Cyber Security Informer

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia.

Government

Government Social Engineering Engineering Hacking

How we built the new Find My Device network with user security and privacy in mind

Google Security

APRIL 8, 2024

The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag. Only the Bluetooth tag owner (and those they’ve chosen to share access with) can decrypt and view the tag’s location.

Encryption

Encryption Risk Architecture Mobile

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” reads the report published by Google TAG. ” concludes the report.

Government

Government Surveillance Cybercrime Ransomware

USENIX Security ’23 – Lukas Lamster, Martin Unterguggenberger, David Schrammel, and Stefan Mangard – HashTag: Hash-based Integrity Protection for Tagged Architectures

Security Boulevard

MARCH 25, 2024

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

Architecture

RFID: Is it Secret? Is it Safe?

Approachable Cyber Threats

JULY 19, 2022

RFID uses electromagnetic fields in the form of radio waves to establish communication links between an RFID tag or transmitter and an RFID reader or receiver. Pieces of information are transmitted through the link that the reader uses to establish authenticity of the tag or transmitter and authorize access.

Risk

Risk Encryption Technology Retail

Ghostwriter v3.2 Release

Security Boulevard

FEBRUARY 8, 2023

We overhauled how you interact with operation logs and added support for tagging clients, projects, reports, findings, evidence files, domains, servers, operation logs, and log entries. Tagging Tags will help you organize and customize your projects. Tags are comma-separated and appear as grey badges in the interface.

Social Engineering

Social Engineering Technology Engineering Cybersecurity

Burger King forgets to put a password on their systems, again

Security Affairs

AUGUST 2, 2023

Publicly accessible credentials On June 1st, 2023, the Cybernews research team discovered a publicly accessible environment file (.env) Another piece of sensitive information that the research team observed included a Google Tag Manager ID. Cybernews reached out to the company, and it fixed the issue.

Passwords

Passwords Accountability Mobile Hacking

Retrofitting Temporal Memory Safety on C++

Google Security

MAY 26, 2022

Temporal memory safety refers to the problem of guaranteeing that memory is always accessed with the most up to date information of its structure, its type. The out-of-date pointer is called a dangling pointer and any access through it results in a use-after-free (UAF) access. Every 16 bytes of memory are assigned a 4-bit tag.

Technology

Technology Architecture Authentication Software

Crickets from Chirp Systems in Smart Lock Key Leak

Krebs on Security

APRIL 15, 2024

“Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access,” CISA’s alert warned, assigning the bug a CVSS (badness) rating of 9.1 (out out of a possible 10). Neither August nor Chirp Systems responded to requests for comment.

Software

Software Mobile Marketing Engineering

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

NetSpi Technical

MARCH 11, 2024

An Overview of the Vulnerability The original variant of this attack was documented by Etienne Stalmans at SensePost (Orange CyberDefense) in 2017 and leveraged VBScript code inside Outlook form objects to obtain code execution with access to a mailbox. In response, a patch was issued to enforce allowlisting for script code in custom forms.

Authentication

Authentication Penetration Testing Technology Phishing

Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang

The Hacker News

MARCH 18, 2022

Google's Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.

Ransomware

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Spyware

Spyware Surveillance Firmware Internet

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

DDOS

DDOS Phishing Government Hacking

Exotic Lily initial access broker works with Conti gang

Security Affairs

MARCH 19, 2022

Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation.

Cybercrime

Cybercrime Social Engineering Ransomware Engineering

Ex-members of the Conti ransomware gang target Ukraine

Security Affairs

SEPTEMBER 8, 2022

Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. ” reads the TAG’s report. ” concludes TAG.

Ransomware

Ransomware Cybercrime Government Media

Dependabot impersonators cause trouble on GitHub

Malwarebytes

SEPTEMBER 29, 2023

To make this scam work, attackers first obtained access tokens belonging to their targets. Stolen tokens gave access to many private repositories so both public and private projects were impacted. In terms of how the attackers initially got in, some accounts were found to have been taken over by stolen personal access tokens.

