Cyber Security Informer

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia.

Government

Government Social Engineering Engineering Hacking

Google: Zero-Day Attacks Rise, Spyware and China are Dangers

Security Boulevard

MARCH 28, 2024

In a report this week, researchers with Google’s Threat Analysis Group (TAG) and its Mandiant business said they saw 97 zero-day. The post Google: Zero-Day Attacks Rise, Spyware and China are Dangers appeared first on Security Boulevard.

Spyware

Spyware Cybersecurity Mobile Malware

How we built the new Find My Device network with user security and privacy in mind

Google Security

APRIL 8, 2024

To build a private, crowdsourced device-locating network, we first conducted user research and gathered feedback from privacy and advocacy groups. The keys themselves have no location capabilities, but they may have a Bluetooth tag attached. if their own phone detects the tag), the network will discard crowdsourced reports for the tag.

Encryption

Encryption Risk Architecture Mobile

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” reads the report published by Google TAG. ” concludes the report.

Government

Government Surveillance Cybercrime Ransomware

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. Google TAG researcher Clément Lecigne discovered the zero-day in June while investigating targeted attacks against Zimbra’s email server. ” reads the advisory published by Google TAG.

Government

Government Authentication Phishing Hacking

North Korea-linked threat actors target cybersecurity experts with a zero-day

Security Affairs

SEPTEMBER 8, 2023

North Korea-linked threat actors were observed exploiting a zero-day vulnerability in an unnamed software to target cybersecurity researchers. The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). ” reads the advisory published by Google TAG.

Cybersecurity

Cybersecurity Media Accountability Software

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Security Affairs

FEBRUARY 6, 2024

Google’s TAG revealed that Commercial spyware vendors (CSV) were behind most of the zero-day vulnerabilities discovered in 2023. Google’s TAG tracked the activity of around 40 CSVs focusing on the types of software they develop. ” reads the report published by Google. Google hopes this report will serve as a call to action.

Spyware

Spyware Surveillance Government Software

Recently patched Apple, Chrome zero-days exploited in spyware attacks

Bleeping Computer

SEPTEMBER 22, 2023

Security researchers with the Citizen Lab and Google's Threat Analysis Group (TAG) revealed today that three zero-days patched by Apple on Thursday were abused as part of an exploit chain to install Cytrox's Predator spyware. [.]

Spyware

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. citizenlab in coordination with @Google ’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s #Predator #spyware through links sent via SMS and WhatsApp. .

Spyware

Spyware Surveillance Mobile Hacking

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. ” reported Google TAG.

Cybercrime

Cybercrime Malware Software Hacking

Burger King forgets to put a password on their systems, again

Security Affairs

AUGUST 2, 2023

Recently, the Cybernews research team uncovered that Burger King in France exposed sensitive credentials to the public due to a misconfiguration on their website. Publicly accessible credentials On June 1st, 2023, the Cybernews research team discovered a publicly accessible environment file (.env)

Passwords

Passwords Accountability Mobile Hacking

A Faster Path to Memory Safety: CHERI, Memory Tagging, and Control Flow Integrity

Security Boulevard

MARCH 12, 2024

The goal is to eliminate a broad class of software defects that make up to 70 percent of all vulnerabilities, according to researchers at Microsoft and Google. The post A Faster Path to Memory Safety: CHERI, Memory Tagging, and Control Flow Integrity appeared first on Security Boulevard.

Software

Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities

The Hacker News

MAY 26, 2023

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). The spyware, which is delivered by means of

Spyware

Spyware Marketing

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Security Affairs

JULY 27, 2023

It was developed by Zimbra, Inc The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. Zimbra this week released version ZCS 10.0.2

Hacking

Hacking Cyber threats Risk Information Security

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. TAG researchers tracked more than 30 vendors selling exploits or surveillance capabilities to nation-state actors. ” continues the analysis. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Security Affairs

NOVEMBER 30, 2022

Google’s Threat Analysis Group (TAG) linked three exploitation frameworks to a Spanish surveillance spyware vendor named Variston. While tracking the activities of commercial spyware vendors, Threat Analysis Group (TAG) spotted an exploitation framework likely linked Variston IT, a Spanish firm. ” TAG concludes.

Spyware

Spyware Surveillance Risk Internet

Abusing Windows Container Isolation Framework to avoid detection by security products

Security Affairs

AUGUST 31, 2023

Researchers demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at the recent DEF CON hacking conference demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions.

