Libraries and Phishing - Information Management Today

Rhysida ransomware gang is auctioning data stolen from the British Library

Security Affairs

NOVEMBER 20, 2023

The Rhysida ransomware group claimed responsibility for the recent cyberattack on the British Library that has caused a major IT outage. The Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. It is one of the largest libraries in the world. ” reads the announcement.

Libraries

Libraries Ransomware Manufacturing Education

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

APRIL 2, 2019

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library.

Libraries

Libraries Phishing Security IT

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S.

Phishing

Phishing Manufacturing Libraries IT

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

The kill chain starts with phishing messages that use a.docx file that once is opened triggers a template injection attack. The post Phishing campaign targets LATAM e-commerce users with Chaes Malware appeared first on Security Affairs. SecurityAffairs – hacking, malware).

Phishing

Phishing Mining Libraries Encryption

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Authentication Libraries

Iran-linked COBALT DICKENS group targets universities in new phishing campaign

Security Affairs

AUGUST 28, 2018

Experts from SecureWorks discovered a large phishing campaign targeting universities carried out by an Iran-linked threat actor COBALT DICKENS. Most of the websites spoofed universities’ online library systems, the attackers were interested in accessing those resources and gather intelligence. Pierluigi Paganini.

Phishing

Phishing Libraries Security Access

Epic Manchego gang uses Excel docs that avoid detection

Security Affairs

SEPTEMBER 7, 2020

Security experts from NVISO Labs recently spotted the activity of a new malware gang, tracked as Epic Manchego, that is actively targeting companies across the world with phishing emails since June. The phishing messages carry weaponized Excel documents that are able to bypass security checks and that had low detection rates.

Libraries

Libraries Phishing Passwords Security

Breach Roundup: Microsoft's Effort to Store EU Data Locally

Data Breach Today

JANUARY 18, 2024

Also: FBI Warning About Androxgh0st; eBay Pays a $3 Million Fine for Cyberstalking This week, Microsoft expanded plans to store EU citizens' data locally, shipping-themed phishing spam is a threat, the British Library overcame a ransomware setback, the FBI warned of Androxgh0st malware, Remcos RAT targeted South Korea, and eBay was fined $3 million (..)

Libraries

Libraries Phishing Ransomware

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Security Affairs

DECEMBER 17, 2023

Threat actors launched a phishing attack against a former employee obtaining his credentials and access to the Ledger’s NPMJS account. ledger library confirmed compromised and replaced with a drainer. The malicious npm module (2e6d5f64604be31) has been removed from the repository. that included a crypto drainer malware.

Phishing

Phishing Libraries Authentication Access

Industrial Sector targeted in surgical spear-phishing attacks

Security Affairs

AUGUST 3, 2018

Industrial sector hit by a surgical spear-phishing campaign aimed at installing legitimate remote administration software on victims’ machines. Attackers personalized the content of each phishing email reflecting the activity of the target organization and the type of work performed by the employee to whom the email is sent.

Phishing

Phishing Libraries Passwords Archiving

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Security Affairs

NOVEMBER 2, 2022

According to the advisory published by Dropbox, the company was the target of a phishing campaign that resulted in access to the GitHub repositories. Dropbox uses CircleCI for select internal deployments, and in early October, a phishing campaign targeted multiple Dropboxers using messages impersonating CircleCI. Pierluigi Paganini.

Access

Access Phishing Passwords Authentication

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

Iran-linked Cobalt Dickens APT group carried out a spear-phishing campaign aimed at tens of universities worldwide. This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” ” continues the report.

Phishing

Phishing Libraries File names Metadata

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. The attacks against the Canadian healthcare organizations were discovered between March 24 and March 26, they started with coronavirus -themed phishing campaigns that were carried out in the last months.

Ransomware

Ransomware Phishing Government File names

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Security Affairs

DECEMBER 27, 2023

. “In our ongoing investigation, Barracuda has determined that a threat actor has utilized an Arbitrary Code Execution (ACE) vulnerability within a third party library, Spreadsheet::ParseExcel, to deploy a specially crafted Excel email attachment to target a limited number of ESG devices.” ” reads the advisory.

