Analysis, Libraries and Phishing - Information Management Today

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

APRIL 2, 2019

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library.

Libraries

Libraries Phishing Security IT

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

” reads the analysis published by Cybereason. The kill chain starts with phishing messages that use a.docx file that once is opened triggers a template injection attack. . The post Phishing campaign targets LATAM e-commerce users with Chaes Malware appeared first on Security Affairs. The final payload of Chaes is a Node.Js

Phishing

Phishing Mining Libraries Encryption

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. ” concludes the report.

Phishing

Phishing Libraries Cybersecurity IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

eSecurity Planet

APRIL 1, 2024

Horizon3 published an analysis and proof of concept to exploit Fortinet’s FortiClient Enterprise Management Server (EMS). or above March 25, 2024 Hackers Pollute Python Package Index Open-Source Libraries Type of vulnerability (or attack): Malicious library code. The fix: Update affected versions ASAP: FortiClient EMS 7.2:

Libraries

Libraries Authentication Artificial Intelligence Cloud

New variant of BBTok Trojan targets users of +40 banks in LATAM

Security Affairs

SEPTEMBER 24, 2023

BBTok is written in Delphi and uses the Visual Component Library (VCL) to dynamically generate interfaces. The payload is being delivered via phishing emails that use multiple file types. The phishing messages include a malicious link. ” continues the report.

Phishing

Phishing Libraries Archiving IT

Industrial Sector targeted in surgical spear-phishing attacks

Security Affairs

AUGUST 3, 2018

Industrial sector hit by a surgical spear-phishing campaign aimed at installing legitimate remote administration software on victims’ machines. Attackers personalized the content of each phishing email reflecting the activity of the target organization and the type of work performed by the employee to whom the email is sent.

Phishing

Phishing Libraries Passwords Archiving

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

The threat actors leverage spear-phishing emails to deliver archive files utilizing DLL side-loading schemes. ” reads the analysis published by Checkpoint. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library.

Government

Government IT Encryption Libraries

AI & ML Cybersecurity: The Latest Battleground for Attackers & Defenders

eSecurity Planet

FEBRUARY 11, 2022

Statistical analysis on large datasets allows the ability to predict a computer’s behavior and anticipate actions that haven’t even been programmed. Logs analysis to find trends and patterns. Defenders can no longer fight attacks with classic defenses, and it’s especially true with phishing campaigns.

Cybersecurity

Cybersecurity Phishing Analytics Risk

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Security Affairs

MARCH 15, 2023

The attack chain commences with a spear-phishing email containing a weaponized document, which contains a link leading to the download of an HTML file. The HTLM files are hosted on a legitimate online library website that was likely compromised by the threat actors sometime between the end of January 2023 and the beginning of February 2023.

Metadata

Metadata Government Libraries Phishing

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Library branches remain open, Wi-Fi is still available and materials can still be borrowed. As of the publication of this blog post, the Library’s website remains offline.

Data Privacy

Data Privacy Privacy Libraries Security

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. The attacks against the Canadian healthcare organizations were discovered between March 24 and March 26, they started with coronavirus -themed phishing campaigns that were carried out in the last months.

Ransomware

Ransomware Phishing File names Encryption

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. “In July and August 2019, CTU researchers discovered a new large global phishing operation launched by COBALT DICKENS. ” reads the analysis published by Secureworks. ” continues the report.

Phishing

Phishing Libraries File names Metadata

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. ” reads the analysis published by Proofpoint.

Archiving

Archiving Cloud File names Metadata

Magecart attacks are still around but are more difficult to detect

Security Affairs

JUNE 22, 2022

Malwarebytes researchers observed the use of 3 different themes by the threat actor to hide their skimmer, named after JavaScript libraries: hal-data[.]org/gre/code.js ” concludes the analysis. The discovery of additional domains linked to the same infrastructure suggests the campaign dates back to at least May 2020. livestatic[.]com/theme/main.js

Cleanup

Cleanup CMS Libraries Phishing

Enigma info-stealing malware targets the cryptocurrency industry

Security Affairs

FEBRUARY 13, 2023

The attack chain starts with phishing emails or social media messages distributing a RAR archive. ” reads the analysis published by Trend Micro. The second-stage malware, UpdatTask.dll , is a dynamic-link library (DLL) written in C++ that includes two export functions, DllEntryPoint and Entry. ” continues the report.

