Security Affairs

MARCH 27, 2024

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense. The advantage of Data Detection and Response (DDR) is that you no longer have to wait until the milk is spilled. With DDR, your organization can have real-time data defense. Here’s how it works.

Data Privacy 95

Data Privacy Risk Cloud Access 95

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security 122

Security Phishing Information Security Communications 122

Data Protection Report

APRIL 30, 2024

The claims related to the company’s sharing personal data without consumer consent and making it very difficult for consumers to cancel their subscriptions to this telehealth service. The order also requires that the company destroy personal data for which it had not received consent and to create a document retention and destruction policy.

Personal data 85

Personal data Privacy Information governance Compliance 85

Security Affairs

FEBRUARY 11, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Cybersecurity Announcement of a Visa Restriction Policy to Promote Accountability for the Misuse of Commercial Spyware Critical Security Issue Affecting TeamCity On-Premises (CVE-2024-23917) – Update to 2023.11.3

Security 91

Security Ransomware Sales Cybersecurity 91

Security Affairs

JANUARY 18, 2024

In the past, the group’s activity involved persistent phishing and credential theft campaigns leading to intrusions and data theft. Google TAG researchers warn that COLDRIVER is evolving tactics, techniques and procedures (TTPs), to improve its detection evasion capabilities. ” reads TAG’s analysis.

Phishing 92

Phishing Encryption Military Archiving 92

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Google’s TAG tracked the activity of around 40 CSVs focusing on the types of software they develop. ” reads the report published by Google. ” concludes Google. . ” concludes Google.

Government 103

Government Sales Risk IT 103

Security Affairs

AUGUST 2, 2023

The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. It’s not the first time Burger King has leaked sensitive data. Among other sensitive data, the file contained credentials for a database.

Passwords 96

Passwords Analytics Access Risk 96

Security Affairs

JANUARY 21, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Patch it now! million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Security 95

Security e-Discovery Artificial Intelligence Ransomware 95

Security Affairs

AUGUST 6, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. It’s Testing U.S.

Security 77

Security Military Phishing Sales 77

Security Affairs

JULY 15, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 90

Security Data breaches Government Analytics 90

Security Affairs

APRIL 2, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! If you want to also receive for free the newsletter with the international press subscribe here.

Security 85

Security Artificial Intelligence Data breaches Ransomware 85

Security Affairs

JUNE 26, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Follow me on Twitter: @securityaffairs and Facebook. The post Security Affairs newsletter Round 371 by Pierluigi Paganini appeared first on Security Affairs.

Security 79

Security Data breaches Phishing Ransomware 79

Security Affairs

NOVEMBER 2, 2021

Facebook announced to shut down its Face Recognition system and is going to delete over 1 billion people’s facial recognition profiles. Facebook announced it will stop using the Face Recognition system on its platform and will delete over 1 billion people’s facial recognition profiles. SecurityAffairs – hacking, Facebook).

Artificial Intelligence 95

Artificial Intelligence IT Privacy Security 95

Security Affairs

OCTOBER 3, 2021

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Follow me on Twitter: @securityaffairs and Facebook. The post Security Affairs newsletter Round 334 appeared first on Security Affairs.

Security 52

Security Data breaches Information Security Risk 52

Security Affairs

MARCH 13, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Follow me on Twitter: @securityaffairs and Facebook. The post Security Affairs newsletter Round 357 by Pierluigi Paganini appeared first on Security Affairs.

Security 85

Security Data breaches Ransomware Manufacturing 85

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing 87

Phishing Military Ransomware Education 87

Security Affairs

JULY 13, 2023

“A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced.” ” The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG).

Authentication 87

Authentication Cloud Security IT 87

Security Affairs

APRIL 23, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 72

Security Ransomware Data breaches Cybersecurity 72

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Government 110

Government Security IT Information Security 110

Security Affairs

APRIL 3, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Follow me on Twitter: @securityaffairs and Facebook. The post Security Affairs newsletter Round 359 by Pierluigi Paganini appeared first on Security Affairs.