Antivirus

Antivirus Ransomware Hacking Malware

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Security Affairs

JUNE 19, 2022

The researchers believe that this vulnerability is being actively exploited in the wild, it has been rated with a CVSS score of 9.8. The vulnerability resides in the Merge Tag feature of the plugin. The vulnerability resides in the Merge Tag feature of the plugin. ” added the researchers. . 3.1.10, 3.2.28, 3.3.21.4,

Hacking

Hacking Cybersecurity Information Security

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

Researchers at Google’s Threat Analysis Group (TAG) have published their findings about a group they have dubbed Coldriver. Recently, TAG has noticed that the group uses “lure documents” to install a backdoor on the target’s system. It is mainly in use by security researchers to classify malware.

Social Engineering

Social Engineering Government Media DNS

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Dark Reading

MARCH 29, 2023

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Government

Government Spyware Surveillance Marketing

Google TAG spotted actors using new code signing tricks to evade detection

Security Affairs

SEPTEMBER 26, 2021

Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. ” read the analysis published by Google TAG.

Software

Software Hacking Cybercrime Information Security

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

Security Affairs

JULY 13, 2023

.” The vulnerability is reflected Cross-Site Scripting (XSS) that was discovered by Clément Lecigne of Google Threat Analysis Group (TAG). Google TAG researchers focus on identifying and countering advanced and persistent threats. Thank you to @Zimbra for publishing this advisory and mitigation advice!

Hacking

Hacking Backups Cyber threats Authentication

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Government Phishing Passwords

Zimbra Zero-Day Demands Urgent Manual Update

Dark Reading

JULY 14, 2023

A bug in Zimbra email servers is already being exploited in the wild, Google TAG researchers warn.

APT37 used Internet Explorer Zero-Day in a recent campaign

Security Affairs

DECEMBER 8, 2022

Google Threat Analysis Group researchers discovered the zero-day vulnerability in late October 2022, it was exploited by APT37 using specially crafted documents. ” reads the post published by TAG. TAG determined that the APT group abused the zero-day vulnerability in the JScript engine of Internet Explorer.

Internet

Internet Internet Engineering Malware

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

APRIL 20, 2023

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG).

Phishing

Phishing Education Accountability Telecommunications

RTLS systems vulnerable to MiTM attacks, location manipulation

Bleeping Computer

AUGUST 16, 2022

Security researchers have uncovered multiple vulnerabilities impacting UWB (ultra-wideband) RTLS (real-time locating systems), enabling threat actors to conduct man-in-the-middle attacks and manipulate tag geo-location data. [.].

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

Security Affairs

MARCH 8, 2022

Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukraine and European government and military orgs. Google TAG observed Russian, Belarusian, and Chinese threat actors targeting Ukrainian and European government and military organizations, as well as individuals. ” concludes the report.

DDOS

DDOS Phishing Government Hacking

China-linked threat actors are targeting the government of Ukraine

Security Affairs

MARCH 18, 2022

Google’s TAG team revealed that China-linked APT groups are targeting Ukraine’s government for intelligence purposes. Below is the tweet published by TAG chief, Shane Huntley, who cited the Google TAG Security Engineer Billy Leonard. ” wrote Leonard. China is working hard here too.

Government

Government Engineering Phishing Hacking

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

Security Affairs

NOVEMBER 12, 2021

Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The researchers discovered that attackers deployed on the sites hosted two iframes that were used to serve iOS and macOS exploits to the visitors.

Malware

Malware Media Surveillance Encryption

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

NetSpi Technical

MARCH 11, 2024

We intended to come back to this research as we felt that Outlook features a vast, underexplored attack surface and our repeated success on engagements over the last couple of years with Device Code phishing/vishing was the final push we needed. are displayed through a form structure in an “inspector window”. What makes that determination?”

Authentication

Authentication Penetration Testing Technology Phishing

Google: North Korean hackers have targeted security researchers via social media

Zero Day

JANUARY 25, 2021

Google TAG warns security researchers to be on the lookout when approached by unknown individuals on social media.

Media

Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks

The Hacker News

APRIL 5, 2023

A North Korean government-backed threat actor has been linked to attacks targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea and the U.S.

Government

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

Heimadal Security

JANUARY 14, 2022

An unofficial patch was released for a privilege escalation vulnerability that has an impact on all versions of Windows after Microsoft tagged its status as “won’t fix”. The flaw is located in the Windows RPC Protocol and was dubbed RemotePotato0 by security researchers.

Cybersecurity

4 Ways North Korea Is Targeting Security Researchers

SecureWorld News

JANUARY 26, 2021

Security researchers are some of the unsung heroes within the cybersecurity field. Google's Threat Analysis Group (TAG) has been working for several months to try to identify who is behind an ongoing campaign targeting security researchers, specifically those who work on vulnerability research and development at a variety of organizations.

