Cyber Security Informer

Google and Apple deliver support for unwanted tracking alerts in Android and iOS

Google Security

MAY 13, 2024

If a user gets such an alert on their Android device, it means that someone else’s AirTag, Find My Device network-compatible tracker tag, or other industry specification-compatible Bluetooth tracker is moving with them.

Manufacturing

Manufacturing Engineering Internet Internet

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

The Hacker News

SEPTEMBER 8, 2023

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines.

Cybersecurity

Cybersecurity Media Accountability Software

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. ” wrote Leonard. China is working hard here too.

Government

Government Engineering Phishing Hacking

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier

The Hacker News

DECEMBER 7, 2022

Recorded Future attributed the new infrastructure to a threat activity group it tracks under the name TAG-53, and is broadly known by the cybersecurity community as Blue Callisto, -based military weapons and hardware supplier.

Hacking

Hacking Cybersecurity

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

Even as the New Year approached and the world celebrated the festive Christmas season, the cybercriminal community did not pause their activities. Instead, they marked the holiday season in their unique way.

Identity Theft

Identity Theft Data breaches Government Hacking

Weekly Update 359

Troy Hunt

AUGUST 5, 2023

I settled for dumping stuff in a <pre> tag for now and will invest the time in doing it right later on.) the community input has been awesome - thank you!) Case in point: read my pain from last night about converting thousands of words of lawyer speak T&Cs from Microsoft Word to HTML.

Passwords

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. CVE-2021-30983 internally referred to as Clicked3, fixed by Apple in December 2021.

Surveillance

Surveillance Mobile Spyware Telecommunications

Massive iPhone Hack Targets Uyghurs

Schneier on Security

SEPTEMBER 3, 2019

Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. The vulnerabilities were patched in iOS 12.1.4,

Hacking

Hacking Surveillance Malware Government

North Korean Attackers Target Security Researchers via Social Media: Google

Dark Reading

JANUARY 26, 2021

Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.

Media

Media InfoSec

Arm, Qualcomm Patch Multiple Zero-Days Reported by Google

SecureWorld News

OCTOBER 5, 2023

This means that these attack vectors are effectively unknown to the security community, making them extremely valuable to malicious actors. Google's TAG and Project Zero teams identified a new Zero-Day vulnerability, CVE-2023-4211, which was being actively exploited in targeted attacks. Arm also found itself in a similar predicament.

Manufacturing

Manufacturing Risk Software Cybersecurity

VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

Security Affairs

DECEMBER 1, 2021

Collections are open to our VirusTotal Community (registered users) and they will be enhanced with VirusTotal analysis metadata providing the latest information we have for the IoCs, along with some aggregated tags.” ” reads the announcement published by Virus Total.

Hacking

Hacking Information Security Malware

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Spyware

Spyware Surveillance Firmware Internet

30 Docker images downloaded 20M times in cryptojacking attacks

Security Affairs

MARCH 30, 2021

library and community for container images. It includes over 100,000 container images from software vendors, open-source projects, and the community. ” The researchers pointed out that container registries allow users to upgrade their images and also upload a new tag to the registry.

Cryptocurrency

Cryptocurrency Accountability Architecture Software

4 Ways North Korea Is Targeting Security Researchers

SecureWorld News

JANUARY 26, 2021

Google's Threat Analysis Group (TAG) has been working for several months to try to identify who is behind an ongoing campaign targeting security researchers, specifically those who work on vulnerability research and development at a variety of organizations. Google's TAG team discovery: cyberattack motive.

Social Engineering

Social Engineering Engineering Accountability Malware

RFID: Is it Secret? Is it Safe?

Approachable Cyber Threats

JULY 19, 2022

RFID uses electromagnetic fields in the form of radio waves to establish communication links between an RFID tag or transmitter and an RFID reader or receiver. Pieces of information are transmitted through the link that the reader uses to establish authenticity of the tag or transmitter and authorize access. Is RFID secure?

Risk

Risk Encryption Technology Retail

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Anton on Security

JANUARY 10, 2024

We started doing the LIVE VIDEO recording sessions ( the latest ) We have a fun new community site for discussions We also covered a lot of AI. Much better website with content tags Finally, an obvious call to action! But we realized we don’t have enough new profound reflections…. We do have a few fun new things! what a NOT surprise ?

