Security Affairs

SEPTEMBER 7, 2020

The French national cyber-security agency warns of a surge in Emotet attacks targeting the private sector and public administration entities. The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France.

Malware 120

Malware Advertising Antivirus Banking 120

Malwarebytes

AUGUST 28, 2023

If you’re using a Google product such as Gmail, Calendar, Drive, or Google Docs Editors Suite (among other apps), then congratulations: you are fully inside the Workspace ecosystem. Others might be specified by the administrator of the service being used. You may well be using Workspace without realising it.

Accountability 79

Accountability Passwords Backups Authentication 79

Malwarebytes

JANUARY 7, 2022

In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT). org/docs/EOIForm.rtf 5b5b1608e6736c7759b1ecf61e756794cf9ef3bb4752c315527bcc675480b6c6. Indicators of Compromise. karachidha[.]org/docs/EOIForm.rtf

VPN 132

VPN Phishing Government Accountability 132

Security Affairs

MAY 31, 2022

doc”) that was uploaded to VirusTotal from Belarus. Follow these steps to disable: Run Command Prompt as Administrator. Run Command Prompt as Administrator. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.” How to undo the workaround.

Cybersecurity 109

Cybersecurity Hacking Accountability Information Security 109

eSecurity Planet

SEPTEMBER 22, 2022

Researchers made a video where they gain administrative privileges with the flaw by abusing Spyder IDE, a free and popular open-source environment made in Python. Python Docs Warn of Issue. Because the code trusts its inputs too much and joins paths that are passed to the extract functions, it can be abused.

Software 86

Software Risk Cybersecurity 86

Malwarebytes

JANUARY 25, 2024

The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead. Infrastructure This threat actor seems to rely on Google infrastructure in the form of Google Docs or Google sites.

Malware 100

Malware Advertising Accountability Encryption 100

Security Affairs

FEBRUARY 11, 2021

The malware monitors the use of certain resources on the infected device, gathers hardware information, logs location data, and monitors external storage for “ doc”, “ pdf”, “ ppt”, “ docx”, “ xlsx”, and “ txt” documents. ” concludes the report.

Spyware 119

Spyware Surveillance Malware Mobile 119

Security Affairs

FEBRUARY 4, 2022

The state-sponsored hackers used weaponized Word docs (called “Report on the LCA for June 2021(Autosaved).doc.”) One of the clusters analyzed by the experts was used as C2 infrastructure for a custom remote administration tool called Pterodo/Pteranodon backdoor.

Government 90

Government Malware Phishing Software 90

Security Affairs

JUNE 6, 2022

doc”) that was uploaded to VirusTotal from Belarus. The attackers impersonate the “Women Empowerments Desk” of the Central Tibetan Administration and use the domain tibet-gov.web[.]app The issue affects multiple Microsoft Office versions, including Office, Office 2016, and Office 2021. app for the attacks.

Phishing 108

Phishing Government Cybersecurity Hacking 108

SecureList

DECEMBER 14, 2020

Moreover, such activity can sometimes be started by administrators themselves as part of system maintenance. However, this is not an option, because fileless malware does not need administrator privileges to perform its malicious actions. This minimizes the number of false positives and keeps administrators from going crazy.

Technology 71

Technology Malware Antivirus Software 71

Security Affairs

NOVEMBER 11, 2022

Retrieve a list of files on the device that end in.ppt,pptx,docx,xls,xlsx,doc, or.pdf. ” Experts discovered that all MOONSHINE samples connect to administrator panels similar to the ones analyzed by Citizen Lab researchers in 2019. . Record phone calls. Take pictures. ” concludes the report.

Surveillance 96

Surveillance Spyware Malware Mobile 96

Spinone

JUNE 24, 2020

The second-level recovery can be performed by administrators only. How to recover deleted documents from the first-stage Recycle Bin To recover deleted docs and return them to their original location, follow these steps: Log in to your Admin’s account and select your SharePoint site. On the left pane, select Recycle Bin.

Backups 52

Backups Accountability Ransomware 52

Malwarebytes

OCTOBER 24, 2023

Welcome to the Chinese channel, a new era of information, delivering more exciting information It links to a Google Docs page pretending to be a download site: Telegram instant messaging - simple, fast, secure and syncs across all your devices. It is one of the most downloaded apps in the world, with over 500 million active users.

