Information Security - Cyber Security Informer

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Google’s TAG tracked the activity of around 40 CSVs focusing on the types of software they develop. ” reads the report published by Google. ” concludes Google.

Spyware

Spyware Surveillance Government Software

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia.

Government

Government Social Engineering Engineering Hacking

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

JANUARY 18, 2024

Google TAG researchers warn that COLDRIVER is evolving tactics, techniques and procedures (TTPs), to improve its detection evasion capabilities. Recently, TAG has observed COLDRIVER delivering custom malware via phishing campaigns using PDFs as lure documents. ” reads TAG’s analysis. ” concludes the report.

Phishing

Phishing Malware Encryption Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

DDOS

DDOS Phishing Government Hacking

TL;DR of TAG Cyber and Sonrai Security?

Security Boulevard

OCTOBER 13, 2022

Reading Time: 6 minutes As business leaders recognize the increased revenue growth associated with cloud strategies, Information Security teams must find ways to adapt and, more importantly, participate in this rapid deployment approach. TAG Cyber worked with Sonrai Security to better understand how cloud […].

Information Security

Information Security Risk CISO

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Spyware

Spyware Surveillance Firmware Internet

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Security Affairs

JULY 13, 2023

.” The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. Thank you to @Zimbra for publishing this advisory and mitigation advice!

Hacking

Hacking Backups Cyber threats Authentication

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” continues the analysis. Follow me on Twitter: @securityaffairs and Facebook.

Surveillance

Surveillance Mobile Spyware Telecommunications

Google TAG spotted actors using new code signing tricks to evade detection

Security Affairs

SEPTEMBER 26, 2021

Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. By code signing executables, it is possible to verify their integrity and provide information about the identity of the signer. . ” read the analysis published by Google TAG. 509 certificate.”

Software

Software Hacking Cybercrime Information Security

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. “ However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence.” In one case observed by the TAG team.

Phishing

Phishing Accountability Government Hacking

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Google TAG researcher Clément Lecigne discovered the zero-day in June while investigating targeted attacks against Zimbra’s email server. ” reads the advisory published by Google TAG.

Government

Government Authentication Phishing Hacking

5 Benefits of Hiring a Virtual Chief Information Security Officer (vCISO)

Security Boulevard

SEPTEMBER 9, 2022

As digital initiatives and supply chains extend attack surfaces and increase exposure, modern organizations face unprecedented security challenges. But hiring a full-time chief information security officer (CISO) is not always possible for organizations – nor is it always needed. SilverSky can help.

Information Security

Information Security CISO Risk Cybersecurity

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

Researchers at Google’s Threat Analysis Group (TAG) have published their findings about a group they have dubbed Coldriver. Recently, TAG has noticed that the group uses “lure documents” to install a backdoor on the target’s system. It is mainly in use by security researchers to classify malware.

Social Engineering

Social Engineering Government Media DNS

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Security Affairs

FEBRUARY 7, 2024

In September 2023, Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) were used to install Cytrox Predator spyware. TAG observed these exploits delivered in two different ways: the MITM injection and via one-time links sent directly to the target.

Spyware

Spyware Hacking Cybersecurity Risk

North Korea-linked threat actors target cybersecurity experts with a zero-day

Security Affairs

SEPTEMBER 8, 2023

The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with the previous campaign. ” reads the advisory published by Google TAG.

Cybersecurity

Cybersecurity Media Accountability Software

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” reads the report published by Google TAG.

Government

Government Surveillance Cybercrime Ransomware

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. Apple this week released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild.

Spyware

Spyware Surveillance Mobile Hacking

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Security Affairs

NOVEMBER 6, 2023

” Google TAG has previously observed threat actors abusing Google services in their operations. In March 2023, TAG spotted an Iran-linked APT group using macro docs to infect users with a small.NET backdoor, BANANAMAIL that relies on Gmail as C2 infrastructure.

Accountability

Accountability Hacking Information Security Malware

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. ” wrote Leonard. China is working hard here too.

