/Govuk-One-Login-yet-to-meet-government-cyber-security-standards-for-critical-public-services
-
Governments are using zero-day hacks more than ever
by
in SecurityNewsGoogle says zero-day threats are trending upward even as total detections fell in 2024. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/google-governments-are-using-zero-day-hacks-more-than-ever/
-
2025 The International Year of Quantum Science and Technology
by
in SecurityNews
Tags: access, attack, cloud, compliance, computer, conference, crypto, cryptography, cybersecurity, data, encryption, finance, government, group, Hardware, infrastructure, international, lessons-learned, network, nist, regulation, risk, risk-assessment, software, strategy, technology, tool2025 The International Year of Quantum Science and Technology divya Tue, 04/29/2025 – 07:48 It is no surprise that the United Nations declared 2025 as the International Year of Quantum Science and Technology (IYQ). Not only does it mark the 100-year point since quantum physics were discovered, but for those who have been following, the…
-
Government hackers are leading the use of attributed zero-days, Google says
by
in SecurityNewsGovernments like China and North Korea, along with spyware makers, used the most recorded zero-days in 2024. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/
-
CISA Adds Broadcom Brocade Fabric OS Flaw to Known Exploited Vulnerabilities List
by
in SecurityNews
Tags: advisory, cisa, cyber, cybersecurity, exploit, flaw, government, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory after adding a critical Broadcom Brocade Fabric OS vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw, tracked as CVE-2025-1976, affects Broadcom’s widely deployed Brocade Fabric OS and has drawn increased concern from government and enterprise security teams due to its…
-
‘Source of data’: are electric cars vulnerable to cyber spies and hackers?
by
in SecurityNewsBritish defence firms have reportedly warned staff not to connect their phones to Chinese-made EVsMobile phones and desktop computers are longstanding targets for cyber spies but how vulnerable are electric cars?On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with…
-
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
by
in SecurityNews
Tags: apt, business, cloud, credentials, data, data-breach, espionage, government, malware, risk, theft, threatEarth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion…
-
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
by
in SecurityNews
Tags: apt, business, cloud, credentials, data, data-breach, espionage, government, malware, risk, theft, threatEarth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion…
-
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
by
in SecurityNews
Tags: apt, business, cloud, credentials, data, data-breach, espionage, government, malware, risk, theft, threatEarth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion…
-
Threat Actors Hacking SAP Critical Zero-Day
by
in SecurityNewsUnauthenticated Hackers Exploit CVE-2025-31324 to Upload Webshells. Threat actors are exploiting a zero-day flaw in a partially deprecated SAP tool still widely used by governments and businesses. On Friday, SAP’s security division, Onapsis, disclosed that CVE-2025-31324 is actively exploited in the wild. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/threat-actors-hacking-sap-critical-zero-day-a-28098
-
Secure by Design is likely dead at CISA. Will the private sector make good on its pledge?
by
in SecurityNews
Tags: cisa, cybersecurity, government, office, risk, risk-management, sbom, software, technology, toolCISA’s Secure by Design effort is ‘tiny’: Not everyone believes in the concept of security by design. Jeff Williams, founder and CTO of Contrast Security and creator of the first OWASP Top 10 list in 2002, told CSO that, in his view, the very first secure-by-design manual was the vaunted August 1983 “Orange Book” produced…
-
19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email
by
in SecurityNews
Tags: apt, attack, cyber, email, espionage, exploit, government, hacker, infrastructure, phishing, spear-phishing, threat, vulnerabilityThe NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat (APT) attack campaigns, predominantly targeting regions across South Asia, East Asia, Eastern Europe, and South America. These incursions highlighted a continuation of targeted cyber espionage and sabotage activities, primarily focusing on government agencies, critical infrastructure, and prominent industry sectors through a…
-
Ukrainian state and banking services restored after data center outage
by
in SecurityNewsA Ukrainian cloud provider said it had restored services after a power outage disrupted operations for customers including government agencies and major companies over the weekend. First seen on therecord.media Jump to article: therecord.media/ukraine-state-and-banking-services-restored
-
Car Subscription Features Raise Your Risk of Government Surveillance, Police Records Show
by
in SecurityNewsRecords reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features. First seen on wired.com Jump to article: www.wired.com/story/police-records-car-subscription-features-surveillance/
-
Earth Kurma Targets Southeast Asia With Rootkits and Cloud-Based Data Theft Tools
by
in SecurityNewsGovernment and telecommunications sectors in Southeast Asia have become the target of a “sophisticated” campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024.The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the…
-
Government Set to Ban SIM Farms in European First
by
in SecurityNewsThe UK government says it will ban the possession or supply of SIM farms, in a fraud crackdown First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/government-ban-sim-farms-european/
-
The Impact of Politics on Cybersecurity: CVE’s and the Chris Krebs Executive Order
