Blog - Cyber Security Informer

TAG Cyber: Content Disarm and Reconstruction – What It Is and Why It Should Be in Your Toolbox

Security Boulevard

FEBRUARY 16, 2023

By John Masserini, Senior Research Analyst, TAG Cyber As more and more enterprises move towards modernizing their infrastructures and solidifying their new, post-pandemic business models, unexpected attack vectors have emerged.

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

My Blog Now Has a Content Security Policy - Here's How I've Done It

Troy Hunt

FEBRUARY 1, 2018

I've used them to fix mixed content warnings on this blog after Disqus made a little mistake , you'll see one adorning Have I Been Pwned (HIBP) and I even wrote a dedicated Pluralsight course on browser security headers. For example, this blog runs on Ghost Pro which is a managed SaaS platform.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. We will continue to update our recent blog as necessary. ” wrote Leonard.

Government

Government Engineering Phishing Hacking

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Security Affairs

JUNE 19, 2022

The vulnerability resides in the Merge Tag feature of the plugin. “One feature of Ninja Forms is the ability to add “Merge Tags” to forms that will auto-populate values from other areas of WordPress like Post IDs and logged in user’s names. ” reads the advisory published by Wordfence. To nominate, please visit:?.

Hacking

Hacking Cybersecurity Information Security

Google Confirms Increase In Russian Cyber Attacks Against Ukraine

Heimadal Security

FEBRUARY 21, 2023

According to a new report released by Google’s Threat Analysis Group (TAG) and Mandiant, Russia’s cyber attacks against Ukraine increased by 250% in 2022. The company said it observed […] The post Google Confirms Increase In Russian Cyber Attacks Against Ukraine appeared first on Heimdal Security Blog.

Cyber Attacks

Cyber Attacks Media Government Cybersecurity

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

The Hacker News

JANUARY 26, 2023

Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the company's Threat Analysis Group (TAG) said in a report shared with The Hacker News.

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Anton on Security

JANUARY 10, 2024

So, we ( Tim and Anton , the crew behind the podcast ) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. Much better website with content tags Finally, an obvious call to action! More video!

Cloud Migration

Cloud Migration Government Network Security Risk

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

NetSpi Technical

MARCH 11, 2024

This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. In late 2015, Nick Landers, Co-Founder of Dreadnode, published a blog on the abuse of Outlook Rules for RCE. include <Windows.h>

Authentication

Authentication Penetration Testing Technology Phishing

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

Heimadal Security

JANUARY 14, 2022

An unofficial patch was released for a privilege escalation vulnerability that has an impact on all versions of Windows after Microsoft tagged its status as “won’t fix”. The post Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available appeared first on Heimdal Security Blog.

Cybersecurity

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Google TAG shared indicators of compromise (IoCs) for both campaigns. CISA has added nine flaws to its Known Exploited Vulnerabilities catalog, including bugs exploited by commercial spyware on mobile devices. The experts pointed out that both campaigns were limited and highly targeted.

Spyware

Spyware Surveillance Mobile Education

New Kritec Magecart skimmer found on Magento stores

Malwarebytes

MARCH 22, 2023

Recently, while reading a blog post from security vendor Akamai, we spotted a similar situation. In this blog post, we show how the newly found Kritec skimmer was found along side one of its competitors. that the skimmer was using WebSockets and is the same one as described in Akamai's blog. They also list nebiltech[.]shop

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Spyware

Spyware Surveillance Firmware Internet

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Security Affairs

APRIL 13, 2022

The remote code execution flaw, tracked as CVE-2020-17530, resides in forced OGNL evaluation when evaluated on raw user input in tag attributes. Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution – similar to S2-059.” To nominate, please visit:? Pierluigi Paganini.

Software

Software Hacking Cybersecurity Information Security

Everest Gang Puts $200K Price Tag on ESKOM Stolen Data

Heimadal Security

OCTOBER 11, 2022

The post Everest Gang Puts $200K Price Tag on ESKOM Stolen Data appeared first on Heimdal Security Blog. The hacker group going by the name of Everest claims to have hacked South Africa state-owned company ESKOM Hld SOC Ltd.

Hacking

Hacking Cybersecurity

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization.

Media

Media Accountability Government Malware

Russia’s SVR WellMess Malware Is Seemingly Still in the Game

Heimadal Security

AUGUST 2, 2021

Its target was the stealing of COVID-19 vaccine investigations at that time, using malware tagged as “WellMess” or “WellMail” Then, the U.S. The post Russia’s SVR WellMess Malware Is Seemingly Still in the Game appeared first on Heimdal Security Blog. Presidency accused Russian […].

Malware

Malware Cybersecurity

Google Threat Analysis Group took down ten influence operations in Q2 2020

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. response to COVID-19.

Accountability

Accountability Advertising Media Government

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG.

Phishing

Phishing Media Passwords Malware

Stylish Magento Card Stealer loads Without Script Tags

Security Boulevard

JULY 28, 2021

found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. Continue reading Stylish Magento Card Stealer loads Without Script Tags at Sucuri Blog. The post Stylish Magento Card Stealer loads Without Script Tags appeared first on Security Boulevard.