Libraries

Libraries Access Cybersecurity Security

EastWind campaign targets Russian organizations with sophisticated backdoors

Security Affairs

AUGUST 12, 2024

Threat actors sent phishing emails with RAR archive attachments containing a Windows shortcut to install malware. “Attackers use the classic DLL sideloading technique: when the desktop.exe file is launched, the malicious VERSION.dll library is loaded into the corresponding process” reads the report published by Kaspersky.

Libraries

Libraries Encryption Cloud Archiving

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. ” concludes the report.

Phishing

Phishing Libraries Cybersecurity IT

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Security Affairs

APRIL 8, 2021

To see if your email address has been exposed in this data leak or other security breaches, use our personal data leak checker with a library of 15+ billion breached records. The data from the leaked files can be used by threat actors against LinkedIn users in multiple ways by: Carrying out targeted phishing attacks. Next steps.

Passwords

Passwords Phishing Personal data Libraries

Fullz House hacked the website of Boom! Mobile provider to steal credit cards

Security Affairs

OCTOBER 6, 2020

The e-skimmer was first spotted by researchers at Malwarebytes’ Threat Intelligence Team, the researchers noticed a single line of code that is used to load an external JavaScript library from paypal-debit[.]com/cdn/ga.js. us, had been injected with a one-liner that contains a Base64 encoded URL loading an external JavaScript library.”

Libraries

Libraries Phishing Analytics Security

New variant of BBTok Trojan targets users of +40 banks in LATAM

Security Affairs

SEPTEMBER 24, 2023

BBTok is written in Delphi and uses the Visual Component Library (VCL) to dynamically generate interfaces. The payload is being delivered via phishing emails that use multiple file types. The phishing messages include a malicious link.

Phishing

Phishing Libraries Archiving IT

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

NOVEMBER 14, 2023

” The second zero day this month is CVE-2023-36033 , which is a vulnerability in the “DWM Core Library” in Microsoft Windows that was exploited in the wild as a zero day and publicly disclosed prior to patches being available.

Phishing

Phishing Authentication Libraries Access

Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws

Security Affairs

NOVEMBER 14, 2023

Three of these vulnerabilities are actively exploited in attacks in the wild: – CVE-2023-36033 – Windows DWM Core Library Elevation of Privilege Vulnerability An attacker can trigger this vulnerability to elevate privileges through the Windows Desktop Manager (DWM).

Security

Security Cloud Libraries Phishing

Raccoon Stealer campaign circumvents Microsoft and Symantec anti-spam messaging gateways

Security Affairs

NOVEMBER 24, 2019

” The attackers delivered a phishing email to the inbox of an employee of a financial institution, the message was using a theme of a wire transfer to trick victims into opening the Dropbox URL and downloading the malicious file. In this campaign, the actors chose to host the malicious. ” concludes Cofense.

Libraries

Libraries Sales Phishing Security

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

According to the advisory published by Dropbox, the company was the target of a phishing campaign that resulted in access to the GitHub repositories. Dropbox uses CircleCI for select internal deployments, and in early October, a phishing campaign targeted multiple Dropboxers using messages impersonating CircleCI.

Passwords

Passwords Authentication Access Phishing

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

Recently, the Rhysida ransomware gang added the British Library to the list of victims on its Tor leak site. According to the advisory, the threat actors have exploited Zerologon ( CVE-2020-1472 ) in Microsoft’s Netlogon Remote Protocol in phishing attempts.

Ransomware

Ransomware Manufacturing Education Libraries

Evilnum APT used Python-based RAT PyVil in recent attacks

Security Affairs

SEPTEMBER 3, 2020

Attackers carried out spear-phishing emails using the Know Your Customer regulations (KYC) as a lure. The second layer of Python code decodes and loads to memory the main RAT and the imported libraries. The new infection chain starts by including just one LNK file in the ZIP archive attached to spear-phishing messages.

Phishing

Phishing Encryption File names Metadata

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Security Affairs

JULY 12, 2021

Even though LinkedIn’s representatives are correct in saying that no private data was exposed, collecting publicly available information on a mass scale can still put users at risk of spam and phishing attacks. In addition, beware of phishing emails and text messages. What’s being sold by the threat actor?

