Analysis, Government and Libraries - Information Management Today

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory. ” reads the MAR.

Security

Security Authentication Libraries Passwords

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. Static Analysis x Dynamic Analysis.

Libraries

Libraries Metadata Education Security

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, the researchers observed a surge in zero-day vulnerabilities in third-party components and libraries that can impact all products that use them. ” continues the report.

Government

Government Ransomware Libraries Access

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. ” reads the analysis published by Checkpoint. The CurKeep payload is very small, it is 10kb in size, contains 26 functions and is not statically compiled with any library. Is it linked to ToddyCat APT?

Government

Government IT Encryption Libraries

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

FEBRUARY 11, 2022

FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. The bot is written in Golang and implements wormable capabilities, experts reported attacks against entities in the government, education, and finance sectors. ” reads the report published by Akamai.

Education

Education Government Libraries Mining

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group Cycldek is behind an advanced cyberespionage campaign targeting entities in the government and military sector in Vietnam. China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing.

Military

Military Government Phishing Libraries

Invitation to tender: Future ready libraries

CILIP

JANUARY 31, 2025

Invitation to tender: Future ready libraries CILIP is inviting researchers to undertake a gap analysis and consultation with sector experts to create a comprehensive review of training provision for leadership in the public library workforce in England.

Libraries

Libraries Access Government

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs

APRIL 21, 2024

Threat actors target government entities in the Middle East with a new backdoor dubbed CR4T as part of an operation tracked as DuneQuixote. The threat actors behind the DuneQuixote campaign took steps to prevent collection and analysis the implants through the implementation of practical and well-designed evasion methods.

Libraries

Libraries Communications IT Government

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. Despite these risks, Microsoft considers the issues low-risk and declined to fix them, stating that some apps need to allow unsigned libraries for plugin support. ” continues the report.

Libraries

Libraries Risk Access Security

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Security Affairs

SEPTEMBER 6, 2023

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, data theft, and credential access attacks.

Authentication

Authentication Libraries Access Government

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that deployed multiple malware families, including ransomware and information stealers (i.e.

Ransomware

Ransomware Phishing Government File names

Iran-linked threat actors compromise US Federal Network

Security Affairs

NOVEMBER 16, 2022

“CISA obtained four malicious files for analysis during an on-site incident response engagement at a Federal Civilian Executive Branch (FCEB) organization compromised by Iranian government sponsored advanced persistent threat (APT) actors.” ” reads the Malware Analysis Report (AR22-320A) published by CISA.

Government

Government Mining Cybersecurity Libraries

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

Security Affairs

SEPTEMBER 8, 2024

This issue arises because the GeoTools library API, which GeoServer uses, evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library, allowing arbitrary code execution. government entities in Belgium, and telecommunications companies in Thailand and Brazil.

Libraries

Libraries Encryption Cybersecurity Access

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

The CISA agency is warning of a surge in Emotet attacks targeting multiple state and local governments in the US since August. The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August.

Government

Government Libraries Cybersecurity Phishing

Alleged APT implanted a backdoor in the network of a US federal agency

Security Affairs

DECEMBER 20, 2021

federal government commission associated with international rights. federal government commission associated with international rights. ” According to security firm Avast who discovered the attack, the backdoor was likely used as the initial vector in a multi-stage attack to penetrate the government network.

Government

Government Libraries Access Security

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Security Affairs

MARCH 16, 2023

Multiple threat actors exploited a critical flaw in Progress Telerik to breach an unnamed US federal agency, said the US government. “Actors were then able to upload malicious dynamic-link library (DLL) files (some masqueraded as portable network graphics [PNG] files) to the C:WindowsTemp directory.” ” reads the MAR.

Libraries

Libraries Government Ransomware Cybersecurity

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Security Affairs

MAY 12, 2020

The Zeus Sphinx malware was first observed on August 2015, a few days after a new variant of the popular Zeus banking trojan was offered for sale on hacker forums, At the end of March, experts from IBM X-Force uncovered a hacking campaign employing the Zeus Sphinx malware that focused on government relief payment.

Libraries

Libraries Sales Government IT

Experts warn of attacks using a new Linux variant of SFile ransomware

Security Affairs

JANUARY 17, 2022

” reads the analysis published by Rising.AFR-6fyvilv #Sfile #Ransomware New Sample: 6E029B9B0A600CDC1E75A4F7228B332B pic.twitter.com/tB27dM8tjd — dnwls0719 (@fbgwls245) January 9, 2022. “The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption. as the suffix name.

Ransomware

Ransomware Encryption Libraries Communications

A WhatsApp zero-day exploit can cost several million dollars

Security Affairs

OCTOBER 5, 2023

“The document said the exploit worked for Android versions 9 to 11, which was released in 2020, and that it took advantage of a flaw in the “image rendering library.” The three flaws were discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.

