Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
Magika: AI powered fast and efficient file type identification
Today we are open-sourcing Magika, Google’s AI-powered file-type identification system, to help others accurately detect binary and textual file types. Under the hood, Magika employs a custom, highly optimized deep-learning model, enabling precise file identification within milliseconds, even when running on a CPU.
Google launches AI Cyber Defense Initiative to improve security infrastructure
Today, many seasoned security professionals will tell you they’ve been fighting a constant battle against cybercriminals and state-sponsored attackers. They will also tell you that any clear-eyed assessment shows that most of the patches, preventative measures and public awareness campaigns can only succeed at mitigating yesterday’s threats — not the threats waiting in the wings. That could be changing. As the world focuses on the potential of AI — and governments and industry work on a regulatory approach to ensure AI is safe and secure — we believe that AI represents an inflection point for digital security. We’re not alone. More than 40% of people view better security as a top application for AI — and it’s a topic that will be front and center at the Munich Security Conference this weekend.
New ‘Magic’ Gmail Security Uses AI And Is Here Now, Google Says
Google has confirmed a new security scheme which, it says, will help “secure, empower and advance our collective digital future” using AI. Part of this AI Cyber Defence Initiative includes open-sourcing the new, AI-powered, Magika tool that is already being used to help protect Gmail users from potentially problematic content.
Threat Actor Leverages Compromised Account of Former Employee to Access State Government Organization | CISA
The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) conducted an incident response assessment of a state government organization’s network environment after documents containing host and user information, including metadata, were posted on a dark web brokerage site. Analysis confirmed that an unidentified threat actor compromised network administrator credentials through the account of a former employee—a technique commonly leveraged by threat actors—to successfully authenticate to an internal virtual private network (VPN) access point, further navigate the victim’s on-premises environment, and execute various lightweight directory access protocol (LDAP) queries against a domain controller.[1] Analysis also focused on the victim’s Azure environment, which hosts sensitive systems and data, as well as the compromised on-premises environment. Analysis determined there were no indications the threat actor further compromised the organization by moving laterally from the on-premises environment to the Azure environment.
Spyware startup Variston is losing staff — some say it’s closing | TechCrunch
In July 2021, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was
Gold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your face
Group-IB, a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has uncovered a new iOS Trojan designed to steal users’ facial recognition data, identity documents, and intercept SMS. The Trojan, dubbed GoldPickaxe.iOS by Group-IB’s Threat Intelligence unit, has been attributed to a Chinese-speaking threat actor codenamed GoldFactory, responsible for developing a suite of highly sophisticated banking Trojans that also includes the earlier discovered GoldDigger and newly identified GoldDiggerPlus, GoldKefu, and GoldPickaxe for Android. To exploit the stolen biometric data, the threat actor utilizes AI face-swapping services to create deepfakes by replacing their faces with those of the victims. This method could be used by cybercriminals to gain unauthorized access to the victim’s banking account – a new fraud technique, previously unseen by Group-IB researchers. The GoldFactory Trojans target the Asia-Pacific region, specifically — Thailand and Vietnam impersonating local banks and government organizations. Group-IB’s discovery also marks a rare instance of malware targeting Apple’s mobile operating system. The detailed technical description of the Trojans, analysis of their technical capabilities, and the list of relevant indicators of compromise can be found in Group-IB’s latest blog post.
Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.
Disrupting malicious uses of AI by state-affiliated threat actors
We terminated accounts associated with state-affiliated threat actors. Our findings show our models offer only limited, incremental capabilities for malicious cybersecurity tasks.
Microsoft is addressing 73 vulnerabilities this February 2024 Patch Tuesday, including two (actually, three!) zero-day/exploited-in-the-wild vulnerabilities, both of which are already included on the CISA KEV list. Today also brings patches for two critical remote code execution (RCE) vulnerabilities, and a critical elevation of privilege vulnerability in Exchange. Six browser vulnerabilities were published separately this month, and are not included in the total.
Imposer aux messageries de donner leurs clés pour déchiffrer les messages est illégal, estime la CEDH
La Cour européenne des droits de l’homme a donné raison à un utilisateur de l’application Telegram visé par une demande du FSB, le service de sécurité intérieure russe. La décision pourrait avoir un impact sur certaines lois en cours de discussion en Europe.
Denmark orders schools to stop sending student data to Google
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.
The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture
Recently, Check Point Research released a white paper titled “The Obvious, the Normal, and the Advanced: A Comprehensive Analysis of Outlook Attack Vectors”, detailing various attack vectors on Outlook to help the industry understand the security risks the popular Outlook app may bring into organizations. As mentioned in the paper, we discovered an interesting security issue in Outlook when the app handles specific hyperlinks. In this blog post, we will share our research on the issue with the security community and help defend against it. We will also highlight the broader impact of this bug in other software.
Clinique privée à Genève victime d'une cyberattaque
Cible de hackers, l'établissement de La Colline fonctionne cependant normalement, selon son propriétaire. Celui-ci n'a pas constaté de vols de données des patients.
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
Portal Kombat : un réseau structuré et coordonné de propagande prorusse
VIGINUM dévoile l’activité d’un réseau baptisé « Portal Kombat », constitué de « portails d’information » numériques diffusant des contenus pro-russes, couvrant positivement l’invasion russe en Ukraine et dénigrant les autorités de Kiev, afin d’influencer les opinions publiques notamment françaises.
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments
Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accoun...
International Cybercrime Malware Service Dismantled by Federal Authorities: Key Malware Sales and Support Actors in Malta and Nigeria Charged in Federal Indictments
The Justice Department announced today that, as part of an international law enforcement effort, federal authorities in Boston seized internet domains that were used to sell computer malware used by cybercriminals to secretly access and steal data from victims’ computers. Federal authorities in Atlanta and Boston also unsealed indictments charging individuals in Malta and Nigeria, respectively, for their alleged involvement in selling the malware and supporting cybercriminals seeking to use the malware for malicious purposes.
Executive Summary On December 13, 2023, Lumen’s Black Lotus Labs reported our findings on the KV-botnet, a covert data transfer network used by state-sponsored actors based in China to conduct espionage and intelligence activities targeting U.S. critical infrastructure. Around the time of the first publication, we identified a spike in activity that we assess aligns
European Commission to open investigation into TikTok, Bloomberg reports | Reuters
the European Commission will open an investigation into TikTok in the coming weeks over concerns that changes the firm made to comply with the bloc's Digital Services Act (DSA) were not enough to protect under-age users, Bloomberg News reported on Friday. TikTok has not received notice from the European Commission of an investigation and is in regular dialogue with European Union authorities, a spokesperson told Reuters when asked about the Bloomberg report. The EC declined to comment.
Vaud: le canton rompt un contrat à 6 millions avec Xplain
Le Conseil d’État vaudois a décidé de mettre fin au contrat avec le prestataire informatique bernois en raison de retards et de prestations insuffisantes.
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FUL2BEB656RIBDAFR4NFQG6BW6U.jpg?width=92&height=69&ar=&mode=crop&format=avif&dpr=2)
