Blog - Cyber Security Informer

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR.

Cybercrime

Cybercrime Malware Software Hacking

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Government Phishing Passwords

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

Google Confirms Increase In Russian Cyber Attacks Against Ukraine

Heimadal Security

FEBRUARY 21, 2023

According to a new report released by Google’s Threat Analysis Group (TAG) and Mandiant, Russia’s cyber attacks against Ukraine increased by 250% in 2022. The company said it observed […] The post Google Confirms Increase In Russian Cyber Attacks Against Ukraine appeared first on Heimdal Security Blog.

Cyber Attacks

Cyber Attacks Media Government Cybersecurity

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

The Hacker News

JANUARY 26, 2023

Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the company's Threat Analysis Group (TAG) said in a report shared with The Hacker News. However, a

NATO Countries Targeted in Russian Phishing Attacks, Google Reports

Heimadal Security

MARCH 31, 2022

According to the Google Threat Analysis Group (TAG), a great number of threat actors are currently exploiting the event of the Russian invasion in Ukraine to launch phishing and malware cyberattacks against Eastern European and NATO countries. The cyberattacks also target Ukraine.

Phishing

Phishing Government Malware Cybersecurity

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

Heimadal Security

JANUARY 14, 2022

An unofficial patch was released for a privilege escalation vulnerability that has an impact on all versions of Windows after Microsoft tagged its status as “won’t fix”. If successfully exploited, threat actors could perform an NTLM relay attack that […].

Cybersecurity

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG.

Phishing

Phishing Media Passwords Malware

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. ” reads the Threat Horizons April 2023 Threat Horizons Report published by Google.”The

Media

Media Accountability Government Malware

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Security Affairs

JUNE 19, 2022

In middle June, the Wordfence Threat Intelligence team noticed a back-ported security update in the popular WordPress plugin Ninja Forms, which has over one million active installations. The vulnerability resides in the Merge Tag feature of the plugin. ” reads the advisory published by Wordfence. To nominate, please visit:?.

Hacking

Hacking Cybersecurity Information Security

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. The Ukraine war isn’t only attracting interest from European threat actors.

Government

Government Engineering Phishing Hacking

Google Threat Analysis Group took down ten influence operations in Q2 2020

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. response to COVID-19.

Accountability

Accountability Advertising Media Government

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Anton on Security

JANUARY 10, 2024

So, we ( Tim and Anton , the crew behind the podcast ) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. Much better website with content tags Finally, an obvious call to action! Subscribe at Spotify.

Cloud Migration

Cloud Migration Government Network Security Risk

New Kritec Magecart skimmer found on Magento stores

Malwarebytes

MARCH 22, 2023

Threat actors often compete for the same resources, and this couldn't be further from the truth when it comes to website compromises. In the past, we have seen such occurrences with Magecart threat actors for example in the breach of the Umbro website. We believe this is a different campaign and threat actor altogether.

N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches

The Hacker News

JANUARY 26, 2021

Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development.

Media

Media Internet Internet Government

Remote Working One Year On: What the Future Holds for Cybersecurity

Security Boulevard

MARCH 19, 2021

<a href='/blog?tag=Inbound tag=Inbound Threats'>Inbound Threats</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Email Battling a Varied and Growing Threat. Increased File Sharing. Request a Demo. Additional Resources.

Cybersecurity

Cybersecurity CISO Social Engineering Technology

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome.

Spyware

Spyware Surveillance Firmware Internet

Social Media Apps like LinkedIn Have Become Tools for Human Hacking

Security Boulevard

MAY 5, 2021

This year, Google’s Threat Analysis Group (TAG) discovered a largescale cyberattack that originated out of North Korea. The cyberattack utilized fake blogs, fake email accounts, and even […]. Social media, including LinkedIn, have become the new preferred method of attack for these criminals.

Media

Media Hacking Accountability Social Engineering

New Ivanti Connect Secure Zero-Day Exploited by Threat Actors

Security Boulevard

FEBRUARY 6, 2024

Tell me more about the Ivanti zero-days The first of these vulnerabilities, tagged as CVE-2024-21893, is a zero-day flaw that’s currently being actively exploited. Read More The post New Ivanti Connect Secure Zero-Day Exploited by Threat Actors appeared first on Nuspire. Read on to learn more.

Software

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

The threat actors behind the attacks used both zero-day and n-day exploits in their exploits. The threat actors behind the attacks used both zero-day and n-day exploits in their exploits. Google TAG shared indicators of compromise (IoCs) for both campaigns.

Spyware

Spyware Surveillance Mobile Education

Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts

Heimadal Security

OCTOBER 21, 2021

Security experts with Google’s Threat Analysis Group (TAG), who first noticed the operation in late 2019, say that the company had disrupted phishing campaigns ever since. The post Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts appeared first on Heimdal Security Blog.

