Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Archiving 126

Archiving Security IT Data breaches 126

Schneier on Security

NOVEMBER 21, 2023

TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github.

Security 92

Security Authentication Government IT 92

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing 120

Manufacturing Phishing Passwords Military 120

Security Affairs

JULY 27, 2023

Two weeks ago Zimbra urged customers to manually install updates to fix a zero-day vulnerability , now tracked as CVE-2023-38750 , that is actively exploited in attacks against Zimbra Collaboration Suite (ZCS) email servers. Google TAG researchers focus on identifying and countering advanced and persistent threats.

Risk 96

Risk Security IT Information Security 96

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity 114

Cybersecurity Encryption Security IT 114

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.” Apple fixed the flaw with improved checks.

Security 113

Security Risk Government IT 113

Security Affairs

DECEMBER 28, 2023

The actual damage resulting from this activity could potentially amount to millions of dollars. Even as the New Year approached and the world celebrated the festive Christmas season, the cybercriminal community did not pause their activities. Over 50 million records containing PII of consumers from around the world have been leaked.

Data breaches 143

Data breaches Personal data Government IT 143

Security Affairs

JUNE 19, 2022

In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The researchers believe that this vulnerability is being actively exploited in the wild, it has been rated with a CVSS score of 9.8.

Cybersecurity 122

Cybersecurity Security IT Information Security 122

Security Affairs

DECEMBER 12, 2023

Apple rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. Apple this week rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 17.2 and iPadOS 17.2 The company released iOS 16.7.3

Security 117

Security IT Information Security 117

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing 97

Phishing Military Ransomware Education 97

Security Affairs

SEPTEMBER 8, 2022

Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. The activities overlap with operations attributed to a group tracked by CERT-UA as UAC-0098 [ 1 , 2 , 3 ]. .

Ransomware 134

Ransomware Government Phishing IT 134

KnowBe4

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) has published a report describing the activities of “ARCHIPELAGO,” a subset of the North Korean state-sponsored threat actor APT43. ARCHIPELAGO’s operators frequently impersonate real journalists or experts in order to make initial contact with their targets.

Phishing 96

Phishing 96

Security Affairs

OCTOBER 25, 2023

The Winter Vivern group was first analyzed in 2021, it has been active since at least 2020 and it targets governments in Europe and Central Asia. The analysis of the email HTML source code revealed the presence of a SVG tag at the end, which contains a base64-encoded payload. The messages were sent from team.managment@outlook[.]com

Military 119

Military Government Phishing IT 119

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military 102

Military Phishing File names Government 102

Security Affairs

OCTOBER 4, 2023

Apple released emergency security updates to address a new actively exploited zero-day vulnerability impacting iPhone and iPad devices. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.” “A local attacker may be able to elevate their privileges.

Security 119

Security IT Information Security 119

Security Affairs

JULY 23, 2023

The webshell enabled the actors to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data. The attackers exploited the flaw to deploy the the webshell that was used to perform discovery on the victim’s active directory (AD) and collect and exfiltrate AD data.

Cybersecurity 97

Cybersecurity Cloud Encryption Passwords 97

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Archiving 103

Archiving Risk Government IT 103

Security Affairs

DECEMBER 8, 2022

North Korea-linked APT37 group (aka ScarCruft , Reaper, and Group123) actively exploited an Internet Explorer zero-day vulnerability, tracked as CVE-2022-41128 , in attacks aimed at South Korean users. ” reads the post published by TAG. Google TAG shared indicators of compromise (IOCs) for this campaign. CVE-2017-0199 ).

IT 99

IT Security Information Security 99

Security Affairs

MARCH 19, 2022

Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation. Pierluigi Paganini.

Access 95

Access Ransomware Communications Phishing 95

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. ” The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm. “Google is aware that an exploit for CVE-2023-7024 exists in the wild.”

Libraries 123

Libraries Access IT Information Security 123

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” continues the analysis. Follow me on Twitter: @securityaffairs and Facebook.

