Information Management Today

SEO Poisoning Attacks on Healthcare Sector Rising, HHS Warns

Data Breach Today

JUNE 23, 2023

Search Scams Luring Users to Malware-Infected Sites Are Often Tricky to Detect Search engine optimization poisoning attacks, which involve intentionally manipulating search results to lead users onto malware-laced websites, are on the rise in the healthcare sector, U.S. federal regulators warn.

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Google’s TAG tracked the activity of around 40 CSVs focusing on the types of software they develop. ” reads the report published by Google. ” concludes Google.

Government

Government Sales Risk IT

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Archiving

Archiving Security IT Data breaches

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Ransomware Education

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. ” reads the analysis published by Google TAG.

Phishing

Phishing Archiving Encryption Authentication

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. Pierluigi Paganini.

Encryption

Encryption IT Security Information Security

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. ” reads the post published by TAG. TAG determined that the APT group abused the zero-day vulnerability in the JScript engine of Internet Explorer. CVE-2017-0199 ). Pierluigi Paganini.

IT

IT Security Information Security

Crooks use HTML smuggling to spread QBot malware via SVG files

Security Affairs

DECEMBER 14, 2022

Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a phishing campaign distributing the QBot malware using a new technique that leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments. Pierluigi Paganini.

Archiving

Archiving Phishing Passwords Security

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG.

Phishing

Phishing Passwords Military Education

Google warned 12K+ users targeted by state-sponsored hackers

Security Affairs

DECEMBER 1, 2019

Google’s Threat Analysis Group (TAG) revealed that it has detected and blocked attacks carried out by nation-state actors on 12,000 of its users in the third quarter of this year. ” reads the report published by Google TAG.”We SecurityAffairs – Google TAG, state-sponsored hacking). Pierluigi Paganini.

Phishing

Phishing Authentication Passwords Risk

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Military

Military Security Ransomware Insurance

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. Google TAG researchers reported that the same group, tracked as Zinc ,” also targeted security researchers in past campaigns.

Security

Security Phishing Information Security Communications

Abusing Windows Container Isolation Framework to avoid detection by security products

Security Affairs

AUGUST 31, 2023

Algorithms based on this log source look for certain patterns to detect file system-based malware and prevent them before any irreversible damage is done. Scan files with the tag in the PRE_CLEANUP function even if they were not altered. ” continues the report. “This is where our driver comes into play.

Security

Security Ransomware Communications IT

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. ” Upon installing the malware on the target system, it queries Google Sheets to obtain attacker commands. .”The

Phishing

Phishing Cloud Government Education

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. Google Threat Analysis Group (TAG) director Shane Huntley confirmed that the IT giant was able to detect and block all phishing messages. government.

Government

Government Phishing Military IT

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. “ However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence.” In one case observed by the TAG team.

Military

Military Phishing Government Ransomware

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

Security Affairs

MARCH 13, 2022

Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. March 8 – Google TAG: Russia, Belarus-linked APTs targeted Ukraine. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs.

Blockchain

Blockchain Phishing Military Passwords

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a significant increase in the number of the alert compared to the previous year. ” wrote Ajax Bash, a Google security engineer from the TAG.

Phishing

Phishing Military Government Security

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Security Affairs

AUGUST 19, 2022

Most Bumblebee infections started by users executing LNK files which use a system binary to load the malware. The malware is distributed through phishing messages using a malicious attachment or a link to the malicious archive containing Bumblebee. SecurityAffairs – hacking, malware). Pierluigi Paganini.

Access

Access Archiving Phishing Passwords

Poulight Stealer, a new Comprehensive Stealer from Russia

Security Affairs

MAY 7, 2020

This category of malware includes famous malware like Azorult , Agent Tesla , and Hawkeye. Like most of the malware of this specific family, it is generated from a builder available to cyber criminal groups that offer a subscription plan for its “product”. Figure 4: Loader module of the malware. Introduction.

Data structuring

Data structuring IT Marketing Security

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Security Affairs

JANUARY 25, 2022

The investigation started in November after Google TAG published a blogpost about watering-hole attacks targeting macOS users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong.

Authentication

Authentication Security IT Information Security

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies. SocksEscort[.]com

Analytics

Analytics Passwords Systems administration Retail

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Security

Security e-Discovery Artificial Intelligence Ransomware

Zeppelin ransomware gang is back after a temporary pause

Security Affairs

MAY 24, 2021

Last month experts spotted a new variant of the ransomware on a hacker forum allowing buyers to opt how to use the malware. “This is in contrast with the classic RaaS operations, where developers typically look for partners to breach into a victim network, to steal data, and deploy the file-encrypting malware.

Ransomware

Ransomware Encryption Sales Security

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Security

Security Military Phishing Sales

Balada Injector still at large – new domains discovered

Security Affairs

AUGUST 9, 2023

During a routine web monitoring operation, we discovered an address that led us down a rabbit hole of WordPress-orientated “hack waves” caused by the Balada Injector malware. Within the file, there were seven brackets of PHP tags and each of them contained an obfuscated piece of code within. 206.76.55.162.clients.your-server.de

Access

Access IT Security Information Security

North Korea-linked hackers target security experts again

Security Affairs

MARCH 31, 2021

Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. ” reads the post published by Google TAG. Unlike January campaign, the website of SecuriElite site wasn’t yet to host malicious exploits to deliver malware.

Security

Security Cybersecurity IT

French Firms Rocked by Kasbah Hacker?

Krebs on Security

MARCH 2, 2020

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. ‘FATAL’ ERROR.

