Cyber Security Informer

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

NOVEMBER 6, 2023

” Google TAG has previously observed threat actors abusing Google services in their operations. In March 2023, TAG spotted an Iran-linked APT group using macro docs to infect users with a small.NET backdoor, BANANAMAIL that relies on Gmail as C2 infrastructure.

Accountability

Accountability Hacking Information Security Malware

Google takes on Docs notification spammers

Malwarebytes

MARCH 8, 2022

One such Google Docs revamp is the “tag tool” which fetches lists of recommended people. Around October 2020, spam messages via Google Docs came to light. It’s worth noting this behaviour wasn’t just restricted to Docs; other apps like Slides were affected too. So far, so good. Specifically: the comments feature.

Risk

Attackers create phishing lures with standard tools in Google Docs to steal credentials

SC Magazine

JUNE 17, 2021

Researchers on Thursday reported that hackers are using standard tools within Google Docs/Drive to lead unsuspecting victims to fraudulent websites, stealing credentials in the process. The attacker does not need the iframe tags and only needs to copy the part with the Google Docs link. brionv, CC BY-SA 2.0

Phishing

Phishing Social Engineering Engineering CISO

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Security Affairs

AUGUST 28, 2022

In June, researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Spyware Mobile Hacking

Google files lawsuit against blockchain botnet operators

CyberSecurity Insiders

DECEMBER 9, 2021

As per the Threat Analysis Group (TAG) of Google, the criminals are using such compromised devices to mine cryptocurrency, steal credentials from victims, and use them as proxies to hide their attacks.

Cryptocurrency

Cryptocurrency Government Internet Internet

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

.” Google announced to have removed around 63 million Google Docs files used as part of the Glupteba operation to distribute the bot to the victims. Glupteba disruption over last year: 63M Google Docs 1,183 Google Accounts, 908 Cloud Projects, and 870 Google Ads accounts. users were warned via Safe Browsing.

Backups

Backups Advertising Accountability Malware

Ingenious Phishing Tactics in the Modern Scammer's Toolbox

SecureWorld News

OCTOBER 30, 2023

The catch was that the document contained a function to transform these gibberish-looking symbols into hexadecimal values that denoted specific JavaScript tags. Google Docs comments abused to spread toxic links In early January 2022, bad actors mastered a new unusual technique to spew out phishing links and avoid detection.

Phishing

Phishing Scams Passwords Wireless

Anonymous Hacking Group Targets Russian Government

SecureWorld News

FEBRUARY 25, 2022

It's time to get involved in the cyber defense of our country," the post read, asking hackers and cybersecurity experts to submit an application via Google docs, listing their specialties, such as malware development, and professional references.

Government

Government Hacking Cybersecurity Technology

Ferocious Kitten: 6 years of covert surveillance in Iran

SecureList

JUNE 16, 2021

doc” (translates from Persian as “Romantic Solidarity With Lovers of Freedom2.doc”) doc”) and contains malicious macros that are accompanied by an odd decoy message attempting to convince the victim to enable its content: Decoy content in one of the malicious documents. u=[computername]_[username].

Surveillance

Surveillance Malware Password Management Passwords

“FudCo” Spam Empire Tied to Pakistani Software Firm

Krebs on Security

SEPTEMBER 6, 2021

Helpfully, many of the faces in that photo have been tagged and associated with their respective Facebook profiles. The current website for Saim Raza’s Fud Tools (above) offers phishing templates or “scam pages” for a variety of popular online sites like Office365 and Dropbox.

Software

Software Phishing Cybercrime Accountability

Mapping Penetration Testing report and vulnerability management CVEs

NopSec

MARCH 27, 2015

An organization with an account with Unified VRM can upload its penetration testing reports (as many as they like) in doc, docx and pdf formats.

Penetration Testing

Penetration Testing CISO Accountability

Fighting API Bots with Cloudflare's Invisible Turnstile

Troy Hunt

AUGUST 21, 2023

However, check it out in your browser's dev tools so you can see how it renders in the DOM and it will look more like this: Expand that DIV tag and you'll find a whole bunch more content set as a result of loading the widget, but that's not relevant right now. If you're in my shoes, go and give Turnstile a go.

