Information Management Today

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia.

Military

Military Government Access Risk

Google Exposes Initial Access Broker Ties to Ransomware

Data Breach Today

MARCH 19, 2022

Broker Provides Services to Conti, Diavol Ransomware Groups Researchers have uncovered a full-time initial access broker group that serves both Conti and Diavol ransomware groups.

Ransomware

Ransomware Access

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” reads the report published by Google TAG. ” concludes the report.

Government

Government Ransomware Libraries Access

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Google TAG researcher Clément Lecigne discovered the zero-day in June while investigating targeted attacks against Zimbra’s email server. ” reads the advisory published by Google TAG.

Government

Government Authentication Phishing IT

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

North Korea-linked threat actors target cybersecurity experts with a zero-day

Security Affairs

SEPTEMBER 8, 2023

North Korea-linked threat actors were observed exploiting a zero-day vulnerability in an unnamed software to target cybersecurity researchers. The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). ” reads the advisory published by Google TAG.

Cybersecurity

Cybersecurity Encryption Security IT

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

KnowBe4

JANUARY 22, 2024

The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO governments,” according to researchers at Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Government Security

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Google’s TAG tracked the activity of around 40 CSVs focusing on the types of software they develop. ” reads the report published by Google. Google hopes this report will serve as a call to action.

Government

Government Sales Risk IT

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. citizenlab in coordination with @Google ’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s #Predator #spyware through links sent via SMS and WhatsApp. .

Security

Security Risk Government IT

North Korean Hackers Look to Internet Explorer Zero Days

Data Breach Today

DECEMBER 7, 2022

Google TAG Attributes Expoloits to State-Sponsored APT37, aka Reaper Microsoft Office's use of Internet Explorer to render HTML is the gift that keeps giving for North Korean hackers. Security researchers at Google say they spotted a Pyongyang threat actor using a now-patched JavaScript engine flaw via a malicious Office document.

Security

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Archiving

Archiving Security IT Data breaches

Burger King forgets to put a password on their systems, again

Security Affairs

AUGUST 2, 2023

Recently, the Cybernews research team uncovered that Burger King in France exposed sensitive credentials to the public due to a misconfiguration on their website. Publicly accessible credentials On June 1st, 2023, the Cybernews research team discovered a publicly accessible environment file (.env)

Passwords

Passwords Analytics Access Risk

Abusing Windows Container Isolation Framework to avoid detection by security products

Security Affairs

AUGUST 31, 2023

Researchers demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at the recent DEF CON hacking conference demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions.

Security

Security Ransomware Communications IT

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Archiving

Archiving Risk Government IT

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” continues the analysis. Pierluigi Paganini.

Government

Government Security IT Information Security

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Security Affairs

JULY 27, 2023

It was developed by Zimbra, Inc The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. Zimbra this week released version ZCS 10.0.2

Risk

Risk Security IT Information Security

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Security Affairs

JUNE 19, 2022

The researchers believe that this vulnerability is being actively exploited in the wild, it has been rated with a CVSS score of 9.8. The vulnerability resides in the Merge Tag feature of the plugin. The vulnerability resides in the Merge Tag feature of the plugin. ” added the researchers. . 3.1.10, 3.2.28, 3.3.21.4,

Cybersecurity

Cybersecurity Security IT Information Security

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Dark Reading

MARCH 29, 2023

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Government

Government Marketing

Google TAG spotted actors using new code signing tricks to evade detection

Security Affairs

SEPTEMBER 26, 2021

Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. ” read the analysis published by Google TAG.

Security

Security IT Information Security

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Security Affairs

JULY 13, 2023

.” The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. Thank you to @Zimbra for publishing this advisory and mitigation advice!

Authentication

Authentication Cloud Security IT

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

Google Threat Analysis Group researchers discovered the zero-day vulnerability in late October 2022, it was exploited by APT37 using specially crafted documents. ” reads the post published by TAG. TAG determined that the APT group abused the zero-day vulnerability in the JScript engine of Internet Explorer.

IT

IT Security Information Security

Zimbra Zero-Day Demands Urgent Manual Update

Dark Reading

JULY 14, 2023

A bug in Zimbra email servers is already being exploited in the wild, Google TAG researchers warn.

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The researchers discovered that attackers deployed on the sites hosted two iframes that were used to serve iOS and macOS exploits to the visitors.

Encryption

Encryption IT Security Information Security

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Military Ransomware Education

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. ” wrote Leonard. China is working hard here too.

Government

Government File names Phishing Security

Crickets from Chirp Systems in Smart Lock Key Leak

Krebs on Security

APRIL 15, 2024

” Matt Brown , the researcher CISA credits with reporting the flaw, is a senior systems development engineer at Amazon Web Services. out of a possible 10). “Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability.” Neither August nor Chirp Systems responded to requests for comment.

Analytics

Analytics Cybersecurity Passwords Communications

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

Military

Military Phishing File names Government

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Security Affairs

APRIL 2, 2024

Researchers from Defiant’s Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious script injection. Then the attacker can modify the raw request to contain an X-Forwarded-For header set to a malicious payload enclosed in script tags.