Cloud Migration

Cloud Migration Government Network Security Risk

North Korea-linked campaign targets security experts via social media

Security Affairs

JANUARY 26, 2021

Google TAG is warning that North Korea-linked hackers targeting security researchers through social media. Google Threat Analysis Group (TAG) is warning that North Korea-linked hackers targeting security researchers through social media. ” reads the TAG’s report. ” reads the TAG’s report.

Media

Media Social Engineering Engineering Accountability

North Korea hackers impersonating Coinbase to lure employees and customers

CyberSecurity Insiders

AUGUST 17, 2022

United States Intelligence Community has given the group as Hidden Cobra and Microsoft has tagged the name of this group as ZINC. NOTE – Lazarus is also known in the world of cybercrime as Guardians of Peace and is being run and funded by the government of North Korea.

Social Engineering

Social Engineering Cryptocurrency Education Cybercrime

SAP Patch Day: January 2024

Security Boulevard

JANUARY 9, 2024

SAP HotNews Security Note #3411067 , tagged with a CVSS score of 9.1, SAP Security Note #3413475 , tagged with a CVSS score of 9.1, SAP Security Note #3412456 , tagged with a CVSS score of 9.1, The HotPriority Notes in Detail SAP Security Note #3411869 , tagged with a CVSS score of 8.4, HTTP/1 is not affected.

Internet

Internet Internet Marketing Technology

Kali Linux 2024.1 Release (Micro Mirror)

Kali Linux

FEBRUARY 27, 2024

Introducing the Micro Mirror Free Software CDN With this latest release of Kali Linux, our network of community mirrors grew much stronger, thanks to the help of the Micro Mirror CDN! Free software and Linux distributions have been distributed thanks to community-supported mirrors for almost three decades now , it’s a long tradition.

Software

Software Firmware VPN Internet

Ghostwriter v4.1: The Custom Fields Update

Security Boulevard

APRIL 5, 2024

The Ghostwriter community has had some creative and stellar ideas. Community member @domwhewell contributed this feature to the project. Each observation has a title, optional tags, and a description field. Thank you to everyone in the Ghostwriter community who contributed feedback and code to this release!

Penetration Testing

Penetration Testing Social Engineering Engineering Cybersecurity

SAP Patch Day: December 2023

Security Boulevard

DECEMBER 12, 2023

SAP Security Note #3350297 , tagged with a CVSS score of 9.1, The New HotNews Note in Detail SAP Security Note #3411067 , tagged with a CVSS score of 9.1, High Priority SAP Security Notes SAP Security Notes #3394567 , tagged with a CVSS score of 8.1, SAP Security Notes #3382353 , tagged with a CVSS score of 7.5,

Passwords

Passwords Technology Mobile Government

Researcher hacked Apple AirTag two weeks after its launch

Security Affairs

MAY 11, 2021

The Apple AirTag has been available for just a couple of weeks and hacking community is already working on it to demonstrate that how to compromise it. The researcher explained that has found a way to modify the tracker software running on the tag, he was able to modify its NFC URL. ” reported the 9to5Mac website.

Hacking

Hacking Software Information Security Cybersecurity

SAP Security Patch Day June 2023

Security Boulevard

JUNE 13, 2023

This note is tagged with a CVSS score of 7.9. Updates in previously released High Priority SAP Security Notes SAP Security Note #3326210 , tagged with a CVSS score of 7.1, SAP Security Note #3102769 , tagged with a CVSS score of 8.8, SAP Note #3318657 is tagged with a CVSS score of 6.4

Manufacturing

Manufacturing Phishing Authentication

Launching OSV - Better vulnerability triage for open source

Google Security

FEBRUARY 5, 2021

This comes from the fact that versioning schemes in existing vulnerability standards (such as Common Platform Enumeration (CPE) ) do not map well with the actual open source versioning schemes, which are typically versions/tags and commit hashes. The result is missed vulnerabilities that affect downstream consumers.

Software

Software Accountability

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Security Affairs

NOVEMBER 15, 2021

ESET researchers reported that the North Korea-linked Lazarus APT group is targeting cyber security community with a trojanized pirated version of the popular IDA Pro reverse engineering software. North Korea-linked APT Lazarus targets security researchers using a trojanized pirated version of the popular IDA Pro reverse engineering software.

Cybersecurity

Cybersecurity Engineering Software Malware

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

Troy Hunt

MARCH 15, 2020

But the NDC events really need to run over 2 whole days, so we came up with a better idea: Scott and I will be tag-teaming the 2-day events. Community Support Lastly, I want to touch on how important it is to ensure the sustainability of events like the NDC conferences through this period and that really requires community support.

