Information Management Today

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Google TAG researcher Clément Lecigne discovered the zero-day in June while investigating targeted attacks against Zimbra’s email server. ” reads the advisory published by Google TAG.

Government

Government Authentication Phishing IT

North Korea-linked threat actors target cybersecurity experts with a zero-day

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity

Cybersecurity Encryption Security IT

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Security Affairs

JULY 27, 2023

Zimbra Collaboration Suite is a comprehensive open-source messaging and collaboration platform that provides email, calendaring, file sharing, and other collaboration tools. It was developed by Zimbra, Inc The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG).

Risk

Risk Security IT Information Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. citizenlab in coordination with @Google ’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s #Predator #spyware through links sent via SMS and WhatsApp.

Security

Security Risk Government IT

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” continues the analysis. Follow me on Twitter: @securityaffairs and Facebook.

Government

Government Security IT Information Security

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

In recent attacks, the group was observed exploiting a XSS vulnerability, tracked as CVE-2023-5631 , by sending a specially crafted email message. The messages were sent from team.managment@outlook[.]com The analysis of the email HTML source code revealed the presence of a SVG tag at the end, which contains a base64-encoded payload.

Military

Military Government Phishing IT

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums.

Phishing

Phishing Archiving Encryption Authentication

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. “ However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence.” In one case observed by the TAG team.

Military

Military Phishing Government Ransomware

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Security Affairs

JULY 13, 2023

Zimbra Collaboration Suite is a comprehensive open-source messaging and collaboration platform that provides email, calendaring, file sharing, and other collaboration tools. ” The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG).

Authentication

Authentication Cloud Security IT

GUEST ESSAY: JPMorgan’s $200 million in fines stems from all-too-common compliance failures

The Last Watchdog

JANUARY 13, 2022

While the price tag of these violations was shocking, the compliance failure was not. The ever-changing landscape of rapid communication via instant messaging apps, such as WhatsApp, Signal, WeChat, Telegram, and others, has left regulated industries to find a balance between compliance and efficient client communication.

Compliance

Compliance Customer Experience Communications Archiving

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Military

Military Security Ransomware Insurance

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Security Affairs

JANUARY 18, 2024

Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Google TAG) ” states CERT/CC. . ” states CERT/CC. CERT/CC also published Vulnerability Note VU#132380 with a comprehensive list of affected vendors, and guidance to mitigate the issues.

IT

IT Information Security Security

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG.

Phishing

Phishing Passwords Military Education

DMARC Setup & Configuration: Step-By-Step Guide

eSecurity Planet

JUNE 1, 2023

At a high level, implementation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard can be done simply and easily for outgoing mail by adding a text file to an organization’s DNS record. To avoid issues, we need to understand the DMARC record tags in detail.

Authentication

Authentication Marketing File names IT

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. Google Threat Analysis Group (TAG) director Shane Huntley confirmed that the IT giant was able to detect and block all phishing messages. government.

Government

Government Phishing Military IT

CloudNine’s LegalWeek 2022 Recap

eDiscovery Daily

MARCH 17, 2022

Through our platform, users can filter, search, and tag items at the individual level. Messages can also be viewed through our 24-hour thread feature which increases review speeds by permitting the numbering, tagging, and production of individual messages while displaying the full context of a conversation.

IT

Reuters: Russia-linked APT behind Brexit leak website

Security Affairs

MAY 28, 2022

According to Reuters, at least victims of the leak confirmed the authenticity of the messages and revealed they were targeted by Russia-linked hackers. ” reported the Reuters. “Dearlove said that the emails captured a “legitimate lobbying exercise which, seen through this antagonistic optic, is now subject to distortion.””

Cybersecurity

Cybersecurity Authentication Security IT

Crooks use HTML smuggling to spread QBot malware via SVG files

Security Affairs

DECEMBER 14, 2022

. “SVG images are constructed using XML, allowing them to be placed within HTML using ordinary XML markup tags. Talos has identified malicious emails featuring HTML attachments with encoded SVG images that themselves contain HTML <script> tags. Including script tags within a SVG image is a legitimate feature of SVG.”

Archiving

Archiving Phishing Passwords Security

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a significant increase in the number of the alert compared to the previous year. ” wrote Ajax Bash, a Google security engineer from the TAG.

Phishing

Phishing Military Government Security

State-sponsored hackers are using COVID-19 lures, Google warns

Security Affairs

APRIL 23, 2020

Google’s Threat Analysis Group (TAG) shared its latest findings related to state-backed attacks and revealed that it has identified more than a dozen state-sponsored groups using COVID-19 lures. The IT giant also announced to have blocked more than 240 million spam messages related to the ongoing COVID-19 pandemic.

