Analysis, Government and Libraries - Information Management Today

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. Static Analysis x Dynamic Analysis.

Libraries

Libraries Metadata Education Security

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory. ” reads the MAR.

Security

Security Authentication Libraries Passwords

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, the researchers observed a surge in zero-day vulnerabilities in third-party components and libraries that can impact all products that use them. ” continues the report.

Government

Government Ransomware Libraries Access

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. ” reads the analysis published by Checkpoint. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library. Is it linked to ToddyCat APT?

Government

Government IT Encryption Libraries

Defining responsible AI governance with UCLA Health

Collibra

JUNE 27, 2024

Healthcare executives are doubting whether their returns on AI investments will materialize, highlighting the importance of risk assessment and impact analysis. UCLA Health is at the forefront of AI innovation in healthcare and has partnered with Collibra to bring clear, accessible AI governance to all levels of its organization.

Government

Government Artificial Intelligence Access Libraries

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs

APRIL 21, 2024

Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote. The threat actors behind the DuneQuixote campaign took steps to prevent collection and analysis the implants through the implementation of practical and well-designed evasion methods.

Libraries

Libraries Communications IT Government

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

Data, analysis and the library: Joining the dots at the Department for Work and Pensions

CILIP

MARCH 28, 2021

s analysis function, supporting wider decision-making and policy formulation. Here he speaks to Information Professional Editor Rob Green about how librarians and library services are now a central part of that function, and how the library service is supporting the wider needs of the Department. analysis function ?

Libraries

Libraries Access Government Analytics

Data quality: key for government agencies with a data mesh strategy

Collibra

JANUARY 9, 2024

In today’s world, data drives many of the decisions made by federal and state government agencies. High-quality data about vaccine supplies and population densities can lead to a successful distribution strategy, saving lives and strengthening public trust in the government’s response to the crisis.

Government

Government Education Libraries IT

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. Despite these risks, Microsoft considers the issues low-risk and declined to fix them, stating that some apps need to allow unsigned libraries for plugin support. ” continues the report.

Libraries

Libraries Risk Access Security

Urgent appeal: protect funding for public libraries at risk

CILIP

FEBRUARY 20, 2024

Urgent appeal: protect funding for public libraries at risk CILIP is the leading industry voice championing and representing library and information professionals across the United Kingdom, guided by our Royal Charter to develop and improve library and information services, and as a Charity to act in the public good.

Libraries

Libraries Risk Education Access

Documentation Theory for Information Governance

ARMA International

NOVEMBER 15, 2019

iv] Further, “the practices of government [and other public and private institutions] become formal or official to the extent that they are documented.” [v] This article aims to consider what a documentary focus can offer to the practices and understandings of information governance.

Information governance

Information governance Government Libraries Paper

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks.

Authentication

Authentication Libraries Access Government

What Counts as “Good Faith Security Research?”

Krebs on Security

JUNE 3, 2022

” The DOJ’s new policy (PDF) borrows language from a Library of Congress rulemaking (PDF) on the Digital Millennium Copyright Act (DMCA), a similarly controversial law that criminalizes production and dissemination of technologies or services designed to circumvent measures that control access to copyrighted works.

Security

Security Computer and Electronics Access Libraries

Five Benefits of an Automation Framework for Data Governance

erwin

JANUARY 24, 2019

Organizations are responsible for governing more data than ever before, making a strong automation framework a necessity. They need their data mappings to fall under governance and audit controls, with instant access to dynamic impact analysis and lineage. Governing metadata. Automated code generation.

Government

Government Metadata Big data Risk

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

The Last Watchdog

JUNE 3, 2022

Log4J, aka Log4Shell, refers to a gaping vulnerability that exists in an open-source logging library that’s deeply embedded within servers and applications all across the public Internet. President Biden’s cybersecurity executive order, issued in May, includes a detailed SBOM requirement for all software delivered to the federal government.

Systems administration

Systems administration Libraries Risk Authentication

Iran-linked threat actors compromise US Federal Network

Security Affairs

NOVEMBER 16, 2022

“CISA obtained four malicious files for analysis during an on-site incident response engagement at a Federal Civilian Executive Branch (FCEB) organization compromised by Iranian government sponsored advanced persistent threat (APT) actors.” ” reads the Malware Analysis Report (AR22-320A) published by CISA.

