Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Iranian Threat Group Attack US Organization via Ransomware

Iranian cyber actors have been identified as the perpetrators behind ransomware attacks targeting U.S. organizations across multiple sectors. This revelation comes from a joint Cybersecurity Advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency…

Attackers Spread Lumma Stealer Malware GitHub Comments

Cybercriminals are leveraging platforms like GitHub to spread the Lumma information stealer malware. This sophisticated threat is part of a growing trend where attackers use legitimate services to distribute malicious tools, posing significant risks to users worldwide. What is Lumma…

Check Point to Acquire Cyberint Technologies to Enhance Operations

Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading cybersecurity solutions provider, has announced a definitive agreement to acquire Cyberint Technologies Ltd. This acquisition aims to bolster Check Point’s Security Operations Center (SOC) capabilities and expand its managed threat intelligence…

Wireshark 4.4.0 Released – What’s New!

The Wireshark Foundation has announced the release of Wireshark 4.4.0, marking a significant update to the popular open-source network protocol analyzer. This latest version introduces a range of new features, improvements, and bug fixes, enhancing the tool’s capabilities in network…

32 Million Sensitive Records Exposed From Service Management Provider

A significant data breach occurred at ServiceBridge, a technology company specializing in field service management. An unsecured database housing a substantial volume of sensitive business information was exposed to the public.  The compromised database contained 31.5 million records, including contracts,…

Rockwell Automation ThinManager Flaw Let Attackers Execute Remote Code

Rockwell Automation’s ThinManager ThinServer has been found to contain multiple critical vulnerabilities that could allow attackers to execute remote code. Nicholas Zubrisky of Trend Micro Security Research discovered the flaws, identified as CVE-2024-7986, CVE-2024-7987, and CVE-2024-7988, and published a detailed…

Port of Seattle Hit by Cyberattack, Services & Websites Down

The Port of Seattle and Seattle-Tacoma International Airport (Sea-Tac) were hit by a cyberattack over the weekend. Airport officials confirmed the attack, which shut down websites, email, and phone services, causing widespread inconvenience and delays for travelers. Cyberattack Disrupts Operations…

Telegram Founder Arrested at France Airport

Pavel Durov, Telegram’s billionaire founder and CEO, was arrested on August 25, 2024, at Le Bourget Airport near Paris. French authorities detained the 39-year-old as he arrived on his private jet from Azerbaijan, acting on an arrest warrant linked to…

Telegram Founder Arrested Arrested at France Airport

Pavel Durov, Telegram’s billionaire founder and CEO, was arrested on August 25, 2024, at Le Bourget Airport near Paris. French authorities detained the 39-year-old as he arrived on his private jet from Azerbaijan, acting on an arrest warrant linked to…

Dell Power Manager Privilege Escalation Vulnerability

Dell Technologies has issued a critical security update for its Dell Power Manager software following the discovery of a significant vulnerability that could allow attackers to execute code and escalate privileges on affected systems. The vulnerability, identified as CVE-2024-39576, has…

New Styx Stealer Attacking Users to Steal Login Passwords

A new cybersecurity threat, known as Styx Stealer, has emerged. It targets users by stealing sensitive data such as saved passwords, cookies, and autofill information from popular web browsers. This malware affects Chromium and Gecko-based browsers and extends its reach…

Backdoor MIFARE Smart Cards Exposes User-Defined Keys On Cards

Researchers analyze the security of MIFARE Classic cards, focusing exclusively on card-only attacks. They uncover multiple new attack vectors by examining the CRYPTO-1 algorithm, existing vulnerabilities, and a novel countermeasure.  Through a combination of reverse engineering, cryptanalysis, and experimental analysis,…

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and perform financial transactions without any hassle. These wallets offer enhanced security compared to traditional payment methods, as these wallets encrypt payment data. Since smartphone adoption has…

2GB variant of Raspberry Pi Launched for Just $50

Raspberry Pi has announced the launch of a new 2GB variant of the Raspberry Pi 5, priced at an affordable $50. This release makes powerful computing accessible to a wider audience, fulfilling the original Raspberry Pi dream of providing an…