Archiving

Archiving Passwords Data collection Sales

Cyber Defense Magazine – April 2019 has arrived. Enjoy it!

Security Affairs

APRIL 2, 2019

Visit our online library by clicking here. . GARY BERMAN AND HIS TEAM BELIEVE THAT INFOSEC KNOWLEDGE IS POWERFUL – TAKE YOUR AVERAGE EMPLOYEE AND MAKE THEM A CYBER HERO – YOU WILL EMPOWERED THEM AGAINST THE LATEST SPEAR PHISHING ATTACKS AND RANSOMWARE, IN A FUN EDUCATIONAL WAY. InfoSec Knowledge is Power. BREAKING NEWS.

IT

IT Libraries Education Phishing

Magecart attacks are still around but are more difficult to detect

Security Affairs

JUNE 22, 2022

Malwarebytes researchers observed the use of 3 different themes by the threat actor to hide their skimmer, named after JavaScript libraries: hal-data[.]org/gre/code.js Crypto wallets and similar digital assets are extremely valuable and there is no doubt that clever schemes to rob those are in place beyond phishing for them.

Cleanup

Cleanup CMS Libraries Phishing

XDSpy APT remained undetected since at least 2011

Security Affairs

OCTOBER 2, 2020

In February 2020 Belarussian CERT published a security advisory about an ongoing spear-phishing campaign, linked by ESET to XDSpy, targeting several Belarussian ministries and agencies. The malware samples analyzed by the researchers are slightly obfuscated using string obfuscation and dynamic Windows API library loading.

Military

Military Phishing Passwords Government

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

The malicious activity starts with a phishing email sent to the target victims in Latin American – Brazil, Mexico, Chile, and Peru – and Europe – Spain and Portugal. In short, the phishing email is received by victims. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY.

Libraries

Libraries Communications Phishing Encryption

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. “Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. ” reads that alert published by CISA.

Government

Government Libraries Cybersecurity Phishing

French telephone operator La Poste Mobile suffered a ransomware attack

Security Affairs

JULY 10, 2022

The company highlight the risks of identity theft or phishing attacks in case their data have been compromised. Recent incidents attributed to the group include attacks on a Foxconn factory, a Canadian fighter jet training company, and a popular German library service. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Personal data Libraries Phishing

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

JANUARY 22, 2021

It also appeared on the home page of the Kindle with a cover image of our choice, which makes phishing attacks much easier.”

Authentication

Authentication Libraries Phishing Security

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Security Affairs

APRIL 6, 2021

China-linked APT group LuckyMouse (aka Cycldek, Goblin Panda , Hellsing, APT 27, and Conimes) is targeting government and military organizations in Vietnam with spear-phishing. The threat actors are sending out spear-phishing messages to compromise diplomatic targets in Southeast Asia, India, and the U.S. at least since 2013.

Military

Military Government Phishing Libraries

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

OCTOBER 3, 2018

“HIDDEN COBRA actors most likely deployed ISO 8583 libraries on the targeted switch application servers. Malicious threat actors use these libraries to help interpret financial request messages and properly construct fraudulent financial response messages.” ” continues the report.

Retail

Retail Libraries Government Phishing

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs

MAY 23, 2024

However, the researchers determined that one of methods used by the threat actors to regaining access to the target organizations are spear-phishing emails. The experts observed multiple spear-phishing attempts between March and May 2023. The messages use specially crafted archives containing LNK files disguised as regular documents.

Archiving

Archiving Military Communications Phishing

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

JANUARY 15, 2023

Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4

Security

Security Ransomware Libraries Phishing

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Security Affairs

NOVEMBER 29, 2023

Recently, the Rhysida ransomware gang added the British Library and China Energy Engineering Corporation to the list of victims on its Tor leak site. According to the advisory, the threat actors have exploited Zerologon ( CVE-2020-1472 ) in Microsoft’s Netlogon Remote Protocol in phishing attempts.

