Information Management Today

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Google’s TAG tracked the activity of around 40 CSVs focusing on the types of software they develop. ” reads the report published by Google. ” concludes Google.

Government

Government Sales Risk IT

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Ransomware Education

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Security Affairs

JULY 13, 2023

.” The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats.

Authentication

Authentication Cloud Security IT

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome.

Archiving

Archiving Access Risk Security

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. Google experts pointed out that this is the first time that the cyberspies target NATO and military of multiple Eastern European countries. ” reads the report published by the TAG team.

Military

Military Phishing Government Ransomware

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” reads the report published by Google.

Government

Government Security IT Information Security

Google TAG spotted actors using new code signing tricks to evade detection

Security Affairs

SEPTEMBER 26, 2021

Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. ” read the analysis published by Google TAG.

Security

Security IT Information Security

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Google TAG researcher Clément Lecigne discovered the zero-day in June while investigating targeted attacks against Zimbra’s email server. ” continues the report. .

Government

Government Authentication Phishing IT

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

NOVEMBER 6, 2023

Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-concept (PoC) exploit, named Google Calendar RAT, that relies on Calendar service to host command-and-control (C2) infrastructure.

Communications

Communications Cloud IT Security

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 7, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium V8 Type Confusion bug, tracked as CVE-2023-4762 , to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Cybersecurity Risk Security

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR.

Archiving

Archiving Security IT Data breaches

Google TAG Warns on Emerging Heliconia Exploit Framework for RCE

Dark Reading

NOVEMBER 30, 2022

The framework has ties back to a Spanish exploit broker called Variston IT, and offers a one-stop shop for compromising Chrome, Defender and Firefox.

IT

Google Exposes Initial Access Broker Ties to Ransomware

Data Breach Today

MARCH 19, 2022

Google's Threat Analysis Group - TAG - observed this financially motivated threat actor dubbed Exotic Lily, exploiting a zero-day in Microsoft MSHTML tracked as CVE-2021-40444.

Ransomware

Ransomware Access

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” reads the report published by Google TAG.

Government

Government Ransomware Libraries Access

North Korean Hackers Look to Internet Explorer Zero Days

Data Breach Today

DECEMBER 7, 2022

Google TAG Attributes Expoloits to State-Sponsored APT37, aka Reaper Microsoft Office's use of Internet Explorer to render HTML is the gift that keeps giving for North Korean hackers. Security researchers at Google say they spotted a Pyongyang threat actor using a now-patched JavaScript engine flaw via a malicious Office document.

Security

North Korea-linked threat actors target cybersecurity experts with a zero-day

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity

Cybersecurity Encryption Security IT

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. ” wrote Leonard. China is working hard here too. government.

Government

Government File names Phishing Security

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. citizenlab in coordination with @Google ’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s #Predator #spyware through links sent via SMS and WhatsApp. .

Security

Security Risk Government IT

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Security Affairs

JULY 27, 2023

It was developed by Zimbra, Inc The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. Zimbra this week released version ZCS 10.0.2

Risk

Risk Security IT Information Security

Burger King forgets to put a password on their systems, again

Security Affairs

AUGUST 2, 2023

Another piece of sensitive information that the research team observed included a Google Tag Manager ID. Google Tag Manager is a tool used to optimize update measurement codes and related code fragments, collectively known as tags, on a website or mobile app.

Passwords

Passwords Analytics Access Risk

Email Security Flaw Found in the Wild

Schneier on Security

NOVEMBER 21, 2023

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. The vulnerability was discovered in June.

Security

Security Authentication Government IT

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

Google fixed the third Chrome zero-day of 2023

Security Affairs

JUNE 6, 2023

Google released security updates to address a high-severity zero-day flaw in the Chrome web browser that it actively exploited in the wild. Google released security updates to address a high-severity vulnerability, tracked as CVE-2023-3079, in its Chrome web browser. ” reads the advisory published by the company.

Libraries

Libraries Security IT Information Security

Google addressed a new actively exploited Chrome zero-day

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. “Google is aware that an exploit for CVE-2023-7024 exists in the wild.”

Libraries

Libraries Access IT Information Security

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Security Affairs

JULY 30, 2023

Google’s Threat Analysis Group Google states that more than 40% of zero-day flaws discovered in 2022 were variants of previous issues. Google's 2022 Year in Review of in-the-wild 0-days is out! ” reads the report published by Google TAG. 0-clicks usually target components other than the browser.

IT

IT Security Information Security

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Archiving

Archiving Risk Government IT

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums.