Accountability

Accountability Scams Social Engineering Passwords

How to protect your Kubernetes infrastructure from the Argo CD vulnerability

InfoWorld on Security

FEBRUARY 23, 2022

Recently, a serious vulnerability in Argo CD was uncovered by Apiiro , which enables attackers to access sensitive information such as secrets, passwords, and API keys. The vulnerability has been tagged as CVE-2022-24348. To read this article in full, please click here

Passwords

Sensitive data in the cloud gets new automated remediation tool from BigID

CSO Magazine

AUGUST 10, 2022

Data intelligence company BigID announced this week at the Black Hat conference in Las Vegas that it has rolled out new features for its privacy and data protection platform, allowing users to programmatically restrict access to sensitive cloud-based information when it’s under threat. To read this article in full, please click here

Google warned 12K+ users targeted by state-sponsored hackers

Security Affairs

DECEMBER 1, 2019

Google’s Threat Analysis Group (TAG) revealed that it has detected and blocked attacks carried out by nation-state actors on 12,000 of its users in the third quarter of this year. ” reads the report published by Google TAG.”We SecurityAffairs – Google TAG, state-sponsored hacking). Pierluigi Paganini.

Phishing

Phishing Accountability Advertising Cyber Attacks

Millions of sites could be hacked due to flaws in popular WordPress plugins

Security Affairs

MARCH 19, 2021

The lack of server-side validation for HTML tags in Elementor elements (i.e. “Many of these elements offer the option to set an HTML tag for the content within. tags in order to apply different heading sizes via the header_size parameter.” tags in order to apply different heading sizes via the header_size parameter.”

Hacking

Hacking Authentication

Data Exfiltration taking place on Google Cloud Platform without trace

CyberSecurity Insiders

MARCH 6, 2023

For instance, a cyber criminal can easily access data, and the activity is going unrecorded, as the storage platform uses the same description for all kinds of access such as simple reading of file, downloading of file, copy a file to an external resource like a server or reading/editing the metadata of a file.

Data breaches

Data breaches Software Cybersecurity

Arm, Qualcomm Patch Multiple Zero-Days Reported by Google

SecureWorld News

OCTOBER 5, 2023

In the case of Qualcomm, the situation became critical when Google's Threat Analysis Group (TAG) and Project Zero teams discovered several vulnerabilities, including CVE-2023-33106, CVE-2023-33107, CVE-2023-33063, and CVE-2022-22071. Arm also found itself in a similar predicament.

Manufacturing

Manufacturing Risk Software Cybersecurity

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Security Affairs

OCTOBER 25, 2023

In March 2023, security firm Proofpoint observed the group actively exploiting vulnerabilities ( CVE-2022-27926 ) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The messages were sent from team.managment@outlook[.]com ” reads the analysis published by ESET.

Software

Software Government Phishing Internet

Moving from Omnifocus to Reminders

Security Boulevard

NOVEMBER 13, 2023

It can't move nested (subtasks) tasks from Omnifocus over, this is a very tricky problem to solve, and it's beyond my AppleScripting skills to access the subtasks and move them over properly.

Accountability

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Spyware

Spyware Cyber Insurance Hacking Advertising

SAP Patch Day: January 2024

Security Boulevard

JANUARY 9, 2024

SAP HotNews Security Note #3411067 , tagged with a CVSS score of 9.1, SAP Security Note #3413475 , tagged with a CVSS score of 9.1, SAP Security Note #3412456 , tagged with a CVSS score of 9.1, The HotPriority Notes in Detail SAP Security Note #3411869 , tagged with a CVSS score of 8.4, HTTP/1 is not affected.

Internet

Internet Internet Marketing Technology

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Security Affairs

APRIL 2, 2024

An unauthenticated attacker can trigger the flaw to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page which is the edit users page. Then the attacker can modify the raw request to contain an X-Forwarded-For header set to a malicious payload enclosed in script tags.