Hacking

Hacking Technology Software Risk

North Korea steals $620m Ethereum from US Video Game maker

CyberSecurity Insiders

APRIL 17, 2022

US Treasury has endorsed the news and tagged it as one of the biggest cryptocurrency heists of all time. They have been indulging in cyber attacks since 2010 and the US Intelligence community recognizes this gang of notorious criminals as Hidden Cobra.

Cryptocurrency

Cryptocurrency Government Education Cyber Attacks

Advancing an inclusive, diverse security industry

Google Security

JULY 20, 2021

Posted by Sarah Morales, Community Outreach Manager, Security It’s no secret that lack of diversity in corporate America is a well-documented problem and improvements have been slow. The next round of scholarships is open through August 2, 2021. To learn more and apply, please visit the WiCyS application page.

Information Security

Information Security Cybersecurity Education

Anonymous Hacking Group Targets Russian Government

SecureWorld News

FEBRUARY 25, 2022

Following Russian President Vladimir Putin's decision to invade Ukraine, the cybersecurity community is banding together to provide any relief it can to the citizens of Ukraine. Follow SecureWorld News to stay up to date on the latest developments in Ukraine (using the Russia-Ukraine tag below).

Government

Government Hacking Cybersecurity Technology

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

NOVEMBER 28, 2022

Pushwoosh employees posing at a company laser tag event. Edwards also found Pushwoosh’s technology embedded in nearly two dozen mobile apps that were sold to cities and towns across Illinois as a way to help citizens access general information about their local communities and officials. Edwards said the U.S. ”

Mobile

Mobile Malware Technology Government

SAP Patch Day: November 2022

Security Boulevard

NOVEMBER 8, 2022

The second HotNews Note that has been updated since October’s Patch Day is SAP Security Note #3239152 , tagged with a CVSS score of 9.6. High Priority Note #3226411 , tagged with a CVSS score of 8.1, SAP Security Note #3243924 , tagged with a CVSS score of 9.9, The second SAP vulnerability is tagged with a CVSS score of 7.5

Mobile

Mobile Accountability Banking Engineering

For Whom the Dell Tolls: Data Breach Affects 49 Million Customers

SecureWorld News

MAY 10, 2024

Everyone in the security community would tend to find fault with the teams handling the cause and impact of the breach, but in reality, only those who are in the middle of this breach know really how this could have been prevented. Could this have been prevented? Yes, and no.

Data breaches

Data breaches Identity Theft Risk CISO

Poulight Stealer, a new Comprehensive Stealer from Russia

Security Affairs

MAY 7, 2020

Poulight was first spotted by MalwareBytes researchers in middle March and indicators of compromise have been already shared among the security community. The first information tag “ prog.params ” is immediately retrieved in the instruction “ HandlerParams.Start() ” seen in Figure 4. Figure 1: C2 Panel of the Poulight infostealer.

Malware

Malware Advertising Cybercrime Internet

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Security Boulevard

JANUARY 10, 2024

We started doing the LIVE VIDEO recording sessions ( the latest ) We have a fun new community site for discussions We also covered a lot of AI. Much better website with content tags Finally, an obvious call to action! But we realized we don’t have enough new profound reflections…. We do have a few fun new things! what a NOT surprise ?

Cloud Migration

Cloud Migration Government Network Security Risk

Flipper Zero: Next Gen Hacking Tool for the Next Generation

SecureWorld News

JANUARY 30, 2023

Many of Flipper Zero's features blur the line between legal and illegal hacking, but anyone from my generation (the same ones who might've watched Flipper reruns on TV) remembers that hacking used to mean more than just breaking the law in the pursuit of money, IP theft, or just fame in your local hacker community.

Hacking

Hacking Wireless Cybersecurity Media

Celebrate Small Business Saturday!

SiteLock

AUGUST 27, 2021

Saturday, November 24, 2012, is the second annual Small Business Saturday – a day created to celebrate the success of entrepreneurs across the nation and all that they do for the community. Show it off by Tweeting a picture of it with the hash tag #SmallBizSat or share it with your friends via Facebook. Share your discoveries!

Small Business

Small Business Marketing

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Spur.us , a startup that tracks proxy services, told KrebsOnSecurity that the Internet addresses Lumen tagged as the AVrecon botnet’s “Command and Control” (C2) servers all tie back to a long-running proxy service called SocksEscort. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Malware

Malware VPN Internet Internet

Introducing rules_oci

Google Security

MAY 5, 2023

In this post, we’ll explain how rules_oci differs from its predecessor, rules_docker, and describe the benefits it offers for both container image security and the container community. We now sign on immutable digests references to images during the build instead of tags after the build.

