Information Management Today

Google TAG spotted actors using new code signing tricks to evade detection

Security Affairs

SEPTEMBER 26, 2021

Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. ” read the analysis published by Google TAG.

Security

Security IT Information Security

Crickets from Chirp Systems in Smart Lock Key Leak

Krebs on Security

APRIL 15, 2024

government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021.

Analytics

Analytics Cybersecurity Passwords Communications

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 7, 2024

The vulnerability impacts Google Chrome prior to 116.0.5845.179, it allows a remote attacker to execute arbitrary code via a crafted HTML page. TAG observed these exploits delivered in two different ways: the MITM injection and via one-time links sent directly to the target. reads the analysis published by Google TAG. “We

IT

IT Cybersecurity Risk Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. CVE-2023-41993 is an arbitrary code execution issue that resides in the Webkit. TAG experts explained that they were unable to capture the full Predator implant.

Security

Security Risk Government IT

North Korea-linked threat actors target cybersecurity experts with a zero-day

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity

Cybersecurity Encryption Security IT

Burger King forgets to put a password on their systems, again

Security Affairs

AUGUST 2, 2023

If a threat actor is able to find and exploit an arbitrary PHP code execution vulnerability within the site, the credentials within.env could allow easier and more stealthy extraction of the MySQL database. Another piece of sensitive information that the research team observed included a Google Tag Manager ID.

Passwords

Passwords Analytics Access Risk

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Security Affairs

JUNE 19, 2022

The analysis of the updates revealed that they patched a code injection vulnerability that an unauthenticated attacker can exploit to execute arbitrary code or delete arbitrary files on the websites where a separate POP chain was present. The vulnerability resides in the Merge Tag feature of the plugin.

Cybersecurity

Cybersecurity Security IT Information Security

Apple released iOS 17.2 to address a dozen of security flaws

Security Affairs

DECEMBER 12, 2023

Successful exploitation of the flaw may lead to arbitrary code execution. Apple also addressed a code execution flaw, tracked as CVE-2023-42890, in the WebKit. Processing web content may lead to arbitrary code execution. The IT giant addressed the flaw by improving memory handling.

Security

Security IT Information Security

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Archiving

Archiving Risk Government IT

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Security Affairs

APRIL 2, 2024

“When viewed by an administrator, the malicious code is executed in the context of the administrator’s browser session and allows for the creation of malicious administrator users as well as changes to an affected site’s settings which could lead to a complete site takeover.” ” reads the advisory published by Wordfence.

Access

Access IT Information Security Security

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Security Affairs

APRIL 13, 2022

The remote code execution flaw, tracked as CVE-2020-17530, resides in forced OGNL evaluation when evaluated on raw user input in tag attributes. Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution – similar to S2-059.”

Cybersecurity

Cybersecurity Security IT Information Security

Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike

Security Affairs

OCTOBER 18, 2022

HelpSystems, the company that developed the Cobalt Strike platform, addressed a critical remote code execution vulnerability in its software. HelpSystems, the company that developed the commercial post-exploitation toolkit Cobalt Strike, addressed a critical remote code execution vulnerability, tracked as CVE-2022-42948, in its platform.

IT

IT Security Information Security

Millions of sites could be hacked due to flaws in popular WordPress plugins

Security Affairs

MARCH 19, 2021

Experts found vulnerabilities in two WordPress plugins that could be exploited to run arbitrary code and potentially take over a website. Security researchers disclosed vulnerabilities in Elementor and WP Super Cache WordPress plugins that could be exploited to run arbitrary code and take over a website under certain circumstances.

Authentication

Authentication Security Access IT

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Security Affairs

JULY 23, 2023

Update on CVE-2023-3519 vulnerable IPs: we now tag 15K Citrix IPs as vulnerable to CVE-2023-3519. We extended the tagging logic to tag as vulnerable all that return Last Modified headers with a date before July 1, 2023 00:00:00Z. reads the advisory published by CISA. “In We also improved NetScaler AAA detection coverage.

Cybersecurity

Cybersecurity Cloud Encryption Passwords

Apache Software Foundation fixes code execution flaw in Apache Struts 2

Security Affairs

DECEMBER 8, 2020

The Apache Software Foundation addressed a possible remote code execution vulnerability in Struts 2 related to the OGNL technology. . The Apache Software Foundation has released a security update to address a “possible remote code execution” flaw in Struts 2 that is related to the OGNL technology. . ” Pierluigi Paganini.

Cybersecurity

Cybersecurity Security IT Information Security

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

The analysis of the email HTML source code revealed the presence of a SVG tag at the end, which contains a base64-encoded payload. The messages were sent from team.managment@outlook[.]com com and had the subject Get started in your Outlook. ” reads the analysis published by ESET. ” reads the analysis published by ESET.

Military

Military Government Phishing IT

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

” reads the post published by TAG. TAG determined that the APT group abused the zero-day vulnerability in the JScript engine of Internet Explorer. An attacker can exploit the flaw to execute arbitrary code when the victim visits an attacker-controlled website. CVE-2017-0199 ). Pierluigi Paganini.

IT

IT Security Information Security

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

JANUARY 3, 2024

The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm. CVE-2023-7101 – The flaw is Spreadsheet::ParseExcel Remote Code Execution Vulnerability. Google released emergency updates to address this zero-day vulnerability.

Libraries

Libraries IT Cybersecurity Risk

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Security Affairs

JULY 13, 2023

.” The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. Thank you to @Zimbra for publishing this advisory and mitigation advice!

Authentication

Authentication Cloud Security IT

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. ” The attack chain of this campaign consists of three main parts: loader, malicious attack code, and data exfiltration. .

Retail

Retail IT Security Information Security

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” continues the analysis. Follow me on Twitter: @securityaffairs and Facebook.

Government

Government Security IT Information Security

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Security Affairs

JUNE 5, 2023

Magecart attacks target e-commerce websites, the name “Magecart” is derived from the malicious code (JavaScript) typically injected by the attackers into compromised websites. The attack chain commences by scanning the web for vulnerable legitimate sites and hacking them to inject malicious code.

CMS

CMS Retail Analytics IT

Abusing Windows Container Isolation Framework to avoid detection by security products

Security Affairs

AUGUST 31, 2023

Because we can override files using the IO_REPARSE_TAG_WCI_1 reparse tag without the detection of antivirus drivers, their detection algorithm will not receive the whole picture and thus will not trigger.” Scan files with the tag in the PRE_CLEANUP function even if they were not altered. ” continues the report.

Security

Security Ransomware Communications IT

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. “To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. The macOS exploits were different from the iOS ones.

Encryption

Encryption IT Security Information Security

Crooks use HTML smuggling to spread QBot malware via SVG files

Security Affairs

DECEMBER 14, 2022

The malicious HTML code is generated within the browser on the target device which is already inside the security perimeter of the victim’s network. . “SVG images are constructed using XML, allowing them to be placed within HTML using ordinary XML markup tags. ” reads the analysis published by Talos.

Archiving

Archiving Phishing Passwords Security

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums.

Phishing

Phishing Archiving Encryption Authentication

Experts warn of a surge of attacks targeting Ivanti SSRF flaw

Security Affairs

FEBRUARY 5, 2024

The availability of a PoC exploit code could help threat actors to launch attacks against Internet-facing installs. Researchers from Shadowserver observed the exploitation of the flaw CVE-2024-21893 in the wild by multiple threat actors, however, they pointed out that the attacks began hours prior to the publication of the Rapid7 PoC code.

Authentication

Authentication Security Access IT

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Archiving

Archiving Access Risk Security

Google announces V8 Sandbox to protect Chrome users

Security Affairs

APRIL 9, 2024

Almost every Chrome exploits observed in the wild between 2021 and 2023 triggered a memory corruption issue in a Chrome renderer process that was exploited for remote code execution (RCE). The V8 Sandbox is designed to prevent memory corruption issues that would impact other areas of memory in the process. ” reads the announcement.

Access

Access IT Security Information Security

Microsoft Patches Six Zero-Day Security Holes

Krebs on Security

JUNE 8, 2021

Among the zero-days are: – CVE-2021-33742 , a remote code execution bug in a Windows HTML component. “The ‘exploit detected’ tag means attackers are actively using them, so for me, it’s the most important piece of information we need to prioritize the patches.”

Security

Security Ransomware Phishing Cloud

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Google TAG shared indicators of compromise (IoCs) for both campaigns. The experts pointed out that both campaigns were limited and highly targeted. The exploits were used to install commercial spyware and malicious apps on targets’ devices.

Cybersecurity

Cybersecurity Education Risk Security

Threat actors actively exploit Control Web Panel RCE following PoC release

Security Affairs

JANUARY 12, 2023

Threat actors are actively exploiting a recently patched critical remote code execution (RCE) vulnerability in Control Web Panel (CWP). Ongoing mass exploitation of CVE-2022-44877 (Centos Web Panel 7 Unauthenticated Remote Code Execution). pic.twitter.com/PC8b9frmA9 — Germán Fernández (@1ZRR4H) January 11, 2023.

Security

Security IT Information Security

Apple fixed the 17th zero-day flaw exploited in attacks

Security Affairs

OCTOBER 4, 2023

The IT giant also addressed a buffer overflow issue, tracked as CVE-2023-5217 , in WebRTC that may result in arbitrary code execution. The flaw was discovered by security researcher Clément Lecigne from Google’s Threat Analysis Group (TAG). The company addressed the vulnerability by updating to libvpx 1.13.1.

