Blog and Cybersecurity - Cyber Security Informer

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

Everest Gang Puts $200K Price Tag on ESKOM Stolen Data

Heimadal Security

OCTOBER 11, 2022

The post Everest Gang Puts $200K Price Tag on ESKOM Stolen Data appeared first on Heimdal Security Blog. ESKOM describes its activity as transforming inputs from the natural environment – coal, nuclear, fuel, diesel, water, and wind – into more than 90% of the energy supplied to a wide range of customers […].

Hacking

Hacking Cybersecurity

Remote Working One Year On: What the Future Holds for Cybersecurity

Security Boulevard

MARCH 19, 2021

<a href='/blog?tag=Inbound tag=Inbound Threats'>Inbound Threats</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Email This certainly applies to the volume of threats facing cybersecurity teams. The Need for Cybersecurity Agility.

Cybersecurity

Cybersecurity CISO Social Engineering Technology

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

Security Boulevard

AUGUST 30, 2021

<a href='/blog?tag=Endpoint tag=Endpoint Protection'>Endpoint Protection</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Advanced

Social Engineering

Social Engineering Cybersecurity Unstructured Data Engineering

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Government Phishing Passwords

Public Sector Cybersecurity Priorities in 2021

Security Boulevard

FEBRUARY 3, 2021

<a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> tag='></a> 2020 was a year of unprecedented challenge for anyone working in public sector cybersecurity.

Cybersecurity

Cybersecurity Digital transformation Cyber threats Ransomware

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Security Affairs

JUNE 19, 2022

The vulnerability resides in the Merge Tag feature of the plugin. “One feature of Ninja Forms is the ability to add “Merge Tags” to forms that will auto-populate values from other areas of WordPress like Post IDs and logged in user’s names. ” reads the advisory published by Wordfence. To nominate, please visit:?.

Hacking

Hacking Cybersecurity Information Security

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Google TAG shared indicators of compromise (IoCs) for both campaigns. The experts pointed out that both campaigns were limited and highly targeted.

Spyware

Spyware Surveillance Mobile Education

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

In addition, educating employees about cybersecurity issues can help to reinforce the security-minded culture of the organization and change employee behaviour. Make sure to use common, understandable labels and data value tags for your data. Provide frequent training about the risks of cyberattacks. Use a corporate VPN.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Security Affairs

APRIL 13, 2022

The remote code execution flaw, tracked as CVE-2020-17530, resides in forced OGNL evaluation when evaluated on raw user input in tag attributes. Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution – similar to S2-059.” ” reads the advisory published by Apache. link] .

Software

Software Hacking Cybersecurity Information Security

Reinventing Asset Management for Cybersecurity Professionals

IT Security Guru

MAY 24, 2021

Today, I’m excited to introduce Qualys CyberSecurity Asset Management (CSAM), which moves the needle further by adding security context to those capabilities and allowing organizations to detect the security gaps in their infrastructure and respond to the risk. CyberSecurity Asset Management video. Detect and Monitor Asset Health.

Cybersecurity

Cybersecurity Risk Software Data collection

Google Confirms Increase In Russian Cyber Attacks Against Ukraine

Heimadal Security

FEBRUARY 21, 2023

According to a new report released by Google’s Threat Analysis Group (TAG) and Mandiant, Russia’s cyber attacks against Ukraine increased by 250% in 2022. The company said it observed […] The post Google Confirms Increase In Russian Cyber Attacks Against Ukraine appeared first on Heimdal Security Blog.

Cyber Attacks

Cyber Attacks Media Government Cybersecurity

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG.

Phishing

Phishing Media Passwords Malware

Users in Italy and Kazakhstan Targeted by Spyware Provider

Heimadal Security

JUNE 24, 2022

Every campaign that TAG was made aware of began with […]. The post Users in Italy and Kazakhstan Targeted by Spyware Provider appeared first on Heimdal Security Blog. What Happened?

