Groups and Libraries - Information Management Today

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

Ransomware Hackers May Be Exploiting Aiohttp Library Bug

Data Breach Today

MARCH 18, 2024

The Python Library Flaw Allows Directory Traversal Attacks Hackers who are possibly members of a criminal group affiliated with numerous ransomware-as-a-service operations are exploiting a directory traversal vulnerability in a Python library that allows unauthenticated remote attackers access to sensitive information from server files.

Libraries

Libraries Ransomware Access

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Pierluigi Paganini.

Libraries

Libraries IT Mining Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day.

Libraries

Libraries IT Cybersecurity Risk

How to Package and Price Embedded Analytics

Just by embedding analytics, application owners can charge 24% more for their product. How much value could you add? This framework explains how application enhancements can extend your product offerings. Brought to you by Logi Analytics.

Analytics

China-linked APT group uses new Macma macOS backdoor version

Security Affairs

JULY 24, 2024

China-linked APT group Daggerfly (aka Evasive Panda, Bronze Highland) Evasive Panda has been spotted using an updated version of the macOS backdoor Macma. NGO based in China, which indicates the group also engages in internal espionage. This highlights the group’s ongoing evolution in cyber espionage tactics.

Libraries

Libraries IT Information Security Security

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Libraries

Libraries IT Security Information Security

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Security Affairs

DECEMBER 27, 2023

Security firm Barracuda addressed a new zero-day, affecting its Email Security Gateway (ESG) appliances, that is actively exploited by the China-linked UNC4841 group. The vulnerability has been actively exploited by the Chinese hacker group UNC4841 Chinese. ” reads the advisory. ” reads the advisory.

Libraries

Libraries Access Cybersecurity Security

Backdoor mechanism found in Ruby strong_password library

Security Affairs

JULY 8, 2019

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7 version 0.0.7

Libraries

Libraries Passwords Security IT

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Security Affairs

AUGUST 7, 2024

The Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware and offers alleged stolen data for 25 BTC. The Rhysida Ransomware group claims to have breached Bayhealth Hospital and added the hospital to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Libraries Education

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The Rhysida ransomware group claimed to have hacked Abdali Hospital, a multi-specialty hospital located in Jordan. The Rhysida ransomware group claimed to have breached the Abdali Hospital in Jordan and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site. The Rhysida ransomware group has been active since May 2023. Data from the Royal Family!

Ransomware

Ransomware Manufacturing Education Libraries

DRBControl cyber-espionage group targets gambling, betting companies

Security Affairs

FEBRUARY 19, 2020

The DRBControl APT group has been targeting gambling and betting companies worldwide with malware that links to two China-linked APT groups. Security researchers from TrendMicro have uncovered a cyber espionage campaign carried out by an APT group tracked as DRBControl that employed a new family of malware.

Libraries

Libraries Phishing Passwords IT

GitLab addressed critical auth bypass flaws in CE and EE

Security Affairs

MARCH 13, 2025

“GitLab has remediated two privately disclosed security issues (CVE-2025-25291, CVE-2025-25292) identified in the ruby-saml library which GitLab uses when SAML SSO authentication is enabled at the instance or group level.” This library is, however, used in other popular projects and products.”

Authentication

Authentication Libraries Data breaches Security

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT hacker group has been employing a new piece of malware, dubbed Hildegard, to target Kubernetes installs. The hacking group TeamTNT has been employing a new piece of malware, dubbed Hildegard, in a series of attacks targeting Kubernetes systems. Uses a known Linux process name (bioset) to disguise the malicious process.

Mining

Mining Libraries Encryption Access

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007.

File names

File names Encryption Manufacturing Libraries

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

Security Affairs

APRIL 3, 2019

The OceanLotus APT group, also known as APT32 or Cobalt Kitty , leverages a steganography-based loader to deliver backdoors on compromised systems. The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a state-sponsored hacking group. Pierluigi Paganini.

Libraries

Libraries Encryption Communications Manufacturing

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

A new Chinese APT group, tracked as KilllSomeOne, appeared in the threat landscape targeting corporate organizations in Myanmar. A new Chinese APT group, tracked as KilllSomeOne, was spotted by researchers at Sophos. The advanced cyber-espionage group is targeting corporate organizations in Myanmar with DLL side-loading attacks.

File names

File names Encryption Libraries IT

Magecart 5 hacker group targets L7 Routers

Security Affairs

SEPTEMBER 27, 2019

IBM researchers observed one of the Magecart groups using a malicious code to inject into commercial-grade layer 7 L7 routers. IBM X-Force Incident Response and Intelligence Services (IRIS) experts observed that one of the Magecart groups, tracked as MG5, is using malware to inject into commercial-grade L7 routers. Pierluigi Paganini.

