Information Management Today

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The vulnerability is a reflected cross-site scripting (XSS) issue that resides in the Zimbra Classic Web Client, it impacts Zimbra Collaboration (ZCS) 8 before 8.8.15

Government

Government Authentication Phishing IT

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Archiving

Archiving Risk Government IT

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. An attacker can trigger the flaw by tricking the victim into visiting specially crafted web content that may lead to arbitrary code execution. The IT giant addressed the flaw with improved checks.

Security

Security Risk Government IT

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Crickets from Chirp Systems in Smart Lock Key Leak

Krebs on Security

APRIL 15, 2024

” Matt Brown , the researcher CISA credits with reporting the flaw, is a senior systems development engineer at Amazon Web Services. . “Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability.” Neither August nor Chirp Systems responded to requests for comment.

Analytics

Analytics Cybersecurity Passwords Communications

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Security Affairs

APRIL 2, 2024

An unauthenticated attacker can trigger the flaw to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. Then the attacker can modify the raw request to contain an X-Forwarded-For header set to a malicious payload enclosed in script tags.

Access

Access IT Information Security Security

Apple released iOS 17.2 to address a dozen of security flaws

Security Affairs

DECEMBER 12, 2023

Processing web content may lead to arbitrary code execution. The fact that the issues were discovered by Google TAG suggests they were exploited by a nation-state actor or by a surveillance firm. The IT giant addressed the flaw by improving memory handling. The flaw CVE-2023-42898 was discovered by Junsung Lee.

Security

Security IT Information Security

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Security Affairs

APRIL 13, 2022

Apache Struts is an open-source web application framework for developing Java EE web applications. The remote code execution flaw, tracked as CVE-2020-17530, resides in forced OGNL evaluation when evaluated on raw user input in tag attributes. reads the advisory published by the Apache Software Foundation.

Cybersecurity

Cybersecurity Security IT Information Security

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. Instead, they marked the holiday season in their unique way.

Data breaches

Data breaches Personal data Government IT

Threat actors actively exploit Control Web Panel RCE following PoC release

Security Affairs

JANUARY 12, 2023

Threat actors are actively exploiting a recently patched critical remote code execution (RCE) vulnerability in Control Web Panel (CWP). Threat actors are actively exploiting a recently patched critical vulnerability, tracked as CVE-2022-44877 (CVSS score: 9.8), in Control Web Panel (CWP). This is an unauthenticated RCE.

Security

Security IT Information Security

Apple addressed 2 new iOS zero-day vulnerabilities

Security Affairs

NOVEMBER 30, 2023

An attacker can trick a victim into visiting specially crafted web content to disclose sensitive information. An attacker can trick a victim into visiting specially crafted web content to potentially execute arbitrary code on the impacted devices. The first vulnerability, tracked as CVE-2023-42916, is an out-of-bounds read.

Security

Security IT Information Security

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Security Affairs

JULY 13, 2023

.” The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. Thank you to @Zimbra for publishing this advisory and mitigation advice!

Authentication

Authentication Cloud Security IT

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Security Affairs

JUNE 5, 2023

A new ongoing Magecart web skimmer campaign abuse legitimate websites to act as makeshift command and control (C2) servers. Akamai researchers discovered a new ongoing Magecart web skimmer campaign aimed at stealing personally identifiable information (PII) and credit card information from users in North America, Latin America, and Europe.

CMS

CMS Retail Analytics IT

Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch

Security Affairs

OCTOBER 31, 2022

An unofficial patch for an actively exploited flaw in Microsoft Windows that allows to bypass Mark-of-the-Web (MotW) protections. Will asked Patrick about the ZIP files used in the malware campaign to see if they were exploiting the same vulnerability or employing some other trick to bypass the “Mark of the Web.”

Ransomware

Ransomware Security IT Information Security

US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

Security Affairs

JANUARY 19, 2023

US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog. The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw ( CVE-2022-44877 ) to its Known Exploited Vulnerabilities Catalog. reads the advisory for this vulnerability.

