Analysis, Groups and Libraries - Information Management Today

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day.

Libraries

Libraries IT Cybersecurity Risk

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Libraries

Libraries IT Security Information Security

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon , using a novel tradecraft to gain initial access to target networks.

Cleanup

Cleanup Libraries Access Manufacturing

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. ” reads the analysis published by Trend Micro.

Libraries

Libraries Communications Big data Passwords

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Pierluigi Paganini.

IT

IT Libraries Mining Security

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007.

File names

File names Encryption Manufacturing Libraries

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory. ” reads the MAR.

Security

Security Authentication Libraries Passwords

Google addressed a new actively exploited Chrome zero-day

Security Affairs

DECEMBER 20, 2023

The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. Reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19” reads the advisory published by the IT giant.

Libraries

Libraries Access IT Information Security

The Cyentia Library Relaunches

Adam Shostack

JUNE 22, 2020

I’m excited to see that they’re Re-introducing the Cyentia Research Library , with cool (new?) The Cyentia Library lets us see what people are doing in terms of research and data. .’ features like an RSS feed. ’ My longstanding interest in how attackers get access is underserved.

Libraries

Libraries Ransomware Access IT

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

A new Chinese APT group, tracked as KilllSomeOne, appeared in the threat landscape targeting corporate organizations in Myanmar. A new Chinese APT group, tracked as KilllSomeOne, was spotted by researchers at Sophos. The advanced cyber-espionage group is targeting corporate organizations in Myanmar with DLL side-loading attacks.

File names

File names Encryption Libraries IT

Backdoor mechanism found in Ruby strong_password library

Security Affairs

JULY 8, 2019

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7 version 0.0.7

Libraries

Libraries Passwords Security IT

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Security Affairs

NOVEMBER 29, 2023

Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group discovered the zero-day on on 2023-11-24. The CVE-2023-5217 is a high-severity integer overflow in Skia.

Libraries

Libraries Security Access IT

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, the researchers observed a surge in zero-day vulnerabilities in third-party components and libraries that can impact all products that use them. ” continues the report.

Government

Government Ransomware Libraries Access

China-linked APT group Aquatic Panda leverages Log4Shell in recent attack

Security Affairs

DECEMBER 29, 2021

China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability ( CVE 2021-44228 ) in an attack aimed at a large academic institution. ” concludes the report.

Libraries

Libraries Access Security IT

China-linked APT40 group hides behind 13 front companies

Security Affairs

JANUARY 13, 2020

A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber – e spionage group dubbed APT40. The Intrusion Truth group has doxed the fourth Chinese state-sponsored hacking operation. “We know that multiple areas of China each have their own APT.”

Libraries

Libraries Information Security Military Government

DRBControl cyber-espionage group targets gambling, betting companies

Security Affairs

FEBRUARY 19, 2020

The DRBControl APT group has been targeting gambling and betting companies worldwide with malware that links to two China-linked APT groups. Security researchers from TrendMicro have uncovered a cyber espionage campaign carried out by an APT group tracked as DRBControl that employed a new family of malware.

Libraries

Libraries Phishing Passwords IT

Google fixed the second actively exploited Chrome zero-day of 2023

Security Affairs

APRIL 19, 2023

The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-12 [$1000][ 1430644 ] Medium CVE-2023-2137: Heap buffer overflow in sqlite.

Libraries

Libraries Education Access Cybersecurity

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 28, 2023

The vulnerability was discovered by Clément Lecigne from Google’s Threat Analysis Group on 2023-09-25, a circumstance that suggests it was exploited by a nation-state actor or by a surveillance firm. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-09-25″ reads the advisory published by Google.

Libraries

Libraries Passwords Security IT

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The OceanLotus APT group, also known as APT32 or Cobalt Kitty , leverages a steganography-based loader to deliver backdoors on compromised systems. The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a state-sponsored hacking group.

Libraries

Libraries Encryption Communications Manufacturing

Google fixed the third Chrome zero-day of 2023

Security Affairs

JUNE 6, 2023

The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group (TAG), which is the team at Google that monitors the activity of nation-state actors. The vulnerability has reported on June 1, 2023, it is likely that the flaw was exploited as part of an exploit used by a state-sponsored APT group.

Libraries

Libraries Security IT Information Security

Google addressed 3 actively exploited flaws in Android

Security Affairs

JULY 8, 2023

The CVE-2023-26083 is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. The third actively exploited flaw is a critical integer overflow in Skia, which is a Google’s open-source multi-platform 2D graphics library.

Libraries

Libraries Security Access IT

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” and Switzerland.

Phishing

Phishing Libraries File names Metadata

Magecart 5 hacker group targets L7 Routers

Security Affairs

SEPTEMBER 27, 2019

IBM researchers observed one of the Magecart groups using a malicious code to inject into commercial-grade layer 7 L7 routers. IBM X-Force Incident Response and Intelligence Services (IRIS) experts observed that one of the Magecart groups, tracked as MG5, is using malware to inject into commercial-grade L7 routers. Pierluigi Paganini.

Libraries

Libraries Access IT Security

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent.

Military

Military Communications Libraries Encryption

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group discovered the zero-day on on 2023-11-24.

IT

IT Libraries Cybersecurity Passwords

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

SEPTEMBER 24, 2023

Researchers discovered a previously undocumented sophisticated backdoor, named Deadglyph, used by the Stealth Falcon group for espionage in the Middle East ESET researchers discovered a very sophisticated and unknown backdoor, named Deadglyph, employed by the Stealth Falcon group for espionage in the Middle East.

Libraries

Libraries Encryption Security IT

China-linked APT31 targets Russia for the first time

Security Affairs

AUGUST 4, 2021

China-linked APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia. In July 2021, the French national cyber-security agency ANSSI warned of ongoing attacks against a large number of French organizations conducted by the Chine-linked APT31 cyberespionage group.