Marketing

Marketing Libraries Sales Government

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

Security Affairs

SEPTEMBER 5, 2024

The group focuses on government departments that are involved in foreign affairs, technology, and telecommunications. The malware supports advanced encryption and obfuscation techniques to complicate malware analysis and hide its operations.

IT

IT Communications Encryption Libraries

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The hackers targeting organizations across multiple industries and have also targeted foreign governments, dissidents, and journalists. The two loaders discovered by Cylance and used by the APT group use side-loaded DLLs and an AES128 implementation from Crypto++ library for payload decryption.

Libraries

Libraries Encryption Communications Manufacturing

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec pointed out that the attacks against government organizations in Hong Kong remained undetected for a year in some cases. ” reads the analysis published by Symantec. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library.

File names

File names Encryption Manufacturing Libraries

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

The Last Watchdog

MARCH 24, 2025

We recommend using Dr. Michele Moscas theorem of quantum risk against an optimistic vs. pessimistic probability analysis. In general, this means avoiding hardcoding particular algorithms and favoring libraries and systems that simplify migrating between algorithms. This is where the concern of harvest now, decrypt later attacks apply.

Encryption

Encryption Financial Services Risk Libraries

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Security Affairs

MARCH 15, 2023

Russia-linked APT29 group abused the legitimate information exchange systems used by European countries to target government entities. Russia-linked APT29 (aka SVR group , Cozy Bear , Nobelium , and The Dukes ) was spotted abusing the legitimate information exchange systems used by European countries in attacks aimed at governments.

Metadata

Metadata Government Libraries Phishing

APT10 is back with two new loaders and new versions of known payloads

Security Affairs

MAY 27, 2019

The APT10 group has added two new malware loaders to its arsenal and used in attacks aimed at government and private organizations in Southeast Asia. In April 2019, China-linked cyber-espionage group tracked as APT10 has added two new loaders to its arsenal and used it against government and private organizations in Southeast Asia.

Libraries

Libraries Government Phishing Cloud

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

The APT group, recently discovered by ESET, targeted government and private companies in Belarus, Moldova, Russia, Serbia, and Ukraine, including militaries and Ministries of Foreign Affairs. The malware samples analyzed by the researchers are slightly obfuscated using string obfuscation and dynamic Windows API library loading.

Military

Military Phishing Passwords Government

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

Security Affairs

APRIL 26, 2023

In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities. ” reads the analysis published by Unit 42. Analysis of the C2 for a second Sword2033 sample revealed that the domain *.saspecialforces.co[.]za org over port 8443 for C2. .

Communications

Communications Military Government Libraries

ESET analyzes Turla APT’s usage of weaponized PowerShell

Security Affairs

JUNE 2, 2019

Turla group has been active since at least 2007 targeting government organizations and private businesses. “To confound detection, its operators recently started using PowerShell scripts that provide direct, in- memory loading and execution of malware executables and libraries. ” reads the report published by ESET.

Libraries

Libraries Security Cloud Cybersecurity

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.

Cleanup

Cleanup Libraries Access Manufacturing

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

LuminousMoth: Kaspersky uncovered an ongoing and large-scale APT campaign that targeted government entities in Southeast Asia, including Myanmar and the Philippines. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files.

Archiving

Archiving File names Government Libraries

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. Gallmaker is a politically motivated APT group that focused its surgical operations on the government, military or defense sectors. ” continues Symantec.

Military

Military File names Government Libraries

China-linked APT40 group hides behind 13 front companies

Security Affairs

JANUARY 13, 2020

The cyber-espionage group tracked as APT40 (aka TEMP.Periscope , TEMP.Jumper , and Leviathan ), apparently linked to the Chinese government, is focused on targeting countries important to the country’s Belt and Road Initiative (i.e. Hainan Xiandun even appears to operate from the Hainan University Library!”

Libraries

Libraries Information Security Military Government

Security Affairs newsletter Round 222 – News of the week

Security Affairs

JULY 13, 2019

Croatia government agencies targeted with news SilentTrinity malware. Backdoor mechanism found in Ruby strong_password library. Cyberattack shuts down La Porte County government systems. Spotting RATs: Delphi wrapper makes the analysis harder. Prototype Pollution flaw discovered in all versions of Lodash Library.

Security

Security Libraries Data breaches Ransomware

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings

Security Affairs

AUGUST 3, 2023

Rapid7 conducted an analysis on three distinct infusion pump models: the Alaris PC 8015, the Baxter Sigma Spectrum model 35700BAX2 along with its associated Wireless Battery Module (WBM), and the Hospira Abbott PLUM A+ with MedNet. ” reads the analysis published by Rapid7. . ” reads the analysis published by Rapid7.

Marketing

Marketing Authentication Communications Manufacturing

Cyber espionage campaign targets Asian countries since 2021

Security Affairs

SEPTEMBER 13, 2022

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021. Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021.