Archiving

Archiving File names Libraries Phishing

Raccoon Stealer campaign circumvents Microsoft and Symantec anti-spam messaging gateways

Security Affairs

NOVEMBER 24, 2019

The analysis of the logs for sale in the underground community allowed the experts to estimate that Raccoon infected over 100,000 users worldwide at the time of its discovery. ” reads the analysis published by Cofense. “Users of the malware can distribute it in any way they deem fit. ” concludes Cofense.

Libraries

Libraries Sales Phishing IT

HackerGPT 2.0 Unveils New AI Cyber Defense Strategies

eSecurity Planet

MARCH 15, 2024

Step 3: Database Check After confirming the query, HackerGPT explores its extensive library of cybersecurity expertise and resources to find information and resources relevant to the user’s inquiry. It also teaches users about social engineering, phishing , and brute force attacks.

Cybersecurity

Cybersecurity Education Privacy Access

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

Kaspersky experts identified two infection vectors used by LuminousMoth, one leverages spear-phishing messages containing a Dropbox download link, the second one used once gained access to the target network, leverages on removable USB drives. ” reads the analysis published by Kaspersky.

Archiving

Archiving File names Government Libraries

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The alert published by CISA was based on data provided by the Multi-State Information Sharing & Analysis Center (MS-ISAC) and the CISA itself since July 2020. ” reads that alert published by CISA.

Government

Government Libraries Cybersecurity Phishing

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

In February 2020 Belarussian CERT published a security advisory about an ongoing spear-phishing campaign, linked by ESET to XDSpy, targeting several Belarussian ministries and agencies. The malware samples analyzed by the researchers are slightly obfuscated using string obfuscation and dynamic Windows API library loading.

Military

Military Phishing Passwords Government

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

KnowBe4

JUNE 20, 2023

According to Chainalysis, a blockchain analysis firm, there has been a significant increase in the amount of stolen assets by North Korea-backed hackers. You need to know what happens when your employees receive phishing emails: are they likely to click the link? million simulated phishing security tests.

Data breaches

Data breaches Phishing Security awareness Ransomware

The return of the AdvisorsBot malware

Security Affairs

FEBRUARY 1, 2019

Technical analysis. The analysis of this binary is reported in the next paragraph (see “DLL Analysis”). It’s interesting to notice it calls some “non-library” functions; functions loaded from the previously referenced dll file. DLL Analysis. Figure 11 – Static analysis on DLL. Table 3 – DLL information.

Libraries

Libraries Phishing Security IT

New Raccoon Stealer uses Google Cloud Services to evade detection

Security Affairs

APRIL 1, 2020

According to an analysis of the logs for sale in the underground community dated February 2020, Raccoon infected over 100,000 users worldwide at the time of its discovery. The malware is currently distributed via exploit kits, phishing campaigns, and bundled with other malware. ” reads the analysis published by Trend Micro.

Cloud

Cloud Sales Libraries Phishing

FIN6 recently expanded operations to target eCommerce sites

Security Affairs

AUGUST 31, 2019

” reads the analysis published by IRIS. “ we believe ITG08 is actively attacking multinational organizations, targeting specific employees with spear phishing emails advertising fake job advertisements and repeatedly deploying the More_eggs JScript backdoor malware (aka Terra Loader, SpicyOmelette ).”

Retail

Retail Libraries Sales Phishing

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

In July 2018, FireEye observed a series of new attacks of the group leveraging spear-phishing emails using weaponized Word documents that attempt to deliver the UPPERCUT backdoor, also tracked as ANEL. ” reads the analysis published by enSilo. jli.dll – malicious DLL msvcrt100.dll ” concludes the experts.

Libraries

Libraries Phishing Government Cloud

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

The Last Watchdog

MAY 11, 2021

Spear phishing, or even bribery of an insider, are tried-and-true ways to gain initial access; and then living-off-the-land techniques work very well for stealthily mapping network resources and escalating privileges.

