Blog and Cybercrime - Cyber Security Informer

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

SecureWorld News

OCTOBER 19, 2021

One notorious hacking group from Iran uses particularly dirty schemes to fleece users, according to Google's Threat Analysis Group (TAG). According to Google’s TAG blog, APT35 have been active since at least 2017, including attacks on the 2020 U.S. Read Google's official TAG blog to learn more about the technical details.

Phishing

Phishing Social Engineering Authentication Government

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Malwarebytes

MARCH 18, 2022

The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. Among these interested parties TAG found the Conti and Diavol ransomware groups. From the TAG blog we can learn that Exotic Lily was very much specialized. Initial access broker. Exotic Lily.

Ransomware

Ransomware Malware Social Engineering Media

TA505 Cybercrime targets system integrator companies

Security Affairs

NOVEMBER 12, 2019

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. The infrastructure used in the attacks suggests the involvement of the cybercrime group TA505. SecurityAffairs – TA505, cybercrime). Introduction. net http[://com-mk84.net. Pierluigi Paganini.

Cybercrime

Cybercrime Computers and Electronics Penetration Testing Malware

7 Cyber Safety Tips to Outsmart Scammers

Webroot

FEBRUARY 26, 2024

Cybercrime isn’t just a futuristic Hollywood plotline, it’s a real threat that targets everyone—from wide-eyed kids to seasoned adults and wise grandparents. Keep your devices updated Newsflash: Cybercriminals love exploiting vulnerabilities in outdated software like it’s Black Friday at the cybercrime emporium.

Scams

Scams VPN Passwords Phishing

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware

Spyware Ransomware Malware Data breaches

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

“The tags such as ‘ads_enable’ or ‘collect_enable’ indicates each functionality to work or not while other parameters define conditions and availability.” Based on the parameters, the library periodically checks, pulls device information, and sends them to the remote servers.”

Data collection

Data collection Mobile Malware Education

Magecart gang hides PHP-based web shells in favicons

Security Affairs

MAY 14, 2021

Magecart cybercrime gang is using favicon to hide malicious PHP web shells used to maintain remote access to inject JavaScript skimmers into online stores. Threat actors edited the shortcut icon tags with a path to the fake PNG file. ” Please vote Security Affairs as Best Personal cybersecurity Blog [link].

Cybercrime

Cybercrime Malware Hacking Cybersecurity

Attackers create phishing lures with standard tools in Google Docs to steal credentials

SC Magazine

JUNE 17, 2021

In a blog post, Avanan said hackers are bypassing static link scanners by hosting their attacks on publicly-known services. According to Avanan blog, once the attacker publishes the lure, “Google provides a link with embed tags that are meant to be used on forums to render custom content.

Phishing

Phishing Social Engineering Engineering CISO

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. Make sure to use common, understandable labels and data value tags for your data. . • Create security awareness for employees. Use a corporate VPN.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

HUMAN Orchestrates Unprecedented Private Takedown, VASTFLUX

CyberSecurity Insiders

JANUARY 19, 2023

HUMAN worked closely with its partners in the Human Collective to get additional insight into traffic volumes and verification tags they were using on their ads. To learn more about the VASTFLUX operation, visit the HUMAN blog , or read the full technical report.

Advertising

Advertising Cybercrime CISO Education

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

The Last Watchdog

SEPTEMBER 7, 2022

They could be on the other side of the globe, part of a cybercrime regime that will never be discovered, much less brought to justice. The price tag of the ransom is just one of the many costs of these attacks, and remediation can often exceed this fee many times over. But the situation isn’t hopeless. The impact of ransomware.

Ransomware

Ransomware Education Financial Services Phishing

HTML Smuggling Techniques on the Rise: Microsoft

eSecurity Planet

NOVEMBER 16, 2021

HTML smuggling uses both the HTML5 “download” attribute and a JavaScript Blog to pull together the payload after it is downloaded into the victim’s device. Everyone is scrambling to update their tools to identify and eliminate the threats. It’s a never-ending cat-and-mouse race.”. Leveraging HTML5 and JavaScript. Trickbot Attacks.

