TA505 Group Hides Malware in Legitimate Certificates

Data Breach Today

APT Group Targets Banks With Backdoor Malware to Penetrate Networks TA505, a sophisticated advanced persistent threat group, is now using legitimately signed certificates to disguise malware that can penetrate banking networks, security researchers warn in a new report

Groups 242

A Year Later, Cybercrime Groups Still Rampant on Facebook

Krebs on Security

Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft.

Groups 196

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. SecurityAffairs – Pacha Group, cryptocurrency miners).

Secur Solutions Group data leak exposes 800,000 Singapore blood donors

Security Affairs

Secur Solutions Group data leak – Another clamorous data leak made the headlines, personal information of 808,201 blood donors in Singapore was exposed online. SecurityAffairs – Secur Solutions Group, data breach).

The Pyramid Hotel Group data leak exposes 85GB of security logs of major hotel chains

Security Affairs

vpnMentor researches have recently discovered that hotel brands managed by The Pyramid Hotel Group have suffered a data leak. Data leaked by the company could be used by attackers to gather information about hotels’ network and security measures implemented to protect them.

Toyota Australia, Healthcare Group Hit By Cyberattacks

Data Breach Today

Country Has Faced a Series of Security Incidents in Recent Weeks Australia has faced a few tough weeks on the cybersecurity front. A healthcare group acknowledged it was the victim of a ransomware attack. Toyota Australia's computer systems were still down Friday after an attempted cyberattack. And last week, suspected nation-state attackers hit Parliament's email systems

Groups 189

Xenotime Group Sets Sights on Electrical Power Plants

Data Breach Today

Groups 175

The Radisson Hotel Group has suffered a data breach

Security Affairs

The hotel chain Radisson Hotel Group suffered a security breach that exposed personal information of the members of its loyalty scheme. The incident has happened on September 11, but the IT staff at the Radisson Hotel Group identified it only on October first.

Groups 108

Russian APT groups target European governments ahead of May Elections

Security Affairs

Russian APT groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. According to experts from FireEye, Russia-linked APT28 (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) and Sandworm Team (also TeleBots ) cyberespionage groups are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections. SecurityAffairs – Russian APT group, cyberespionage).

BlackTech espionage group exploited ASUS update process to deliver Plead Backdoor

Security Affairs

The BlackTech cyber-espionage group exploited the ASUS update process for WebStorage application to deliver the Plead backdoor. The cyber espionage group tracked as BlackTech compromised the ASUS update process for WebStorage application to deliver the Plead backdoor.

Hunting the ICEFOG APT group after years of silence

Security Affairs

A security researcher found new evidence of activities conducted by the ICEFOG APT group, also tracked by the experts as Fucobha. The group of hackers went dark just after the Kaspersky shared findings of its investigation in September 2013.

Groups 111

Microsoft says Russian APT28 espionage group hit Democratic Institutions in Europe

Security Affairs

Microsoft says Russian APT28 group carried out multiple cyberattacks on democratic institutions in Europe between September and December 2018. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Groups 102

Lazarus Group Widens Tactics in Cryptocurrency Attacks

Threatpost

Cryptography Government Malware Web Security apt campaign Cryptocurrency Lazarus Group macos users North Korea South Korea widened tactics WindowsMacOS users, as well as Windows, are in the cross-hairs, especially those based in South Korea.

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. which according to google translate would be: “PIK Group of Companies order details”.

A Chief Security Concern for Executive Teams

Krebs on Security

Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. That’s because very few of the world’s biggest companies list any security executives in their highest ranks.

Buckeye APT group used Equation Group tools prior to ShadowBrokers leak

Security Affairs

China-linked APT group tracked as APT3 was using a tool attributed to the NSA-linked Equation Group more than one year prior to Shadow Brokers leak. The APT3 cyberespionage group had been active since at least 2009 and its last operation was uncovered in mid-2017.

Magecart group infected over 17,000 domains via unprotected AWS S3 Buckets

Security Affairs

The Magecart continues to target websites worldwide, it infected over 17,000 domains by targeting improperly secured Amazon S3 buckets. . “These buckets are un-secure because they are misconfigured, which allows anyone with an Amazon Web Services account to read or write content to them.”

Groups 105

Facebook banned Archimedes Group, misinformation made in Israel

Security Affairs

A new political misinformation campaign was uncovered and blocked by Facebook, this time it was not operated by Russia but Israel’s Archimedes Group. ” Facebook banned Archimedes Group and all of its subsidiaries from its social media platforms.

GreyEnergy cyberespionage group targets Poland and Ukraine

Security Affairs

Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy. Experts from ESET speculate the BlackEnergy threat actor evolved into two separate APT groups, namely TeleBots and GreyEnergy.

Groups 109

Group-IB UncoversAPT- attacks on Banks: The Sound of Silence

Security Affairs

Researchers at security firm Group-IB have exposed the attacks carried out by the Silence cybercriminal group, providing details on its tactics and tools. Experts at security firm Group-IB have exposed the attacks committed by Silence cybercriminal group.

CVE-2019-1132 Windows Zero-Day exploited by Buhtrap Group in government attack

Security Affairs

Since August of 2015, the Buhtrap group has conducted 13 successful attacks against financial institutions stealing more than ?1. “ but June 2019 was the first time we saw the Buhtrap group use a zero-day exploit as part of a campaign.