Ransomware

Ransomware Manufacturing Education Libraries

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs

DECEMBER 26, 2023

The group also claimed the hack of the British Library and China Energy Engineering Corporation. According to the advisory, the threat actors have exploited Zerologon ( CVE-2020-1472 ) in Microsoft’s Netlogon Remote Protocol in phishing attempts. The gang will publicly release the data over the seven days following the announcement.

Ransomware

Ransomware Manufacturing Education Libraries

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

Security Affairs

MAY 6, 2023

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Libraries Data breaches Ransomware

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Security Affairs

APRIL 13, 2023

The attack chain commences with a spear-phishing email containing a weaponized document, which contains a link leading to the download of an HTML file. The HTLM files are hosted on a legitimate online library website that was likely compromised by the threat actors sometime between the end of January 2023 and the beginning of February 2023.

Libraries

Libraries Military Education Government

Data of 2 million MyFreeCams users sold on a hacker forum

Security Affairs

JANUARY 22, 2021

“ To see if any of your online accounts were leaked, use our personal data leak checker with a library of 15+ billion breached records.” The company pointed out that no financial data was stolen in the attack and added that it did not have evidence that user data was actually compromised as part of the incident.

Sales

Sales Passwords Marketing Libraries

[INFOGRAPHIC] KnowBe4’s Content Library by the Numbers

KnowBe4

JULY 19, 2023

KnowBe4 offers the world’s largest library of always-fresh security awareness and compliance training content that includes assessments, interactive training modules, videos, games, posters and newsletters via the KnowBe4 ModStore.

Libraries

Libraries Security awareness Compliance Security

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

Security Affairs

OCTOBER 4, 2022

Threat actors sent spear-phishing emails using malicious Amazon-themed documents as lures. The experts spotted a dynamically linked library, codenamed FudModule.dll, that tries to disable various Windows monitoring features. The library modify kernel variables and remove kernel callbacks in the attempt to disable the features.

Libraries

Libraries Phishing Security IT

Rhysida ransomware gang is auctioning data stolen from the British Library

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Webinars

Trending Sources

FIN7 targeted a large U.S. carmaker phishing attacks

Webinars

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Iran-linked COBALT DICKENS group targets universities in new phishing campaign

Epic Manchego gang uses Excel docs that avoid detection

Breach Roundup: Microsoft's Effort to Store EU Data Locally

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Industrial Sector targeted in surgical spear-phishing attacks

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

EastWind campaign targets Russian organizations with sophisticated backdoors

IcedID malware campaign targets Zoom users

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

Fullz House hacked the website of Boom! Mobile provider to steal credit cards

New variant of BBTok Trojan targets users of +40 banks in LATAM

Microsoft Patch Tuesday, November 2023 Edition

Microsoft Patch Tuesday security updates fixed 3 actively exploited flaws

Raccoon Stealer campaign circumvents Microsoft and Symantec anti-spam messaging gateways

Threat actors hacked the Dropbox Sign production environment

Rhysida ransomware gang claimed China Energy hack

Evilnum APT used Python-based RAT PyVil in recent attacks

Threat actors scrape 600 million LinkedIn profiles and are selling the data online – again

Cyber Defense Magazine – April 2019 has arrived. Enjoy it!

Magecart attacks are still around but are more difficult to detect

XDSpy APT remained undetected since at least 2011

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

CISA alert warns of Emotet attacks on US govt entities

French telephone operator La Poste Mobile suffered a ransomware attack

KindleDrip exploit – Hacking a Kindle device with a simple email

Chinese Cycldek APT targets Vietnamese Military and Government in sophisticated attacks

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Chinese actor ‘Unfading Sea Haze’ remained undetected for five years

Security Affairs newsletter Round 402 by Pierluigi Paganini

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Rhysida ransomware group hacked Abdali Hospital in Jordan

Security Affairs newsletter Round 418 by Pierluigi Paganini – International edition

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Data of 2 million MyFreeCams users sold on a hacker forum

[INFOGRAPHIC] KnowBe4’s Content Library by the Numbers

Lazarus APT employed an exploit in a Dell firmware driver in recent attacks

Stay Connected