Security 78

Security Authentication Ransomware Cloud 78

Security Affairs

JULY 23, 2023

Cybersecurity and Infrastructure Security Agency (CISA) this week warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. Update on CVE-2023-3519 vulnerable IPs: we now tag 15K Citrix IPs as vulnerable to CVE-2023-3519.

Cybersecurity 89

Cybersecurity Cloud Encryption Passwords 89

Security Affairs

JULY 8, 2023

Google released July security updates for Android that addressed tens of vulnerabilities, including three actively exploited flaws. July security updates for Android addressed more than 40 vulnerabilities, including three flaws that were actively exploited in targeted attacks. ” reads the security bulletin. .

Libraries 95

Libraries Security Access IT 95

Security Affairs

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm.

IT 90

IT Libraries Cybersecurity Passwords 90

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG.

Phishing 80

Phishing Passwords Military Education 80

Security Affairs

AUGUST 1, 2022

Stolen data include contracts, agreements, passports, bills, and emails. The company Encevo, which owns the majority of Creos, published a security advisory to announce that the gas pipeline form has suffered a cyber attack that took place between July 22 and 23. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware 118

Ransomware Passwords Communications Cybersecurity 118

Security Affairs

OCTOBER 12, 2023

Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. ” The attack chain of this campaign consists of three main parts: loader, malicious attack code, and data exfiltration. .”

Retail 106

Retail IT Security Information Security 106

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Archiving 86

Archiving Access Risk Security 86

Security Affairs

APRIL 3, 2022

This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Apr 02 – Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church. Mar 31 – Google TAG details cyber activity with regard to the invasion of Ukraine. Pierluigi Paganini.

Personal data 98

Personal data Phishing Security IT 98

Security Affairs

APRIL 15, 2021

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. SAP Security Note #3040210 , tagged with a CVSS score of 9.9 SAP Security Note #3040210 , tagged with a CVSS score of 9.9

Security 103

Security IT Information Security 103

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. The final payload was the Go-written GC2 tool that gets commands from Google Sheets and exfiltrates data to Google Drive.

Phishing 94

Phishing Cloud Government Education 94

Security Affairs

JULY 30, 2023

The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [ 2021 , 2020 , 2019 ], it is built off of the mid-year 2022 review. ” reads the report published by Google TAG.

IT 85

IT Security Information Security 85

Security Affairs

AUGUST 28, 2022

The leaked documentation demonstrates that the company offers services for remote data extraction from Android and iOS devices. Follow me on Twitter: @securityaffairs and Facebook. appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, surveillance).

IT 129

IT Security Information Security 129

Security Affairs

APRIL 9, 2024

. “In particular, neither switching to a memory safe language , such as Rust, nor using current or future hardware memory safety features, such as memory tagging , can help with the security challenges faced by V8 today.” The sandbox then aims to protect the rest of the process from such an attacker.

Access 114

Access IT Security Information Security 114

Security Affairs

AUGUST 19, 2022

The Cybereason Global Security Operations Center (GSOC) Team analyzed a cyberattack that involved the Bumblebee Loader and detailed how the attackers were able to compromise the entire network. The threat actors use the obtained credentials to access Active Directory and make a copy of ntds.dit containing data for the entire Active Directory.

Access 112

Access Archiving Phishing Passwords 112

Security Affairs

MARCH 20, 2022

This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes. March 15 – CaddyWiper, a new data wiper hits Ukraine. Pierluigi Paganini.

Cloud 83

Cloud Government Risk Information Security 83

Security Affairs

APRIL 15, 2023

The security firm reported its findings to Google, which notified the development teams. ” reads the analysis published by the security firm. “The tags such as ‘ads_enable’ or ‘collect_enable’ indicates each functionality to work or not while other parameters define conditions and availability.”

Libraries 94

Libraries Data collection Education Security 94

Security Affairs

DECEMBER 10, 2021

The Chinese security researcher p0rz9 who publicly disclosed the PoC exploit code revealed that the CVE-2021-44228 can only exploited if the log4j2.formatMsgNoLookups The vulnerability was discovered by researchers from the Alibaba Cloud’s security team that notified the Apache Fondation on November 24. Pierluigi Paganini.

Libraries 140

Libraries IT Cloud Paper 140