Firewall

Firewall Authentication Internet Internet

Kali Linux 2023.1 Release (Kali Purple & Python Changes)

Kali Linux

MARCH 12, 2023

See /usr/share/doc/python3.11/README.venv Your browser does not support the video tag. Your browser does not support the video tag. If you wish to install a non-Debian packaged Python application, it may be easiest to use pipx install xyz, which will manage a virtual environment for you. Make sure you have pipx installed.

Firmware

Firmware Architecture Engineering Technology

Kali Linux 2022.2 Release (GNOME 42, KDE 5.24 & hollywood-activate)

Kali Linux

MAY 15, 2022

Your browser does not support the video tag. Kali Documentation Updates We’ve pushed a couple of changes to the Kali-Docs during this time as well. Even though this project was designed for 1st April it still works as an awesome screensaver.

Wireless

Wireless Firmware Architecture Media

Kali Linux 2.0 Release - Sana

Kali Linux

AUGUST 10, 2015

Our Next Generation Penetration Testing Platform We’re still buzzing and recovering from the Black Hat and DEF CON conferences where we finished presenting our new [Kali Linux Dojo](](/docs/development/dojo-mastering-live-build/), which was a blast. ISOs for the first time.

Penetration Testing

Penetration Testing Wireless Mobile Information Security

Kali Linux 2021.4 Release

Kali Linux

DECEMBER 8, 2021

This release features the first module from SET: the Spear Phishing Email Attack, with many more to come - watch this space… Now you can use the Kali NetHunter app to customise your own Facebook, Messenger, or Twitter direct message email notifications for your social engineering attacks: Your browser does not support the video tag.

Social Engineering

Social Engineering VPN Architecture Engineering

Lazarus covets COVID-19-related intelligence

SecureList

DECEMBER 23, 2020

It is worth noting that Tistory is a South Korean blog posting service, which means the malware author is familiar with the South Korean internet environment: plugin course property tistory tag vacon slide parent manual themes product notice portal articles category doc entry isbn tb idx tab maincode level bbs method thesis content blogdata tname .

Malware

Malware Cryptocurrency Encryption Passwords

Black Hat USA 2022: Creating Hacker Summer Camp

Cisco Security

AUGUST 29, 2022

It also requires the time of ‘Doc’ – the lead network engineer at the Mandalay Bay, to whom we are all deeply grateful. Getting the port status of switches with a given tag with getDeviceSwitchPorts. This also included the Tag for the SSIDs. The first amongst these was the use of the Cisco Meraki API.

Engineering

Engineering Wireless Malware DNS

G Suite for Education. Top Benefits for G Suite Administrators

Spinone

JANUARY 15, 2019

Google Docs: spreadsheets, presentations, and forms Unlimited cloud storage Granular control for G Suite administrators – 24/7 support, eDiscovery tools, audit reports, security and administration controls, etc. Teachers can create assignments, send announcements, and instantly start class discussions.

Education

Education Backups Mobile Malware

Cybercrooks Are Increasingly Adept at Gaming Google's Services

SecureWorld News

FEBRUARY 7, 2023

Google Docs comments functionality mishandled for phishing In early 2022, analysts at email security firm Avanan spread the word about a new unorthodox technique for delivering toxic links to numerous users. To ensnare users, bad actors publish sketchy news with well thought out structures of tags and keywords that correspond to hot topics.

Cybercrime

Cybercrime Phishing Accountability Government

Cyber Security Informer

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Google takes on Docs notification spammers

Trending Sources

Attackers create phishing lures with standard tools in Google Docs to steal credentials

Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit?

Google files lawsuit against blockchain botnet operators

Google disrupts the Glupteba botnet

Ingenious Phishing Tactics in the Modern Scammer's Toolbox

Anonymous Hacking Group Targets Russian Government

Ferocious Kitten: 6 years of covert surveillance in Iran

“FudCo” Spam Empire Tied to Pakistani Software Firm

Mapping Penetration Testing report and vulnerability management CVEs

Fighting API Bots with Cloudflare's Invisible Turnstile

Kali Linux 2023.1 Release (Kali Purple & Python Changes)

Kali Linux 2022.2 Release (GNOME 42, KDE 5.24 & hollywood-activate)

Kali Linux 2.0 Release - Sana

Kali Linux 2021.4 Release

Lazarus covets COVID-19-related intelligence

Black Hat USA 2022: Creating Hacker Summer Camp

G Suite for Education. Top Benefits for G Suite Administrators

Cybercrooks Are Increasingly Adept at Gaming Google's Services

Stay Connected