Passwords

Passwords Manufacturing Security Data breaches

US arrested Latvian woman who developed part of Trickbot malware

Security Affairs

JUNE 5, 2021

The US Department of Justice (DOJ) announced the arrest of a Latvian woman for her alleged role in the development of the Trickbot malware. The US Department of Justice (DOJ) announced the arrest of Alla Witte (aka Max), a Latvian woman that was charged for her alleged role in the development of the Trickbot malware.

Ransomware

Ransomware Encryption Government Security

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. ” Post by @_clem1 & @maddiestone on 4 0days TAG found this year (with IOCs!). Also thoughts on why we are seeing so many 0day in 2021.

Government

Government Security IT Cybersecurity

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes. “Glupteba malware masquerades as free, downloadable software, videos, or movies (“freeware”) and infects a device when a user clicks on a link to the freeware. .” users were warned via Safe Browsing.

Blockchain

Blockchain Mining Cloud Access

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Security Affairs

JUNE 5, 2023

In the recent campaign uncovered by Akamai, threat actors hijack legitimate websites to act as makeshift C2 servers and use them to distribute malware. Once stolen the data, attackers exfiltrate them through a straightforward HTTP request that is initiated by creating an IMG tag within the software skimmer.

CMS

CMS Retail Analytics IT

RomCom RAT attackers target groups supporting NATO membership of Ukraine

Security Affairs

JULY 10, 2023

. “This file’s goal is to load the OLE streams into Microsoft Word, to render an iframe tag responsible for the execution of the next stage of malware.” The last stage malware is the RomCom RAT which is used by operators to collect information about the compromised system and execute remote commands.

Phishing

Phishing Government IT Security

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. ” This week, Google Threat Analysis Group (TAG) also warned of North Korea-linked hackers targeting security researchers through social media. ” concludes Microsoft.

Security

Security Encryption Passwords Communications

Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch

Security Affairs

OCTOBER 31, 2022

Will asked Patrick about the ZIP files used in the malware campaign to see if they were exploiting the same vulnerability or employing some other trick to bypass the “Mark of the Web.” In order to prevent unauthorized actions, files downloaded from the internet in Windows are tagged with a MotW flag.

Ransomware

Ransomware Security IT Information Security

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

IDA Pro is widely used by malware researchers to translate machine-executable code into assembly language source code for purpose of debugging and reverse engineering. . In March, researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media.

Cybersecurity

Cybersecurity Ransomware Security IT

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

An unsuspecting employee will open a legitimate-looking message and click a link or download a file that releases embedded malware onto their machine or the broader company network. The price tag of the ransom is just one of the many costs of these attacks, and remediation can often exceed this fee many times over.

Ransomware

Ransomware Education Phishing Financial Services

Massive iPhone Hack Targets Uyghurs

Schneier on Security

SEPTEMBER 3, 2019

Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. released on February 7.).

Government

Government IT

Security Affairs newsletter Round 357 by Pierluigi Paganini

Security Affairs

MARCH 13, 2022

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape Charities and NGOs providing support in Ukraine hit by malware. If you want to also receive for free the newsletter with the international press subscribe here. Is it fake news? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Security

Security Data breaches Ransomware Manufacturing

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

Baka is a sophisticated e-skimmer developed by a skilled malware developer that implements a unique obfuscation method and loader. The skimmer loads dynamically to avoid static malware scanners and uses unique encryption parameters for each victim to obfuscate the malicious code.” ” reads the alert published by VISA.

e-Delivery

e-Delivery Encryption Passwords Authentication

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store. “The tags such as ‘ads_enable’ or ‘collect_enable’ indicates each functionality to work or not while other parameters define conditions and availability.”

Libraries

Libraries Data collection Education Security

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . TAG sent a above average batch of government-backed security warnings yesterday. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Phishing

Phishing Military Government Security

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Security

Security Ransomware Data breaches Cybersecurity

SEO Poisoning Attacks on Healthcare Sector Rising, HHS Warns

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Webinars

Trending Sources

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Webinars

Google TAG warns of Russia-linked APT groups targeting Ukraine

YouTube creators’ accounts hijacked with cookie-stealing malware

China-linked APT Curious Gorge targeted Russian govt agencies

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

APT37 used Internet Explorer Zero-Day in a recent campaign

Crooks use HTML smuggling to spread QBot malware via SVG files

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Google warned 12K+ users targeted by state-sponsored hackers

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Abusing Windows Container Isolation Framework to avoid detection by security products

China-linked APT41 group spotted using open-source red teaming tool GC2

Google blocked China-linked APT31’s attacks targeting U.S. Government

Google TAG details cyber activity with regard to the invasion of Ukraine

Mar 06- Mar 12 Ukraine – Russia the silent cyber conflict

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Poulight Stealer, a new Comprehensive Stealer from Russia

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Who and What is Behind the Malware Proxy Service SocksEscort?

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Zeppelin ransomware gang is back after a temporary pause

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Balada Injector still at large – new domains discovered

North Korea-linked hackers target security experts again

French Firms Rocked by Kasbah Hacker?

US arrested Latvian woman who developed part of Trickbot malware

Google: four zero-day flaws have been exploited in the wild

Google disrupts the Glupteba botnet

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

RomCom RAT attackers target groups supporting NATO membership of Ukraine

Microsoft: North Korea-linked Zinc APT targets security experts

Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Massive iPhone Hack Targets Uyghurs

Security Affairs newsletter Round 357 by Pierluigi Paganini

Visa warns of new sophisticated credit card skimmer dubbed Baka

New Android malicious library Goldoson found in 60 apps +100M downloads

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Stay Connected