Lazarus Hacker Group Exploited Microsoft Windows Zero-day

The notorious Lazarus hacker group has been identified as exploiting a zero-day vulnerability in Microsoft Windows, specifically targeting the Windows Ancillary Function Driver for WinSock (AFD.sys). This vulnerability, cataloged as CVE-2024-38193, was discovered by researchers Luigino Camastra and Milanek in…

Ransomware Group Added a New EDR Killer Tool to their arsenal

A ransomware group known as RansomHub has been found deploying a new tool designed to disable endpoint detection and response (EDR) systems. This tool, EDRKillShifter, represents a significant advancement in the tactics used by cybercriminals to bypass security measures and…

News Malspam Attacks AnyDesk and Microsoft Teams

Cybersecurity researchers have uncovered a sophisticated malspam campaign targeting unsuspecting users through email and phone calls. Attackers are leveraging popular platforms like AnyDesk and Microsoft Teams to gain unauthorized access to victims’ computers, raising alarms about cybercriminals’ evolving tactics. The…

BYOVDLL – A New Exploit That Is Bypassing LSASS Protection

In July 2022, Microsoft patched a well-known PPL bypass flaw, initially discovered by Ionescu and Forshaw.  This allowed protection circumvention without kernel code execution, and this update now broke the PPLdump PoC. SCRT Team researchers at Orange Cyberdefense recently discovered…

Dark Web Marketplace Admins Busted Following Luxury Life

Two men living a life of luxury in Florida have been charged with cyber fraud after authorities became suspicious of their extravagant spending habits. Russian national Pavel Kublitskii and Kazakhstan national Alexandr Khodyrev, who arrived in the U.S. in 2022…

Clickbait PDFs, An Entry point For Multiple Web Based Attacks

Researchers studied the infrastructure behind clickbait PDF attacks by analyzing a large dataset of real-world PDFs to identify clickbait ones and their linked infrastructure and found that attackers use various hosting types, including object storage, website hosting, and CDNs.  The…

Zoom Fixes Critical Vulnerabilities Allowing Privilege Escalation

Zoom Video Communications has recently disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, pose significant risks, potentially allowing attackers to escalate privileges on affected systems. The issues impact users…

CryptoScam Strikes Misusing Trump & Musk Interview

Scammers have exploited the popularity of former President Donald Trump and tech mogul Elon Musk to deceive unsuspecting victims. According to a recent tweet by Avast Threat Labs, the fraudulent scheme involved hijacking YouTube accounts to broadcast fake interviews, and…

Authorities Seized Dispossessor Ransomware Servers

FBI Cleveland announced a significant victory against cybercrime by disrupting “Radar/Dispossessor,” a notorious ransomware group led by the online moniker “Brain.” This operation dismantled three servers in the United States, three in the United Kingdom, and 18 in Germany. Additionally,…

DeathGrip Ransomware Expanding Services Using RaaS Service

A new Ransomware-as-a-Service (RaaS) platform known as DeathGrip has surfaced, offering sophisticated ransomware tools to aspiring cyber criminals. This service is being promoted through Telegram and various underground forums, providing a gateway for individuals with limited technical expertise to launch…

PostgreSQL Vulnerability Hackers Execute Arbitrary SQL Functions

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vulnerability in the pg_dump utility poses a significant security risk, especially when executed by superusers. CVE-2024-7348 – Vulnerability Details The flaw…

Australian Gold Mining Company Reports Ransomware Attack

Evolution Mining Limited, a prominent global player in the gold mining industry, has reported a ransomware attack that impacted its IT systems. The company, which operates several mines across Australia and Canada, discovered the breach on August 8, 2024. This…

NCSC to Build Nation-Scale Evidence Base for Cyber Deception

The UK’s National Cyber Security Centre (NCSC) recently hosted an unprecedented conference at its London headquarters, bringing together international government partners, UK government officials, and industry leaders. The focus was on exploring the potential of cyber deception technologies and techniques…

Google’s Quick Share Vulnerabilities Let Attackers Execute Remote Code

By reverse-engineering Quick Share’s proprietary communication protocol, researchers uncovered multiple vulnerabilities, including unauthorized file writes, forced Wi-Fi connections, directory traversal, and denial-of-service conditions.  These flaws were chained together to achieve remote code execution on Windows systems with Quick Share installed,…