Government

Government Access Libraries Education

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

A previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ has been targeting military and government entities since 2018. Bitdefender researchers discovered a previously unknown China-linked threat actor dubbed ‘Unfading Sea Haze’ that has been targeting military and government entities since 2018.

Archiving

Archiving Military Communications Phishing

Raspberry Robin malware used in attacks against Telecom and Governments

Security Affairs

DECEMBER 24, 2022

The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. Pierluigi Paganini.

Government

Government Communications Ransomware Manufacturing

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Security Affairs

MAY 25, 2023

Then the library is executed via the Windows IIS web server process. ” reads the analysis published by ASEC. ” reads the analysis published by ASEC. Once discovered a vulnerable ISS server, the attackers leverage the DLL side-loading ( T1574.002 ) technique to execute a malicious DLL (msvcr100.dll) The msvcr100.dll

Libraries

Libraries Security Cybersecurity Government

Security Affairs newsletter Round 364 by Pierluigi Paganini

Security Affairs

MAY 8, 2022

Russia-linked APT29 targets diplomatic and government organizations Synology and QNAP warn of critical Netatalk flaws in some of their products Hackers stole +80M from DeFi platforms Rari Capital and Fei Protocol Apr 24 – Apr 30 Ukraine – Russia the silent cyber conflict.

Security

Security IoT Ransomware Libraries

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Security Affairs

SEPTEMBER 5, 2018

GOBLIN PANDA was focused on Vietnam, most of the targets were in the defense, energy, and government sectors. ” reads the analysis published by CrowdStrike. The analysis of command and control servers suggests that GOBLIN PANDA hackers are also targeting entities in Laos. ” concludes the report.

Metadata

Metadata File names Libraries Government

Defining responsible AI governance with UCLA Health

Collibra

JUNE 27, 2024

Healthcare executives are doubting whether their returns on AI investments will materialize, highlighting the importance of risk assessment and impact analysis. UCLA Health is at the forefront of AI innovation in healthcare and has partnered with Collibra to bring clear, accessible AI governance to all levels of its organization.

Government

Government Artificial Intelligence Access Libraries

Analyzing the APT34’s Jason project

Security Affairs

JUNE 6, 2019

Today I want to share a quick analysis on a new leaked APT34 Tool in order to track similarities between APT34 public available toolsets. Additional technical details, including Yara Rules and IoCs, are reported in the original analysis published by Marco Ramilli on his blog: [link]. Michael Lortz.

Computer and Electronics

Computer and Electronics Passwords Security Cybersecurity

After 2 years under the radars, Ratsnif emerges in OceanLotus ops

Security Affairs

JULY 1, 2019

The hackers targeted organizations across multiple industries and have also hit foreign governments, dissidents, and journalists. ” reads the analysis published by Cylance. ” continues the analysis. of the wolfSSL library , formerly known as CyaSSL.

Manufacturing

Manufacturing Libraries Security Communications

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Malicious file analysis – Example 01

Webinars

Trending Sources

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Webinars

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Invitation to tender: Future ready libraries

Raspberry Robin malware used in attacks against Telecom and Governments

DuneQuixote campaign targets the Middle East with a complex backdoor

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Iran-linked threat actors compromise US Federal Network

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401

CISA alert warns of Emotet attacks on US govt entities

Alleged APT implanted a backdoor in the network of a US federal agency

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Zeus Sphinx continues to be used in Coronavirus-themed attacks

Experts warn of attacks using a new Linux variant of SFile ransomware

A WhatsApp zero-day exploit can cost several million dollars

Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

China-linked APT41 group targets Hong Kong with Spyder Loader

SHARED INTEL Q&A: Forrester highlights why companies need to strive for ‘cryptoagility’– today

Russia-linked APT29 abuses EU information exchange systems in recent attacks

APT10 is back with two new loaders and new versions of known payloads

XDSpy APT remained undetected since at least 2011

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

ESET analyzes Turla APT’s usage of weaponized PowerShell

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

China-linked LuminousMoth APT targets entities from Southeast Asia

New Gallmaker APT group eschews malware in cyber espionage campaigns

China-linked APT40 group hides behind 13 front companies

Security Affairs newsletter Round 222 – News of the week

Decommissioned medical infusion pumps sold on secondary market could reveal Wi-Fi configuration settings

Cyber espionage campaign targets Asian countries since 2021

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Raspberry Robin malware used in attacks against Telecom and Governments

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

Security Affairs newsletter Round 364 by Pierluigi Paganini

CrowdStrike uncovered a new campaign of GOBLIN PANDA APT aimed at Vietnam

Defining responsible AI governance with UCLA Health

Analyzing the APT34’s Jason project

After 2 years under the radars, Ratsnif emerges in OceanLotus ops

Stay Connected