by
in SecurityNewsWhat would happen if the US government halted funding for the CVE program? In this episode, we explore the controversies surrounding the funding of the CVE program, the role of CVEs in the cybersecurity industry, and the recent launch of the CVE Foundation. We also discuss the Trump Administration’s executive order that revoked the security……
-
Darcula phishing toolkit gets AI boost, democratizing cybercrime
by
in SecurityNews
Tags: ai, apt, attack, automation, awareness, china, credentials, cybercrime, defense, detection, endpoint, finance, google, government, group, infrastructure, malicious, network, phishing, resilience, risk, service, skills, smishing, threat, tool, training, updateAI creates push-button phishing attacks: With the latest update to the “darcula-suite” toolkit, users can now generate phishing pages using generative AI that mimics websites with near-perfect accuracy, and in any language.”Users provide a URL of a legitimate brand or service, and the tool automatically visits that website, downloads all of its assets, and renders…
-
6 types of risk every organization must manage, and 4 strategies for doing it
by
in SecurityNews
Tags: ai, attack, backup, best-practice, breach, business, compliance, control, cyber, cybersecurity, data, finance, framework, fraud, GDPR, governance, government, grc, hacker, healthcare, infrastructure, insurance, intelligence, law, mitigation, office, phishing, ransom, ransomware, regulation, risk, risk-assessment, risk-management, service, startup, strategy, technology, threat, training, vulnerabilityCybersecurity risks Threats such as data breaches, phishing attacks, system intrusions, and broader digital vulnerabilities fall under the umbrella of security risks. The definition of cybersecurity risk is constantly evolving, now encompassing threats related to artificial intelligence and AI-driven systems.If you’re trying to mitigate risks in this area, you need to think not just about…
-
Nearly 500,000 impacted by 2023 cyberattack on Long Beach, California
by
in SecurityNewsMore than a year after a cyberattack on the government of Long Beach, California, the city is informing residents that information on nearly half a million people was leaked. First seen on therecord.media Jump to article: therecord.media/long-beach-california-data-breach-announcement
-
CISOs band together to urge world governments to harmonize cyber rules
by
in SecurityNewsPolicymakers have moved slowly to reduce regulatory overlap, but the new industry plea could help change that. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisos-governments-harmonize-cyber-rules/746275/
-
UK bans export of video game controllers to Russia to hinder attack drone pilots
by
in SecurityNewsIn a sanctions package including more than 150 new measures, the British government said it was closing loopholes being exploited by the Kremlin. First seen on therecord.media Jump to article: therecord.media/uk-bans-video-game-controllers
-
10 key questions security leaders must ask at RSA 2025
by
in SecurityNews
Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trustIs agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
-
Erodiert die Security-Reputation der USA?
by
in SecurityNews
Tags: business, ceo, china, cisa, ciso, cybersecurity, cyersecurity, endpoint, exploit, germany, governance, government, intelligence, iran, kaspersky, north-korea, service, strategy, threat, usaTrump stiftet Verunsicherung auch wenn’s um Cybersicherheit geht.Nachdem US-Präsident Donald Trump nun auch Cybersicherheitsunternehmen per Executive Order für abweichende politische Positionen abstraft, befürchten nicht wenige Branchenexperten, dass US-Sicherheitsunternehmen künftig ähnlich in Verruf geraten könnten wie ihre russischen und chinesischen Konkurrenten. Die zentralen Fragen sind dabei:Können sich CISOs beziehungsweise ihre Unternehmen künftig noch auf US-amerikanische Bedrohungsinformationen…
-
ISMG Editors: Chris Krebs Resigns as Silent Industry Watches
by
in SecurityNewsAlso: CVE Program Faces Funding Cliff, Whistleblower Flags DOGE Cybersecurity Gaps. In this week’s update, ISMG editors unpacked a whirlwind of cybersecurity drama related to the U.S. government, including Chris Krebs’ abrupt exit from SentinelOne to defend against President Trump, the CVE program funding scare and explosive whistleblower claims against Elon Musk’s DOGE task force.…
-
Seeking Post-Mitre Management: What’s Next for CVE Program?
by
in SecurityNewsDespite Last-Minute Reprieve, Fresh Approach and Ownership Required, and Soon This week’s near-disruption in funding for the Mitre-administered Common Vulnerabilities and Exposures Program shows that the U.S. government no longer wants to be footing the tab. Many experts say this is an opportunity to redesign the CVE Program to be more neutral, sustainable and international.…
-
Cybersecurity Snapshot: NIST Aligns Its Privacy and Cyber Frameworks, While Researchers Warn About Hallucination Risks from GenAI Code Generators
by
in SecurityNews
Tags: access, advisory, ai, attack, breach, china, cisa, cisco, ciso, cloud, computer, control, csf, cve, cyber, cyberattack, cybersecurity, data, defense, encryption, espionage, exploit, firmware, framework, governance, government, group, hacker, hacking, healthcare, identity, infrastructure, Internet, LLM, malicious, mfa, mitigation, mitre, network, nist, open-source, password, phishing, privacy, risk, risk-assessment, router, service, software, strategy, supply-chain, technology, threat, tool, update, vulnerabilityCheck out NIST’s effort to further mesh its privacy and cyber frameworks. Plus, learn why code-writing GenAI tools can put developers at risk of package-confusion attacks. Also, find out what Tenable webinar attendees said about identity security. And get the latest on the MITRE CVE program and on attacks against edge routers. Dive into five…