Access

Access IT Information Security Security

Millions of sites could be hacked due to flaws in popular WordPress plugins

Security Affairs

MARCH 19, 2021

Security researchers disclosed vulnerabilities in Elementor and WP Super Cache WordPress plugins that could be exploited to run arbitrary code and take over a website under certain circumstances. The lack of server-side validation for HTML tags in Elementor elements (i.e. ” reads the post published by Wordfence.

Authentication

Authentication Security Access IT

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums.

Phishing

Phishing Archiving Encryption Authentication

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. Google Threat Analysis Group (TAG) director Shane Huntley confirmed that the IT giant was able to detect and block all phishing messages. government.

Government

Government Phishing Military IT

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. Google TAG researchers reported that the same group, tracked as Zinc ,” also targeted security researchers in past campaigns.

Security

Security Phishing Information Security Communications

Annual Protest Raises $250K to Cure Krebs

Krebs on Security

MARCH 31, 2019

For the second year in a row, denizens of a large German-language online forum have donated more than USD $250,000 to cancer research organizations in protest of a story KrebsOnSecurity published in 2018 that unmasked the creators of Coinhive , a now-defunct cryptocurrency mining service that was massively abused by cybercriminals.

Mining

Mining Privacy IT

North Korea-linked campaign targets security experts via social media

Security Affairs

JANUARY 26, 2021

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. ” reads the TAG’s report. ” reads the TAG’s report.

Security

Security Communications Cybersecurity Government

Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike

Security Affairs

OCTOBER 18, 2022

This can be exploited using an object tag, which in turn can load a malicious payload from a webserver, which is then executed by the Cobalt Strike client.” “Disabling automatic parsing of html tags across the entire client was enough to mitigate this behaviour.” ” reads the post published by HelpSystems.

IT

IT Security Information Security

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Archiving

Archiving Access Risk Security

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Security Affairs

JULY 30, 2023

The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [ 2021 , 2020 , 2019 ], it is built off of the mid-year 2022 review. In 2021 the number of zero-days discovered by the researchers were 69 detected. ” reads the report published by Google TAG.

IT

IT Security Information Security

Ex-members of the Conti ransomware gang target Ukraine

Security Affairs

SEPTEMBER 8, 2022

Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. ” reads the TAG’s report. ” concludes TAG.

Ransomware

Ransomware Government Phishing IT

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The researchers uncovered a phishing campaign conducted by a Russia-linked threat actor tracked as COLDRIVER (aka Calisto ) against a NATO Centre of Excellence and Eastern European militaries. ” continues the report.

Military

Military Phishing Government Ransomware

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Security Affairs

JULY 23, 2023

Researchers reported that more than 15000 Citrix servers exposed online are likely vulnerable to attacks exploiting the vulnerability CVE-2023-3519. Update on CVE-2023-3519 vulnerable IPs: we now tag 15K Citrix IPs as vulnerable to CVE-2023-3519. Most of the servers are located in the United States and Germany.

Cybersecurity

Cybersecurity Cloud Encryption Passwords

North Korea-linked hackers target security experts again

Security Affairs

MARCH 31, 2021

Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. ” reads the post published by Google TAG. ” reads the post published by Google TAG.

Security

Security Cybersecurity IT

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

MAY 23, 2022

Researchers from SEKOIA.IO SEKOIA researchers started their investigation after the publication of Google’s Threat Analysis Group (TAG)’s report “ Update on cyber activity in Eastern Europe ” which detailed the activity of nation-state actors against Eastern Europe. org jadlactnato.webredirect[.]org.

Government

Government Communications Cybersecurity Security

Exotic Lily initial access broker works with Conti gang

Security Affairs

MARCH 19, 2022

Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation.

Access

Access Ransomware Communications Phishing

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Google Exposes Initial Access Broker Ties to Ransomware

Trending Sources

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Zimbra zero-day exploited to steal government emails by four groups

How to Package and Price Embedded Analytics

North Korea-linked threat actors target cybersecurity experts with a zero-day

Russian State-Sponsored Threat Actor Targets High Profile Individuals in Phishing Campaign

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

North Korean Hackers Look to Internet Explorer Zero Days

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Burger King forgets to put a password on their systems, again

Abusing Windows Container Isolation Framework to avoid detection by security products

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG spotted actors using new code signing tricks to evade detection

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

APT37 used Internet Explorer Zero-Day in a recent campaign

Zimbra Zero-Day Demands Urgent Manual Update

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Google TAG warns of Russia-linked APT groups targeting Ukraine

China-linked APT Curious Gorge targeted Russian govt agencies

China-linked threat actors are targeting the government of Ukraine

Crickets from Chirp Systems in Smart Lock Key Leak

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Millions of sites could be hacked due to flaws in popular WordPress plugins

YouTube creators’ accounts hijacked with cookie-stealing malware

Google blocked China-linked APT31’s attacks targeting U.S. Government

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Annual Protest Raises $250K to Cure Krebs

North Korea-linked campaign targets security experts via social media

Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike

Google TAG shares details about exploit chains used to install commercial spyware

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Ex-members of the Conti ransomware gang target Ukraine

Google TAG details cyber activity with regard to the invasion of Ukraine

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

North Korea-linked hackers target security experts again

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Exotic Lily initial access broker works with Conti gang

Stay Connected