Government 120

Government Security IT Information Security 120

Security Affairs

JULY 8, 2023

Google released July security updates for Android that addressed tens of vulnerabilities, including three actively exploited flaws. July security updates for Android addressed more than 40 vulnerabilities, including three flaws that were actively exploited in targeted attacks. ” reads the security bulletin.

Libraries 98

Libraries Security Access IT 98

Security Affairs

FEBRUARY 5, 2024

The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors. The Ivanti Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2024-21893 , is currently being actively exploited in real-world attacks by various threat actors. x), Policy Secure (9.x,

Authentication 110

Authentication Security Access IT 110

Security Affairs

AUGUST 31, 2023

“To combat these threats [ransomware, wiper], security vendors tend to use their own mini-filter drivers to monitor the system’s I/O activity. Scan files with the tag in the PRE_CLEANUP function even if they were not altered. ” continues the report. ” continues the report. ” continues the report.

Security 125

Security Ransomware Communications IT 125

Security Affairs

NOVEMBER 30, 2023

Apple released emergency security updates to fix two actively exploited zero-day flaws impacting iPhone, iPad, and Mac devices. The flaws are actively exploited in attacks in the wild, both issues reside in the WebKit browser engine. The company addressed the flaw with improved locking.

Security 125

Security IT Information Security 125

Security Affairs

SEPTEMBER 28, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked as CVE-2023-5217.

Libraries 118

Libraries Passwords Security IT 118

Security Affairs

JUNE 6, 2023

Google released security updates to address a high-severity zero-day flaw in the Chrome web browser that it actively exploited in the wild. The IT giant is aware that the vulnerability is being actively exploited in the wild. The IT giant is aware that the vulnerability is being actively exploited in the wild.

Libraries 97

Libraries Security IT Information Security 97

Security Affairs

JULY 30, 2023

The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [ 2021 , 2020 , 2019 ], it is built off of the mid-year 2022 review. ” reads the report published by Google TAG. 0-clicks usually target components other than the browser.

IT 96

IT Security Information Security 96

Security Affairs

NOVEMBER 29, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. ” reads the advisory published by Google.

Libraries 120

Libraries Security Access IT 120

Security Affairs

JANUARY 12, 2023

Threat actors are actively exploiting a recently patched critical remote code execution (RCE) vulnerability in Control Web Panel (CWP). Threat actors are actively exploiting a recently patched critical vulnerability, tracked as CVE-2022-44877 (CVSS score: 9.8), in Control Web Panel (CWP). Pierluigi Paganini.

Security 98

Security IT Information Security 98

Security Affairs

AUGUST 19, 2022

Threat actors are using the Bumblebee loader to compromise Active Directory services as part of post-exploitation activities. After initial execution, Bumblebee was used to perform post-exploitation activities, including privilege escalation, reconnaissance, and credential theft. . ” continues the analysis.

Access 115

Access Archiving Phishing Passwords 115

Security Affairs

MARCH 19, 2021

The lack of server-side validation for HTML tags in Elementor elements (i.e. “Many of these elements offer the option to set an HTML tag for the content within. tags in order to apply different heading sizes via the header_size parameter.” tags in order to apply different heading sizes via the header_size parameter.”

Authentication 131

Authentication Security Access IT 131

Security Affairs

MAY 23, 2022

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations. Researchers from SEKOIA.IO org jadlactnato.webredirect[.]org.

Government 123

Government Communications Cybersecurity Security 123

Security Affairs

JANUARY 3, 2024

The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm. The vulnerability has been actively exploited by the Chinese hacker group UNC4841 Chinese. Google released emergency updates to address this zero-day vulnerability.

Libraries 117

Libraries IT Cybersecurity Risk 117

Krebs on Security

JUNE 8, 2021

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately.

Security 288

Security Ransomware Phishing Cloud 288

Gimmal

MARCH 11, 2022

Created to facilitate detection of RFID tags that are in range of the network-connected RFID antenna. Further, RFIDConnect provides the ability to program RFID tags, allowing clients to tag new items as they are captured in the Gimmal Physical software. Gimmal announces the release of the new RFIDConnect.

Communications 52

Communications 52

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG. ” concludes the report.

Phishing 93

Phishing Passwords Military Education 93