Firewall

Firewall Ransomware Banking Malware

Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity

Malwarebytes

MAY 13, 2021

This blog post was authored by Jérôme Segura. The way it is injected in compromised sites is by editing the shortcut icon tags with a path to the fake PNG file. In comparison, the skimmer we showed in this blog dynamically injects code into the merchant site.

Malware

Malware Hacking Software Cybercrime

MalwareBazaar – welcome to the abuse-ch malware repository

Security Affairs

MARCH 24, 2020

Users could search for a specific malware family and filter malware using Hashes and TAGS. However, I often get confronted with a simple but severe problem: malware samples referenced in blog posts, whitepaper or mentioned on social media like Twitter are usually not easily available.” ” abuse.ch Pierluigi Paganini.

Malware

Malware Adware Cyber threats Advertising

Another NFT explainer, with a bonus look at the data security implications

Webroot

MAY 12, 2021

NFT theft and a new brand of cybercrime. NFTs’ massive price tags and novel technological backing make them attractive target for cybercriminals. The post Another NFT explainer, with a bonus look at the data security implications appeared first on Webroot Blog.

Cryptocurrency

Cryptocurrency Marketing Phishing Authentication

BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands

Security Affairs

JULY 11, 2022

In a recent post from 10 Jul 2022, 15:35 pm in Dark Web , “ALPHV” introduced search not only by text signatures, but also supporting tags for search of passwords and compromised PII. Additional info is available in the post published by Resecurity on its blog: [link]. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Passwords Data breaches Technology

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

Security Affairs

APRIL 2, 2023

Nominate here: [link] Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, newsletter) The post Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition appeared first on Security Affairs.

Spyware

Spyware Surveillance Artificial Intelligence Data breaches

APT trends report Q1 2021

SecureList

APRIL 27, 2021

In November and December 2020, two public blog posts were published about this campaign. On January 25, the Google Threat Analysis Group (TAG) announced that a North Korean-related threat actor had targeted security researchers.

Malware

Malware Spyware Government Social Engineering

How to trace ransomware payments end-to-end

Elie

AUGUST 31, 2017

This series of three blog posts summarizes the key findings of our large-scale study. This blog post, the first in the series, explains the methodology and techniques we developed to trace ransomware payments end-to-end. This makes it ideal for conducting cybercrimes. Why are ransoms in Bitcoin?

Ransomware

Ransomware Backups Encryption Scams

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

MAY 11, 2021

Here’s a closer look at the DarkSide cybercrime gang, as seen through their negotiations with a recent U.S. “We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives [sic],” reads an update to the DarkSide Leaks blog.

Ransomware

Ransomware Advertising Healthcare Penetration Testing

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor. A recent leak has put it in the hands of cybercrime actors and it is very likely that by the end of the year we will see it involved in APT cases too.

Firmware

Firmware Surveillance Mobile Telecommunications

Cyber Security Informer

Google TAG warns of Russia-linked APT groups targeting Ukraine

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Trending Sources

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

Meet Exotic Lily, access broker for ransomware and other malware peddlers

TA505 Cybercrime targets system integrator companies

7 Cyber Safety Tips to Outsmart Scammers

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

New Android malicious library Goldoson found in 60 apps +100M downloads

Magecart gang hides PHP-based web shells in favicons

Attackers create phishing lures with standard tools in Google Docs to steal credentials

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

HUMAN Orchestrates Unprecedented Private Takedown, VASTFLUX

GUEST ESSAY: The drivers behind persistent ransomware — and defense tactics to deploy

HTML Smuggling Techniques on the Rise: Microsoft

Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity

MalwareBazaar – welcome to the abuse-ch malware repository

Another NFT explainer, with a bonus look at the data security implications

BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands

Security Affairs newsletter Round 413 by Pierluigi Paganini – International edition

APT trends report Q1 2021

How to trace ransomware payments end-to-end

A Closer Look at the DarkSide Ransomware Gang

Advanced threat predictions for 2023

Stay Connected