Mining

Mining Government Cybersecurity Libraries

Sanderson Report Shows that libraries are part of something bigger

CILIP

JANUARY 23, 2024

Sanderson Report Shows that libraries are part of something bigger UK media, leading writers, including two former Children's Laureates, and library advocates including CILIP CEO, Nick Poole came out in force to defend public and school libraries in response to Baroness Sanderson’s Review of Libraries.

Libraries

Libraries Risk Government Access

Alleged APT implanted a backdoor in the network of a US federal agency

Security Affairs

DECEMBER 20, 2021

federal government commission associated with international rights. federal government commission associated with international rights. ” According to security firm Avast who discovered the attack, the backdoor was likely used as the initial vector in a multi-stage attack to penetrate the government network.

Government

Government Libraries Access Security

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

This issue arises because the GeoTools library API, which GeoServer uses, evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library, allowing arbitrary code execution. government entities in Belgium, and telecommunications companies in Thailand and Brazil.

Libraries

Libraries Encryption Cybersecurity Access

Dominic Cummings: Libraries are "desperately needed"

CILIP

JANUARY 27, 2020

Dominic Cummings: Libraries are ?desperately Dominic Cummings: Libraries are ?desperately DURING the 2019 General Election Boris Johnson said he loved libraries and wanted to invest in opening more of them, but added: ?We His special adviser, Dominic Cummings, has no such conditions attached to his support for libraries.

Libraries

Libraries Government Paper Archiving

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The CISA agency is warning of a surge in Emotet attacks targeting multiple state and local governments in the US since August. The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August.

Government

Government Libraries Cybersecurity Phishing

Shift happens: the future office/library in a connected world

CILIP

SEPTEMBER 21, 2021

Shift happens: the future office/library in a connected world. an in-depth analysis of what the ?future Governments have drawn boundaries with wildly differing interpretations of risk. and, yes, the library. So what role can libraries play in the new normal ? s President?s Join CILIP?s future of work?

Libraries

Libraries Retail IT Digital transformation

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Security Affairs

SEPTEMBER 5, 2024

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The malware supports advanced encryption and obfuscation techniques to complicate malware analysis and hide its operations.

IT

IT Communications Encryption Libraries

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Security Affairs

MARCH 16, 2023

Multiple threat actors exploited a critical flaw in Progress Telerik to breach an unnamed US federal agency, said the US government. “Actors were then able to upload malicious dynamic-link library (DLL) files (some masqueraded as portable network graphics [PNG] files) to the C:WindowsTemp directory.” ” reads the MAR.

Libraries

Libraries Government Ransomware Cybersecurity

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

“The document said the exploit worked for Android versions 9 to 11, which was released in 2020, and that it took advantage of a flaw in the “image rendering library.” The three flaws were discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.

Marketing

Marketing Libraries Sales Government

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Security Affairs

MAY 12, 2020

The Zeus Sphinx malware was first observed on August 2015, a few days after a new variant of the popular Zeus banking trojan was offered for sale on hacker forums, At the end of March, experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware that focused on government relief payment.

Libraries

Libraries Sales Government IT

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

” reads the analysis published by Rising.AFR-6fyvilv #Sfile #Ransomware New Sample: 6E029B9B0A600CDC1E75A4F7228B332B pic.twitter.com/tB27dM8tjd — dnwls0719 (@fbgwls245) January 9, 2022. “The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption. as the suffix name.

Ransomware

Ransomware Encryption Libraries Communications

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. ” reads the analysis published by Symantec. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library.

File names

File names Encryption Manufacturing Libraries

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The hackers targeting organizations across multiple industries and have also targeted foreign governments, dissidents, and journalists. The two loaders discovered by Cylance and used by the APT group use side-loaded DLLs and an AES128 implementation from Crypto++ library for payload decryption.

Libraries

Libraries Encryption Communications Manufacturing

Information Governance Innovations in 2019

Everteam

JANUARY 22, 2019

If 2018 showed us anything, it’s that information governance has captured the attention of organizations of all sizes. Maybe they don’t all refer to the work they do on ensuring their information is well governed as “information governance,” but they are thinking about what’s needed and doing the work to make it happen.

Information governance

Information governance Government Unstructured data Analytics

Developer Sabotages Open-Source Software Package

Schneier on Security

MARCH 21, 2022

The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries. As a dependency, node-ipc is automatically downloaded and incorporated into other libraries, including ones like Vue.js CLI, which has more than 1 million weekly downloads. […].

