Ease Your Cybersecurity Maturity Model Certification Journey With Qualys

The Cybersecurity Maturity Model Certification CMMC is a cybersecurity training, certification, and assessment program from the United States Department of Defense DoD. CMMC is designed to provide increased assurance to the DoD that a contractor can adequately protect controlled unclassified...

A Destabilizing Hack-and-Leak Operation Hits Moldova

Plus: Google’s location snooping ends in a $391 million settlement, Russian code sneaks into US government apps, and the World Cup apps set off alarms...

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022

The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking...

#StopRansomware: Hive

Today, CISA, the Federal Bureau of Investigation FBI, and the Department of Health and Human Services HHS released joint Cybersecurity Advisory CSA StopRansomware: Hive Ransomware to provide network defenders tactics, techniques, and procedures TTPs and indicators of compromise IOCs associated wi...

Billbug returns after two years to conduct an espionage campaign

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary After being widely active in the year 2018-2019, Billbug, a Chinese state-sponsored group, is back after almost two years. They have been attacking multiple government agencies in an Asian country since...

CISA and FBI Release Advisory on Iranian Government-Sponsored APT Actors Compromising Federal Network

Today, CISA and the Federal Bureau of Investigation FBI published a joint Cybersecurity Advisory CSA, Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester. The CSA provides information on an incident at a Federal Civilian Executive Branch...

Another Event-Related Spyware App

Last month, we were warned not to install Qatars World Cup app because it was spyware. This month, its Egypts COP27 Summit app: The app is being promoted as a tool to help attendees navigate the event. But it risks giving the Egyptian government permission to read users emails and messages. Even...

Will a Labeling System Solve IoT Security Challenges?

By Waqas The planned smart device security labeling program spearheaded by the US government will be introduced next year, although… This is a post from HackRead.com Read the original post: Will a Labeling System Solve IoT Security Challenges?...

Harsher penalties for data breaches in new Australian privacy bill

High-profile breaches mean high-profile action In the aftermath of another crop of high-profile data breaches, the Australian Government also known as the Commonwealth Government has introduced amendments to Australian privacy law which give the regulator new powers and the ability to impose...

Researchers Detail New Malware Campaign Targeting Indian Government Employees

The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach. "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions ...

Indian Government targeted by APT-36

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary APT 36, also known as Transparent Tribe, is an information theft and espionage gang that was last active in mid-July 2022. Recently, invasive advertising and the data exfiltration tool LimePad were used t...

cyprus.gov.cy Cross Site Scripting vulnerability OBB-3035288

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SQL Injection Vulnerability in UFIDA GRP-U8 Administration and Utilities Internal Control Management Software (New Government Accounting System Special Edition) (CNVD-2022-84009)

Founded in 1988, UFIDA is a leading digital intelligence platform and service provider for enterprises and public organizations in China and around the world. A SQL injection vulnerability exists in UFIDA GRP-U8 Administration and Utilities Internal Control Management Software New Government...

APT trends report Q3 2022

For more than five years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have publishe...

Discover Microsoft Security solutions for SLTT government grant readiness

As part of the Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act of 2021, the United States federal government announced a cybersecurity grant program for state, local, territorial, and tribal SLTT governments to fund allocation of USD1 billion over the next...

British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called The Real Deal that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye, who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been...

Australia Increases Fines for Massive Data Breaches

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. Thats $50 million AUD, or $32 million USD. This is a welcome change. The problem is one of incentives,...

Quarterly Report: Incident Response Trends in Q3 2022

Ransomware and pre-ransomware engagements make up 40 percent of threats seen this quarter For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this quarter. It can b...

Quarterly Report: Incident Response Trends in Q3 2022

Ransomware and pre-ransomware engagements make up 40 percent of threats seen this quarter By Caitlin Huey. For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this...

Looking for student debt relief? Watch out for scammers says the FBI

The FBI believes that scammers may be after people applying for the One-Time Federal Student Loan Debt Relief, a program announced by the Biden-Harris Administration in August 2022 that provides up to $20,000 in student loan debt relief. In a recent public service announcement, the agency warned ...