IT

IT Risk Security Information Security

Microsoft Patch Tuesday, December 2022 Edition

Krebs on Security

DECEMBER 14, 2022

The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell , and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday. There aren’t many who wouldn’t open that file in that scenario.”

Ransomware

Ransomware Authentication Security Access

Google fixed the third Chrome zero-day of 2023

Security Affairs

JUNE 6, 2023

Google released security updates to address a high-severity zero-day flaw in the Chrome web browser that it actively exploited in the wild. Google released security updates to address a high-severity vulnerability, tracked as CVE-2023-3079, in its Chrome web browser.

Libraries

Libraries Security IT Information Security

Google announces V8 Sandbox to protect Chrome users

Security Affairs

APRIL 9, 2024

Google announced support for a V8 Sandbox in the Chrome web browser to protect users from exploits triggering memory corruption issues. Google has announced support for what’s called a V8 Sandbox in the Chrome web browser. The company included the V8 Sandbox in Chrome’s Vulnerability Reward Program (VRP).

Access

Access IT Security Information Security

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Security Affairs

JULY 23, 2023

CISA revealed that threat actors are exploiting the vulnerability to drop web shells on vulnerable systems. Update on CVE-2023-3519 vulnerable IPs: we now tag 15K Citrix IPs as vulnerable to CVE-2023-3519. We extended the tagging logic to tag as vulnerable all that return Last Modified headers with a date before July 1, 2023 00:00:00Z.

Cybersecurity

Cybersecurity Cloud Encryption Passwords

Annual Protest Raises $250K to Cure Krebs

Krebs on Security

MARCH 31, 2019

I undertook the research because Coinhive’s code at the time was found on tens of thousands of hacked Web sites, and Coinhive seemed uninterested in curbing widespread abuse of its platform. Please tag your donation bills properly if they shall be accounted. The official tag is ‘krebsspende.’

Mining

Mining Privacy IT

A new Magecart campaign hides the malicious code in 404 error page

Security Affairs

OCTOBER 12, 2023

Researchers observed a new Magecart web skimming campaign changing the websites’ default 404 error page to steal credit cards. Researchers from the Akamai Security Intelligence Group uncovered a Magecart web skimming campaign that is manipulating the website’s default 404 error page to hide malicious code.

Retail

Retail IT Security Information Security

New skimmer attack uses WebSockets to evade detection

Security Affairs

NOVEMBER 15, 2020

Once executed, a malicious JavaScript file is requested from the a C2 server (at https[:]//tags-manager[.]com/gtags/script2 The distinctive aspect of this attack is the use of WebSockets, instead of HTML tags or XHR requests, to extract the information from the compromised site that makes this technique more stealth.

Marketing

Marketing Risk IT Security

What Is Rum data and why does it matter?

IBM Big Data Hub

DECEMBER 18, 2023

It all starts with configuration of a web property—whether that’s an application, service, or other content delivery mechanism. NS1 Connect adds JavaScript tags to that web property which collect information about inbound user traffic.

IT

IT Cloud Data collection Analytics

Google addressed a new actively exploited Chrome zero-day

Security Affairs

DECEMBER 20, 2023

Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. ” The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm.

Libraries

Libraries Access IT Information Security

Crooks use HTML smuggling to spread QBot malware via SVG files

Security Affairs

DECEMBER 14, 2022

. “SVG images are constructed using XML, allowing them to be placed within HTML using ordinary XML markup tags. Talos has identified malicious emails featuring HTML attachments with encoded SVG images that themselves contain HTML <script> tags. Including script tags within a SVG image is a legitimate feature of SVG.”

Archiving

Archiving Phishing Passwords Security

December 2022 Patch Tuesday fixed 2 zero-day flaws

Security Affairs

DECEMBER 14, 2022

“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.” ” reads the advisory published by the IT giant. ” reads the advisory.

Security

Security IT Information Security

Apple addressed two actively exploited zero-day flaws

Security Affairs

APRIL 7, 2023

Today, Apple published an emergency update for all iPhones to patch an exploit chain which we, together with @_clem1 (Google TAG) discovered in the wild. An attacker can trigger the flaw by tricking the victims into loading maliciously crafted web pages. Apple is aware of a report that this issue may have been actively exploited.”

