Iranian cyber actors have been identified as the perpetrators behind ransomware attacks targeting U.S. organizations across multiple sectors. This revelation comes from a joint Cybersecurity Advisory issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Voldemort Threat Actors Abusing Google Sheets to Attack Windows Users
Researchers from Proofpoint have uncovered a sophisticated cyberattack campaign leveraging Google Sheets as a command and control (C2) platform. Dubbed “Voldemort” by the researchers, this campaign targets Windows users globally, employing a novel attack chain that combines both common and…
.NET-based Snake Keylogger Attack Windows Using Weaponized Excel Documents
Researchers uncovered a sophisticated phishing campaign that exploits a .NET-based Snake Keylogger variant. This attack leverages weaponized Excel documents to infiltrate Windows systems, posing significant threats to user data security. This article delves into the mechanics of the attack, the…
Attackers Spread Lumma Stealer Malware GitHub Comments
Cybercriminals are leveraging platforms like GitHub to spread the Lumma information stealer malware. This sophisticated threat is part of a growing trend where attackers use legitimate services to distribute malicious tools, posing significant risks to users worldwide. What is Lumma…
Hackers Exploited Digital Advertising Tools to Launch Malicious Campaigns
Cybersecurity researchers from Mandiant and Google Cloud have uncovered a sophisticated scheme where hackers exploit digital advertising tools to conduct malicious campaigns. These tools, originally designed to enhance marketing efforts, have been repurposed by threat actors to evade detection and…
Hackers Repeatedly Using Same iOS & Chrome Exploits to Attack Government Websites
Hackers have been exploiting vulnerabilities in iOS and Google Chrome to target government websites, particularly in Mongolia. Google’s Threat Analysis Group (TAG) observed these attacks, which have been linked to the Russian government-backed actor APT29. The hackers have repeatedly used…
Check Point to Acquire Cyberint Technologies to Enhance Operations
Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading cybersecurity solutions provider, has announced a definitive agreement to acquire Cyberint Technologies Ltd. This acquisition aims to bolster Check Point’s Security Operations Center (SOC) capabilities and expand its managed threat intelligence…
Wireshark 4.4.0 Released – What’s New!
The Wireshark Foundation has announced the release of Wireshark 4.4.0, marking a significant update to the popular open-source network protocol analyzer. This latest version introduces a range of new features, improvements, and bug fixes, enhancing the tool’s capabilities in network…
Critical Vulnerability in Perl Module Installer Let Attackers Intercept Traffic
A critical vulnerability has been identified in App::cpanminus (cpanm), a widely used tool for downloading and installing Perl modules. This vulnerability, CVE-2024-45321, exposes users to potential cyber threats. It allows attackers to intercept and manipulate traffic during module installation. CVE-2024-45321…
32 Million Sensitive Records Exposed From Service Management Provider
A significant data breach occurred at ServiceBridge, a technology company specializing in field service management. An unsecured database housing a substantial volume of sensitive business information was exposed to the public. The compromised database contained 31.5 million records, including contracts,…
TDECU MOVEit Data Breach, 500,000+ members’ Personal Data Exposed
Texas Dow Employees Credit Union (TDECU) has disclosed that the personal information of over 500,000 members was exposed due to a security compromise involving a third-party vendor, MOVEit. The breach, which occurred between May 29 and 31, raised concerns about…
Research Unveils Eight Android And iOS That Leaks Users Sensitive Data
The eight Android and iOS apps fail to adequately protect user data, which transmits sensitive information, such as device details, geolocation, and credentials, over the HTTP protocol instead of HTTPS. It exposes the data to potential attacks like data theft,…
Pootry EDR Killer Malware Wipes Out Security Tools From Windows Machine
Windows drivers can be abused to bypass security measures. Attackers can exploit vulnerabilities in legitimate drivers or use stolen or forged digital signatures to load malicious drivers into the operating system’s kernel. These drivers can then interfere with security software,…
Versa Director Zero-day Vulnerability Let Attackers Upload Malicious Files
Versa Networks specializes in successful business. It offers Secure Access Service Edge (SASE), consolidating networking and security services in a single, cloud-based platform. Enterprises and service providers can redesign their networks to achieve new levels of business success with the…
Airtags Locator Device used to Grab the Stolen Parcel
Two suspects have been apprehended for mail theft after being tracked using an AirTag locator device. The incident unfolded on August 19, 2024, when deputies responded to a theft report at the Los Alamos Post Office. This innovative use of…
Patchwork Actors Using Weaponized Encrypted Zip Files to Attack Orgs
The cyber espionage group Patchwork, also known by various aliases, has been active since 2009, primarily targeting Asian organizations in sectors such as government, military, and industry. Based in South Asia, the group has been conducting cyber-espionage campaigns for over…
Researchers Disclosed 20 Vulnerabilities Exploited To Attack ML Used In Orgs
The MLOps pipeline automates the machine learning lifecycle, from model training to deployment, which involves defining the pipeline using Python code, monitoring for dataset or model parameter changes, training new models, evaluating them, and deploying successful models to production. Model…
Rockwell Automation ThinManager Flaw Let Attackers Execute Remote Code
Rockwell Automation’s ThinManager ThinServer has been found to contain multiple critical vulnerabilities that could allow attackers to execute remote code. Nicholas Zubrisky of Trend Micro Security Research discovered the flaws, identified as CVE-2024-7986, CVE-2024-7987, and CVE-2024-7988, and published a detailed…
Microsoft 365 Flags Emails with Images as Malware: A Growing Concern for Users
