Microsoft has published its October security patches in which over 100 vulnerabilities were fixed in multiple Microsoft products, including Windows 10, Windows 11, Windows Server, Microsoft Office, Skype, and other major Microsoft products. As per the security patch report, 45…
Category: gbhackers.com
Threat Actors Abusing 404 Pages to Hide Credit Card Stealing Malware
A new web skimming campaign has been discovered, which targets multiple organizations in the food and retail industries. This campaign was unique as it included three advanced concealment techniques. One involved using the 404 error page to hide malicious code,…
Massive DDoS Attack Leveraged Zero-Day in HTTP/2 Rapid Reset
Multiple Google services and Cloud users were allegedly the target of a unique HTTP/2-based DDoS attack. The attack used a cutting-edge method known as HTTP/2 Rapid Reset, a zero-day vulnerability in the HTTP/2 protocol tagged as CVE-2023-44487 that may be used to…
Shufflecake – Hidden Linux Filesystems to Store Sensitive Data
Protecting personal data is a growing concern, with local storage as the last line of defense. Even here, precautions are needed against adversaries like thieves, and at this point, disk encryption offers solutions for this threat. But disk encryption alone…
R2R Stomping – New Method to Run the Hidden Code in Binaries
Your perceived reality can differ from the .NET code you observe in debuggers like dnSpy, raising questions about its behavior beyond debugging. Enhance .NET app startup and latency by using ReadyToRun (R2R) format for AOT compilation, creating larger binaries with…
D-Link Wi-Fi Range Extender Vulnerability Let Attackers Inject Remote Code
A command injection vulnerability has been discovered in the D-Link DAP-X1860 range extender, allowing threat actors to execute remote code on affected devices. The CVE ID for this vulnerability has been given as CVE-2023-45208, and the severity is being analyzed.…
Cobalt Strike 4.9 Released: What’s New!
The latest version of Cobalt Strike 4.9 is now available. This release includes improvements to Cobalt Strike’s post-exploitation capabilities, including the ability to export Beacon without a reflective loader, which adds official support for prepend-style URLs, support for callbacks in…
Mirai-based DDoS Attackers Aggressively Adopted New Router Exploits
In September 2023, FortiGuard Labs’ vigilant team uncovered a significant development in the IZ1H9 Mirai-based DDoS campaign. This campaign, known for its aggressive tactics, had strengthened its arsenal with a formidable array of thirteen exploits, potentially endangering Linux-based systems across…
MacOS “DirtyNIB” Vulnerability: Let Attackers Execute Malicious Code
A new zero-day vulnerability has been discovered in Apple’s macOS systems, which allows threat actors to execute code on behalf of a legitimate Apple application. This particular vulnerability was first discovered in macOS Monterey. However, the researcher was able to…
MacOS “DirtyNIB” Vulnerability Let Attackers Hijack App Licenses
A new zero-day vulnerability has been discovered in Apple’s macOS systems, which allows threat actors to execute code on behalf of a legitimate Apple application. This particular vulnerability was first discovered in macOS Monterey. However, the researcher was able to…