Social Engineering

Social Engineering Engineering Accountability Malware

Millions of sites could be hacked due to flaws in popular WordPress plugins

Security Affairs

MARCH 19, 2021

Security researchers disclosed vulnerabilities in Elementor and WP Super Cache WordPress plugins that could be exploited to run arbitrary code and take over a website under certain circumstances. The lack of server-side validation for HTML tags in Elementor elements (i.e. ” reads the post published by Wordfence.

Hacking

Hacking Authentication

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

CSO Magazine

MARCH 31, 2023

"The zero-day exploits were used alongside n-day exploits and took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices," researchers with Google's Threat Analysis Group (TAG) said in a report detailing the attack campaigns.

Spyware

Spyware Mobile Surveillance Manufacturing

Google blocked China-linked APT31’s attacks targeting U.S. Government

Security Affairs

MARCH 9, 2022

The campaign took place in February and Google Threat Analysis Group (TAG) team was not able to link it to the ongoing invasion of Ukraine. Google Threat Analysis Group (TAG) director Shane Huntley confirmed that the IT giant was able to detect and block all phishing messages. government.

Government

Government Phishing DDOS Hacking

Google: North Korean hackers target security researchers again

Bleeping Computer

MARCH 31, 2021

Google's Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. [.].

Media

Media Government Accountability

Google TAG details cyber activity with regard to the invasion of Ukraine

Security Affairs

MARCH 31, 2022

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The researchers uncovered a phishing campaign conducted by a Russia-linked threat actor tracked as COLDRIVER (aka Calisto ) against a NATO Centre of Excellence and Eastern European militaries. ” continues the report.

Phishing

Phishing Accountability Government Hacking

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire actors recruited on Russian-speaking forums.

Accountability

Accountability Malware Phishing Social Engineering

Google TAG shares details about exploit chains used to install commercial spyware

Security Affairs

MARCH 29, 2023

Google’s Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware. Google’s Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. links sent over SMS to users.

Spyware

Spyware Surveillance Firmware Internet

Ex-members of the Conti ransomware gang target Ukraine

Security Affairs

SEPTEMBER 8, 2022

Researchers from Google’s Threat Analysis Group (TAG) reported that some former members of the Conti cybercrime group were involved in five different campaigns targeting Ukraine between April and August 2022. ” reads the TAG’s report. ” concludes TAG.

Ransomware

Ransomware Cybercrime Government Media

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Security Affairs

APRIL 2, 2024

Researchers from Defiant’s Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious script injection. Then the attacker can modify the raw request to contain an X-Forwarded-For header set to a malicious payload enclosed in script tags.

Accountability

Accountability Hacking Information Security

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Google: Zero-Day Attacks Rise, Spyware and China are Dangers

Trending Sources

How we built the new Find My Device network with user security and privacy in mind

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Zimbra zero-day exploited to steal government emails by four groups

North Korea-linked threat actors target cybersecurity experts with a zero-day

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Recently patched Apple, Chrome zero-days exploited in spyware attacks

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Burger King forgets to put a password on their systems, again

A Faster Path to Memory Safety: CHERI, Memory Tagging, and Control Flow Integrity

Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities

Zimbra fixed actively exploited zero-day CVE-2023-38750 in ZCS

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Google links three exploitation frameworks to Spanish commercial spyware vendor Variston

Abusing Windows Container Isolation Framework to avoid detection by security products

Critical flaw in Ninja Forms WordPress Plugin actively exploited in the wild

Coldriver threat group targets high-ranking officials to obtain credentials

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG spotted actors using new code signing tricks to evade detection

Zimbra urges customers to manually fix actively exploited zero-day reported by Google TAG

China-linked APT Curious Gorge targeted Russian govt agencies

Zimbra Zero-Day Demands Urgent Manual Update

APT37 used Internet Explorer Zero-Day in a recent campaign

Google TAG warns of Russia-linked APT groups targeting Ukraine

RTLS systems vulnerable to MiTM attacks, location manipulation

Google TAG: Russia, Belarus-linked APTs targeted Ukraine

China-linked threat actors are targeting the government of Ukraine

macOS Zero-Day exploited in watering hole attacks on users in Hong Kong

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook

Google: North Korean hackers have targeted security researchers via social media

Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks

Free Unofficial Patch for Windows ‘RemotePotato0’ Now Available

4 Ways North Korea Is Targeting Security Researchers

Millions of sites could be hacked due to flaws in popular WordPress plugins

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

Google blocked China-linked APT31’s attacks targeting U.S. Government

Google: North Korean hackers target security researchers again

Google TAG details cyber activity with regard to the invasion of Ukraine

YouTube creators’ accounts hijacked with cookie-stealing malware

Google TAG shares details about exploit chains used to install commercial spyware

Ex-members of the Conti ransomware gang target Ukraine

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Stay Connected