Accountability

Accountability Phishing Passwords Malware

North Korea-linked campaign targets security experts via social media

Security Affairs

JANUARY 26, 2021

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. ” reads the TAG’s report. ” reads the TAG’s report.

Media

Media Social Engineering Engineering Accountability

4 Ways North Korea Is Targeting Security Researchers

SecureWorld News

JANUARY 26, 2021

Google's Threat Analysis Group (TAG) has been working for several months to try to identify who is behind an ongoing campaign targeting security researchers, specifically those who work on vulnerability research and development at a variety of organizations. However, because they are heroes, they are also targets.

Social Engineering

Social Engineering Engineering Accountability Malware

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Malware

Malware Phishing Antivirus Hacking

How to Enhance Data Loss Prevention in Office 365

Security Boulevard

MARCH 17, 2021

<a href='/blog?tag=Cybersecurity'>Cybersecurity</a> tag=Cybersecurity'>Cybersecurity</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=IT Request a Demo. Additional Resources. Featured: .

Data breaches

Data breaches Ransomware Financial Services CISO

Malicious Accounts that Targeted Security Researches Were Suspended by Twitter

Heimadal Security

OCTOBER 19, 2021

Two malicious accounts used by threat actors in a seemingly North Korean cyber-espionage campaign were suspended by Twitter. The ones who initially discovered this campaign that is still developing were the TAG […]. The ones who initially discovered this campaign that is still developing were the TAG […].

Accountability

Accountability Malware Cybersecurity

North Korea-linked hackers target security experts again

Security Affairs

MARCH 31, 2021

Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. Experts noticed that the website used in this campaign has a link to a PGP public key which is the same that was found on attackers’ blog in a campaign spotted in January.

Media

Media Antivirus Accountability Internet

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

Security Boulevard

AUGUST 30, 2021

<a href='/blog?tag=Endpoint tag=Endpoint Protection'>Endpoint Protection</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Advanced

Social Engineering

Social Engineering Cybersecurity Unstructured Data Engineering

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

MAY 23, 2022

Threat & Detection Research (TDR) team have uncovered a reconnaissance and espionage campaign conducted by Russia-linked Turla APT aimed at the Baltic Defense College, the Austrian Economic Chamber (involved in government decision-making such as economic sanctions) and NATO’s eLearning platform JDAL (Joint Advanced Distributed Learning).

Government

Government Hacking Cybersecurity Information Security

Reuters: Russia-linked APT behind Brexit leak website

Security Affairs

MAY 28, 2022

Russia-linked threat actors are behind a new website that published leaked emails from leading proponents of Britain’s exit from the EU, the Reuters reported. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”). ” reported the Reuters.

Authentication

Authentication Hacking Cybersecurity Accountability

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 8, 2023

The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. Mandiant researchers first observed this affiliate targeting Veritas issues in the wild on October 22, 2022.

Backups

Backups Spyware Ransomware Education

China-linked threat actors target Indian Power Grid organizations

Security Affairs

APRIL 9, 2022

China-linked threat actors continue to target Indian power grid organizations, most of the attacks involved the ShadowPad backdoor. Recorded Future’s Insikt Group researchers uncovered a campaign conducted by a China-linked threat actor targeting Indian power grid organizations. To nominate, please visit:? Pierluigi Paganini.

Hacking

Hacking Technology Cybersecurity Information Security

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

SecureWorld News

OCTOBER 19, 2021

But just because Russia is one of the largest threats does not mean it is wise to discount other global malicious organizations. One notorious hacking group from Iran uses particularly dirty schemes to fleece users, according to Google's Threat Analysis Group (TAG). How can users stay safe from APT35's advanced threats?

Phishing

Phishing Authentication Social Engineering Government

TAG Cyber: Content Disarm and Reconstruction – What It Is and Why It Should Be in Your Toolbox

Security Boulevard

FEBRUARY 16, 2023

By John Masserini, Senior Research Analyst, TAG Cyber As more and more enterprises move towards modernizing their infrastructures and solidifying their new, post-pandemic business models, unexpected attack vectors have emerged.

SAP Patch Day: December 2023

Security Boulevard

DECEMBER 12, 2023

SAP Security Note #3350297 , tagged with a CVSS score of 9.1, The New HotNews Note in Detail SAP Security Note #3411067 , tagged with a CVSS score of 9.1, SAP has released a blog post on Security Note #3411067 that emphasizes the importance of updating the affected components.

Passwords

Passwords Technology Mobile Government

Apple addressed two actively exploited zero-day flaws

Security Affairs

APRIL 7, 2023

Both vulnerabilities were reported by Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab. Today, Apple published an emergency update for all iPhones to patch an exploit chain which we, together with @_clem1 (Google TAG) discovered in the wild.