Libraries

Libraries Access IT Security

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

JUNE 18, 2020

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. The group has been active since at least 2013, ESET experts linked the group to the Gamaredon Russian APT group Gamaredon despite considers the two crews independent.

Military

Military Communications Libraries Encryption

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs.

Ransomware

Ransomware Encryption Government Retail

China-linked APT41 group targets US-Based Research University

Security Affairs

AUGUST 21, 2019

Security experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based Experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based The arsenal of the group includes backdoors , credential stealers, keyloggers, and rootkits. based research university. chm ) files.

Libraries

Libraries Education Phishing Encryption

China-linked APT40 group hides behind 13 front companies

Security Affairs

JANUARY 13, 2020

A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber – e spionage group dubbed APT40. The Intrusion Truth group has doxed the fourth Chinese state-sponsored hacking operation. “We know that multiple areas of China each have their own APT.”

Libraries

Libraries Information Security Military Government

Analyzing the evolution of MageCart cybercrime groups’ TTPs

Security Affairs

MARCH 1, 2019

Researchers from RiskIQ and FlashPoint analyzed the evolution of Magecart groups, in particular of a gang tracked as Group 4 that appears to be very sophisticated. Security firms have monitored the activities of a dozen Magecart groups at least since 2015. “Group 4 is advanced. “Group 4 is advanced.

Libraries

Libraries Phishing IT Access

New Gallmaker APT group eschews malware in cyber espionage campaigns

Security Affairs

OCTOBER 10, 2018

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Military

Military File names Government Libraries

Clasiopa group targets materials research in Asia

Security Affairs

FEBRUARY 25, 2023

The experts noticed that both the Domino and Agile software appear to be using old certificates and the Agile servers use old vulnerable libraries. The arsenal of the Clasiopa group includes: Atharvan custom remote access Trojan (RAT). Modified versions of the publicly available Lilith RAT. A custom proxy tool.

Passwords

Passwords Libraries Archiving Access

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

Security Affairs

APRIL 23, 2020

The malicious code leverages two custom resources, ‘godown.dll’and ‘filesystem.dll’ treated as type libraries and registered as OLE controls, to enumerate attached drives, traverse folder structures, and handle some C&C functionality. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Libraries

Libraries Cybersecurity Access IT

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon , using a novel tradecraft to gain initial access to target networks. ” concludes the report.

Cleanup

Cleanup Libraries Access Manufacturing

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Security Affairs

MAY 19, 2023

The Lemon Group cybercrime ring has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. A cybercrime group tracked has Lemon Group has reportedly pre-installed malware known as Guerilla on almost 9 million Android devices. The domain used by the DEX file belongs to the Lemon Group ( js [.]big

Libraries

Libraries Communications Big data Security

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Security Affairs

SEPTEMBER 3, 2024

These flaws could allow attackers to inject malicious libraries into Microsoft’s apps and steal permissions. Despite these risks, Microsoft considers the issues low-risk and declined to fix them, stating that some apps need to allow unsigned libraries for plugin support.

Libraries

Libraries Risk Access Security

Invitation to tender: Future ready libraries

CILIP

JANUARY 31, 2025

Invitation to tender: Future ready libraries CILIP is inviting researchers to undertake a gap analysis and consultation with sector experts to create a comprehensive review of training provision for leadership in the public library workforce in England.

Libraries

Libraries Access Government

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. ” reads the report published by Lookout.

File names

File names Libraries Cybersecurity IT

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

Krebs on Security

MARCH 17, 2022

The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses. For example, the popular library ES5-ext hadn’t updated its code in nearly two years. The message has been Google-Translated from Russian to English.

Libraries

Libraries IT Security

While attackers begin exploiting a second Log4j flaw, a third one emerges

Security Affairs

DECEMBER 16, 2021

Experts warn that threat actors are actively attempting to exploit a second bug disclosed in the popular Log4j logging library. American web infrastructure and website security company Cloudflare warns that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library.

Libraries

Libraries Ransomware Access Security

Hackers stole card data from 201 campus online stores in US and Canada, is it the Magecart group?

Security Affairs

MAY 5, 2019

Magecart group stole payment card details from the e-commerce system used by colleges and universities in Canada and the US. Security firms have monitored the activities of a dozen Magecart groups at least since 2015. According to a joint report published by RiskIQ and FlashPoint in March, some groups are more advanced than others.

e-Discovery

e-Discovery IT Analytics Libraries

Google addressed a new actively exploited Chrome zero-day

Security Affairs

DECEMBER 20, 2023

The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. Reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19” reads the advisory published by the IT giant. ” continues the advisory.

