Document - Cyber Security Informer

FBI warns of malicious free online document converters spreading malware

Security Affairs

MARCH 24, 2025

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users sensitive information and infect their systems with malware. ” reads the alert. ” reads the alert.

Malware

Malware Scams Identity Theft Antivirus

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Malwarebytes

DECEMBER 3, 2024

Some of the records that were found included: Identification documents including passports, which contain information like full names, dates of birth, passport numbers, and other information cybercriminals love to get their hands on.

Identity Theft

Identity Theft Education Risk Phishing

Roger Grimes on Prioritizing Cybersecurity Advice

Schneier on Security

OCTOBER 31, 2024

. […] This specific CISA document has at least 21 main recommendations, many of which lead to two or more other more specific recommendations. Any person following this document is…rightly…going to be expected to evaluate and implement all those recommendations.

Cybersecurity

Cybersecurity Risk Authentication

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government

Government Spyware Mobile Hacking

What Graykey Can and Can’t Unlock

Schneier on Security

NOVEMBER 26, 2024

which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1,

Manufacturing

Manufacturing Media Mobile Hacking

Chinese-Owned VPNs

Schneier on Security

MAY 27, 2025

users by piecing together corporate documents from around the world. The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies. TTP was able to determine the Chinese ownership of the 20 VPN apps being offered to Apple’s U.S.

VPN

Why Italy Sells So Much Spyware

Schneier on Security

NOVEMBER 19, 2024

According to an Italian Ministry of Justice document , as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive.

Spyware

Spyware Marketing Hacking

ClickFix: How to Infect Your PC in Three Easy Steps

Krebs on Security

MARCH 14, 2025

Malicious macros became such a common malware threat that Microsoft was forced to start blocking macros by default in Office documents that try to download content from the web.

Phishing

Phishing Malware Scams Passwords

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The trouble is, these EDRs largely bypass any official review and do not require the requester to supply any court-approved documents. Others simply sell access to hacked government or police email accounts, and leave it up to the buyer to forge any needed documents. “Unlimited Emergency Data Requests. . Reset as you please.

Hacking

Hacking Accountability Government Social Engineering

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

Security Affairs

APRIL 6, 2025

The document is realistic enough to bypass automated Know Your Customer (KYC) checks, the expert states. Experts are calling for stronger defenses, including broader use of NFC-based verification and electronic identity documents (eIDs), which offer more resilient, hardware-level authentication. ” Musielak wrote on X.

Identity Theft

Identity Theft Insurance Banking Authentication

Oops: DanaBot Malware Devs Infected Their Own PCs

Krebs on Security

MAY 22, 2025

As detailed in this 2015 story, the author of the ZeuS trojan created a custom version of the malware to serve purely as a spying machine, which scoured infected systems in Ukraine for specific keywords in emails and documents that would likely only be found in classified documents.

Malware

Malware Cybercrime Government Banking

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

JANUARY 14, 2025

out of a possible 10, including CVE-2025-21298 , a weakness in Windows that could allow attackers to run arbitrary code by getting a target to open a malicious.rtf file, documents typically opened on Office applications like Microsoft Word. .” Several bugs addressed today earned CVSS (threat rating) scores of 9.8

Artificial Intelligence

Artificial Intelligence Social Engineering Encryption Internet

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

Security Affairs

NOVEMBER 12, 2024

Law enforcement warned that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source. Three iPhones running iOS 18.0

Media

Media Wireless Mobile Encryption

PayPal scam abuses Docusign API to spread phishy emails

Malwarebytes

MARCH 4, 2025

Also, it seems weird that Docusign has been used to send a document that doesnt require a signature. I’ve you’ve received an email like this and want to verify if it’s genuine, go directly to Docusign.com, click ‘Access Documents’ (upper right-hand corner), and enter the security code displayed in the email.

Scams

Scams Accountability Phishing Banking

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Security Affairs

NOVEMBER 8, 2024

Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source. Below is the hypothesis reported in the document.

Media

Media Mobile Passwords Hacking

Data Exfiltration Using Indirect Prompt Injection

Schneier on Security

DECEMBER 22, 2023

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents.

Threat Modeling the Genomic Data Sequencing Workflow (Threat Model Thursday)

Adam Shostack

FEBRUARY 12, 2025

This is a big, complex document. The apparent complexity is exacerbated by the intermingling of how to conduct with sample output and perhaps the document might be improved by breaking it into two: a how to guide and a sample output document or documents. What makes this level of detail right for this document?

Risk

Risk Manufacturing Encryption Surveillance

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

JANUARY 27, 2025

demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation. demands a structured approach to implementation and preparation.

Password Management

Password Management Architecture Threat Detection Cybersecurity

ESET APT Activity Report Q4 2024–Q1 2025

We Live Security

MAY 19, 2025

This issue of the ESET APT Activity Report reviews notable activities of APT group that were documented by ESET researchers from October 2024 until March 2025.