Cybersecurity

Cybersecurity Data collection Libraries Analytics

DRBControl cyber-espionage group targets gambling, betting companies

Security Affairs

FEBRUARY 19, 2020

” reads the analysis published by Trend Micro. The group was also observed using modified versions of common malware such as PlugX RAT , Trochilus RAT, keyloggers using the Microsoft Foundation Class (MFC) library, the custom in-memory HyperBro backdoor, and a Cobalt Strike sample. is dated October, 2019.

Libraries

Libraries Phishing Passwords IT

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

Security Affairs

SEPTEMBER 20, 2019

Technical Analysis. The document uses a common phishing schema, it invites the user to enable the macro execution due to compatibility reasons with older Microsoft Office versions. The dropped file payload is a.NET executable embedding some anti-analysis tricks. Static information about the doc macro. Load()” method.

Libraries

Libraries Passwords IT Phishing

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Security Affairs

SEPTEMBER 5, 2018

The group is back and is targeting once again Vietnam running a spear phishing campaign that uses weaponized documents featuring Vietnamese-language lures and themes. ” reads the analysis published by CrowdStrike. The analysis of command and control servers suggests that GOBLIN PANDA hackers are also targeting entities in Laos.

Metadata

Metadata File names Libraries Government

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

. “This group eschews custom malware and uses living off the land (LotL) tactics and publicly available hack tools to carry out activities that bear all the hallmarks of a cyber espionage campaign,” reads the analysis published by Symantec.

Military

Military File names Libraries Government

Mysterious DarkUniverse APT remained undetected for 8 years

Security Affairs

NOVEMBER 5, 2019

The analysis of the script revealed the existence of a mysterious APT group tracked by Kaspersky Lab as ‘ DarkUniverse ’. The DarkUniverse APT carried spear-phishing attacks using weaponized Microsoft Office document, each email was prepared separately for each victim. ” reads the analysis published by Kaspersky.

Libraries

Libraries Phishing Communications Cloud

Security Affairs newsletter Round 228

Security Affairs

AUGUST 25, 2019

5 Common Phishing Attacks and How to Avoid Them? Malware Analysis Sandboxes could expose sensitive data of your organization. Malware Analysis Sandboxes could expose sensitive data of your organization. A backdoor mechanism found in tens of Ruby libraries. Capital One hacker suspected to have breached other 30 companies.

Security

Security Mining Data breaches Libraries

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Technical analysis. The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. The behavioural analysis session recorded the executions of the ZCash miner, stored in the “C:ProgramDataSoftwareDistribution” folder.

Ransomware

Ransomware Mining File names Encryption

APT28 and Upcoming Elections: evidence of possible interference (Part II)

Security Affairs

APRIL 18, 2019

The uncertain attribution of the Ukrainian themed malicious document discussed in our past article “ APT28 and Upcoming Elections: Possible Interference Signals ”, led us to a review of Sofacy’s phishing techniques to confirm or deny the possible involvement of Russian state-sponsored actors in the election interference. Technical Analysis.

Passwords

Passwords Libraries Phishing IT

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

IT Governance

APRIL 22, 2024

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. 16,482,365 known records breached in 240 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories.

Data Privacy

Data Privacy Privacy Manufacturing Security

2021 cyber security review of the year

IT Governance

JANUARY 10, 2022

Analysis from its real-time anti-phishing protection system found that cyber criminals increasingly targeted people who were searching for holidays and weekend breaks. A report emerged in October that criminal hackers had been hijacking high-profile YouTube channels in phishing scams designed to capture their cookies.

Security

Security Data breaches Ransomware Phishing

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. Regarding a broad analysis, it looks like the Trojan-Banker.Win32.ChePro ChePro family, but with improvements that make hard its detection and analysis. Technical Analysis.

Passwords

Passwords e-Discovery IT Cleanup

Analyzing a Danabot Paylaod that is targeting Italy

Security Affairs

DECEMBER 20, 2018

The Cybaze -Yoroi ZLab dissected one of these recent Danabot variants spread across the Italian cyberspace leveraging “ Fattura ” themed phishing emails (e.g. Technical Analysis. These registry keys are responsible of the loading of dynamically linked libraries in the “read only ” and “ hidden ” “ C:ProgramDataD93C2DAC ”.

