Data, Information Security and Security - Information Management Today

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Instead, they marked the holiday season in their unique way.

Data breaches

Data breaches Personal data Government IT

Abusing Windows Container Isolation Framework to avoid detection by security products

Security Affairs

AUGUST 31, 2023

Researchers demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at the recent DEF CON hacking conference demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions.

Security

Security Ransomware Communications IT

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S. A new round of the weekly SecurityAffairs newsletter arrived!

Military

Military Security Ransomware Insurance

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Archiving

Archiving Security IT Data breaches

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Google TAG researcher Clément Lecigne discovered the zero-day in June while investigating targeted attacks against Zimbra’s email server. ” reads the advisory published by Google TAG.

Government

Government Authentication Phishing IT

The DDR Advantage: Real-Time Data Defense

Security Affairs

MARCH 27, 2024

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build a real-time data defense. The advantage of Data Detection and Response (DDR) is that you no longer have to wait until the milk is spilled. With DDR, your organization can have real-time data defense. Here’s how it works.

Data Privacy

Data Privacy Risk Cloud Access

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Google’s TAG tracked the activity of around 40 CSVs focusing on the types of software they develop. ” reads the report published by Google. ” concludes Google. . ” concludes Google.

Government

Government Sales Risk IT

Burger King forgets to put a password on their systems, again

Security Affairs

AUGUST 2, 2023

The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time. It’s not the first time Burger King has leaked sensitive data. Among other sensitive data, the file contained credentials for a database.

Passwords

Passwords Analytics Access Risk

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Patch it now! million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Security

Security e-Discovery Artificial Intelligence Ransomware

Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition

Security Affairs

JULY 15, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Data breaches Government Analytics

Security Affairs newsletter Round 371 by Pierluigi Paganini

Security Affairs

JUNE 26, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Follow me on Twitter: @securityaffairs and Facebook. The post Security Affairs newsletter Round 371 by Pierluigi Paganini appeared first on Security Affairs.

Security

Security Data breaches Phishing Ransomware

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. . ” states the report published by Microsoft.

Security

Security Encryption Passwords Communications

Security Affairs newsletter Round 359 by Pierluigi Paganini

Security Affairs

APRIL 3, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Follow me on Twitter: @securityaffairs and Facebook. The post Security Affairs newsletter Round 359 by Pierluigi Paganini appeared first on Security Affairs.

Security

Security Authentication Ransomware Cloud

Security Affairs newsletter Round 357 by Pierluigi Paganini

Security Affairs

MARCH 13, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Follow me on Twitter: @securityaffairs and Facebook. The post Security Affairs newsletter Round 357 by Pierluigi Paganini appeared first on Security Affairs.

Security

Security Data breaches Ransomware Manufacturing

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Ransomware Education

Security Affairs newsletter Round 334

Security Affairs

OCTOBER 3, 2021

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Follow me on Twitter: @securityaffairs and Facebook. The post Security Affairs newsletter Round 334 appeared first on Security Affairs.

Security

Security Data breaches Information Security Risk

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Security Affairs

JULY 13, 2023

“A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced.” ” The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG).

Authentication

Authentication Cloud Security IT

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Government

Government Security IT Information Security

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Data breaches Cybersecurity

Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict

Security Affairs

APRIL 3, 2022

This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Apr 02 – Anonymous leaked 15 GB of data allegedly stolen from the Russian Orthodox Church. Mar 31 – Google TAG details cyber activity with regard to the invasion of Ukraine. Pierluigi Paganini.

Personal data

Personal data Phishing Security IT

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Security Affairs

JULY 23, 2023

Cybersecurity and Infrastructure Security Agency (CISA) this week warned of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. Update on CVE-2023-3519 vulnerable IPs: we now tag 15K Citrix IPs as vulnerable to CVE-2023-3519.

Cybersecurity

Cybersecurity Cloud Encryption Passwords

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. It’s Testing U.S.

Security

Security Military Phishing Sales

Google addressed 3 actively exploited flaws in Android

Security Affairs

JULY 8, 2023

Google released July security updates for Android that addressed tens of vulnerabilities, including three actively exploited flaws. July security updates for Android addressed more than 40 vulnerabilities, including three flaws that were actively exploited in targeted attacks. ” reads the security bulletin. .

Libraries

Libraries Security Access IT

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm.

IT

IT Libraries Cybersecurity Passwords

Facebook is going to shut down Face Recognition system and data it collected

Security Affairs

NOVEMBER 2, 2021

Facebook is using the face recognition system to analyze photos taken of tagged users and associated users’ profile photos to automatically recognize them in photos and videos. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, Facebook).

Artificial Intelligence

Artificial Intelligence IT Privacy Security

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG.

Phishing

Phishing Passwords Military Education

ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

Security Affairs

AUGUST 1, 2022

Stolen data include contracts, agreements, passports, bills, and emails. The company Encevo, which owns the majority of Creos, published a security advisory to announce that the gas pipeline form has suffered a cyber attack that took place between July 22 and 23. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Passwords Communications Cybersecurity

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code. ” The attack chain of this campaign consists of three main parts: loader, malicious attack code, and data exfiltration. .”

