Latest news with #GoogleThreatIntelligence
Yahoo
3 days ago
- Yahoo
Hacker using backdoor to exploit SonicWall Secure Mobile Access to steal credentials
When you buy through links on our articles, Future and its syndication partners may earn a commission. A threat actor has used a patched vulnerability in SonicWall software The group is tracked as UNC6148 This allowed UNC6148 to potentially steal credentials and deploy ransomware A financially motivated threat actor, tracked by Google's Threat Intelligence Group as UNC6148, has been observed targeting patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances. These attacks, Google determines with 'high confidence', are using credentials and one-time passwords (OTP) seeds that were obtained through previous instructions, which has allowed them to re-access even after organizations have updated their security. A zero-day remote code execution vulnerability, Google says with 'moderate confidence', was used to deploy OVERSTEP on the targeted SonicWall SMA appliances. The threat intelligence group also 'assesses with moderate confidence that UNC6148's operations, dating back to at least October 2024, may be to enable data theft and extortion operations, and possibly ransomware deployment.' UNC6148 The previously unknown persistent backdoor/user-mode rootkit, OVERSTEP, was deployed by the actor. This malware modifies the appliance's boot process to allow persistent access, steal sensitive credentials, and then hide its own components; 'An organization targeted by UNC6148 in May 2025 was posted to the "World Leaks" data leak site (DLS) in June 2025, and UNC6148 activity overlaps with publicly reported SonicWall exploitation from late 2023 and early 2024 that has been publicly linked to the deployment of Abyss-branded ransomware (tracked by GTIG as VSOCIETY),' Google continued. Earlier in 2025, SonicWall firewalls were hit by a worrying cyberattack, in which a vulnerability was leveraged by threat actors to gain access to target endpoints, interfere with the VPN, and further disrupt the target further. These attacks highlight the importance of updating software as soon as patches become available. Organizations which fail to keep on top of system updates can be left vulnerable to known-exploits. If it's too daunting of a task, take a look at our choices for the best patch management software for a helping hand. You might also like Pegasus spyware is still targeting top business leaders Take a look at the best encrypted messaging apps Check out our choice for best malware removal software around
The Verge
15-07-2025
- The Verge
One of Google's AI agents flagged a 'critical security flaw' in SQLite, an open-source database.
One of Google's AI agents flagged a 'critical security flaw' in SQLite, an open-source database. Big Sleep, an AI agent Google introduced last year for searching out security vulnerabilities in both Google products and open-source projects, used information from Google Threat Intelligence to discover the issue before it could be used by threat actors, according to the company.
Yahoo
21-06-2025
- Business
- Yahoo
Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Major insurance provider Aflac Inc. said Friday that it was the target of a cyberattack on June 12 that is linked to a major cybercrime spree focusing on the industry. The company said it was able to contain the attack within hours and confirmed its systems remain operational. 'We continue to serve our customers as we respond to this incident and can underwrite policies, review claims and otherwise service our customers as usual,' the company said in a Securities and Exchange Commission filing. The incident is part of a larger crime wave targeting the insurance industry that researchers have linked to a collective known as Scattered Spider. The group recently conducted a weeks-long attack campaign against retailers in the U.S. and the U.K. Erie Insurance Group last week disclosed that it was the target of a cyberattack that began on June 7. The company said Tuesday that it has regained control over its systems and sees no further evidence of malicious activity. Erie is working with third-party forensic experts to restore full access to customers, agents and employees. Researchers from Google Threat Intelligence Group on Monday warned that the same hackers targeting the retail sector had pivoted toward the insurance industry. Google has not attributed the attacks to any actor but said they show the hallmarks of Scattered Spider, the notorious threat group linked to the 2023 MGM Resorts and Clorox hacks. "Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers,' John Hultquist, chief analyst at GTIG, told Cybersecurity Dive in a statement. The retail sector intrusions began in April, with U.K. retailer Marks and Spencer and the Harrods department store chain among the major victims. In the U.S., the hacking spree hit Victoria's Secret and United Natural Foods, the largest supplier for Whole Foods, the grocery chain owned by Amazon. Aflac has begun a process of reviewing files that may have been accessed. The review is still in its early stages and Alfac said it cannot immediately determine how many people were affected. The files contain claims information, health records, Social Security numbers and other personal data related to customers, employees, beneficiaries, agents and other individuals. The company plans to notify regulators and will send breach letters to affected individuals and provide credit monitoring and identity-theft services. (Adds comment from Google) Sign in to access your portfolio
Yahoo
18-06-2025
- Business
- Yahoo
Threat group linked to UK, US retail attacks now targeting insurance industry
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Hackers linked to a recent string of attacks on U.K. and U.S. retailers are now targeting the insurance industry, according to Google researchers. The attackers, suspected to be part of the collective known as Scattered Spider, have been targeting the retail industry since April and pivoted toward the insurance industry earlier this month, according to Google. Researchers say there are already multiple confirmed incidents at insurance companies. 'Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity,' John Hultquist, chief analyst at Google Threat Intelligence Group, said in a statement. 'We are now seeing incidents in the insurance industry. Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers.' There has been a 'wave of targeting' over the past one and a half weeks, according to Hultquist. Scattered Spider has a history of targeting specific industries in clusters; researchers previously linked it to attacks on MGM Resorts and other casino companies. The threat collective is known to utilize sophisticated social-engineering techniques designed to trick IT help desks and others into bypassing multifactor authentication or otherwise handing over credentials. Mandiant in early May released a hardening guide for security teams focused on Scattered Spider's techniques. Google's disclosure that the group is targeting insurers comes as Erie Insurance investigates a suspected cyberattack that it discovered on June 7. The company said it detected unusual activity and was working with law enforcement and forensic security teams to figure out the cause of a 'network outage' linked to an information-security incident. In a filing with the Securities and Exchange Commission, the company said it was investigating the full scope and impact of the incident. Neither Erie nor any researcher has blamed the incident on a threat actor yet. The Erie, Pa.-based insurance company operates in 12 states and has more than 7 million active car, home and business policies. The company warned customers that it would not contact them by phone or email to request payments and urged them not to click on links from unknown sources or share personal information with anyone by phone or email. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
News18
30-05-2025
- News18
Google Calendar Has A Dangerous Malware Threat: What Is It And How It Attacks
Last Updated: Google malware threats are getting wilder but the Calendar app being the ruse to attack businesses is a new method on the check list. Hacker groups are now eyeing your Google Calendar to bypass the device security and steal information. They have devised a dangerous malware called TOUGHPROGRESS that primarily targets government websites and holds them to ransom in exchange for giving them back the access. This is not the first sighting of the malware, and the Google Threat Intelligence team claims the first incident of the APT41 hacking group was reported back in October 2024. Now, the same group is exploiting the Calendar app to breach the system defenses and attack the victims. The details from the cyber security group at Google suggests the malware is directed at targeted systems using the conventional phishing email method. The group sends the pointed email with the objective to get the victim to open the affected website where the malicious ZIP file with PDF and fake images triggers the malware into action. And once the TOUGHPROGRESS malware bypasses all the checks, it tries to access the Calendar app of the victim to not only steal data but take control over the system by sending commands. The fake Calendar app also creates events with data embedded into them. This isn't the first Google product to be targeted by the hacker group. The APT41 group used Google Drive to inflict similar attacks on government entities using Google Sheets and more. Not In Danger Google has strong advice for people to avoid falling prey to these attacks: Expect more details from Google once the severity and impact of the malware campaign is addressed and rectified. First Published:
