Cyber Security Informer

Google TAG spotted actors using new code signing tricks to evade detection

Security Affairs

SEPTEMBER 26, 2021

Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. ” read the analysis published by Google TAG.

Software

Software Hacking Cybercrime Information Security

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

The Hacker News

OCTOBER 18, 2023

A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations.

Google and Apple deliver support for unwanted tracking alerts in Android and iOS

Google Security

MAY 13, 2024

Google and Apple have worked together to create an industry specification – Detecting Unwanted Location Trackers – for Bluetooth tracking devices that makes it possible to alert users across both Android and iOS if such a device is unknowingly being used to track them.

Manufacturing

Manufacturing Engineering Internet Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Apple and Google join forces to stop unwanted tracking

Malwarebytes

MAY 15, 2024

The specification, called Detecting Unwanted Location Trackers , will make it possible to alert users across both iOS and Android if a device is unknowingly being used to track them. Bluetooth tag manufacturers including Chipolo, eufy, Jio, Motorola, and Pebblebee have all said that future tags will be compatible.

Manufacturing

Manufacturing Mobile Engineering Internet

How we built the new Find My Device network with user security and privacy in mind

Google Security

APRIL 8, 2024

The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag. Only the Bluetooth tag owner (and those they’ve chosen to share access with) can decrypt and view the tag’s location.

Encryption

Encryption Risk Architecture Mobile

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Google’s TAG tracked the activity of around 40 CSVs focusing on the types of software they develop. ” reads the report published by Google. ” concludes Google.

Spyware

Spyware Surveillance Government Software

Microsoft Defender tags Office updates as ransomware activity

Bleeping Computer

MARCH 16, 2022

Windows admins were hit today by a wave of Microsoft Defender for Endpoint false positives where Office updates were tagged as malicious in alerts pointing to ransomware behavior detected on their systems. [.].

Ransomware

Abusing Windows Container Isolation Framework to avoid detection by security products

Security Affairs

AUGUST 31, 2023

The researchers ran the current process inside a fabricated container and used a mini-filter to handle their I/O requests such that it can create, read, write, and delete files on the file system using kernel primitives and avoiding security product detection. Scan files with the tag in the PRE_CLEANUP function even if they were not altered.

Antivirus

Antivirus Ransomware Hacking Malware

Ghostwriter v3.2 Release

Security Boulevard

FEBRUARY 8, 2023

We overhauled how you interact with operation logs and added support for tagging clients, projects, reports, findings, evidence files, domains, servers, operation logs, and log entries. Tagging Tags will help you organize and customize your projects. Tags are comma-separated and appear as grey badges in the interface.

Social Engineering

Social Engineering Technology Engineering Cybersecurity

Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics

The Hacker News

DECEMBER 7, 2023

The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. It's also called Blue Callisto, BlueCharlie (or TAG-53),

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

NOVEMBER 6, 2023

. “According to the developer, GCR communicates exclusively via legitimate infrastructure operated by Google, making it difficult for defenders to detect suspicious activity.” ” Google TAG has previously observed threat actors abusing Google services in their operations.

Accountability

Accountability Hacking Information Security Malware

North Korea-linked threat actors target cybersecurity experts with a zero-day

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity

Cybersecurity Media Accountability Software

Microsoft Defender ATP detects Chrome updates as PHP backdoors

Bleeping Computer

FEBRUARY 3, 2021

Microsoft Defender for Endpoint is currently detecting at least two Chrome updates as malware, tagging the Slovenian localization file bundled with the Google Chrome installer as a malicious file. [.].

Malware

Palo Alto Networks Adds Cloud Misconfiguration Tool

Security Boulevard

AUGUST 31, 2021

Palo Alto Networks today revealed that its Bridgecrew by Prisma Cloud offering has been extended using another tool that now makes it possible to also detect configuration drifts across multiple clouds. The post Palo Alto Networks Adds Cloud Misconfiguration Tool appeared first on Security Boulevard.

Cybersecurity

Cybersecurity Network Security

Tracking the Trackers: For Better or Worse

SecureWorld News

NOVEMBER 27, 2023

These radios are being tracked and tagged by marketers, telecom companies and individuals in an effort to resell that data to parties willing to pay. Tiny BLE (Bluetooth Low Energy) tags are being placed in people’s vehicles, pockets, bags and other items on the move all the time.

Wireless

Wireless Energy and Utilities Technology Data privacy

Google adds unwanted tracker detection to Find My Device network

Malwarebytes

MAY 10, 2023

The basic principle of these tags is that anyone with the matching app and permissions on their device (usually a phone) contributes to find the last location where the tag was detected. This could happen if a criminal planted a tag on your laptop so they could track its location.

Ransomware

MTE - The promising path forward for memory safety

Google Security

NOVEMBER 7, 2023

to develop Memory Tagging Extension (MTE) technology. It’s becoming increasingly important to detect and prevent security vulnerabilities early in the software development cycle and also have the capability to mitigate the security attacks at the first moment of exploitation in production. as well as fuzzing (with sanitizers enabled).

Software

Software Technology Architecture Mobile

Google and Apple cooperate to address unwanted tracking

Malwarebytes

MAY 6, 2023

The basic principle of these tags is that anyone with the matching app and permissions on their device (usually a phone) contributes to find the last location where the tag was detected. Examples of these accessories are the Apple AirTag, Tile Mate and Pro, Samsung SmartTag, and Google’s expected Grogu.

Manufacturing

Manufacturing Technology Ransomware

Detecting Cobalt Strike and Hancitor traffic in PCAP

Security Boulevard

MAY 31, 2021

This video shows how Cobalt Strike and Hancitor C2 traffic can be detected using CapLoader. Your browser does not support the video tag. The post Detecting Cobalt Strike and Hancitor traffic in PCAP appeared first on Security Boulevard. I bet you're going: ?? OMG he's analyzing Windows malware on a Windows PC!!!

Malware

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. Google Threat Analysis Group (TAG) director Shane Huntley confirmed that the IT giant was able to detect and block all phishing messages. government.

Government

Government Phishing DDOS Hacking

Google Rewards S4E Team For Zero-Day Vulnerability Detection

SecureBlitz

NOVEMBER 20, 2021

Vulnerability Watch: Google Pays $6,000 To S4E Team For Zero-Day Vulnerability CVE-2021-30573 Detection. The Security For Everyone (S4E) team detected a Google Chrome Zero-day vulnerability tagged CVE-2021-30573 in Google’s latest version of the Chrome browser.

Cybersecurity

Cybersecurity Cyber threats

Ex-members of the Conti ransomware gang target Ukraine

Security Affairs

SEPTEMBER 8, 2022

Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. ” reads the TAG’s report. ” concludes TAG.

Ransomware

Ransomware Cybercrime Government Media

Retrofitting Temporal Memory Safety on C++

Google Security

MAY 26, 2022

Hardware Memory Tagging to the Rescue MTE (Memory Tagging Extension) is a new extension on the ARM v8.5A architecture that helps with detecting errors in software memory use. Every 16 bytes of memory are assigned a 4-bit tag. Pointers are also assigned a 4-bit tag. Pointers are also assigned a 4-bit tag.

Technology

Technology Architecture Authentication Software

Accelerating incident response using generative AI

Google Security

APRIL 26, 2024

At Google, when an incident is reported, our Detection & Response teams work to restore normal service as quickly as possible, while meeting both regulatory and contractual compliance requirements.

Risk

Risk Engineering Accountability Technology

New Kritec Magecart skimmer found on Magento stores

Malwarebytes

MARCH 22, 2023

Original campaign using WebSockets Researchers at Akamai reported on a Magecart skimmer campaign disguised as Google Tag Manager that also made the news with the compromise of one of Canada's largest liquor store (LCBO). shop in their IOCs which is a domain we sometimes saw injected near the Google Tag Manager script, but not within it.

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

Anton on Security

JANUARY 10, 2024

Overall, here is how word cloud of our 2023 episode titles looks like: (src) Top episodes from all years: “EP1 Confidentially Speaking“ “EP2 Data Security in the Cloud“ “EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil” “EP3 Automate and/or Die?” EP47 Megatrends, Macro-changes, Microservices, Oh My! More video!

Cloud Migration

Cloud Migration Government Network Security Risk

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. “To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. Follow me on Twitter: @securityaffairs and Facebook.

Malware

Malware Media Surveillance Encryption

Google warned 12K+ users targeted by state-sponsored hackers

Security Affairs

DECEMBER 1, 2019

Google’s Threat Analysis Group (TAG) revealed that it has detected and blocked attacks carried out by nation-state actors on 12,000 of its users in the third quarter of this year. ” reads the report published by Google TAG.”We SecurityAffairs – Google TAG, state-sponsored hacking). Pierluigi Paganini.

Phishing

Phishing Accountability Advertising Cyber Attacks

Data Exfiltration taking place on Google Cloud Platform without trace

CyberSecurity Insiders

MARCH 6, 2023

However, the GCP Security team has taken a note of this incident and tagged it as a security deficiency. On March 1st of this year, the web search giant found out that there was no exfiltration detected in its audit and there are ways to mitigate and detect the insufficient audit logging in GCP by improving log-forensics.

Data breaches

Data breaches Software Cybersecurity

Intel and Check Point Software extend partnership for ransomware protection

CyberSecurity Insiders

JANUARY 3, 2023

So, as a part of this collaboration the Harmony Endpoint solution from Check Point will be integrated into Intel vPro’s AI and ML driven threat detection tech allowing CPUs manufactured by the silicon wafer making giant analyze pre-detect data encryption commands in the digital attack flow.

Software

Software Ransomware Manufacturing Encryption

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Security Affairs

JULY 30, 2023

The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [ 2021 , 2020 , 2019 ], it is built off of the mid-year 2022 review. In 2021 the number of zero-days discovered by the researchers were 69 detected. ” reads the report published by Google TAG.

Firewall

Firewall Software Hacking Internet

Mitigating Dynamic Application Risks with Secure Firewall Application Detectors

Cisco Security

SEPTEMBER 23, 2021

Tags – Predefined tags that provide additional information about the application. Example tags include webmail, SSL protocol, file sharing/transfer, and displays ads. An application can have zero, one, or more tags. About Application Detection. The submission request is easily accessible from the website.

Firewall

Firewall Risk Media Engineering

Detecting browser data theft using Windows Event Logs

Google Security

APRIL 30, 2024

Where it is not possible to prevent the theft of credentials and cookies by malware, the next best thing is making the attack more observable by antivirus, endpoint detection agents, or enterprise administrators with basic log analysis tools. Create detection logic to detect theft. Step 3: Write detection logic to detect theft.

Passwords

Passwords Malware Encryption System Administration

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

NetSpi Technical

MARCH 11, 2024

This property tag contained the COM GUID that we have assigned in the configuration file, which ultimately defines what COM CLSID the form was eventually registered as. Again, SensePost provides an overview of these property tags and their importance so we will refrain from re-stating the same here. What makes that determination?”

Authentication

Authentication Penetration Testing Technology Phishing

SAP Patch Day: January 2024

Security Boulevard

JANUARY 9, 2024

SAP HotNews Security Note #3411067 , tagged with a CVSS score of 9.1, Customers who already applied the patch are not affected. The new HotNews Notes in Detail SAP has detected additional applications that can be affected by one or more of the CVEs that were addressed in SAP Security Note #3411067. HTTP/1 is not affected.

Internet

Internet Internet Marketing Technology

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Security Affairs

JULY 23, 2023

Update on CVE-2023-3519 vulnerable IPs: we now tag 15K Citrix IPs as vulnerable to CVE-2023-3519. We extended the tagging logic to tag as vulnerable all that return Last Modified headers with a date before July 1, 2023 00:00:00Z. We also improved NetScaler AAA detection coverage.

VPN

VPN Cyber Attacks Software Cybersecurity

Privacy Device Designed to Defend Against Illegal Wireless Tracking

SecureWorld News

FEBRUARY 10, 2023

BVS President and CEO Scott Schober spoke with SecureWorld News about the need for a product like this: "Stalking and illegal tracking of individuals, packages, and vehicles has never been easier due to tiny, high-tech BLE tags, including Apple's AirTag, Tile Tracker, and Samsung Smart Tags.

Wireless

Wireless Spyware Technology Personal Security

30 Docker images downloaded 20M times in cryptojacking attacks

Security Affairs

MARCH 30, 2021

.” The researchers pointed out that container registries allow users to upgrade their images and also upload a new tag to the registry. Tags are used to reference different versions of the same image. In my research, I used a cryptomining scanner that only detects simple cryptomining payloads. ” concludes the expert.

Cryptocurrency

Cryptocurrency Accountability Architecture Software

News Alert: Dasera unveils new data security and governance platform for ‘Snowflake’ users

The Last Watchdog

JUNE 23, 2023

Dasera offers continuous data usage and storage visibility, promptly detecting risks and aligning data security strategies with business objectives. For more information, visit www.dasera.com or contact us at info@dasera.com. Media contact: Brenda Christensen, Stellar PR, 818/307-9942, brenda.christensen@stellar-pr.com # # #

Government

Government Engineering Risk Healthcare

Relevant and Extended Detection with SecureX, Part Two: Endpoint Detections

Cisco Security

DECEMBER 15, 2021

In part one of this series we introduced the notion of risk-based extended detection with SecureX – the idea that a user can prioritise detections into incidents based on their idea of what constitutes risk in their environments and then extend those detections with enrichments from other products.

Risk

Risk Threat Detection Malware Government

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Security Affairs

APRIL 6, 2023

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. TAG believes that the ARCHIPELAGO group is a subset of a threat actor tracked by Mandiant as APT43. ” reads the analysis published by Google TAG.

Phishing

Phishing Media Passwords Malware

Exotic Lily initial access broker works with Conti gang

Security Affairs

MARCH 19, 2022

Google’s Threat Analysis Group (TAG) uncovered a new initial access broker, named Exotic Lily, that is closely affiliated with the Conti ransomware gang. Google’s Threat Analysis Group (TAG) researchers linked a new initial access broker, named Exotic Lily, to the Conti ransomware operation.

Cybercrime

Cybercrime Social Engineering Ransomware Engineering

Crooks use HTML smuggling to spread QBot malware via SVG files

Security Affairs

DECEMBER 14, 2022

. “SVG images are constructed using XML, allowing them to be placed within HTML using ordinary XML markup tags. Talos has identified malicious emails featuring HTML attachments with encoded SVG images that themselves contain HTML <script> tags. Including script tags within a SVG image is a legitimate feature of SVG.”

Malware

Malware Phishing Passwords Hacking

Is Identity Theft Protection Worth It?

Identity IQ

JANUARY 10, 2024

” Let’s break it down: what these services offer, how they help, and if the peace of mind is worth the price tag. Deciding whether identity theft protection is worth the price tag takes more than a simple cost-benefit analysis. Early Detection: Early detection is key to minimizing damage.

Identity Theft

Identity Theft Insurance Accountability Surveillance

Google TAG spotted actors using new code signing tricks to evade detection

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

Webinars

Trending Sources

Google and Apple deliver support for unwanted tracking alerts in Android and iOS

Webinars

Apple and Google join forces to stop unwanted tracking

How we built the new Find My Device network with user security and privacy in mind

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Microsoft Defender tags Office updates as ransomware activity

Abusing Windows Container Isolation Framework to avoid detection by security products

Ghostwriter v3.2 Release

Microsoft Warns of COLDRIVER's Evolving Evading and Credential-Stealing Tactics

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

North Korea-linked threat actors target cybersecurity experts with a zero-day

Microsoft Defender ATP detects Chrome updates as PHP backdoors

Palo Alto Networks Adds Cloud Misconfiguration Tool

Tracking the Trackers: For Better or Worse

Google adds unwanted tracker detection to Find My Device network

MTE - The promising path forward for memory safety

Google and Apple cooperate to address unwanted tracking

Detecting Cobalt Strike and Hancitor traffic in PCAP

Google blocked China-linked APT31’s attacks targeting U.S. Government

Google Rewards S4E Team For Zero-Day Vulnerability Detection

Ex-members of the Conti ransomware gang target Ukraine

Retrofitting Temporal Memory Safety on C++

Accelerating incident response using generative AI

New Kritec Magecart skimmer found on Magento stores

We Are Almost 3! Cloud Security Podcast by Google 2023 Reflections

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Google warned 12K+ users targeted by state-sponsored hackers

Data Exfiltration taking place on Google Cloud Platform without trace

Intel and Check Point Software extend partnership for ransomware protection

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Mitigating Dynamic Application Risks with Secure Firewall Application Detectors

Detecting browser data theft using Windows Event Logs

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

SAP Patch Day: January 2024

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519

Privacy Device Designed to Defend Against Illegal Wireless Tracking

30 Docker images downloaded 20M times in cryptojacking attacks

News Alert: Dasera unveils new data security and governance platform for ‘Snowflake’ users

Relevant and Extended Detection with SecureX, Part Two: Endpoint Detections

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Exotic Lily initial access broker works with Conti gang

Crooks use HTML smuggling to spread QBot malware via SVG files

Is Identity Theft Protection Worth It?

Stay Connected