Education

Education Media Hacking Accountability

Public Sector Cybersecurity Priorities in 2021

Security Boulevard

FEBRUARY 3, 2021

<a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> tag='></a> 2020 was a year of unprecedented challenge for anyone working in public sector cybersecurity. Featured: .

Cybersecurity

Cybersecurity Digital transformation Cyber threats Ransomware

Attackers create phishing lures with standard tools in Google Docs to steal credentials

SC Magazine

JUNE 17, 2021

In a blog post, Avanan said hackers are bypassing static link scanners by hosting their attacks on publicly-known services. According to Avanan blog, once the attacker publishes the lure, “Google provides a link with embed tags that are meant to be used on forums to render custom content.

Phishing

Phishing Social Engineering Engineering CISO

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. ” This week, Google Threat Analysis Group (TAG) also warned of North Korea-linked hackers targeting security researchers through social media.

Malware

Malware Antivirus Hacking Accountability

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

MARCH 16, 2023

Outlook NTLM exploit “Additionally, Microsoft confirmed that the flaw had been exploited as a zero day as part of limited attacks against government, transportation, energy, and military targets organizations in Europe by a Russia-based threat actor,” Narang said.

Energy and Utilities

Energy and Utilities Authentication Firewall Engineering

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Malwarebytes

MARCH 18, 2022

The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. Among these interested parties TAG found the Conti and Diavol ransomware groups. From the TAG blog we can learn that Exotic Lily was very much specialized. Initial access broker. Exotic Lily.

Ransomware

Ransomware Malware Social Engineering Media

VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

Security Affairs

DECEMBER 1, 2021

VirusTotal announced VirusTotal Collections, a new service that allows threat researchers to share Indicators of Compromise (IoCs). A collection is a live report that includes IoCs associated with a specific threat and it is available for VirusTotal registered users. ” reads the announcement published by Virus Total.

Hacking

Hacking Information Security Malware

Microsoft Patch Tuesday, August 2022 Edition

Krebs on Security

AUGUST 9, 2022

Microsoft this month also issued a different patch for another MSDT flaw, tagged as CVE-2022-35743. See Microsoft’s blog post on the Exchange Server updates for more details. The publicly disclosed Exchange flaw is CVE-2022-30134 , which is an information disclosure weakness.

Authentication

Authentication Internet Internet Cyber threats

Technical Analysis of Xloader’s Code Obfuscation in Version 4.3

Security Boulevard

MARCH 30, 2023

In early 2020, Formbook was rebranded as Xloader and the threat actors moved to a malware-as-a-service (MaaS) business model, renting C2 infrastructure to customers. The threat actors behind this malware family have been updating and improving the code regularly. In early 2022, the threat actors released Xloader version 2.9,

Encryption

Encryption Malware

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

China-linked APT Curious Gorge targeted Russian govt agencies

Trending Sources

Google TAG warns of Russia-linked APT groups targeting Ukraine

Google Confirms Increase In Russian Cyber Attacks Against Ukraine

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

NATO Countries Targeted in Russian Phishing Attacks, Google Reports

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

China-linked APT41 group spotted using open-source red teaming tool GC2

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

China-linked threat actors are targeting the government of Ukraine

Google Threat Analysis Group took down ten influence operations in Q2 2020

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

New Kritec Magecart skimmer found on Magento stores

N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches

Remote Working One Year On: What the Future Holds for Cybersecurity

Google TAG shares details about exploit chains used to install commercial spyware

Social Media Apps like LinkedIn Have Become Tools for Human Hacking

New Ivanti Connect Secure Zero-Day Exploited by Threat Actors

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts

North Korea-linked campaign targets security experts via social media

4 Ways North Korea Is Targeting Security Researchers

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

How to Enhance Data Loss Prevention in Office 365

Malicious Accounts that Targeted Security Researches Were Suspended by Twitter

North Korea-linked hackers target security experts again

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Reuters: Russia-linked APT behind Brexit leak website

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

China-linked threat actors target Indian Power Grid organizations

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

TAG Cyber: Content Disarm and Reconstruction – What It Is and Why It Should Be in Your Toolbox

SAP Patch Day: December 2023

Apple addressed two actively exploited zero-day flaws

Public Sector Cybersecurity Priorities in 2021

Attackers create phishing lures with standard tools in Google Docs to steal credentials

Microsoft: North Korea-linked Zinc APT targets security experts

Microsoft Targets Critical Outlook Zero-Day Flaw

Meet Exotic Lily, access broker for ransomware and other malware peddlers

VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

Microsoft Patch Tuesday, August 2022 Edition

Technical Analysis of Xloader’s Code Obfuscation in Version 4.3

Stay Connected