Canada Bans WeChat and Kaspersky Apps On Government Devices

Canada on Monday announced a ban on the use of apps from Tencent and Kaspersky on government mobile devices, citing an "unacceptable level of risk to privacy and security." "The Government of Canada is committed to keeping government information and networks secure," the Canadian government said...

This Cryptomining Tool Is Stealing Secrets

Plus: Details emerge of a US government social media-scanning tool that flags “derogatory” speech, and researchers find vulnerabilities in the global mobile communications network...

YoroTrooper Covert Cyber Espionage Masters of Kazakhstan

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary YoroTrooper, a stealthy threat actor primarily focused on espionage, first emerged in June 2022. YoroTroopers targets appear to be concentrated within the Commonwealth of Independent States CIS nations,...

Hackers Infiltrate Russian Government and Industrial Entities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Numerous governmental and pivotal industrial entities in Russia fell victim to a sophisticated Go-based custom backdoor. This malicious software was specifically crafted for data theft, suggesting its...

Attacks, Vulnerabilities and Actors 16 October to 22 October 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, a total of twenty-three attacks were executed, ten vulnerabilities were discovered, and five active adversaries were...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 CVE-2023-38831 is an RCE in WinRAR 6.23...

DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan

The threat actor known as DoNot Team has been linked to the use of a novel .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan. Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are als...

Child Exploitation and the Crypto Wars

Susan Landau published an excellent essay on the current justification for the government breaking end-to-end-encryption: child sexual abuse and exploitation CSAE. She puts the debate into historical context, discusses the problem of CSAE, and explains why breaking encryption isnt the solution...

Money-making scripts attack organizations

In April of this year, the FBI published an advisory on attacks targeting government, law enforcement, and non-profit organizations. Attackers download scripts onto victims devices, delivering several types of malware all at once. The main aim is to utilize company resources for mining, steal dat...

JVN#28846531: Multiple vulnerabilities in JustSystems products

Multiple products provided by JustSystems Corporation contain multiple vulnerabilities listed below. Use after free CWE-416 - CVE-2023-34366 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L| Base Score: 3.3 CVSS v2| AV:L/AC:M/Au:N/C:N/I:N/A:P| Base Score:...

Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms

Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 CVSS score: 9.4, the vulnerability impacts the following supported versions - NetScaler ADC and...

Analysis of Intellexa’s Predator Spyware

Amnesty International has published a comprehensive analysis of the Predator government spyware products. These technologies used to be the exclusive purview of organizations like the NSA. Now theyre available to every country on the planet--democratic, nondemocratic, authoritarian, whatever--for...

The US wants governments to commit to not paying ransoms

As the White House prepares to host its annual International Counter Ransomware Initiative CRI summit, Bloomberg reports that the US is pushing other countries to stop paying ransoms to cybercriminals. The CRI wants to enhance international cooperation to combat the growth of ransomware, and its ...

APT trends report Q3 2023

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published...

Attacks, Vulnerabilities and Actors 9 October to 15 October 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of twenty executed attacks, two instance of adversary activity, and fourteen vulnerabilitie...

DDoS Attacks Leveraged by Attackers in Israel Conflict

Over the last few years, we’ve observed Distributed Denial of Service DDoS attacks used in many conflicts. In the Russia-Ukraine war, DDoS was used both by government cyber agencies and individual hacktivist groups to disrupt the flow of information and deface sites to promote propaganda. The...

Grayling APT Emerges as a Silent Threat Targeting Taiwan

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Grayling APT group orchestrated a meticulously planned targeting campaign with a primary emphasis on espionage. Grayling set its sights on a government entity in the Asia-Pacific region, along with...

Activist Hackers Are Racing Into the Israel-Hamas War—for Both Sides

Since the conflict escalated, hackers have targeted dozens of government websites and media outlets with defacements and DDoS attacks, and attempted to overload targets with junk traffic to bring them down...

Unveiling Operation Jacana: Targeting the Guyana Government with DinodasRAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A cyber espionage campaign named Operation Jacana was identified in February 2023, targeting a government entity in Guyana. This campaign began with a spear-phishing attack and resulted in the deployment...

CVE-2023-36465

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The templates module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in t...