Education

Education Security Cybersecurity IT

Google: four zero-day flaws have been exploited in the wild

Security Affairs

JULY 14, 2021

Security researchers from Google Threat Analysis Group (TAG) and Google Project Zero revealed that four zero-day vulnerabilities have been exploited in the wild earlier this year. ” Post by @_clem1 & @maddiestone on 4 0days TAG found this year (with IOCs!). Also thoughts on why we are seeing so many 0day in 2021.

Government

Government Security IT Cybersecurity

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

The Last Watchdog

JUNE 30, 2021

Web architecture from the past decade followed a trend where most web applications were server heavy, and enterprises’ data centers handled the bulk of the processing. The web browser was more of a graphical interface or a rendering engine. Let’s discuss how the SolarWinds hack relates to a regular website supply chain.

IT

IT Risk Mining Analytics

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks

Security Affairs

APRIL 15, 2019

In this case, attackers used a common HTML5 attribute, the <a> tag ping, to trick these users to unwittingly participate in a major DDoS attack that flooded one web site with approximately 70 million requests in four hours.” This was the first case of a DDoS attack using the <a> tag ping attribute.

Security

Security IT

Microsoft warns of new highly evasive web skimming campaigns

Security Affairs

MAY 24, 2022

Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. SecurityAffairs – hacking, web skimming attacks).

Analytics

Analytics Security Cybersecurity IT

North Korea-linked campaign targets security experts via social media

Security Affairs

JANUARY 26, 2021

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. ” reads the TAG’s report. ” reads the TAG’s report.

Security

Security Communications Cybersecurity Government

Balada Injector still at large – new domains discovered

Security Affairs

AUGUST 9, 2023

During a routine web monitoring operation, we discovered an address that led us down a rabbit hole of WordPress-orientated “hack waves” caused by the Balada Injector malware. com which appeared during routine web monitoring. The PHP tags were stacked on top of each other, having legitimate code of the website at the very bottom.

Access

Access IT Security Information Security

Magecart gang hides PHP-based web shells in favicons

Security Affairs

MAY 14, 2021

Magecart cybercrime gang is using favicon to hide malicious PHP web shells used to maintain remote access to inject JavaScript skimmers into online stores. Magecart hackers are distributing malicious PHP web shells hidden in website favicon to inject JavaScript e-skimmers into online stores and steal payment information.

File names

File names Cybersecurity Security Access

Microsoft Patch Tuesday fix Outlook zero-day actively exploited

Security Affairs

MARCH 14, 2023

An attacker can exploit the vulnerability to bypass Mark of the Web (MOTW) defenses by using specially crafted files. Microsoft Office SmartScreen and Protected View defense features rely on MOTW, this means that the flaw can be exploited to bypass them and deliver malware via crafted documents. ” states Microsoft. .

Authentication

Authentication Ransomware Access Security

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

Besides proprietary tools, they’re leveraging MHDDoS, Blood, Karma DDoS, Hasoki, DDoS Ripper and GoldenEye scripts to generate malicious traffic on Layer 7 which may impact the availability of WEB resources.

Government

Government Cybersecurity IoT Security

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Security Affairs

JANUARY 6, 2021

This account can be used by someone to login to the ssh server or web interface with admin privileges.”. Tags available for all users via the GreyNoise web interface and API now. The credentials could be also used by a malicious third-party to login to the SSH server or web interface with admin privileges. patch 0). “I

Passwords

Passwords Cloud Security Access

Weekly Update 359

Troy Hunt

AUGUST 5, 2023

As if preparing these wasn't painful enough, trying to make them simply play nice on a web page has been a nightmare! (I I settled for dumping stuff in a <pre> tag for now and will invest the time in doing it right later on.)