Antivirus

Antivirus Malware Encryption Hacking

How to Enhance Data Loss Prevention in Office 365

Security Boulevard

MARCH 17, 2021

<a href='/blog?tag=Cybersecurity'>Cybersecurity</a> tag=Cybersecurity'>Cybersecurity</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=IT Reporting functionality must also be customizable to specific requirements.

Data breaches

Data breaches Ransomware Financial Services CISO

4 Ways North Korea Is Targeting Security Researchers

SecureWorld News

JANUARY 26, 2021

Google's Threat Analysis Group (TAG) has been working for several months to try to identify who is behind an ongoing campaign targeting security researchers, specifically those who work on vulnerability research and development at a variety of organizations. However, because they are heroes, they are also targets.

Social Engineering

Social Engineering Engineering Accountability Malware

Remote Working One Year On: What the Future Holds for Cybersecurity

Security Boulevard

MARCH 19, 2021

<a href='/blog?tag=Inbound tag=Inbound Threats'>Inbound Threats</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Email Blog: 2020 – A Transformation Year in Cybersecurity On-Demand Webinar: Is Your Remote Workforce a Top Security Risk? .

Cybersecurity

Cybersecurity CISO Social Engineering Technology

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

Security Boulevard

AUGUST 30, 2021

<a href='/blog?tag=Endpoint tag=Endpoint Protection'>Endpoint Protection</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Advanced

Social Engineering

Social Engineering Cybersecurity Unstructured Data Engineering

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. Google TAG researchers reported that the same group, tracked as Zinc ,” also targeted security researchers in past campaigns.

Malware

Malware Phishing Antivirus Hacking

MTE - The promising path forward for memory safety

Google Security

NOVEMBER 7, 2023

to develop Memory Tagging Extension (MTE) technology. MTE is now available on some OEM devices (as noted in a recent blog post by Project Zero) with Android 14 as a developer option, enabling developers to use MTE to discover memory safety issues in their application easily. Feature can be activated by developers.

Software

Software Technology Architecture Mobile

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

Security Affairs

MAY 23, 2022

SEKOIA researchers started their investigation after the publication of Google’s Threat Analysis Group (TAG)’s report “ Update on cyber activity in Eastern Europe ” which detailed the activity of nation-state actors against Eastern Europe. org jadlactnato.webredirect[.]org. ” reads the analysis published by the experts.

Government

Government Hacking Cybersecurity Information Security

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 8, 2023

The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. US CISA has added Veritas Backup Exec flaws, which were exploited in ransomware attacks, to its Known Exploited Vulnerabilities catalog.

Backups

Backups Spyware Ransomware Education

North Korea-linked campaign targets security experts via social media

Security Affairs

JANUARY 26, 2021

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. ” reads the TAG’s report. ” reads the TAG’s report.

Media

Media Social Engineering Engineering Accountability

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

SecureWorld News

OCTOBER 19, 2021

One notorious hacking group from Iran uses particularly dirty schemes to fleece users, according to Google's Threat Analysis Group (TAG). According to Google’s TAG blog, APT35 have been active since at least 2017, including attacks on the 2020 U.S. Developing advanced phishing techniques to lure victims.

Phishing

Phishing Social Engineering Authentication Government

North Korea-linked hackers target security experts again

Security Affairs

MARCH 31, 2021

Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. Experts noticed that the website used in this campaign has a link to a PGP public key which is the same that was found on attackers’ blog in a campaign spotted in January.

Media

Media Antivirus Accountability Internet

SAP Patch Day: December 2023

Security Boulevard

DECEMBER 12, 2023

SAP Security Note #3350297 , tagged with a CVSS score of 9.1, The New HotNews Note in Detail SAP Security Note #3411067 , tagged with a CVSS score of 9.1, SAP has released a blog post on Security Note #3411067 that emphasizes the importance of updating the affected components.

Passwords

Passwords Technology Mobile Government

Reuters: Russia-linked APT behind Brexit leak website

Security Affairs

MAY 28, 2022

Google’s Threat Analysis Group (TAG) chief Shane Huntley told Reuters was set up by a Russia-linked APT dubbed “ Cold River “ At this time it is unclear how the website has obtained the sensitive emails, Reuters pointed out that most of the messages mainly appear to have been exchanged using ProtonMail accounts.

Authentication

Authentication Hacking Cybersecurity Accountability

Apple addressed two actively exploited zero-day flaws

Security Affairs

APRIL 7, 2023

Today, Apple published an emergency update for all iPhones to patch an exploit chain which we, together with @_clem1 (Google TAG) discovered in the wild. An attacker can trigger the flaw by tricking the victims into loading maliciously crafted web pages. “Processing maliciously crafted web content may lead to arbitrary code execution.

Education

Education Media Hacking Accountability

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

“The tags such as ‘ads_enable’ or ‘collect_enable’ indicates each functionality to work or not while other parameters define conditions and availability.” A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store. ” reads the analysis published by the security firm.