Spyware

Spyware Mobile Cybersecurity

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

Heimadal Security

JANUARY 14, 2022

An unofficial patch was released for a privilege escalation vulnerability that has an impact on all versions of Windows after Microsoft tagged its status as “won’t fix”. The post Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available appeared first on Heimdal Security Blog.

Cybersecurity

NATO Countries Targeted in Russian Phishing Attacks, Google Reports

Heimadal Security

MARCH 31, 2022

According to the Google Threat Analysis Group (TAG), a great number of threat actors are currently exploiting the event of the Russian invasion in Ukraine to launch phishing and malware cyberattacks against Eastern European and NATO countries. The cyberattacks also target Ukraine.

Phishing

Phishing Government Malware Cybersecurity

How to Enhance Data Loss Prevention in Office 365

Security Boulevard

MARCH 17, 2021

<a href='/blog?tag=Cybersecurity'>Cybersecurity</a> tag=Cybersecurity'>Cybersecurity</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=IT Request a Demo. Additional Resources. Featured: .

Data breaches

Data breaches Ransomware Financial Services CISO

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization.

Media

Media Accountability Government Malware

4 Ways North Korea Is Targeting Security Researchers

SecureWorld News

JANUARY 26, 2021

Security researchers are some of the unsung heroes within the cybersecurity field. Google's Threat Analysis Group (TAG) has been working for several months to try to identify who is behind an ongoing campaign targeting security researchers, specifically those who work on vulnerability research and development at a variety of organizations.

Social Engineering

Social Engineering Engineering Accountability Malware

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 8, 2023

The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. US CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog.

Backups

Backups Spyware Ransomware Education

A New PowerShell Backdoor Is Being Used in Log4j Attacks

Heimadal Security

JANUARY 12, 2022

The vulnerability, officially tagged as CVE-2021-44228 and called Log4Shell or LogJam, is an unauthenticated RCE vulnerability that allows total system takeover […]. The post A New PowerShell Backdoor Is Being Used in Log4j Attacks appeared first on Heimdal Security Blog.

Cybersecurity

Monero Miners Injected in Log4j Through RMI

Heimadal Security

DECEMBER 17, 2021

The vulnerability, officially tagged as CVE-2021-44228 and called Log4Shell or LogJam, is an unauthenticated RCE vulnerability that allows total system takeover on systems running Log4j 2.0-beta9 The post Monero Miners Injected in Log4j Through RMI appeared first on Heimdal Security Blog. beta9 through 2.14.1. What Is Happening?

Cybersecurity

Russia’s SVR WellMess Malware Is Seemingly Still in the Game

Heimadal Security

AUGUST 2, 2021

Its target was the stealing of COVID-19 vaccine investigations at that time, using malware tagged as “WellMess” or “WellMail” Then, the U.S. The post Russia’s SVR WellMess Malware Is Seemingly Still in the Game appeared first on Heimdal Security Blog. Presidency accused Russian […].

Malware

Malware Cybersecurity

Reuters: Russia-linked APT behind Brexit leak website

Security Affairs

MAY 28, 2022

According to a Google cybersecurity official and the former head of UK foreign intelligence, the “Very English Coop d’Etat” website was set up to publish private emails from Brexit supporters, including former British MI6 chief Richard Dearlove, leading Brexit campaigner Gisela Stuart, and historian Robert Tombs.

Authentication

Authentication Hacking Cybersecurity Accountability

The Log4j Vulnerability Is Now Used by State-Backed Hackers

Heimadal Security

DECEMBER 16, 2021

The vulnerability, officially tagged as CVE-2021-44228 and called Log4Shell or LogJam, is an unauthenticated RCE vulnerability that allows total system takeover on systems running Log4j 2.0-beta9 The post The Log4j Vulnerability Is Now Used by State-Backed Hackers appeared first on Heimdal Security Blog. beta9 through 2.14.1.