Phishing

Phishing Archiving Encryption Authentication

Google warned 12K+ users targeted by state-sponsored hackers

Security Affairs

DECEMBER 1, 2019

Google revealed that over 12,000 of its users were targeted by state-sponsored hackers in the third quarter of this year. Google’s Threat Analysis Group (TAG) revealed that it has detected and blocked attacks carried out by nation-state actors on 12,000 of its users in the third quarter of this year. Pierluigi Paganini.

Phishing

Phishing Authentication Passwords Risk

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. Google Threat Analysis Group researchers discovered the zero-day vulnerability in late October 2022, it was exploited by APT37 using specially crafted documents. ” reads the post published by TAG.

IT

IT Security Information Security

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Security Affairs

NOVEMBER 29, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. ” reads the advisory published by Google.

Libraries

Libraries Security Access IT

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

Google has blocked a phishing campaign conducted by China-linked group APT31 aimed at Gmail users associated with the U.S. Google announced to have blocked a phishing campaign originating conducted by China-linked cybereaspionage group APT31 (aka Zirconium , Judgment Panda, and Red Keres) and aimed at Gmail users associated with the U.S.

Government

Government Phishing Military IT

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 28, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked as CVE-2023-5217.

Libraries

Libraries Passwords Security IT

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Dark Reading

MARCH 29, 2023

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Government

Government Marketing

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Security Affairs

OCTOBER 14, 2021

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. ” wrote Ajax Bash, a Google security engineer from the TAG.

Phishing

Phishing Military Government Security

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google revealed that threat actors recently exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. Pierluigi Paganini.

Encryption

Encryption IT Security Information Security

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google experts are tracking ARCHIPELAGO since 2012 and have observed the group targeting individuals with expertise in North Korea policy issues. ” reads the analysis published by Google TAG.

Phishing

Phishing Passwords Military Education

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day.

Libraries

Libraries IT Cybersecurity Risk

Zimbra Zero-Day Demands Urgent Manual Update

Dark Reading

JULY 14, 2023

A bug in Zimbra email servers is already being exploited in the wild, Google TAG researchers warn.

Google and ARM Tackle Android Bugs with Memory-Tagging

Threatpost

AUGUST 5, 2019

Buffer overflows, race conditions, use-after-free and more account for more than half of all vulnerabilities in the Android platform.

Security

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Libraries Cybersecurity Passwords

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Google TAG shared indicators of compromise (IoCs) for both campaigns. The threat actors behind the attacks used both zero-day and n-day exploits in their exploits. The exploits were used to install commercial spyware and malicious apps on targets’ devices.

Cybersecurity

Cybersecurity Education Risk Security

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. ” reads the Threat Horizons April 2023 Threat Horizons Report published by Google.”The

Phishing

Phishing Cloud Government Education

Apple released iOS 17.2 to address a dozen of security flaws

Security Affairs

DECEMBER 12, 2023

Clément Lecigne of Google’s Threat Analysis Group discovered both vulnerabilities. The fact that the issues were discovered by Google TAG suggests they were exploited by a nation-state actor or by a surveillance firm. Addressed issues include CVE-2023-42916 and CVE-2023-42917 which Apple fixed at the end of November.

Security

Security IT Information Security

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Google TAG warns of Russia-linked APT groups targeting Ukraine

Webinars

Trending Sources

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Webinars

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Google TAG shares details about exploit chains used to install commercial spyware

Google TAG details cyber activity with regard to the invasion of Ukraine

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Google TAG spotted actors using new code signing tricks to evade detection

Zimbra zero-day exploited to steal government emails by four groups

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Google TAG Warns on Emerging Heliconia Exploit Framework for RCE

Google Exposes Initial Access Broker Ties to Ransomware

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

North Korean Hackers Look to Internet Explorer Zero Days

North Korea-linked threat actors target cybersecurity experts with a zero-day

China-linked threat actors are targeting the government of Ukraine

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Burger King forgets to put a password on their systems, again

Email Security Flaw Found in the Wild

China-linked APT Curious Gorge targeted Russian govt agencies

Google fixed the third Chrome zero-day of 2023

Google addressed a new actively exploited Chrome zero-day

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

YouTube creators’ accounts hijacked with cookie-stealing malware

Google warned 12K+ users targeted by state-sponsored hackers

APT37 used Internet Explorer Zero-Day in a recent campaign

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Google blocked China-linked APT31’s attacks targeting U.S. Government

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Zimbra Zero-Day Demands Urgent Manual Update

Google and ARM Tackle Android Bugs with Memory-Tagging

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

China-linked APT41 group spotted using open-source red teaming tool GC2

Apple released iOS 17.2 to address a dozen of security flaws

Stay Connected