Government

Government Engineering Phishing Hacking

Cytrox’s Predator spyware used zero-day exploits in 3 campaigns

Security Affairs

MAY 23, 2022

Google’s Threat Analysis Group (TAG) uncovered campaigns targeting Android users with five zero-day vulnerabilities. Google’s Threat Analysis Group (TAG) researchers discovered three campaigns, between August and October 2021, targeting Android users with five zero-day vulnerabilities. ” continues the report.

Spyware

Spyware Surveillance Government Banking

Burger King forgets to put a password on their systems, again

Security Affairs

AUGUST 2, 2023

Another piece of sensitive information that the research team observed included a Google Tag Manager ID. Google Tag Manager is a tool used to optimize update measurement codes and related code fragments, collectively known as tags, on a website or mobile app.

Passwords

Passwords Accountability Mobile Hacking

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Government Phishing Passwords

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Security Affairs

JULY 27, 2023

It was developed by Zimbra, Inc The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. Zimbra this week released version ZCS 10.0.2

Hacking

Hacking Cyber threats Risk Information Security

How to select a DLP solution: 9 unusual considerations

CSO Magazine

FEBRUARY 18, 2021

Data loss prevention (DLP) is an increasingly popular solution in toolkits of enterprise information security teams. As a result, they pick a brand that employs more intrusive advertising and promises bells and whistles, all with an appealing price tag. To read this article in full, please click here (Insider Story)

Advertising

Advertising Information Security

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

” reads the post published by TAG. TAG determined that the APT group abused the zero-day vulnerability in the JScript engine of Internet Explorer. TAG also identified other documents that were used to exploit the same vulnerability, the experts speculate they may be part of the same campaign. CVE-2017-0199 ).

Internet

Internet Internet Engineering Malware

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Security Affairs

JUNE 19, 2022

The vulnerability resides in the Merge Tag feature of the plugin. “One feature of Ninja Forms is the ability to add “Merge Tags” to forms that will auto-populate values from other areas of WordPress like Post IDs and logged in user’s names. ” reads the advisory published by Wordfence.

Hacking

Hacking Cybersecurity Information Security

Ex-members of the Conti ransomware gang target Ukraine

Security Affairs

SEPTEMBER 8, 2022

Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. ” reads the TAG’s report. ” concludes TAG.

Ransomware

Ransomware Cybercrime Government Media

Google Threat Analysis Group took down ten influence operations in Q2 2020

Security Affairs

AUGUST 7, 2020

Google published its second Threat Analysis Group (TAG) report which reveals the company has taken down ten coordinated operations in Q2 2020. Google has published its second Threat Analysis Group (TAG) report , a bulletin that includes coordinated influence operation campaigns tracked in Q2 of 2020. response to COVID-19.

Accountability

Accountability Advertising Media Government

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. Google Threat Analysis Group (TAG) director Shane Huntley confirmed that the IT giant was able to detect and block all phishing messages. government.

Government

Government Phishing DDOS Hacking

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. “To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. Follow me on Twitter: @securityaffairs and Facebook.

Malware

Malware Media Surveillance Encryption

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Security Affairs

APRIL 13, 2022

The remote code execution flaw, tracked as CVE-2020-17530, resides in forced OGNL evaluation when evaluated on raw user input in tag attributes. Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution – similar to S2-059.” ” reads the advisory published by Apache.

Software

Software Hacking Cybersecurity Information Security

Abusing Windows Container Isolation Framework to avoid detection by security products

Security Affairs

AUGUST 31, 2023

Because we can override files using the IO_REPARSE_TAG_WCI_1 reparse tag without the detection of antivirus drivers, their detection algorithm will not receive the whole picture and thus will not trigger.” Scan files with the tag in the PRE_CLEANUP function even if they were not altered. ” continues the report.

Antivirus

Antivirus Ransomware Hacking Malware

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

Security Affairs

JULY 30, 2023

The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [ 2021 , 2020 , 2019 ], it is built off of the mid-year 2022 review. ” reads the report published by Google TAG.

Firewall

Firewall Software Hacking Internet

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums. .