Accountability

Accountability Hacking Information Security

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Malwarebytes

MARCH 18, 2022

The Google Threat Analysis Group (TAG) has shared their observations about a group of cybercriminals called Exotic Lily. Among these interested parties TAG found the Conti and Diavol ransomware groups. Initial access broker. Initial access brokers are an example of specialized cybercriminals. Exotic Lily.

Ransomware

Ransomware Malware Social Engineering Media

Reap the Benefits of Data Classification & Tagging

Security Boulevard

JULY 15, 2022

Bad actors and hackers target companies large and small, across industries and countries to gain access to it. Hackers skill-up to find misconfigurations and vulnerabilities just to try and access your […]. The post Reap the Benefits of Data Classification & Tagging appeared first on Security Boulevard.

Government

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). It serves as the graphics engine for Google Chrome and ChromeOS, Android, Flutter, and many other products.

Surveillance

Surveillance Software Engineering Passwords

SAP Patch Day: December 2023

Security Boulevard

DECEMBER 12, 2023

SAP Security Note #3350297 , tagged with a CVSS score of 9.1, The New HotNews Note in Detail SAP Security Note #3411067 , tagged with a CVSS score of 9.1, High Priority SAP Security Notes SAP Security Notes #3394567 , tagged with a CVSS score of 8.1, patches an Improper Access Control vulnerability in SAP Commerce Cloud.

Passwords

Passwords Technology Mobile Government

4 Ways North Korea Is Targeting Security Researchers

SecureWorld News

JANUARY 26, 2021

Google's Threat Analysis Group (TAG) has been working for several months to try to identify who is behind an ongoing campaign targeting security researchers, specifically those who work on vulnerability research and development at a variety of organizations. Google's TAG team discovery: cyberattack motive.

Social Engineering

Social Engineering Engineering Accountability Malware

News Alert: Dasera unveils new data security and governance platform for ‘Snowflake’ users

The Last Watchdog

JUNE 23, 2023

By identifying potentially risky queries, Dasera minimizes the risk of unauthorized data access, ensuring data integrity and maintaining confidentiality. Dasera’s query analysis engine automatically finds flags and fixes unsafe queries in data warehouses, helping organizations proactively address data security and compliance concerns.

Government

Government Engineering Risk Healthcare

Google announces V8 Sandbox to protect Chrome users

Security Affairs

APRIL 9, 2024

“V8 vulnerabilities are rarely “classic” memory corruption bugs (use-after-frees, out-of-bounds accesses, etc.) ” Software-based sandbox replaces data types that can access out-of-sandbox memory with “sandbox-compatible” alternatives. ” reads the announcement. ” reads the announcement.

Engineering

Engineering Software Hacking Information Security

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control ( GC2 ) in an attack against an unnamed Taiwanese media organization. China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization.

Media

Media Accountability Government Malware

Mitigating Dynamic Application Risks with Secure Firewall Application Detectors

Cisco Security

SEPTEMBER 23, 2021

Tags – Predefined tags that provide additional information about the application. Example tags include webmail, SSL protocol, file sharing/transfer, and displays ads. An application can have zero, one, or more tags. The submission request is easily accessible from the website. Release Notes.

Firewall

Firewall Risk Media Engineering

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Security Affairs

AUGUST 19, 2022

Bumblebee has been active since March 2022 when it was spotted by Google’s Threat Analysis Group (TAG), experts noticed that cybercriminal groups that were previously using the BazaLoader and IcedID as part of their malware campaigns switched to the Bumblebee loader. ” reads the analysis published by Cybereason.

Malware

Malware Accountability Phishing Passwords

Google addressed 3 actively exploited flaws in Android

Security Affairs

JULY 8, 2023

The CVE-2023-26083 is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. An unprivileged user can exploit the flaw to gain unauthorized access to sensitive data and escalate privileges to the root.

Spyware

Spyware Hacking Mobile Information Security

Google addressed a new actively exploited Chrome zero-day

Security Affairs

DECEMBER 20, 2023

” The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm. “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. . “Google is aware that an exploit for CVE-2023-7024 exists in the wild.”