Cryptocurrency

Cryptocurrency Cybersecurity

Phishing Actors Are Already Exploiting the Omicron COVID-19 Variant

Heimadal Security

DECEMBER 3, 2021

1.1.529 a variant of concern, named Omicron, on the advice of WHO’s Technical Advisory Group on Virus Evolution (TAG-VE). This decision was based on the evidence presented to the TAG-VE that Omicron has several mutations that may have an […]. On 26 November 2021, WHO designated the variant B.1.1.529

Phishing

Phishing Scams Cybersecurity

North Korea-linked campaign targets security experts via social media

Security Affairs

JANUARY 26, 2021

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. ” reads the TAG’s report. ” reads the TAG’s report.

Media

Media Social Engineering Engineering Accountability

North Korea-linked hackers target security experts again

Security Affairs

MARCH 31, 2021

Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. Experts noticed that the website used in this campaign has a link to a PGP public key which is the same that was found on attackers’ blog in a campaign spotted in January.

Media

Media Antivirus Accountability Internet

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

MAY 23, 2022

SEKOIA researchers started their investigation after the publication of Google’s Threat Analysis Group (TAG)’s report “ Update on cyber activity in Eastern Europe ” which detailed the activity of nation-state actors against Eastern Europe. org jadlactnato.webredirect[.]org. Follow me on Twitter: @securityaffairs and Facebook.

Government

Government Hacking Cybersecurity Information Security

Malicious Accounts that Targeted Security Researches Were Suspended by Twitter

Heimadal Security

OCTOBER 19, 2021

The ones who initially discovered this campaign that is still developing were the TAG […]. The post Malicious Accounts that Targeted Security Researches Were Suspended by Twitter appeared first on Heimdal Security Blog.

Accountability

Accountability Malware Cybersecurity

Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts

Heimadal Security

OCTOBER 21, 2021

Security experts with Google’s Threat Analysis Group (TAG), who first noticed the operation in late 2019, say that the company had disrupted phishing campaigns ever since. The post Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts appeared first on Heimdal Security Blog.

Accountability

Accountability Phishing Passwords Malware

Apple addressed two actively exploited zero-day flaws

Security Affairs

APRIL 7, 2023

Today, Apple published an emergency update for all iPhones to patch an exploit chain which we, together with @_clem1 (Google TAG) discovered in the wild. Super proud of our team at @AmnestyTech and everyone who helped in this investigation.

Education

Education Media Hacking Accountability

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

“The tags such as ‘ads_enable’ or ‘collect_enable’ indicates each functionality to work or not while other parameters define conditions and availability.” Based on the parameters, the library periodically checks, pulls device information, and sends them to the remote servers.”

Data collection

Data collection Mobile Malware Education

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Malwarebytes

MARCH 18, 2022

The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. Among these interested parties TAG found the Conti and Diavol ransomware groups. From the TAG blog we can learn that Exotic Lily was very much specialized. Initial access broker. Exotic Lily.

Ransomware

Ransomware Malware Social Engineering Media

China-linked threat actors target Indian Power Grid organizations

Security Affairs

APRIL 9, 2022

The security firm is tracking this cluster of malicious activities under the moniker Threat Activity Group 38 aka TAG-38. Recorded Future’s Insikt Group researchers uncovered a campaign conducted by a China-linked threat actor targeting Indian power grid organizations. ” reads the advisory published by Recorded Future.

Hacking

Hacking Technology Cybersecurity Information Security

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

Cybersecurity specialists should be especially careful with attribution, as in some cases such activity leads to provocations and purposely generated operations. Ukraine’s main cybersecurity incident response team released a list of the five most persistent hacking groups and malware families attacking Ukraine’s critical infrastructure.

Government

Government DDOS Cyber Attacks Hacking

Bad Actor Using New Method to Avert Detection, Google Discovers

SecureWorld News

SEPTEMBER 25, 2021

In a blog post, Neel Mehta, Information Security lead for Google, explains how a hacker has managed to break certificate code parsing to invade email inboxes and infect users with malware. This is the first time TAG has observed actors using this technique to evade detection while preserving a valid digital signature on PE files.“.