Architecture

Architecture Government Software Risk

Google report on iPhone hack created ‘False Impression,’ states Apple

Security Affairs

SEPTEMBER 7, 2019

Earlier this year, Google Threat Analysis Group (TAG) experts uncovered an iPhone hacking campaign, initially, they spotted a limited number of hacked websites used in watering hole attacks against iPhone users. Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. ” Sainz wrote.”Google’s

Hacking

Hacking Spyware Advertising Mobile

Cyber Playbook: An Overview of PCI Compliance in 2022

Herjavec Group

MARCH 24, 2022

Generally speaking, the client-side web browser attack surface has been completely overlooked as a threat landscape except by malware authors, the hacking community, social media, and mass marketers. html tags, and links to 3rd party sources, end-user telemetry recording, etc. Client-Side Web Browser Vulnerabilities.

Architecture

Architecture Penetration Testing Firewall eCommerce

Actor’s verified Twitter profile hijacked to spam NFT giveaways

Malwarebytes

JANUARY 31, 2022

To enter: Follow me & @GrumpyKatzNFT Like & RT Tag 3 friends. It says: Building an NFT community | 450,000 supporters | NFT promoter | DM for promo. That is to say, promoting a range of pixel art cats known as “GrumpyKatz”. The tweet reads as follows: Giveaway time! I am working with @grumpykatznfts to giveaway 15 SOL ($1500).

Scams

Scams Cryptocurrency Accountability Phishing

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Here are our picks for the top threat intelligence feeds that security teams should consider adding to their defensive arsenal: AlienVault Open Threat Exchange: Best for community-driven threat feeds FBI InfraGard: Best for critical infrastructure security abuse.ch

Internet

Internet Internet Cybersecurity Malware

Q&A on the MITRE D3FEND Framework

Cisco Security

FEBRUARY 25, 2022

Everyone in the security community is familiar with the ATT&CK framework developed by MITRE. D3FEND been public for seven months and we still have the beta tag on the release. We have received great feedback on the model/ontology from the community and we are looking to release a stable version this year.

Engineering

Engineering Technology Cybersecurity Internet

Google and Apple deliver support for unwanted tracking alerts in Android and iOS

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Webinars

Trending Sources

China-linked threat actors are targeting the government of Ukraine

Webinars

Russian Hackers Spotted Targeting U.S. Military Weapons and Hardware Supplier

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Weekly Update 359

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Massive iPhone Hack Targets Uyghurs

North Korean Attackers Target Security Researchers via Social Media: Google

Arm, Qualcomm Patch Multiple Zero-Days Reported by Google

VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

Google TAG shares details about exploit chains used to install commercial spyware

30 Docker images downloaded 20M times in cryptojacking attacks

4 Ways North Korea Is Targeting Security Researchers

RFID: Is it Secret? Is it Safe?

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

North Korea-linked campaign targets security experts via social media

North Korea hackers impersonating Coinbase to lure employees and customers

SAP Patch Day: January 2024

Kali Linux 2024.1 Release (Micro Mirror)

Ghostwriter v4.1: The Custom Fields Update

SAP Patch Day: December 2023

Researcher hacked Apple AirTag two weeks after its launch

SAP Security Patch Day June 2023

Launching OSV - Better vulnerability triage for open source

North Korea-linked Lazarus group targets cybersecurity experts with Trojanized IDA Pro

Hack Yourself First Workshops in Australia, Denmark and Portugal (Virtually, of Course)

North Korea steals $620m Ethereum from US Video Game maker

Advancing an inclusive, diverse security industry

Anonymous Hacking Group Targets Russian Government

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

SAP Patch Day: November 2022

For Whom the Dell Tolls: Data Breach Affects 49 Million Customers

Poulight Stealer, a new Comprehensive Stealer from Russia

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Flipper Zero: Next Gen Hacking Tool for the Next Generation

Celebrate Small Business Saturday!

Who and What is Behind the Malware Proxy Service SocksEscort?

Introducing rules_oci

Google report on iPhone hack created ‘False Impression,’ states Apple

Cyber Playbook: An Overview of PCI Compliance in 2022

Actor’s verified Twitter profile hijacked to spam NFT giveaways

6 Best Threat Intelligence Feeds to Use in 2023

Q&A on the MITRE D3FEND Framework

Stay Connected