Analysis, Government and Security - Information Management Today

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. v1: Pulse Connect Secure.

Security

Security Authentication Libraries Passwords

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. Static Analysis x Dynamic Analysis.

Libraries

Libraries Metadata Education Security

U.S. CISA: hackers breached a state government organization

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government

Government Authentication Cybersecurity Data breaches

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

Then he requested help from Amnesty Internationals Security Lab fearing to be the target of surveillance software like other journalists in Serbia. Evidence, including the spywares installation during BIA interviews, attributes these surveillance campaigns with high confidence to the BIA and Serbian government.

Personal data

Personal data Encryption Security Privacy

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Security Affairs

JUNE 6, 2022

Following the attacks of the Killnet Collective, the group responsible for the attacks against major government resources and law enforcement, a new group has been identified called “Cyber Spetsnaz”. Sources interviewed by Security Affairs interpreted this activity with high levels of confidence to be state-supported.

Government

Government Cybersecurity IoT Security

Zimbra zero-day exploited to steal government emails by four groups

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. ” continues the report. .”

Government

Government Authentication Phishing IT

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus is a surveillance malware developed by the Israeli surveillance NSO Group that could infect both iPhones and Android devices, it is sold exclusively to the governments and law enforcement agencies. The evidence demonstrates that governments used Pegasus to intimidate journalists and critical media. Pierluigi Paganini.

Government

Government Privacy IT Security

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Security Affairs

FEBRUARY 24, 2025

The origin of the data leak is unclear, the leak is large and inconsistently formatted, complicating the full analysis. TopSec is also a Tier 1 vulnerability supplier for China’s intelligence ministry and has provided cloud and IT security monitoring services nationwide since 2004.

Cybersecurity

Cybersecurity Government Cloud Security

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. The Chinese government made the headlines because government-linked APT groups exploited 12 zero-day vulnerabilities in 2023, which marks a notable increase from seven in 2022.

Government

Government Ransomware Libraries Access

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Security Affairs

SEPTEMBER 10, 2022

China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government officials in Europe, the Middle East, and South America with the PlugX malware.

Government

Government Archiving Metadata Encryption

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Security Affairs

APRIL 24, 2024

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). Cisco Talos researchers tracked this cyber-espionage campaign as ArcaneDoor.

Government

Government Authentication Communications Access

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Further analysis uncovered embedded scenarios detecting the victim’s IP (using GEO2IP module, deployed on a third-party WEB-site), likely done to selectively choose targets or to filter by region.

Phishing

Phishing e-Delivery Government Passwords

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Security Affairs

SEPTEMBER 15, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security

Security Military Ransomware Marketing

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

Security Affairs

FEBRUARY 19, 2024

The nation-state actors are known to carry out cyber-espionage against targeting government, military, and national infrastructure entities in Europe and Central Asia since at least December 2020. The researchers recommend reading the detailed analysis of the recent TAG-70 campaign here.

Military

Military Government Access Risk

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Security Affairs

AUGUST 11, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security

Security Ransomware Cloud Government

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Security Affairs

MAY 3, 2021

Pulse Secure has fixed a zero-day flaw in the Pulse Connect Secure (PCS) SSL VPN appliance that threat actors are actively exploiting in the wild. The vulnerability is a buffer overflow issue in Pulse Connect Secure Collaboration Suite prior b9.1R11.4 A vulnerability was discovered under Pulse Connect Secure (PCS).

Security

Security Cybersecurity Authentication Government

Awaken Likho APT group targets Russian government with a new implant

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises. This campaign highlights the group’s continued efforts to refine their remote access strategies.

Government

Government Archiving Phishing Access

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

Security Affairs

SEPTEMBER 8, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security

Security Insurance Ransomware Government

CISA analyzed stealthy malware found on compromised Pulse Secure devices

Security Affairs

JULY 22, 2021

CISA released an alert today about several stealth malware samples that were found on compromised Pulse Secure devices. Cybersecurity and Infrastructure Security Agency (CISA) published a security alert related to the discovery of 13 malware samples on compromised Pulse Secure devices, many of which were undetected by antivirus products.

e-Discovery

e-Discovery Security Passwords Access

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Security Affairs

OCTOBER 13, 2023

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. ” reads the analysis published by Checkpoint. The analysis of the C2 allowed the researchers to discover other loader variants used by the threat actor, such as CurLu, CurCore, and CurLog.

Government

Government IT Encryption Libraries

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. ” reads the analysis published by Carbon Black Managed Detection & Response team.

Education

Education Government Business Services Archiving

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.

e-Discovery

e-Discovery Communications Ransomware Government

China-linked APT groups targets orgs via Pulse Secure VPN devices

Security Affairs

MAY 28, 2021

Researchers from FireEye warn that China-linked APT groups continue to target Pulse Secure VPN devices to compromise networks. Cybersecurity researchers from FireEye warn once again that Chinese APT groups continue to target Pulse Secure VPN devices to penetrate target networks and deliver malicious web shells to steal sensitive information.

Security

Security Passwords Cybersecurity Government

Earth Krahang APT breached tens of government organizations worldwide

Security Affairs

MARCH 19, 2024

The campaign seems active since at least early 2022 and focuses primarily on government organizations. The group often exploited access to government infrastructure to target other government entities. Analysis of the backdoors uploaded on VirusTotal revealed that threat actors utilized geopolitical topics as bait.

Government

Government Phishing Access Passwords

US CISA Aims to Expand Automated Malware Analysis Support

Data Breach Today

APRIL 10, 2024

US Cyber Defense Agency Scales Next-Generation Malware Analysis Platform The U.S.