Data collection

Data collection Mobile Malware Education

Detecting browser data theft using Windows Event Logs

Google Security

APRIL 30, 2024

This blog describes one set of signals for use by system administrators or endpoint detection agents that should reliably flag any access to the browser’s protected data from another application on the system. This blog will also show how the logging works in practice by testing it against a python password stealer.

Passwords

Passwords Malware Encryption System Administration

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Malwarebytes

MARCH 18, 2022

The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. Among these interested parties TAG found the Conti and Diavol ransomware groups. From the TAG blog we can learn that Exotic Lily was very much specialized. Initial access broker. Exotic Lily.

Ransomware

Ransomware Malware Social Engineering Media

Microsoft Patch Tuesday, August 2022 Edition

Krebs on Security

AUGUST 9, 2022

Microsoft this month also issued a different patch for another MSDT flaw, tagged as CVE-2022-35743. See Microsoft’s blog post on the Exchange Server updates for more details. Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. More details here.

Authentication

Authentication Internet Internet Cyber threats

Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV

Troy Hunt

AUGUST 3, 2022

How best to punish spammers? I give this topic a lot of thought because I spend a lot of time sifting through the endless rubbish they send me. And that's when it dawned on me: the punishment should fit the crime - robbing me of my time - which means that I, in turn, need to rob them of their time. Very early on in the index.js

Passwords

Passwords Accountability

Public Sector Cybersecurity Priorities in 2021

Security Boulevard

FEBRUARY 3, 2021

<a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> tag='></a> <a href='/blog?tag='></a> tag='></a> 2020 was a year of unprecedented challenge for anyone working in public sector cybersecurity. Featured: .

Cybersecurity

Cybersecurity Digital transformation Cyber threats Ransomware

SAP Patch Day: January 2024

Security Boulevard

JANUARY 9, 2024

SAP HotNews Security Note #3411067 , tagged with a CVSS score of 9.1, SAP Security Note #3413475 , tagged with a CVSS score of 9.1, SAP Security Note #3412456 , tagged with a CVSS score of 9.1, The HotPriority Notes in Detail SAP Security Note #3411869 , tagged with a CVSS score of 8.4, HTTP/1 is not affected.

Internet

Internet Internet Marketing Technology

Microsoft Patch Tuesday, December 2022 Edition

Krebs on Security

DECEMBER 14, 2022

The vulnerability allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web,” despite being downloaded from untrusted sites. The bug already seeing exploitation is CVE-2022-44698 , which allows attackers to bypass the Windows SmartScreen security feature.

Social Engineering

Social Engineering Ransomware Software Engineering

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Security Boulevard

JANUARY 10, 2024

So, we ( Tim and Anton , the crew behind the podcast ) wanted to post another reflections blog based on our Cloud Security Podcast by Google being almost 3 (we will be 3 years old on Feb 11, 2024, to be precise), kind of similar to this one. Much better website with content tags Finally, an obvious call to action! More video!

Cloud Migration

Cloud Migration Government Network Security Risk

TAG Cyber: Content Disarm and Reconstruction – What It Is and Why It Should Be in Your Toolbox

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Webinars

Trending Sources

My Blog Now Has a Content Security Policy - Here's How I've Done It

Webinars

Google TAG warns of Russia-linked APT groups targeting Ukraine

China-linked threat actors are targeting the government of Ukraine

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Google Confirms Increase In Russian Cyber Attacks Against Ukraine

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

New Kritec Magecart skimmer found on Magento stores

Google TAG shares details about exploit chains used to install commercial spyware

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Everest Gang Puts $200K Price Tag on ESKOM Stolen Data

China-linked APT41 group spotted using open-source red teaming tool GC2

Russia’s SVR WellMess Malware Is Seemingly Still in the Game

Google Threat Analysis Group took down ten influence operations in Q2 2020

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Stylish Magento Card Stealer loads Without Script Tags

How to Enhance Data Loss Prevention in Office 365

4 Ways North Korea Is Targeting Security Researchers

Remote Working One Year On: What the Future Holds for Cybersecurity

Five Key Points When Preventing Cybersecurity Attacks in a World of Hybrid Working

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

MTE - The promising path forward for memory safety

Russia-linked Turla APT targets Austria, Estonia, and NATO platform

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

North Korea-linked campaign targets security experts via social media

Smooth Cybercriminals: Google Warns of Iran-Backed APT Hackers

North Korea-linked hackers target security experts again

SAP Patch Day: December 2023

Reuters: Russia-linked APT behind Brexit leak website

Apple addressed two actively exploited zero-day flaws

New Android malicious library Goldoson found in 60 apps +100M downloads

Detecting browser data theft using Windows Event Logs

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Microsoft Patch Tuesday, August 2022 Edition

Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV

Public Sector Cybersecurity Priorities in 2021

SAP Patch Day: January 2024

Microsoft Patch Tuesday, December 2022 Edition

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Stay Connected