Malware

Malware Software Authentication Cybersecurity

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online

Security Affairs

JUNE 5, 2022

Researchers from cybersecurity firm GreyNoise reported that 23 unique IP addresses were observed exploiting the Atlassian vulnerabilities. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. 23 unique IPs so far. Follow me on Twitter: @securityaffairs and Facebook.

VPN

VPN IoT Cybersecurity Engineering

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware

Spyware Ransomware Malware Data breaches

Microsoft Targets Critical Outlook Zero-Day Flaw

eSecurity Planet

MARCH 16, 2023

. “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,” Microsoft explained.

Energy and Utilities

Energy and Utilities Authentication Firewall Engineering

Security Affairs newsletter Round 371 by Pierluigi Paganini

Security Affairs

JUNE 26, 2022

SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022 Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer Flagstar Bank discloses a data breach that impacted 1.5

Small Business

Small Business Spyware Data breaches Surveillance

Clone of How to Enhance Data Loss Prevention in Office 365

Security Boulevard

AUGUST 24, 2021

<a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> tag='></a> Protecting customer data from loss and leakage has become a top priority for enterprises over the past decade.

Data breaches

Data breaches Ransomware Financial Services CISO

Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer

Malwarebytes

APRIL 3, 2023

By trying some simple HTML code like a H1 tag that is often used to display the main topic on a web page in a larger font size, they found that clicking on Cluster in the options on the Events tab resulted in a new title being displayed as a large title, due to the effect of the <h1> tag.

Authentication

Authentication Risk Cybersecurity

Magecart gang hides PHP-based web shells in favicons

Security Affairs

MAY 14, 2021

Threat actors edited the shortcut icon tags with a path to the fake PNG file. “In comparison, the skimmer we showed in this blog dynamically injects code into the merchant site. ” Please vote Security Affairs as Best Personal cybersecurity Blog [link]. ” reads the analysis published by Malwarebytes.

Cybercrime

Cybercrime Malware Hacking Cybersecurity

Google TAG warns of Russia-linked APT groups targeting Ukraine

Everest Gang Puts $200K Price Tag on ESKOM Stolen Data

Trending Sources

Remote Working One Year On: What the Future Holds for Cybersecurity

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

China-linked APT Curious Gorge targeted Russian govt agencies

Public Sector Cybersecurity Priorities in 2021

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Reinventing Asset Management for Cybersecurity Professionals

Google Confirms Increase In Russian Cyber Attacks Against Ukraine

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Users in Italy and Kazakhstan Targeted by Spyware Provider

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

NATO Countries Targeted in Russian Phishing Attacks, Google Reports

How to Enhance Data Loss Prevention in Office 365

China-linked APT41 group spotted using open-source red teaming tool GC2

4 Ways North Korea Is Targeting Security Researchers

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

A New PowerShell Backdoor Is Being Used in Log4j Attacks

Monero Miners Injected in Log4j Through RMI

Russia’s SVR WellMess Malware Is Seemingly Still in the Game

Reuters: Russia-linked APT behind Brexit leak website

The Log4j Vulnerability Is Now Used by State-Backed Hackers

Phishing Actors Are Already Exploiting the Omicron COVID-19 Variant

North Korea-linked campaign targets security experts via social media

North Korea-linked hackers target security experts again

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Malicious Accounts that Targeted Security Researches Were Suspended by Twitter

Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts

Apple addressed two actively exploited zero-day flaws

New Android malicious library Goldoson found in 60 apps +100M downloads

Meet Exotic Lily, access broker for ransomware and other malware peddlers

China-linked threat actors target Indian Power Grid organizations

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Bad Actor Using New Method to Avert Detection, Google Discovers

PoC exploits for Atlassian CVE-2022-26134 RCE flaw released online

Security Affairs newsletter Round 416 by Pierluigi Paganini – International edition

Microsoft Targets Critical Outlook Zero-Day Flaw

Security Affairs newsletter Round 371 by Pierluigi Paganini

Clone of How to Enhance Data Loss Prevention in Office 365

Super FabriXss: an RCE vulnerability in Azure Service Fabric Explorer

Magecart gang hides PHP-based web shells in favicons

Stay Connected