Phishing

Phishing Government Communications IT

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Security Affairs

JANUARY 25, 2022

The investigation started in November after Google TAG published a blogpost about watering-hole attacks targeting macOS users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong.

Authentication

Authentication Security IT Information Security

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

MARCH 16, 2023

This will prevent the sending of NTLM authentication messages to remote file shares. The first, CVE-2023-23415 , is a remote code execution vulnerability in the Internet Control Message Protocol (ICMP) with a CVSS score of 9.8. “Microsoft’s public bulletin doesn’t say exactly what type of file (images?

Energy and Utilities

Energy and Utilities Authentication Ransomware Military

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Upon the user’s submission of data into the counterfeit form, an error message is displayed. Unlike variations one and two, data exfiltration in the third variation relies on the injection of fake form that closely resembles the original payment form and overlays it.

Retail

Retail IT Security Information Security

Electronic Records Day 2021

The Texas Record

OCTOBER 8, 2021

We like to raise awareness of the challenges of managing e-records throughout the year, so here is a selection of previously published blog articles on various topics: Social Media and Text Messaging: Are text messages records? How do I capture text message records? Is my office’s social media a record?

Metadata

Metadata Records Management Archiving Cloud

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Security Affairs

AUGUST 19, 2022

The malware is distributed through phishing messages using a malicious attachment or a link to the malicious archive containing Bumblebee. The Cybereason Global Security Operations Center (GSOC) Team analyzed a cyberattack that involved the Bumblebee Loader and detailed how the attackers were able to compromise the entire network.

Access

Access Archiving Phishing Passwords

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. ” Post by @_clem1 & @maddiestone on 4 0days TAG found this year (with IOCs!). Also thoughts on why we are seeing so many 0day in 2021.

Government

Government Security IT Cybersecurity

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

An unsuspecting employee will open a legitimate-looking message and click a link or download a file that releases embedded malware onto their machine or the broader company network. The price tag of the ransom is just one of the many costs of these attacks, and remediation can often exceed this fee many times over. A typical attack.

Ransomware

Ransomware Education Phishing Financial Services

Hackers claim to have compromised 50,000 home cameras and posted footage online

Security Affairs

OCTOBER 19, 2020

“Clips from the hacked footage have been uploaded on pornographic sites recently, with several explicitly tagged as being from Singapore.” ” “The group, which can be found on social messaging platform Discord, has almost 1,000 members across the globe. ” reported The New Paper.”

IoT

IoT Paper Manufacturing Access

Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict

Security Affairs

MARCH 20, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes. March 13 – Anonymous sent a message to Russians: “remove Putin”. Anonymous has published a new message for Russian citizens inviting them to remove Putin that is sacrificing them and killing Ukrainians.

Cloud

Cloud Government Risk Information Security

Dark Basin, a hack-for-hire group that remained under the radar for 7 years

Security Affairs

JUNE 11, 2020

The phishing messages were highly targeted, the group sent them to the targets from a range of email accounts, including Gmail accounts and self-hosted accounts. Sophistication of the bait content, specificity to the target, message volume and persistence across time varied widely between clusters. ” continues the report.

Phishing

Phishing Communications Government IT

A 2023 Reflection: How the Modern Data Dilemma in eDiscovery is Now Getting Solved

eDiscovery Daily

JANUARY 2, 2024

For instance, there are 20 million text/chat messages sent every minute. * By Rick Clark It’s evident that the legal eDiscovery industry is undergoing significant transformation, driven by the ever-expanding data varieties, volumes, and the velocity in growth for varieties and volume, especially in the last year.)

Communications

Communications Artificial Intelligence Data collection Education

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks

Security Affairs

APRIL 15, 2019

In this case, attackers used a common HTML5 attribute, the <a> tag ping, to trick these users to unwittingly participate in a major DDoS attack that flooded one web site with approximately 70 million requests in four hours.” This was the first case of a DDoS attack using the <a> tag ping attribute.

Security

Security IT

What is DKIM Email Security Technology? DKIM Explained

eSecurity Planet

MAY 24, 2023

The DomainKeys Identified Mail (DKIM) email authentication standard enables email servers to check incoming emails to verify the sender and detect email message alterations. Typically, the organization will select the sending domain and portions of the body of the message to generate the hash value.

Encryption

Encryption Security Authentication File names

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mobile devices. I hoped that this will be [some kind of] blacklist, with logging about blocked [messages/calls].

Government

Government Risk IT Marketing

Mariah Carey ‘s Twitter Hacked on New Year’s Eve

Security Affairs

JANUARY 1, 2020

The messages also contained sexual insults against the about rapper Eminem. ” The tweets began around 3 pm PST and continued throughout the day, several messages used the N-word and tagged other Twitter accounts. . ” reads The Hollywood Reporter. million followers on Twitter — on New Year’s Eve.”