Security

Security IT Information Security

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Security Affairs

JANUARY 18, 2024

PixieFail issues can be exploited to achieve remote code execution and leakage of sensitive information, and carry out denial-of-service (DoS), and network session hijacking attacks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Google TAG)

IT

IT Information Security Security

Apple addressed 2 new iOS zero-day vulnerabilities

Security Affairs

NOVEMBER 30, 2023

An attacker can trick a victim into visiting specially crafted web content to potentially execute arbitrary code on the impacted devices. The fact that the issues were discovered by Google TAG suggests they were exploited by a nation-state actor or by a surveillance firm. The company addressed the flaw with improved locking.

Security

Security IT Information Security

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Security Affairs

JANUARY 25, 2022

The investigation started in November after Google TAG published a blogpost about watering-hole attacks targeting macOS users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong.

Authentication

Authentication Security IT Information Security

Annual Protest Raises $250K to Cure Krebs

Krebs on Security

MARCH 31, 2019

I undertook the research because Coinhive’s code at the time was found on tens of thousands of hacked Web sites, and Coinhive seemed uninterested in curbing widespread abuse of its platform. Please tag your donation bills properly if they shall be accounted. The official tag is ‘krebsspende.’

Mining

Mining Privacy IT

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Military

Military Security Ransomware Insurance

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

Leaked documents details the purchase of an iOS Remote Code Execution zero-day exploit for $8,000,000. Leaked documents online show the purchase (and documentation of) an $8,000,000 iOS Remote Code Execution 0day exploit pic.twitter.com/lhmc8QdfGv — vx-underground (@vxunderground) August 24, 2022.

IT

IT Security Information Security

Balada Injector still at large – new domains discovered

Security Affairs

AUGUST 9, 2023

This revealed to us the injected exploit code responsible for remote access to infected machines and redirect-based malvertising scheme control. Within the file, there were seven brackets of PHP tags and each of them contained an obfuscated piece of code within. sortyellowapples[.]com/scripts/get[.]js? com/scripts/get[.]js?

Access

Access IT Security Information Security

IoT: Living at the edge

OpenText Information Management

APRIL 19, 2024

VIPER: Well, if IoT was an emoji or an expression, it would be: (1) a cloud with legs, (2) a tornado of devices, or (3) an air-tag tracking anything (keys, dog, purse, avocado). From QR codes to RFID tags to Bluetooth devices, the ability to track and trace physical assets has become much easier. You: What is IoT?

IoT

IoT Cloud Authentication Manufacturing

Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw

Security Affairs

DECEMBER 12, 2021

On Friday, 10, 2021, Chinese security researcher p0rz9 publicly disclosed the PoC exploit code for this issue and revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups Query our API for "tags=CVE-2021-44228" for source IP addresses and other IOCs. Tags available to all users and customers now.

Libraries

Libraries Digital transformation Education Government

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library. “An attacker can use this vulnerability to construct a special data request packet, which eventually triggers remote code execution.

Libraries

Libraries IT Cloud Data breaches

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. Google TAG researchers reported that the same group, tracked as Zinc ,” also targeted security researchers in past campaigns.

Security

Security Phishing Information Security Communications

Google TAG spotted actors using new code signing tricks to evade detection

Crickets from Chirp Systems in Smart Lock Key Leak

Webinars

Trending Sources

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Webinars

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

North Korea-linked threat actors target cybersecurity experts with a zero-day

Burger King forgets to put a password on their systems, again

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Apple released iOS 17.2 to address a dozen of security flaws

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

XSS flaw in WordPress WP-Members Plugin can lead to script injection

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike

Millions of sites could be hacked due to flaws in popular WordPress plugins

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Apache Software Foundation fixes code execution flaw in Apache Struts 2

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

APT37 used Internet Explorer Zero-Day in a recent campaign

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

A new Magecart campaign hides the malicious code in 404 error page

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Abusing Windows Container Isolation Framework to avoid detection by security products

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Crooks use HTML smuggling to spread QBot malware via SVG files

YouTube creators’ accounts hijacked with cookie-stealing malware

Experts warn of a surge of attacks targeting Ivanti SSRF flaw

Google TAG shares details about exploit chains used to install commercial spyware

Google announces V8 Sandbox to protect Chrome users

Microsoft Patches Six Zero-Day Security Holes

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Threat actors actively exploit Control Web Panel RCE following PoC release

Apple fixed the 17th zero-day flaw exploited in attacks

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Apple addressed 2 new iOS zero-day vulnerabilities

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Annual Protest Raises $250K to Cure Krebs

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Balada Injector still at large – new domains discovered

IoT: Living at the edge

Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Stay Connected