Libraries

Libraries Manufacturing Risk Communications

Do I Need a Data Catalog?

erwin

JUNE 26, 2020

These fragmented data environments make data governance a challenge since business stakeholders, data analysts and other users are unable to discover data or run queries across an entire data set. Another classic example is the online or card catalog at a library. for analysis and integration purposes). Operational Metadata.

Metadata

Metadata Unstructured data Compliance Government

On the level - CILIP 2020 Spending Review analysis

CILIP

NOVEMBER 25, 2020

On the level - CILIP 2020 Spending Review analysis. t far behind, with predictable consequences for publicly-funded library services. runs counter to the commitments the Government was making on this front as recently as March (and as a main pillar of Conservative modernisation since 2010). s Spending Review announcement.

Libraries

Libraries Government Risk IT

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Security Affairs

MARCH 15, 2023

Russia-linked APT29 group abused the legitimate information exchange systems used by European countries to target government entities. Russia-linked APT29 (aka SVR group , Cozy Bear , Nobelium , and The Dukes ) was spotted abusing the legitimate information exchange systems used by European countries in attacks aimed at governments.

Metadata

Metadata Government Libraries Phishing

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

Croatia government agencies targeted with news SilentTrinity malware. Backdoor mechanism found in Ruby strong_password library. Cyberattack shuts down La Porte County government systems. Spotting RATs: Delphi wrapper makes the analysis harder. Prototype Pollution flaw discovered in all versions of Lodash Library.

Security

Security Libraries Data breaches Ransomware

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs. The malware samples analyzed by the researchers are slightly obfuscated using string obfuscation and dynamic Windows API library loading.

Military

Military Phishing Passwords Government

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

AUGUST 13, 2021

While several open-source tools exist for disk and data capture, network analysis, and specific device forensics, a growing number of vendors are building off what’s publicly available. The Sleuth Kit enables administrators to analyze file system data via a library of command-line tools for investing disk images. Volatility.

e-Discovery

e-Discovery Computer and Electronics Marketing Compliance

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

The APT10 group has added two new malware loaders to its arsenal and used in attacks aimed at government and private organizations in Southeast Asia. In April 2019, China-linked cyber-espionage group tracked as APT10 has added two new loaders to its arsenal and used it against government and private organizations in Southeast Asia.

Libraries

Libraries Phishing Government Cloud

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. ” reads the analysis published by Unit 42. Analysis of the C2 for a second Sword2033 sample revealed that the domain *.saspecialforces.co[.]za org over port 8443 for C2. .

Communications

Communications Military Government Libraries

ESET analyzes Turla APT’s usage of weaponized PowerShell

Security Affairs

JUNE 2, 2019

Turla group has been active since at least 2007 targeting government organizations and private businesses. “To confound detection, its operators recently started using PowerShell scripts that provide direct, in- memory loading and execution of malware executables and libraries. ” reads the report published by ESET.

Libraries

Libraries Security Cloud Cybersecurity

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Cleanup

Cleanup Libraries Access Manufacturing

Malicious file analysis – Example 01

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Trending Sources

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Defining responsible AI governance with UCLA Health

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

DuneQuixote campaign targets the Middle East with a complex backdoor

Raspberry Robin malware used in attacks against Telecom and Governments

Data, analysis and the library: Joining the dots at the Department for Work and Pensions

Data quality: key for government agencies with a data mesh strategy

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Urgent appeal: protect funding for public libraries at risk

Documentation Theory for Information Governance

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

What Counts as “Good Faith Security Research?”

Five Benefits of an Automation Framework for Data Governance

RSAC insights: Software tampering escalates as bad actors take advantage of ‘dependency confusion’

Iran-linked threat actors compromise US Federal Network

Sanderson Report Shows that libraries are part of something bigger

Alleged APT implanted a backdoor in the network of a US federal agency

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Dominic Cummings: Libraries are "desperately needed"

CISA alert warns of Emotet attacks on US govt entities

Shift happens: the future office/library in a connected world

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

A WhatsApp zero-day exploit can cost several million dollars

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Experts warn of attacks using a new Linux variant of SFile ransomware

China-linked APT41 group targets Hong Kong with Spyder Loader

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Information Governance Innovations in 2019

Developer Sabotages Open-Source Software Package

Do I Need a Data Catalog?

On the level - CILIP 2020 Spending Review analysis

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Security Affairs newsletter Round 222 – News of the week

XDSpy APT remained undetected since at least 2011

Best Digital Forensics Tools & Software for 2021

APT10 is back with two new loaders and new versions of known payloads

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

ESET analyzes Turla APT’s usage of weaponized PowerShell

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Stay Connected