Groups 100

Apple Disables Group FaceTime Following Major Privacy Glitch

Threatpost

Mobile Security Privacy apple FaceTime FaceTime groups iphone iPhone bug security flawThe bug allows iPhone users to FaceTime other iOS users and eavesdrop on their conversations - even when the other end of the line doesn't pick up.

Magecart Group Ups Ante: Now Goes After Admin Credentials

Threatpost

The group's skimmer has added some capabilities that steals credentials from admins. Uncategorized Vulnerabilities Web Security admin credentials data breach digital skimmer e-commerce group 11 magecart Magecart group Skimmer VisionDirect VisionDirect data breach

Turla APT group adds Topinambour Trojan to its arsenal

Security Affairs

Kaspersky researchers revealed that since earlier this year, Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks. Security experts at Kaspersky revealed that the Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks since early 2019. In the past months, security experts reported the APT group has been updating its arsenal.

Snowden speaks about the role of surveillance firm NSO Group in Khashoggi murder

Security Affairs

The popular US whistleblower Edward Snowden has reported the abuse of surveillance made by many governments, he blamed the Israeli company NSO Group for developing and selling surveillance software to Saudi Arabia. Speaking during a conference in Tel Aviv on Wednesday, Snowden explained that the spy software developed by NSO Group enabled the murder of dissident journalist Jamal Khashoggi, at a conference in Tel Aviv on Wednesday. Security Affairs – NSO Group, Khashoggi).

Facebook Let Dozens of Cybercrime Groups Operate in Plain Sight

WIRED Threat Level

Researchers found 74 groups offering stolen credit cards and hacking tools with simple Facebook searches. Security Security / Security NewsWho needs the dark web?

North Korea-linked group Lazarus targets Latin American banks

Security Affairs

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported.

Groups 112

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

Security Affairs

The head of London’s Serpentine Galleries resigned on Tuesday following a Guardian report about her links to the Israeli surveillance firm NSO Group. On Tuesday, the chief executive of London’s Serpentine Galleries, Yana Peel, resigned following the revelation of the Guardian newspaper about her links to the Israeli surveillance firm NSO Group. SecurityAffairs – NSO group, Surveillence).

APT40 cyberespionage group supporting growth of China’s naval sector

Security Affairs

A cyber-espionage group, tracked as APT40, apparently linked to the Chinese government is focused on targeting countries important to the country’s Belt and Road Initiative. The cyber-espionage group tracked as APT40 (aka TEMP.

FIN6 group starts using LockerGoga and Ryuk Ransomware

Security Affairs

Security experts at FireEye observed the financially motivated group FIN6 adding the LockerGoga and Ryuk ransomware to its arsenal. The post FIN6 group starts using LockerGoga and Ryuk Ransomware appeared first on Security Affairs.

A Mysterious Hacker Group Is On a Supply Chain Hijacking Spree

WIRED Threat Level

A group of likely Chinese hackers has poisoned the software of seven companies in just the last three years. Security Security / Cyberattacks and Hacks

Magecart Hacker Group Hits 17,000 Domains—and Counting

WIRED Threat Level

Security Security / Cyberattacks and HacksMagecart hackers are casting the widest possible net to find vulnerable ecommerce sites—but their method could lead to even bigger problems.

Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Security Affairs

Russia-Linked cyberespionage group Turla uses a new toolset and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. In June, ESET researchers observed the Russia-linked cyberespionage group using weaponizing PowerShell scripts in attacks against EU diplomats.

Fox Entertainment Group puts document management in the spotlight

OpenText Information Management

As the legal community steps up to meet the needs of a digital world, law firms and legal departments are recognizing the need to ensure that information is managed and secure, yet easily accessible.

Whitefly espionage group was linked to SingHealth Singapore Healthcare Breach

Security Affairs

Security experts at Symantec linked the massive Singapore Healthcare breach suffered by SingHealth to the ‘Whitefly’ cyberespionage group. Data belonging to Singapore’s Prime Minister Lee Hsien Loong and of other ministers have been exposed in the security breach.

MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats

Security Affairs

The MuddyWater cyber espionage group has used an updated multi-stage PowerShell backdoor in recent cyber attacks. The group evolved over the years by adding new attack techniques to its arsenal.

WhatsApp Encryption Security Flaws Could Allow Snoops to Slide Into Group Chats

WIRED Threat Level

German researchers say that a flaw in the app's group-chat feature undermines its end-to-end encryption promises. Security

Magecart Group 12 also targets Opencart-based online stores

Security Affairs

Magecart made the headlines again, Magecart Group 12 is conducting a large-scale operation that targets OpenCart online stores. According to security experts at RiskIQ, the Magecart Group 12 is behind a large-scale operation against OpenCart online stores.

Public Google Groups Leaking Sensitive Data at Thousands of Orgs

Threatpost

Cloud Security Privacy Web Security exposed data google groups misconfiguration public settings sensitive informationThe exposed information includes accounts payable and invoice data, customer support emails, password-recovery mails, links to employee manuals, staffing schedules and other internal resources.

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Security Affairs

After two years of silence, FIN8 group is back and carried out a new campaign against the hotel-entertainment industry employing the ShellTea/PunchBuggy backdoor. The last time security experts documented the FIN8’s activities was in 2016 and 2017.