Accountability

Accountability Malware Phishing Social Engineering

Google warned users of 33,015 nation-state attacks since January

Security Affairs

OCTOBER 17, 2020

Shane Huntley, Director at Google’s Threat Analysis Group (TAG), revealed that her team has shared its findings with the campaigns and the Federal Bureau of Investigation. ” reads the report published by Google TAG. SecurityAffairs – hacking, Google TAG). Pierluigi Paganini.

DDOS

DDOS Phishing Advertising Accountability

How to Enhance Data Loss Prevention in Office 365

Security Boulevard

MARCH 17, 2021

tag=Cybersecurity'>Cybersecurity</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=IT tag=IT Security'>IT Security</a> Protecting customer data from loss and leakage has become a top priority for enterprises over the past decade.

Data breaches

Data breaches Ransomware Financial Services CISO

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Security Affairs

DECEMBER 28, 2023

Numerous leaks disseminated in the underground cyber world were tagged with ‘Free Leaksmas,’ indicating that these significant leaks were shared freely among various cybercriminals as a form of mutual gratitude. Instead, they marked the holiday season in their unique way.

Identity Theft

Identity Theft Data breaches Government Hacking

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 1, 2023

Google TAG shared indicators of compromise (IoCs) for both campaigns. The experts pointed out that both campaigns were limited and highly targeted. The threat actors behind the attacks used both zero-day and n-day exploits in their exploits. The exploits were used to install commercial spyware and malicious apps on targets’ devices.

Spyware

Spyware Surveillance Mobile Education

Apple released iOS 17.2 to address a dozen of security flaws

Security Affairs

DECEMBER 12, 2023

The fact that the issues were discovered by Google TAG suggests they were exploited by a nation-state actor or by a surveillance firm. Addressed issues include CVE-2023-42916 and CVE-2023-42917 which Apple fixed at the end of November. Clément Lecigne of Google’s Threat Analysis Group discovered both vulnerabilities.

Surveillance

Surveillance Hacking Information Security

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies.

Malware

Malware Phishing Antivirus Hacking

Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike

Security Affairs

OCTOBER 18, 2022

This can be exploited using an object tag, which in turn can load a malicious payload from a webserver, which is then executed by the Cobalt Strike client.” “Disabling automatic parsing of html tags across the entire client was enough to mitigate this behaviour.” ” reads the post published by HelpSystems.

Architecture

Architecture Software Hacking Information Security

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Webinars

Trending Sources

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Webinars

Google TAG warns of Russia-linked APT groups targeting Ukraine

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

TL;DR of TAG Cyber and Sonrai Security?

Google TAG shares details about exploit chains used to install commercial spyware

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Google TAG spotted actors using new code signing tricks to evade detection

Google TAG details cyber activity with regard to the invasion of Ukraine

Zimbra zero-day exploited to steal government emails by four groups

5 Benefits of Hiring a Virtual Chief Information Security Officer (vCISO)

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Coldriver threat group targets high-ranking officials to obtain credentials

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

North Korea-linked threat actors target cybersecurity experts with a zero-day

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

China-linked threat actors are targeting the government of Ukraine

Cytrox’s Predator spyware used zero-day exploits in 3 campaigns

Burger King forgets to put a password on their systems, again

China-linked APT Curious Gorge targeted Russian govt agencies

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

How to select a DLP solution: 9 unusual considerations

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

APT37 used Internet Explorer Zero-Day in a recent campaign

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Ex-members of the Conti ransomware gang target Ukraine

Google Threat Analysis Group took down ten influence operations in Q2 2020

Google blocked China-linked APT31’s attacks targeting U.S. Government

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Abusing Windows Container Isolation Framework to avoid detection by security products

In 2022, more than 40% of zero-day exploits used in the wild were variations of previous issues

YouTube creators’ accounts hijacked with cookie-stealing malware

Google warned users of 33,015 nation-state attacks since January

How to Enhance Data Loss Prevention in Office 365

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

CISA adds bugs exploited by commercial surveillance spyware to Known Exploited Vulnerabilities catalog

Apple released iOS 17.2 to address a dozen of security flaws

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike

Stay Connected