Cybersecurity

Cybersecurity Government Security IT

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. x and Ivanti Policy Secure. is a command injection vulnerability in web components of Ivanti Connect Secure (9.x, x) and Ivanti Policy Secure. reads the advisory published by Ivanti.

Security

Security Authentication Military Government

SYS01 stealer targets critical government infrastructure

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. ” reads the analysis published by Morphisec. to lure victims into downloading a malicious file. .”

Government

Government Manufacturing Authentication Cybersecurity

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JUNE 16, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches

Data breaches Security Ransomware Sales

Technical analysis of China-linked Earth Preta APT’s infection chain

Security Affairs

MARCH 27, 2023

China-linked Earth Preta cyberespionage group has been observed adopting new techniques to bypass security solutions. Trend Micro researchers reported that the China-linked Earth Preta group (aka Mustang Panda ) is actively changing its tools, tactics, and procedures (TTPs) to bypass security solutions.

Archiving

Archiving Phishing Passwords Government

The Mask APT is back after 10 years of silence

Security Affairs

DECEMBER 18, 2024

” reads the analysis published by Kaspersky. . “The persistence method used by the threat actor was based on WorldClient allowing loading of extensions that handle custom HTTP requests from clients to the email server.”

Government

Government IT Access Information Security

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

AUGUST 11, 2024

Every week the best security articles from Security Affairs are free in your email box. CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog Russian cyber spies stole data and emails from UK government systems 0.0.0.0 A new round of the weekly SecurityAffairs newsletter arrived!

Security

Security Ransomware MDM Personal data

Unmasking 2024’s Email Security Landscape

Security Affairs

FEBRUARY 28, 2024

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. million as malicious.

Security

Security Phishing Communications Financial Services

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Security Affairs

SEPTEMBER 3, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Being Used to Phish So Many of Us?

Security

Security Ransomware Data breaches IoT

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 24, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Government’s Antitrust Case Against Apple Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Ramadan ) Is it a Russia’s weapon?

Security

Security Passwords Military Marketing

North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

Security Affairs

JULY 7, 2022

The attacks against Healthcare and Public Health (HPH) Sector organizations started in May 2021 and government experts observed multiple cases that involved the use of the Maui ransomware. The joint report refers to an industry analysis of a sample of Maui provided in Stairwell Threat Report: Maui Ransomware. Pierluigi Paganini.

Ransomware

Ransomware Encryption Government Cybersecurity

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

Security Affairs

JANUARY 31, 2021

Last year, the group published a detailed analysis on how the Chinese government has improved its surveillance system to detect and block the popular circumvention tools Shadowsocks and its variants. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. and earlier) could bypass the firewall.

Paper

Paper Encryption Government IT

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. A security incident is often an indication of poor investment in security programs, rather than personal characeteriziation of the security leader.

Cybersecurity

Cybersecurity Risk Government Compliance

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

MAY 3, 2022

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies.

Manufacturing

Manufacturing Phishing Passwords Military

How Cryptocurrency Turns to Cash in Russian Banks

Krebs on Security

DECEMBER 11, 2024

com) — is registered as a money service business (MSB) with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). The analysis also showed nearly all 56 exchanges used services from Cloudflare , a global content delivery network based in San Francisco. formerly certa-pay[.]com) su , grumbot[.]com ”

Blockchain

Blockchain Mining Marketing IT

China-linked APT Sharp Panda targets government entities in Southeast Asia

Security Affairs

MARCH 8, 2023

China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework. CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia.

Government

Government Communications Phishing IT

What Counts as “Good Faith Security Research?”

Krebs on Security

JUNE 3, 2022

The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. ” What constitutes “good faith security research?” ” The new DOJ policy comes in response to a Supreme Court ruling last year in Van Buren v.

Security

Security Computer and Electronics Access Libraries

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

MARCH 8, 2024

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain.

Ransomware

Ransomware Data breaches Unstructured data Personal data

Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

SEPTEMBER 1, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security CMS Ransomware Phishing

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

Security Affairs

DECEMBER 29, 2023

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania, a government agency reported. Albania’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed that cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania.

Computer and Electronics

Computer and Electronics Government Security IT

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Malicious file analysis – Example 01

Webinars

Trending Sources

U.S. CISA: hackers breached a state government organization

Webinars

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Exclusive: Pro-Russia group ‘Cyber Spetsnaz’ is attacking government agencies

Zimbra zero-day exploited to steal government emails by four groups

Pegasus Project – how governments use Pegasus spyware against journalists

A data leak exposes the operations of the Chinese private firm TopSec, which provides Censorship-as-a-Service

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 11

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6

Pulse Secure fixes zero-day in Pulse Connect Secure (PCS) SSL VPN actively exploited

Awaken Likho APT group targets Russian government with a new implant

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 10

CISA analyzed stealthy malware found on compromised Pulse Secure devices

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

China’s Volt Typhoon botnet has re-emerged

China-linked APT groups targets orgs via Pulse Secure VPN devices

Earth Krahang APT breached tens of government organizations worldwide

US CISA Aims to Expand Automated Malware Analysis Support

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

SYS01 stealer targets critical government infrastructure

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

Technical analysis of China-linked Earth Preta APT’s infection chain

The Mask APT is back after 10 years of silence

Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

Unmasking 2024’s Email Security Landscape

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

Experts Explain How to Bypass Recent Improvement of China’s Great Firewall

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

China-linked APT Curious Gorge targeted Russian govt agencies

How Cryptocurrency Turns to Cash in Russian Banks

China-linked APT Sharp Panda targets government entities in Southeast Asia

What Counts as “Good Faith Security Research?”

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

Stay Connected