Libraries

Libraries Access IT Information Security

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs

AUGUST 12, 2024

The attackers sent commands to the malware via Dropbox, leading to the installation of additional Trojans, such as tools from the APT31 cyber espionage group and an updated version of the CloudSorcerer backdoor called GrewApacha. “This library is a backdoor packed with the VMProtect tool. . It also bears similarities to PlugX.”

Libraries

Libraries Encryption Cloud Archiving

Chinese Hacking Group Using Fresh DLL Side-Loading Attack

Data Breach Today

NOVEMBER 6, 2020

Sophos: APT Group Targeted Organizations In Southeast Asia A recently identified Chinese hacking group is using multiple types of Dynamic Link Library side-loading attack techniques to target non-government organizations in Southeast Asia, especially Myanmar, according to Sophos.

Libraries

Libraries Government

Attor malware was developed by one of the most sophisticated espionage groups

Security Affairs

OCTOBER 10, 2019

The researchers believe that the threat actor behind Attor a state-sponsored group involved in highly targeted attacks on selected targets. The malware implements a modular structure with a dispatcher and loadable plugins, all of which are implemented as dynamic-link libraries (DLLs). ” reads the analysis published by ESET.

Communications

Communications Encryption Metadata Libraries

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. ” concludes the report.

Cloud

Cloud Libraries Mining IT

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Security Affairs

NOVEMBER 29, 2023

Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group discovered the zero-day on on 2023-11-24. The CVE-2023-5217 is a high-severity integer overflow in Skia.

Libraries

Libraries Security Access IT

Apache releases the third patch to address a new Log4j flaw

Security Affairs

DECEMBER 18, 2021

Multiple flaws in the Log4J library are scaring organizations worldwide while threat actors are already exploiting them. While the experts were warning that threat actors are actively attempting to exploit a second vulnerability, tracked as CVE-2021-45046 , disclosed in the Log4j library a third security vulnerability made the headlines.

Libraries

Libraries Security Ransomware IT

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. China Energy Engineering Group ranks 3rd in ENR Top 150 Global Engineering Design Firms and 13th in ENR Top 250 Global Contractors. The Rhysida ransomware group has been active since May 2023.

Ransomware

Ransomware Manufacturing Education Libraries

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The Budworm espionage group resurfaced targeting a U.S.-based This is the first time that Symantec researchers have observed the Budworm group targeting a U.S-based The group also targeted a hospital in South East Asia. The China-linked APT27 group has been active since 2010, it targeted organizations worldwide, including U.S.

File names

File names Financial Services Manufacturing Libraries

Rhysida ransomware gang is auctioning data stolen from the British Library

Ransomware Hackers May Be Exploiting Aiohttp Library Bug

Webinars

Trending Sources

TeamTNT group adds new detection evasion tool to its Linux miner

Webinars

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

How to Package and Price Embedded Analytics

China-linked APT group uses new Macma macOS backdoor version

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Backdoor mechanism found in Ruby strong_password library

Rhysida Ransomware group claims to have breached Bayhealth Hospital in Delaware

Rhysida ransomware group hacked Abdali Hospital in Jordan

Rhysida ransomware group hacked King Edward VII’s Hospital in London

DRBControl cyber-espionage group targets gambling, betting companies

GitLab addressed critical auth bypass flaws in CE and EE

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

China-linked APT41 group targets Hong Kong with Spyder Loader

OceanLotus APT group leverages a steganography-based loader to deliver backdoors

New KilllSomeOne APT group leverages DLL side-loading

Magecart 5 hacker group targets L7 Routers

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

PYSA ransomware gang is the most active group in November

China-linked APT41 group targets US-Based Research University

China-linked APT40 group hides behind 13 front companies

Analyzing the evolution of MageCart cybercrime groups’ TTPs

New Gallmaker APT group eschews malware in cyber espionage campaigns

Clasiopa group targets materials research in Asia

Expert identifies new Nazar APT group referenced in 2017 Shadow Brokers leak

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Lemon Group gang pre-infected 9 million Android devices for fraudulent activities

Vulnerabilities in Microsoft apps for macOS allow stealing permissions

Invitation to tender: Future ready libraries

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

While attackers begin exploiting a second Log4j flaw, a third one emerges

Hackers stole card data from 201 campus online stores in US and Canada, is it the Magecart group?

Google addressed a new actively exploited Chrome zero-day

EastWind campaign targets Russian organizations with sophisticated backdoors

Chinese Hacking Group Using Fresh DLL Side-Loading Attack

Attor malware was developed by one of the most sophisticated espionage groups

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Apache releases the third patch to address a new Log4j flaw

Rhysida ransomware gang claimed China Energy hack

China-linked Budworm APT returns to target a US entity

Stay Connected