Threat Actors Exploiting Windows Systems To Deploy Multiple Malwares

A sophisticated phishing campaign targeting Windows systems leverages multiple evasion techniques, including Python obfuscation, shellcode generation, and loading, to deploy a payload of malware.  This multi-stage attack, disguised as a customer service request, delivers malicious attachments that, once opened, install…

North Korean Kimusky Group Attacking University Professors

Kimsuky, a North Korean APT group, employs targeted phishing campaigns, leveraging DMARC exploitation to conceal social engineering, infiltrate university networks, and steal research for the Reconnaissance General Bureau.  It aligns with North Korea’s goal of intelligence acquisition to advance its…

Iranian Hackers Targeting 2024 US Election Campaigns

Microsoft has released a report detailing Iran’s efforts to influence the upcoming 2024 US presidential election. The report highlights the increasing activity of groups linked to the Iranian government, aiming to sway voters and create controversy, particularly in key swing…

DISPOSSESSOR And RADAR Ransomware Emerging With RaaS Model

Ransomware affiliates are forming alliances to recoup losses from unreliable partners. A prominent example involves ALPHV extorting $22 million from Change Healthcare but withholding funds from its data exfiltration affiliate.  To remedy this, the affiliate has reportedly partnered with RansomHub…

MongoDB Vulnerabilities Let Attackers Escalate Privileges

MongoDB has disclosed a critical vulnerability that could allow attackers to escalate privileges on systems running certain versions of MongoDB. This vulnerability, CVE-2024-7553, affects multiple versions of MongoDB Server, C Driver, and PHP Driver. The flaw stems from incorrect validation…

Authorities Dismantled North Korean Remote IT Worker Laptop Farm

Authorities have dismantled a “laptop farm” in Nashville, Tennessee, allegedly used to support the Democratic People’s Republic of Korea’s (DPRK) weapons program. Matthew Isaac Knoot, 38, has been charged with multiple offenses, including conspiracy to cause damage to protected computers…

Tor Browser 13.5.2 Released: What’s New!

The Tor Project has announced the release of Tor Browser 13.5.2, now available for download from the Tor Browser download page and the distribution directory. This latest version brings crucial security updates and several enhancements to improve user experience and…

Apple Tightens macOS Gatekeeper Controls in macOS Sequoia

Apple has announced changes to its macOS Gatekeeper security feature with the release of macOS Sequoia. These changes aim to bolster user security by making it more challenging to run potentially harmful software. Stricter Gatekeeper Policies In macOS Sequoia, Apple…

XDSpy Hackers Attacking Users to Steal Sensitive Data

The notorious threat actor group XDSpy has been reported to target organizations in Russia and Moldova. The sophisticated phishing malware campaign aims to steal sensitive data through well-coordinated attack chains. Spear-phishing emails as the Initial Vector According to the Broadcom…

Chrome Security Update: Patch for Multiple Vulnerabilities

Google has announced a critical security update for its Chrome browser, addressing several vulnerabilities that malicious actors could exploit. The Stable channel has been updated to version 127.0.6533.99/.100 for Windows and Mac and 127.0.6533.99 for Linux. This update will be…

Panamorfi TCP flood DDoS Attack Targeting Jupyter Notebooks

An attacker, identified as Yawixooo, leveraged a publicly accessible Jupyter Notebook honeypot as an initial access vector. The honeypot’s exposure to the internet-enabled Yawixooo to exploit it without requiring complex techniques.  Once gaining a foothold on the system, the attacker…

North Korean Hackers Exploit VPN Update Flaw To Breach Networks

North Korean state-sponsored hacking groups, including Kimsuky (APT43) and Andariel (APT45), have significantly increased cyberattacks on South Korean construction and machinery sectors.  This surge aligns with Kim Jong-un’s “Local Development 20×10 Policy,” aimed at modernizing industrial facilities across North Korea. …

Chameleon Device-Takeover Malware Attacking IT Employees

Researchers have identified a new Chameleon campaign targeting hospitality employees, where the attackers employed a deceptive tactic, disguising malicious software as a CRM app.  File names uploaded to VirusTotal revealed evidence of targeted attacks, including a reference to a prominent…

40 French Museums IT Systems Hit by Ransomware Attack

Ransomware has infiltrated the IT systems of 40 French museums, including the renowned Louvre. The incident, which occurred on the night of August 3-4, 2024, was first detected by the director of information systems at the Grand Palais site. The…