Passwords

Passwords IT

Patch Tuesday Fixes Actively Exploited MOTW Vulnerability

eSecurity Planet

DECEMBER 14, 2022

Regarding that flaw, Microsoft observed, “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”

Risk

Risk Authentication Ransomware Cybersecurity

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 6, 2023

Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in print management software exposes servers to RCE attacks A cyberattack impacted operations of multiple hospitals in several US states Married couple pleaded guilty to laundering billions in cryptocurrency stolen from Bitfinex in 2016 Malicious packages in (..)

Security

Security Military Phishing Sales

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

The] idea of this app is that you can set it up as a spam filter…block some calls and SMS remotely, from a Web service. Pushwoosh employees posing at a company laser tag event. Edwards said it’s far from clear how many other state and local government apps and Web sites rely on technology that sends user data to U.S.

Government

Government Risk IT Marketing

Patch Tuesday, December 2018 Edition

Krebs on Security

DECEMBER 11, 2018

The weakness, which is present on all support versions of Windows, is tagged tagged with the less severe “important” rating by Microsoft mainly because it requires an attacker to be logged on to the system first.

Security

Security IT

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

Likewise, lookalike and spoofed web domains and well-crafted phishing emails now easily trick employees into thinking they’re dealing with trustworthy sources. The price tag of the ransom is just one of the many costs of these attacks, and remediation can often exceed this fee many times over. A typical attack.

Ransomware

Ransomware Education Phishing Financial Services

McAfee Cloud Launches as Skyhigh Security

eSecurity Planet

MARCH 21, 2022

. “As these functions move to the cloud, there are new models that have also appeared to help customers stay secure around SaaS applications … so you have cloud access service brokers , coupled in with zero trust architectures around access, and protection against the web and threats with secure web gateways.”

Cloud

Cloud Security Marketing Access

Tor Project released Tor Browser 8.5.1 for Windows, Mac, Linux, and Android

Security Affairs

JUNE 6, 2019

Bwloe the full changelog since Tor Browser 8.5: All platforms Update Torbutton to 2.1.10 Bug 30565 : Sync nocertdb with privatebrowsing.autostart at startup Bug 30464 : Add WebGL to safer descriptions Translations update Update NoScript to 10.6.2 Bug 29969 : Remove workaround for Mozilla’s bug 1532530 Update HTTPS Everywhere to 2019.5.13

Security

Security IT Information Security Privacy

Zimbra zero-day exploited to steal government emails by four groups

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Webinars

Trending Sources

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Webinars

Crickets from Chirp Systems in Smart Lock Key Leak

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Apple released iOS 17.2 to address a dozen of security flaws

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Threat actors actively exploit Control Web Panel RCE following PoC release

Apple addressed 2 new iOS zero-day vulnerabilities

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Magecart campaign abuses legitimate sites to host web skimmers and act as C2

Actively exploited Windows Mark-of-the-Web zero-day received an unofficial patch

US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

Microsoft Patch Tuesday, December 2022 Edition

Google fixed the third Chrome zero-day of 2023

Google announces V8 Sandbox to protect Chrome users

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Annual Protest Raises $250K to Cure Krebs

A new Magecart campaign hides the malicious code in 404 error page

New skimmer attack uses WebSockets to evade detection

What Is Rum data and why does it matter?

Google addressed a new actively exploited Chrome zero-day

Crooks use HTML smuggling to spread QBot malware via SVG files

December 2022 Patch Tuesday fixed 2 zero-day flaws

Apple addressed two actively exploited zero-day flaws

Google: four zero-day flaws have been exploited in the wild

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks

Microsoft warns of new highly evasive web skimming campaigns

North Korea-linked campaign targets security experts via social media

Balada Injector still at large – new domains discovered

Magecart gang hides PHP-based web shells in favicons

Microsoft Patch Tuesday fix Outlook zero-day actively exploited

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Weekly Update 359

Patch Tuesday Fixes Actively Exploited MOTW Vulnerability

Security Affairs newsletter Round 431 by Pierluigi Paganini – International edition

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Patch Tuesday, December 2018 Edition

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

McAfee Cloud Launches as Skyhigh Security

Tor Project released Tor Browser 8.5.1 for Windows, Mac, Linux, and Android

Stay Connected