Libraries

Libraries Phishing Encryption Authentication

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 For more details on this finding see the Technical Analysis below. Technical Analysis. Phishing is, in fact, the major attack vector to distribute threats this nature in-the-wild.

File names

File names Phishing Libraries IT

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

FEBRUARY 21, 2020

At that time, the researchers tracked the sources IP in Pakistan, the attacks were part of a wider operation that relies on multi vector such as watering hole websites and phishing email campaigns delivering custom RATs dubbed Crimson and Peppy. So, Cybaze-Yoroi ZLab team decided to dive deep into technical analysis.

Military

Military Communications Encryption IT

Epic Manchego gang uses Excel docs that avoid detection

Security Affairs

SEPTEMBER 7, 2020

Security experts from NVISO Labs recently spotted the activity of a new malware gang, tracked as Epic Manchego, that is actively targeting companies across the world with phishing emails since June. The phishing messages carry weaponized Excel documents that are able to bypass security checks and that had low detection rates.

Libraries

Libraries Phishing Passwords Security

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples. The malicious activity starts with a phishing email sent to the target victims in Latin American – Brazil, Mexico, Chile, and Peru – and Europe – Spain and Portugal.

Libraries

Libraries Communications Phishing Encryption

Fullz House hacked the website of Boom! Mobile provider to steal credit cards

Security Affairs

OCTOBER 6, 2020

The e-skimmer was first spotted by researchers at Malwarebytes’ Threat Intelligence Team, the researchers noticed a single line of code that is used to load an external JavaScript library from paypal-debit[.]com/cdn/ga.js. us, had been injected with a one-liner that contains a Base64 encoded URL loading an external JavaScript library.”

Libraries

Libraries Phishing Analytics Security

Iran-linked COBALT DICKENS group targets universities in new phishing campaign

Security Affairs

AUGUST 28, 2018

Experts from SecureWorks discovered a large phishing campaign targeting universities carried out by an Iran-linked threat actor COBALT DICKENS. Most of the websites spoofed universities’ online library systems, the attackers were interested in accessing those resources and gather intelligence. ” concludes the report.

Phishing

Phishing Libraries Security Access

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Webinars

Trending Sources

IcedID malware campaign targets Zoom users

Webinars

Vulnerability Recap 4/1/24: Cisco, Fortinet & Windows Server Updates

New variant of BBTok Trojan targets users of +40 banks in LATAM

Industrial Sector targeted in surgical spear-phishing attacks

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

AI & ML Cybersecurity: The Latest Battleground for Attackers & Defenders

Russia-linked APT29 abuses EU information exchange systems in recent attacks

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Iran-linked APT TA453 targets Windows and macOS systems

Magecart attacks are still around but are more difficult to detect

Enigma info-stealing malware targets the cryptocurrency industry

Raccoon Stealer campaign circumvents Microsoft and Symantec anti-spam messaging gateways

HackerGPT 2.0 Unveils New AI Cyber Defense Strategies

China-linked LuminousMoth APT targets entities from Southeast Asia

CISA alert warns of Emotet attacks on US govt entities

XDSpy APT remained undetected since at least 2011

CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches

The return of the AdvisorsBot malware

New Raccoon Stealer uses Google Cloud Services to evade detection

FIN6 recently expanded operations to target eCommerce sites

APT10 is back with two new loaders and new versions of known payloads

RSAC insights: SolarWinds hack illustrates why software builds need scrutiny — at deployment

DRBControl cyber-espionage group targets gambling, betting companies

Commodity Malware Reborn: The AgentTesla “Total Oil” themed Campaign

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

New Gallmaker APT group eschews malware in cyber espionage campaigns

Mysterious DarkUniverse APT remained undetected for 8 years

Security Affairs newsletter Round 228

The Long Run of Shade Ransomware

APT28 and Upcoming Elections: evidence of possible interference (Part II)

The Week in Cyber Security and Data Privacy: 15 – 21 April 2024

2021 cyber security review of the year

A new trojan Lampion targets Portugal

Analyzing a Danabot Paylaod that is targeting Italy

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Epic Manchego gang uses Excel docs that avoid detection

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Fullz House hacked the website of Boom! Mobile provider to steal credit cards

Iran-linked COBALT DICKENS group targets universities in new phishing campaign

Stay Connected