Accountability 82

Accountability Malware Scams Mobile 82

The Last Watchdog

MARCH 13, 2019

When the recipient clicked on the Word doc, a macro silently executed instructions to send a copy of the email, including the infected attachment, to the first 50 people listed as Outlook contacts. Related: The ‘Golden Age’ of cyber espionage is upon us.

Malware 100

Malware CSO System Administration Financial Services 100

Security Boulevard

MARCH 18, 2023

On March 17, 2023, US federal agents arrested a New York individual for computer crimes associated with their activities as an administrator of illicit online forum Breach Forums under the online alias “pompompurin.” The post COURT DOC: US Federal Agents Arrest Alleged Administrator of Breach Forums “pompompurin” appeared first on Flashpoint.

52

52

SecureList

JULY 28, 2023

Acting as this subject, the attacker “synchronizes” the hash from the domain administrator account (Administrator) to impersonate the administrator for the purpose of gaining access to data and moving laterally inside the corporate network. value.equals(doc['TargetAccountName.raw'].value.toLowerCase())"

Authentication 70

Authentication Passwords Accountability Software 70

Spinone

OCTOBER 23, 2018

Google add-ons were introduced in 2014 as a way to bring additional functionality to Google Docs and Sheets by installing plugins published by third-party developers. If an employee grants access permissions to a risky add-on, administrators can be alerted of this and choose to revoke the permissions and block the add-on.

Risk 40

Risk Backups Data breaches Software 40

SecureList

JUNE 16, 2021

doc” (translates from Persian as “Romantic Solidarity With Lovers of Freedom2.doc”) doc”) and contains malicious macros that are accompanied by an odd decoy message attempting to convince the victim to enable its content: Decoy content in one of the malicious documents. u=[computername]_[username].

Surveillance 133

Surveillance Malware Password Management Passwords 133

Security Affairs

MARCH 2, 2019

doc and.xlm) to evade antivirus detection and bypass spam filters as well. However, as already mentioned at the beginning of the technical analysis, SI-LAB team obtained two types of files, namely xls and doc archives. Figure 17: doc file requesting macro execution. Figure 29: Malware checks if the user is the administrator.

Malware 90

Malware Antivirus Technology Phishing 90

SecureList

APRIL 22, 2024

The icacls command output for the AppReadiness folder with default values The image above shows the default permissions for this folder: Administrators and system: full permissions Authorized users: read-only permissions This means that regular users can view the contents of the folder.

VPN 105

VPN Passwords Encryption Malware 105

The Last Watchdog

OCTOBER 3, 2019

Here are the key takeaways: Human touch It has long been common practice to use botnets to blast out wave after wave of e-mails carrying tainted PDFs or Word docs, or a web link pointing to a booby-trapped page – and seeing who would bite. They’d eventually get domain admin credentials and could lock out all the other domain administrators.

Encryption 117

Encryption Malware Ransomware Cyber Attacks 117

Spinone

FEBRUARY 25, 2018

G Suite for Education (formerly called Google Apps for Education) is a suite of web applications including Gmail , Hangouts, Google Calendar , Google Drive , Docs, Sheets, Slides, Groups, News, Play, Sites, and Google Vault (about the difference between Vault and Spinbackup read here ).

Education 40

Education Backups Accountability Technology 40

Centraleyes

MARCH 28, 2024

Where Compliance Automation Tools Make a Difference Centralized and Visual Repository Manual documentation and auditing processes look something like this: Jennifer sends Luke some docs as attachments via email. Luke saves them on OneDrive. And Andrew? He’s old school – he drops a literal stack of sheets on Jennifer’s desk.

Risk 52

Risk Government Healthcare Software 52

eSecurity Planet

OCTOBER 29, 2021

Clicking on either the PDF or a Doc icon on the same page eventually leads to the malicious payload being downloaded onto the user’s endpoint. The directory location serving the PDFs was created via WordPress’ Formidable Forms plugin, which enables administrators to easily create a form.

Malware 107

Malware Ransomware Antivirus CISO 107

Spinone

DECEMBER 17, 2018

Modes of knowledge delivery became utterly flexible, and many campus users depend on Google collaboration tools, including Gmail , Google Drive , Google Calendar , Vault, Docs, Sheets, Slides, Sites. How to Ensure G Suite for Education Backup and Security? It enables content to be accessible anytime, anywhere, and on any device.

Education 40

Education Backups Cybersecurity Cyber threats 40

Malwarebytes

DECEMBER 2, 2021

As an example, the threat actor exfiltrated Diplomatic Visa and Diplomatic ID cards from the Ministry of Foreign Affairs of Afghanistan database, as well as the Asset Registration and Verification Authority database belonging to the General Director of Administrative Affairs of Government of Afghanistan.