Libraries

Libraries Security IT Cybersecurity

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Security Affairs

MARCH 16, 2023

“Actors were then able to upload malicious dynamic-link library (DLL) files (some masqueraded as portable network graphics [PNG] files) to the C:WindowsTemp directory.” The joint alert recommends network defenders review the Malware Analysis Report, MAR-10413062-1.v1 ” reads the advisory.

Libraries

Libraries Government Ransomware Cybersecurity

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 22, 2023

The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023. CVE-2023-2136 – Google Chrome Skia Integer Overflow Vulnerability.

IT

IT Libraries Cybersecurity Education

Google fixed the first Chrome zero-day of 2023

Security Affairs

APRIL 14, 2023

The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11” reads the advisory published by Google. The vulnerability is a Type Confusion issue that resides in the JavaScript engine V8.

Libraries

Libraries Education Cybersecurity Security

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group (aka GALLIUM , Softcell ) targeting Linux systems with a new variant of PingPull backdoor. In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. softether[.]net

Communications

Communications Military Government Libraries

The analysis of the code reuse revealed many links between North Korea malware

Security Affairs

AUGUST 10, 2018

Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. ” reads the analysis published by the experts. ” states the report.

Libraries

Libraries Ransomware Security Access

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. ” concludes the report.

Cloud

Cloud Libraries Mining IT

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Military

Military File names Libraries Government

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

The researchers believe that the threat actor behind Attor a state-sponsored group involved in highly targeted attacks on selected targets. ” reads the analysis published by ESET. The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs).

Communications

Communications Encryption Metadata Libraries

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

The analysis of the submissions times in VirusTotal for the artifacts employed in the Nazar campaign allowed the expert to date the campaign between 2010 and 2013. The post Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak appeared first on Security Affairs. Pierluigi Paganini.

Libraries

Libraries Cybersecurity Access IT

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Security Affairs

MAY 25, 2023

North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware. AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks. The msvcr100.dll

Libraries

Libraries Security Cybersecurity Government

Google fixed the ninth actively exploited Chrome zeroday this year

Security Affairs

DECEMBER 3, 2022

The vulnerability was reported by Clement Lecigne of Google’s Threat Analysis Group on November 29, 2022. Reported by Clement Lecigne of Google’s Threat Analysis Group on 2022-11-29 ” reads the advisory published by Google. The CVE-2022-4262 vulnerability is a type confusion bug in the V8 JavaScript.

Libraries

Libraries Communications Security Information Security

Success of AI in academic libraries depends on underlying data

CILIP

JUNE 26, 2019

Success of AI in academic libraries depends on good underlying data. nder, scientific information specialist: Success of AI in academic libraries depends on good underlying data. Why do we hear so little in this respect from libraries on this side of the Atlantic? In what way have the working methods in libraries changed?

Libraries

Libraries Unstructured data Artificial Intelligence Archiving

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Security Affairs

MARCH 15, 2023

Russia-linked APT29 group abused the legitimate information exchange systems used by European countries to target government entities. Russia-linked APT29 (aka SVR group , Cozy Bear , Nobelium , and The Dukes ) was spotted abusing the legitimate information exchange systems used by European countries in attacks aimed at governments.

Metadata

Metadata Government Libraries Phishing

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. ” reads the analysis published by Microsoft. This account had access to the debugging environment containing the crash dump which incorrectly contained the key.”

Authentication

Authentication Libraries Access Government

Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware

Security Affairs

DECEMBER 4, 2022

The APT group employed the AppleJeus malware since at least 2018 to steal cryptocurrencies from the victims. The new campaign observed by Volexity started in June 2022, the APT group registered the domain name bloxholder[.]com dll” – a side-loaded library internally named HijackingLib.dll (md5: e66bc1e91f1a214d098cf44ddb1ae91a).

Libraries

Libraries Access Security IT

Hackers stole card data from 201 campus online stores in US and Canada, is it the Magecart group?

Security Affairs

MAY 5, 2019

Magecart group stole payment card details from the e-commerce system used by colleges and universities in Canada and the US. Security firms have monitored the activities of a dozen Magecart groups at least since 2015. According to a joint report published by RiskIQ and FlashPoint in March, some groups are more advanced than others.

e-Discovery

e-Discovery IT Libraries Analytics

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Webinars

Trending Sources

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Webinars

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

How to Package and Price Embedded Analytics

TeamTNT group adds new detection evasion tool to its Linux miner

China-linked APT41 group targets Hong Kong with Spyder Loader

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Google addressed a new actively exploited Chrome zero-day

The Cyentia Library Relaunches

New KilllSomeOne APT group leverages DLL side-loading

Backdoor mechanism found in Ruby strong_password library

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

China-linked APT group Aquatic Panda leverages Log4Shell in recent attack

China-linked APT40 group hides behind 13 front companies

DRBControl cyber-espionage group targets gambling, betting companies

Google fixed the second actively exploited Chrome zero-day of 2023

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Google fixed the third Chrome zero-day of 2023

Google addressed 3 actively exploited flaws in Android

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Magecart 5 hacker group targets L7 Routers

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

China-linked APT31 targets Russia for the first time

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

Google fixed the first Chrome zero-day of 2023

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

The analysis of the code reuse revealed many links between North Korea malware

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

New Gallmaker APT group eschews malware in cyber espionage campaigns

Attor malware was developed by one of the most sophisticated espionage groups

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Google fixed the ninth actively exploited Chrome zeroday this year

Success of AI in academic libraries depends on underlying data

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Lazarus APT uses fake cryptocurrency apps to spread AppleJeus Malware

Hackers stole card data from 201 campus online stores in US and Canada, is it the Magecart group?

Stay Connected