Security

Security IT

Russia-linked Cold River APT targeted US nuclear research laboratories

Security Affairs

JANUARY 9, 2023

Threat actors created fake login pages for each organization and sent spear-phishing messages to nuclear scientists in an attempt to trick them into providing their passwords. In March 2022, the Google Threat Analysis Group (TAG) spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine.

Military

Military Phishing Cybersecurity Passwords

Malicious dropper apps on Play Store totaled 30.000+ installations

Security Affairs

OCTOBER 31, 2022

“Obviously, such approach requires more actions from the victim, as the browser will show several messages about the downloaded file. “Android offers a way to tag the content of the window as secure, by using the “FLAG_SECURE” , which prevents it “from appearing in screenshots or from being viewed on non-secure displays”.

Authentication

Authentication Security IT Information Security

Researchers analyzed the PREDATOR spyware and its loader Alien

Security Affairs

MAY 29, 2023

” In May 2022, Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. The attacks aimed at installing the surveillance spyware Predator, developed by the North Macedonian firm Cytrox.

IT

IT Communications Access Manufacturing

What Happens When You Don’t Have a Modern Data Solution?

eDiscovery Daily

JANUARY 11, 2022

This means the context of the whole conversation including text before and after the individual messages could lose context in the conversation, leaving a void in the interpretation. Cell Phone Discovery: Reviewing Text Messages In a Modern Data Review Platform. For example, in Rossbach v.

Computer and Electronics

Computer and Electronics Metadata Communications Risk

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

Helpfully, many of the faces in that photo have been tagged and associated with their respective Facebook profiles. pk — but the message bounced back, saying there was no such address. Similarly, a call to the Lahore phone number listed on the website produced an automated message saying the number is not in service.

Phishing

Phishing IT Passwords Cloud

Dormant Colors campaign operates over 1M malicious Chrome extensions

Security Affairs

OCTOBER 25, 2022

The attack chain relies on malvertising messages that were crafted to trick victims into clicking on the install button as seen in the following video: Upon clicking on the ‘OK’ or ‘Continue’ button, the victims are prompted to install a color-changing extension.

Phishing

Phishing Privacy IT Security

Google addressed an XSS flaw in Gmail

Security Affairs

NOVEMBER 18, 2019

AMP4Email makes it easier the management of dynamic content inside emails, it allows users to easily take action directly from within the message itself, like RSVP to an event, fill out a questionnaire, browse a catalog or respond to a comment. getElementById ( ‘username’) or document. querySelector ( ‘#username’).”

Security

Security IT Access Information Security

Expert released PoC for Outlook for Android flaw addressed by Microsoft

Security Affairs

JUNE 23, 2019

The vulnerability is a stored cross-site scripting issue that is related to the way the app parses incoming email messages. “A A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. reads the security advisory published by Microsoft. “The It failed, which is good.

Mining

Mining Access Authentication Security

Zimbra zero-day exploited to steal government emails by four groups

North Korea-linked threat actors target cybersecurity experts with a zero-day

Webinars

Trending Sources

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Webinars

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

How to Package and Price Embedded Analytics

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

YouTube creators’ accounts hijacked with cookie-stealing malware

Google TAG details cyber activity with regard to the invasion of Ukraine

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

GUEST ESSAY: JPMorgan’s $200 million in fines stems from all-too-common compliance failures

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

DMARC Setup & Configuration: Step-By-Step Guide

Google blocked China-linked APT31’s attacks targeting U.S. Government

CloudNine’s LegalWeek 2022 Recap

Reuters: Russia-linked APT behind Brexit leak website

Crooks use HTML smuggling to spread QBot malware via SVG files

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

State-sponsored hackers are using COVID-19 lures, Google warns

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

Microsoft Targets Critical Outlook Zero-Day Flaw

A new Magecart campaign hides the malicious code in 404 error page

Electronic Records Day 2021

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Google: four zero-day flaws have been exploited in the wild

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

Hackers claim to have compromised 50,000 home cameras and posted footage online

Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict

Dark Basin, a hack-for-hire group that remained under the radar for 7 years

A 2023 Reflection: How the Modern Data Dilemma in eDiscovery is Now Getting Solved

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks

What is DKIM Email Security Technology? DKIM Explained

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Mariah Carey ‘s Twitter Hacked on New Year’s Eve

Russia-linked Cold River APT targeted US nuclear research laboratories

Malicious dropper apps on Play Store totaled 30.000+ installations

Researchers analyzed the PREDATOR spyware and its loader Alien

What Happens When You Don’t Have a Modern Data Solution?

“FudCo” Spam Empire Tied to Pakistani Software Firm

Dormant Colors campaign operates over 1M malicious Chrome extensions

Google addressed an XSS flaw in Gmail

Expert released PoC for Outlook for Android flaw addressed by Microsoft

Stay Connected