Government 132

Government Banking Phishing Antivirus 132

SC Magazine

MAY 18, 2021

Prior to the pandemic, most employees worked on desktops, with only about 2,500 iPads and laptops distributed – and all data and electronic documents (from 150 different web applications) would feed into one egress point at a data center in Trenton’s central Administrative Office of the Courts.

VPN 52

VPN Encryption Authentication CISO 52

Spinone

AUGUST 5, 2018

The malware, known as Gooligan, roots infected Android devices and steals email addresses and authentication tokens that can be used to access all G Suite data including Gmail , Google Docs, Google Photos, Google Drive , Team Drives , and G Suite. The Dangers of Gooligan *Source: Check Point.

Malware 40

Malware Accountability Phishing Authentication 40

Security Boulevard

NOVEMBER 4, 2021

This week, the Department of Commerce (DoC) amended its export administrative regulations (EAR) with the addition of four companies onto the entity list, effective November 4, 2021. The four companies—one from Singapore, two from Israel and one from Russia—were all engaged in activities which the U.S.

Government 145

Government Social Engineering Engineering Risk 145

Malwarebytes

AUGUST 3, 2022

Environment Variables Network Interfaces Administrator privileges List of running processes Proxy information Username List of all the User accounts. Follina Doc: ???????.docx Storage drives – includes Drive path, Internal name etc. ping – The malware makes a ping GET http request to the C2 at regular intervals.

Malware 107

Malware Encryption Antivirus Architecture 107

Security Affairs

MARCH 20, 2019

Sha256 127e9f68f0f97d6dafe55ad651f5b3c0f6a7b504b9b4b4d9aecc1f2141347447 Threat Gen.Dropper Brief description Doc Document dropper Ssdeep 1536:T1J7YxuapCK+9U87lMhldXxPtXjUkcAS8UNm:hJsxuaoL9U86xhVXQkcAS8. i.e. the enterprise administrator can disable the script execution on every machine belonging to the enterprise domain.

Malware 81

Malware Advertising Internet Internet 81

Spinone

JANUARY 18, 2017

G Suite tools include: Gmail – user friendly web or app-based email client with customizable domain Hangouts – HD video chat with built-in screen sharing for up to 25 people Calendar – online team-friendly calendars that integrate with other Google tools Google+ – a social platform for sharing knowledge and ideas Drive – (..)

Backups 40

Backups Accountability Small Business Mobile 40

Spinone

APRIL 23, 2019

Sign in to your Admin account Go to Apps Select G Suite Click on Drive and Docs Select Transfer Ownership Type in the usernames of both the previous and future data owners and click Transfer Files. Note that only Super Administrators can recover deleted Google account only within 20 days after the deletion.

Backups 95

Backups Accountability Ransomware Encryption 95

SecureList

OCTOBER 12, 2023

The following are the working directories where the tool is known to store its files, depending on the version: C:ProgramdataMicrosofts C:windowstemp At the next stage, the file extension is checked against the following masks: *.doc, FullName -File -Recurse -Include '*.pdf', xlsx' | where LastWriteTime -gt (Get-date).AddDays(-4)

Encryption 112

Encryption Passwords Malware Firewall 112

Malwarebytes

AUGUST 3, 2022

Administrator privileges. Follina Doc: ???????.docx PowerShell information. Python information (Install path, version etc.). Storage drives - includes Drive path, Internal name etc. Environment Variables. Network Interfaces. List of running processes. Proxy information. List of all the User accounts. C2s: kurmakata.duckdns[.]org.

Malware 61

Malware Encryption Antivirus Architecture 61

Spinone

DECEMBER 27, 2018

Google’s G Suite environment provides an attractive set of services for organizations to have an all-in-one solution for key business solutions including email, calendaring, shared drive storage, Chat services, and productivity tools such as docs, sheets, forms, website creation, mobile services, etc.

Cloud Migration 67

Cloud Migration Backups Ransomware Education 67

Spinone

NOVEMBER 19, 2018

MS Office documents, especially with macros: doc/.docx Do not reveal them to anybody, including your boss, your system administrator or support service, your spouse, parents, children etc. The most risky file extensions are.com.cmd,bat,ps1,swf,jar, etc. docm,xls /.xlsx PDF documents: pdf. Vector files with inner code: svg.

Passwords 40

Passwords Password Management Antivirus Mobile 40