Surveillance

Surveillance Hacking Information Security

Remote Working One Year On: What the Future Holds for Cybersecurity

Security Boulevard

MARCH 19, 2021

tag=Inbound Threats'>Inbound Threats</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Email <a href='/blog?tag=Inbound These are fake but realistic emails sent to employees about current events which try to get them to click a link. Request a Demo. Featured: .

Cybersecurity

Cybersecurity CISO Social Engineering Technology

Google takes on Docs notification spammers

Malwarebytes

MARCH 8, 2022

Quite likely a bit too much work for people who just want to access their calendars without spam, and who can blame them? One such Google Docs revamp is the “tag tool” which fetches lists of recommended people. Spammers figured out they were able to send messages via tagging to “nearly any email address” (as per this article ).

Risk

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 8, 2023

Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments. The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report.

Backups

Backups Spyware Ransomware Education

Blacklisted apps in corporate companies on Android and iOS devices

CyberSecurity Insiders

NOVEMBER 8, 2021

And Douyin, a successor to the above stated Chinese short video app is also tagged as a global hit, as it has found a second place in the list with over 55.8 TikTok, that was developed by Chinese firm ByteDance has topped the list of most popular and downloaded apps worldwide in this year with over 57 million installs.

Data privacy

Data privacy Internet Internet Cybersecurity

Microsoft Patch Tuesday, August 2022 Edition

Krebs on Security

AUGUST 9, 2022

Microsoft this month also issued a different patch for another MSDT flaw, tagged as CVE-2022-35743. With CVE-2022-24477 , for example, an attacker can gain initial access to a user’s host and could take over the mailboxes for all exchange users, sending and reading emails and documents.

Authentication

Authentication Internet Internet Cyber threats

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

How we built the new Find My Device network with user security and privacy in mind

Trending Sources

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

USENIX Security ’23 – Lukas Lamster, Martin Unterguggenberger, David Schrammel, and Stefan Mangard – HashTag: Hash-based Integrity Protection for Tagged Architectures

RFID: Is it Secret? Is it Safe?

Ghostwriter v3.2 Release

Burger King forgets to put a password on their systems, again

Retrofitting Temporal Memory Safety on C++

Crickets from Chirp Systems in Smart Lock Key Leak

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang

Google TAG shares details about exploit chains used to install commercial spyware

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Exotic Lily initial access broker works with Conti gang

Ex-members of the Conti ransomware gang target Ukraine

Dependabot impersonators cause trouble on GitHub

How to protect your Kubernetes infrastructure from the Argo CD vulnerability

Sensitive data in the cloud gets new automated remediation tool from BigID

Google warned 12K+ users targeted by state-sponsored hackers

Millions of sites could be hacked due to flaws in popular WordPress plugins

Data Exfiltration taking place on Google Cloud Platform without trace

Arm, Qualcomm Patch Multiple Zero-Days Reported by Google

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Moving from Omnifocus to Reminders

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

SAP Patch Day: January 2024

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Meet Exotic Lily, access broker for ransomware and other malware peddlers

Reap the Benefits of Data Classification & Tagging

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

SAP Patch Day: December 2023

4 Ways North Korea Is Targeting Security Researchers

News Alert: Dasera unveils new data security and governance platform for ‘Snowflake’ users

Google announces V8 Sandbox to protect Chrome users

China-linked APT41 group spotted using open-source red teaming tool GC2

Mitigating Dynamic Application Risks with Secure Firewall Application Detectors

Bumblebee attacks, from initial access to the compromise of Active Directory Services

Google addressed 3 actively exploited flaws in Android

Google addressed a new actively exploited Chrome zero-day

Remote Working One Year On: What the Future Holds for Cybersecurity

Google takes on Docs notification spammers

CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog

Blacklisted apps in corporate companies on Android and iOS devices

Microsoft Patch Tuesday, August 2022 Edition

Stay Connected