Retail

Retail IT Security Information Security

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Archiving

Archiving Access Risk Security

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

Security Affairs

APRIL 15, 2021

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. SAP Security Note #3040210 , tagged with a CVSS score of 9.9 SAP Security Note #3040210 , tagged with a CVSS score of 9.9

Security

Security IT Information Security

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

Security Affairs

DECEMBER 10, 2021

The Chinese security researcher p0rz9 who publicly disclosed the PoC exploit code revealed that the CVE-2021-44228 can only exploited if the log4j2.formatMsgNoLookups The vulnerability was discovered by researchers from the Alibaba Cloud’s security team that notified the Apache Fondation on November 24.

Libraries

Libraries IT Cloud Paper

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. The final payload was the Go-written GC2 tool that gets commands from Google Sheets and exfiltrates data to Google Drive.

Phishing

Phishing Cloud Government Education

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Security Affairs

JULY 30, 2023

The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [ 2021 , 2020 , 2019 ], it is built off of the mid-year 2022 review. ” reads the report published by Google TAG.

IT

IT Security Information Security

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

The leaked documentation demonstrates that the company offers services for remote data extraction from Android and iOS devices. Follow me on Twitter: @securityaffairs and Facebook. appeared first on Security Affairs. Pierluigi Paganini. SecurityAffairs – hacking, surveillance).

IT

IT Security Information Security

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Security Affairs

AUGUST 19, 2022

The Cybereason Global Security Operations Center (GSOC) Team analyzed a cyberattack that involved the Bumblebee Loader and detailed how the attackers were able to compromise the entire network. The threat actors use the obtained credentials to access Active Directory and make a copy of ntds.dit containing data for the entire Active Directory.

Access

Access Archiving Phishing Passwords

Google announces V8 Sandbox to protect Chrome users

Security Affairs

APRIL 9, 2024

. “In particular, neither switching to a memory safe language , such as Rust, nor using current or future hardware memory safety features, such as memory tagging , can help with the security challenges faced by V8 today.” The sandbox then aims to protect the rest of the process from such an attacker.

Access

Access IT Security Information Security

Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict

Security Affairs

MARCH 20, 2022

This post provides a timeline of the events related to the Russia invasion of Ukraine from the cyber security perspective. Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes. March 15 – CaddyWiper, a new data wiper hits Ukraine. Pierluigi Paganini.

Cloud

Cloud Government Risk Information Security

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

The security firm reported its findings to Google, which notified the development teams. ” reads the analysis published by the security firm. “The tags such as ‘ads_enable’ or ‘collect_enable’ indicates each functionality to work or not while other parameters define conditions and availability.”

Libraries

Libraries Data collection Education Security

Reuters: Russia-linked APT behind Brexit leak website

Security Affairs

MAY 28, 2022

Google’s Threat Analysis Group (TAG) chief Shane Huntley told Reuters was set up by a Russia-linked APT dubbed “ Cold River “ At this time it is unclear how the website has obtained the sensitive emails, Reuters pointed out that most of the messages mainly appear to have been exchanged using ProtonMail accounts.

Cybersecurity

Cybersecurity Authentication Security IT

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Security Affairs

JUNE 5, 2023

. “Attackers employ a number of evasion techniques during the campaign, including obfuscating Base64 and masking the attack to resemble popular third-party services, such as Google Analytics or Google Tag Manager.” The stolen data is then appended to the request as query parameters, encoded as a Base64 string.

CMS

CMS Retail Analytics IT

Zeppelin ransomware gang is back after a temporary pause

Security Affairs

MAY 24, 2021

Unlike other ransomware, Zeppelin operators do not steal data from the victims and don’t run a leak site. “This is in contrast with the classic RaaS operations, where developers typically look for partners to breach into a victim network, to steal data, and deploy the file-encrypting malware. Pierluigi Paganini.

Ransomware

Ransomware Encryption Sales Security

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

North Korea-linked APT Lazarus targets security researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software. ESET researchers reported that the North Korea-linked Lazarus APT group is targeting cyber security community with a trojanized pirated version of the popular IDA Pro reverse engineering software.

Cybersecurity

Cybersecurity Ransomware Security IT

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

Security Affairs

FEBRUARY 12, 2024

Datacenter Proxies: this blog post examines the contours of each type and provides info on how to choose the perfect proxy option In the robust landscape of the digital era, our need for privacy, security, and accessibility on the internet has never been more acute. So, how do you choose between the knight and the maverick?

Marketing

Marketing Authentication Privacy Access

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Abusing Windows Container Isolation Framework to avoid detection by security products

Trending Sources

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Zimbra zero-day exploited to steal government emails by four groups

The DDR Advantage: Real-Time Data Defense

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Burger King forgets to put a password on their systems, again

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 371 by Pierluigi Paganini

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs newsletter Round 359 by Pierluigi Paganini

Security Affairs newsletter Round 357 by Pierluigi Paganini

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs newsletter Round 334

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Mar 27 – Apr 02 Ukraine – Russia the silent cyber conflict

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Google addressed 3 actively exploited flaws in Android

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Facebook is going to shut down Face Recognition system and data it collected

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.

A new Magecart campaign hides the malicious code in 404 error page

Google TAG shares details about exploit chains used to install commercial spyware

April 2021 Security Patch Day fixes a critical flaw in SAP Commerce

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

China-linked APT41 group spotted using open-source red teaming tool GC2

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Google announces V8 Sandbox to protect Chrome users

Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict

New Android malicious library Goldoson found in 60 apps +100M downloads

Reuters: Russia-linked APT behind Brexit leak website

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Zeppelin ransomware gang is back after a temporary pause

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

Stay Connected