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Security Affairs

OCTOBER 21, 2024

It provides a range of development resources, including SDKs (Software Development Kits), documentation, sample code, and learning materials for networking, security, and cloud infrastructure. DevHub is a platform designed for developers to access resources, tools, and APIs to build and integrate applications with Cisco’s technologies.

Cybercrime

Cybercrime Data breaches Technology Banking

Publish your threat model!

Adam Shostack

JUNE 16, 2025

Karol Mazurek of Afine documents a new Threat of TCC Bypasses on macOS : “I decided to disclose a TCC bypass vulnerability in Cursor.app because, despite responsible disclosure, developers stated this issue ‘falls outside their threat model’ and have no plans to fix it.” Specifically, Article 13 states: “3. a description of the design.

Risk

Risk Manufacturing Architecture Cybersecurity

Lessons Learned from a High-Stakes Data Breach

SecureWorld News

NOVEMBER 11, 2024

Following a documented protocol keeps you on solid ground, especially when the stakes are high and the pressure is on. Document every decision and action Documentation may seem tedious in the middle of a breach response, but it's critical. Detailed records can protect your team by demonstrating a transparent, ethical response.

Data breaches

Data breaches Accountability Cybersecurity Account Security

Airlines Secretly Selling Passenger Data to the Government

Schneier on Security

JUNE 12, 2025

travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details.

Government

Government Media Data collection Data privacy

SideWinder targets the maritime and nuclear sectors with an updated toolset

SecureList

MARCH 10, 2025

The document uses the remote template injection technique to download an RTF file stored on a remote server controlled by the attacker. The documents used various themes to deceive victims into believing they are legitimate. Some documents concerned nuclear power plants and nuclear energy agencies. pro document-viewer[.]info

Energy and Utilities

Energy and Utilities Malware Government Phishing

8Base ransomware group hacked Croatia’s Port of Rijeka

Security Affairs

DECEMBER 7, 2024

Allegedly, invoice receipts, accounting documents, personal data, certificates, employment contracts, a huge amount of confidential information, confidentiality pic.twitter.com/Tad7LeOcsk — HackManac (@H4ckManac) December 6, 2024 According to the announcement published by the group on its Tor leak site, stolen data includes: Invoice Receipts (..)

Ransomware

Ransomware Hacking Accountability Cyber Attacks

A new fileless variant of Remcos RAT observed in the wild

Security Affairs

NOVEMBER 11, 2024

The phishing messages contain a malicious Excel document disguised as an order file to trick the recipient into opening the document. Threat actors use Remcos to steal sensitive information and control victims’ computers for malicious activities. Upon opening the file, the RCE vulnerability CVE-2017-0199 is exploited.

Phishing

Phishing Malware Banking Encryption

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

Security Affairs

DECEMBER 6, 2024

. “The attacks continued intensively including on election day and the night after elections,” the Romanian Intelligence reported in a declassified document. “The operating mode and the amplitude of the campaign leads us to conclude the attacker has considerable resources specific to an attacking state.”

Government

Government Cybercrime Cyber Attacks Hacking

New Information Supplement: Payment Page Security and Preventing E-Skimming

PCI perspectives

MARCH 10, 2025

This document provides direction for merchants and service providers implementing controls to protect payment card data during e-commerce transactions. The PCI Security Standards Council (PCI SSC) has introduced a new information supplement: Payment Page Security and Preventing E-Skimming Guidance for PCI DSS Requirements 6.4.3 and 11.6.1.

eCommerce

Threat Modeling Google Cloud (Threat Model Thursday)

Adam Shostack

JANUARY 2, 2025

Ill add that not everything in the document is introduced in methodology, and Ill list those as we go. As always, and especially in these Threat Model Thursday posts, my goal is to point out interesting work in a constructive way. Let me start by saying that I love that theres a methodology section at the top.

Engineering

Engineering Authentication

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

JANUARY 14, 2025

According to court documents, the Chinese government paid Mustang Panda to develop PlugX malware, used since 2014 to target U.S., The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim computers. European, and Asian entities. systems. .”

Malware

Malware Government Hacking Cybersecurity

Black Basta ransomware gang hit BT Group

Security Affairs

DECEMBER 4, 2024

The group claimed to have stolen 500GB of data including Finacial data, Organisation data, Users data and personal documents, NDA’s, Confidential data, and more. As proof of the data breach, the group published multiple screenshots, including pictures of passports and other documents.

Ransomware

Ransomware Telecommunications Healthcare Insurance

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

The Hacker News

MAY 14, 2025

The campaign is "using crafted emails that impersonate invoices or financial documents to trick victims into opening malicious attachments and can steal email

Phishing

Phishing Malware Cybersecurity

Fake Social Security Statement emails trick users into installing remote tool

Malwarebytes

APRIL 30, 2025

Your document is now ready for download: Please download the attachment and follow the provided instructions. NOTE: Statements & Documents are only compatible with PC/Windows systems. There are some variations to this mail in circulation but the example above shows how legitimate these emails look.

Computers and Electronics

Computers and Electronics Identity Theft Phishing Banking

An Interview With the Target & Home Depot Hacker

Krebs on Security

NOVEMBER 14, 2024

Hydra trafficked in illegal drugs and financial services, including cryptocurrency tumbling for money laundering, exchange services between cryptocurrency and Russian rubles, and the sale of falsified documents and hacking services.

Advertising

Advertising Retail Cryptocurrency Cybercrime

Filling up the DagBag: Privilege Escalation in Google Cloud Composer

NetSpi Technical

NOVEMBER 6, 2024

All the documented Airflow folders have been automatically created. Per Google documentation , IAM permissions to the environment’s cloud storage bucket is the responsibility of the customer. This documentation was updated to more clearly outline the danger of gaining write access to this bucket.

Accountability

Accountability Engineering Authentication

Data Wallets Using the Solid Protocol

Schneier on Security

JULY 25, 2024

Details are here , but basically a digital wallet is a repository for personal data and documents. I am the Chief of Security Architecture at Inrupt, Inc. , the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. Right now, there are hundreds of different wallets, but no standard.

Architecture

Architecture Data privacy

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services. The content of the email was empty, and the message only included an attached document that was not visible in the email client. The researchers also published PoC exploit code for this vulnerability.

VPN

VPN Firewall Technology Passwords

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. ” reads the court document. WhatsApp won a legal case against NSO Group in a U.S. ” The U.S.

Spyware

Spyware Surveillance Software Hacking

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

FEBRUARY 22, 2024

A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON , a technology company headquartered in Shanghai that is perhaps best known for providing cybersecurity training courses throughout China. A marketing slide deck promoting i-SOON’s Advanced Persistent Threat (APT) capabilities.

Government

Government Hacking Cyber threats Mobile

Safety and Security in Automated Driving

Adam Shostack

JANUARY 2, 2025

I would find it more surprising if I were to look at a 150 page document and not find anything surprising.) Give specific threat information and mitigation strategies to component designers. I find some parts of it surprising. (I

Risk

Risk Manufacturing Architecture Cybersecurity

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

“In at least two cases Amnesty International documented, the Cellebrite UFED product and associated exploits were used to covertly bypass phone security features, enabling Serbian authorities to infect the devices with NoviSpy spyware. . ” reported the Associated Press. ” concludes the report.

Spyware

Spyware Surveillance Technology Mobile

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

Security Affairs

MAY 1, 2025

“The emails had the subject Documents from 04/29/2025 and were sent from an address disguised as corporate correspondence.” ” The phishing emails employed in the campaign spotted by F6 experts has the subject Documents from 04/29/2025 and were sent from addresses mimicking corporate senders.

Malware

Malware Phishing Telecommunications Antivirus

AIs Hacking Websites

Schneier on Security

FEBRUARY 23, 2024

call functions), read documents, and recursively call themselves. New research : LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., As a result, these LLMs can now function autonomously as agents.

Hacking

Hacking Cybersecurity Artificial Intelligence

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

Security Affairs

JUNE 11, 2025

” As part of Operation Secure, Vietnamese police arrested 18 suspects and seized cash, SIMs, and documents tied to a scheme selling corporate accounts. . “These coordinated efforts resulted in the takedown of 79 per cent of identified suspicious IP addresses.”

Cybercrime

Cybercrime Data collection Scams Cyber threats

FBI warns of malicious free online document converters spreading malware

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Trending Sources

Roger Grimes on Prioritizing Cybersecurity Advice

NSO Group Spies on People on Behalf of Governments

What Graykey Can and Can’t Unlock

Chinese-Owned VPNs

Why Italy Sells So Much Spyware

ClickFix: How to Infect Your PC in Three Easy Steps

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

Oops: DanaBot Malware Devs Infected Their Own PCs

Microsoft: Happy 2025. Here’s 161 Security Updates

Apple indeed added a feature called “inactivity reboot” in iOS 18.1 that reboots locked devices

PayPal scam abuses Docusign API to spread phishy emails

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Data Exfiltration Using Indirect Prompt Injection

Threat Modeling the Genomic Data Sequencing Workflow (Threat Model Thursday)

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

ESET APT Activity Report Q4 2024–Q1 2025

Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Publish your threat model!

Lessons Learned from a High-Stakes Data Breach

Airlines Secretly Selling Passenger Data to the Government

SideWinder targets the maritime and nuclear sectors with an updated toolset

8Base ransomware group hacked Croatia’s Port of Rijeka

A new fileless variant of Remcos RAT observed in the wild

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

New Information Supplement: Payment Page Security and Preventing E-Skimming

Threat Modeling Google Cloud (Threat Model Thursday)

FBI deleted China-linked PlugX malware from over 4,200 US computers

Black Basta ransomware gang hit BT Group

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

Fake Social Security Statement emails trick users into installing remote tool

An Interview With the Target & Home Depot Hacker

Filling up the DagBag: Privilege Escalation in Google Cloud Composer

Data Wallets Using the Solid Protocol

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

New Leak Shows Business Side of China’s APT Menace

Safety and Security in Automated Driving

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Hive0117 group targets Russian firms with new variant of DarkWatchman malware

AIs Hacking Websites

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

Stay Connected