Microsoft 365 users have reported a troubling issue in which email messages containing images are incorrectly flagged as malware and subsequently quarantined. This incident, identified as Issue ID: EX873252, has sparked widespread concern among businesses and individual users who rely…
Microsoft Copilot Prompt Injection Vulnerability Let Hackers Exfiltrate Sensitive Data
A security researcher revealed a critical vulnerability in Microsoft Copilot, a tool integrated into Microsoft 365, which allowed hackers to exfiltrate sensitive data. The exploit, disclosed to Microsoft Security Response Center (MSRC) earlier this year, combines several sophisticated techniques that…
News Chrome 0-Day Vulnerability (CVE-2024-7965) Actively Exploited in the Wild
The Chrome team announced that Chrome 128 has been promoted to the stable channel for Windows, Mac, and Linux. This update, Chrome 128.0.6613.84/.85, includes numerous fixes and improvements. However, a critical security vulnerability, CVE-2024-7965, has been discovered and actively exploited…
Vesra File Type Upload Vulnerability Lets Attackers Gain Sys-Admin Access from MSP
A critical vulnerability has been identified in Versa Director, a vital component of the company’s SD-WAN solution. The vulnerability, officially designated as CVE-2024-39717, allows attackers to upload potentially malicious files, granting them system administrator access. This issue explicitly affects users…
Cheana Stealer Attacking Windows & macOS VPN Users to Deploy Malware Payloads
Threat actors exploit phishing websites to distribute malware, often posing as well-known product brands on several platforms in order to increase their authenticity. Cyble Research and Intelligence Lab recently found a rather sophisticated phishing campaign that mimicked “WarpVPN” and distributed…
Cyber Hacktivist Campaign “FreeDurov” Emerges Following Arrest of Telegram CEO
Several cyber hacktivist groups have launched a campaign dubbed “FreeDurov” following the arrest of Pavel Durov, CEO of the popular messaging app Telegram, by French authorities. According to a recent tweet by FalconFeeds, this movement has quickly gained momentum, with…
Port of Seattle Hit by Cyberattack, Services & Websites Down
The Port of Seattle and Seattle-Tacoma International Airport (Sea-Tac) were hit by a cyberattack over the weekend. Airport officials confirmed the attack, which shut down websites, email, and phone services, causing widespread inconvenience and delays for travelers. Cyberattack Disrupts Operations…
Patelco Credit Union Ransomware Attack, Customers & Employees Data Stolen
Patelco Credit Union has disclosed a ransomware attack that compromised the personal data of its members and employees. The breach, which occurred earlier this year, has raised concerns about data security and privacy. The Incident: How It Unfolded Patelco Credit…
Russian National Arrested for Laundering Crypto Payments from Lazarus Group
Argentine authorities have arrested a Russian national accused of laundering cryptocurrency payments linked to the notorious North Korean Lazarus Group. The operation, led by the Argentine Federal Police (PFA) and the San Isidro Specialized Fiscal Unit in Cybercrime Investigations (UFEIC),…
Telegram Founder Arrested at France Airport
Pavel Durov, Telegram’s billionaire founder and CEO, was arrested on August 25, 2024, at Le Bourget Airport near Paris. French authorities detained the 39-year-old as he arrived on his private jet from Azerbaijan, acting on an arrest warrant linked to…
Telegram Founder Arrested Arrested at France Airport
Pavel Durov, Telegram’s billionaire founder and CEO, was arrested on August 25, 2024, at Le Bourget Airport near Paris. French authorities detained the 39-year-old as he arrived on his private jet from Azerbaijan, acting on an arrest warrant linked to…
Dell Power Manager Privilege Escalation Vulnerability
Dell Technologies has issued a critical security update for its Dell Power Manager software following the discovery of a significant vulnerability that could allow attackers to execute code and escalate privileges on affected systems. The vulnerability, identified as CVE-2024-39576, has…
Progress WhatsUp Gold Vulnerabilities Let Attackers Inject SQL Commands
The Progress WhatsUp Gold team confirmed the existence of critical vulnerabilities in all versions of their software released before 2024.0.0. If exploited, these vulnerabilities could allow attackers to inject SQL commands, posing significant security risks to users. Although there have…
Chrome Zero-day Vulnerability Actively Exploited in the Wild
Google has announced the release of Chrome 128 to the stable channel for Windows, Mac, and Linux. This update, Chrome 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac addresses a critical zero-day vulnerability actively exploited in the wild. The…
New Styx Stealer Attacking Users to Steal Login Passwords
A new cybersecurity threat, known as Styx Stealer, has emerged. It targets users by stealing sensitive data such as saved passwords, cookies, and autofill information from popular web browsers. This malware affects Chromium and Gecko-based browsers and extends its reach…
MegaMedusa, Highly Scalable Web DDoS Attack Tool Used By Hacker Groups
RipperSec, a pro-Palestinian, pro-Muslim Malaysian hacktivist group, has rapidly grown since its Telegram inception in June 2023. Leveraging a community of over 2,000 members, they conduct cyberattacks, including data breaches, defacements, and DDoS attacks, and their primary tool is MegaMedusa,…
Backdoor MIFARE Smart Cards Exposes User-Defined Keys On Cards
Researchers analyze the security of MIFARE Classic cards, focusing exclusively on card-only attacks. They uncover multiple new attack vectors by examining the CRYPTO-1 algorithm, existing vulnerabilities, and a novel countermeasure. Through a combination of reverse engineering, cryptanalysis, and experimental analysis,…
Digital Wallets Bypassed To Allow Purchase With Stolen Cards
Digital wallets enable users to securely store their financial information on smart devices and perform financial transactions without any hassle. These wallets offer enhanced security compared to traditional payment methods, as these wallets encrypt payment data. Since smartphone adoption has…
2GB variant of Raspberry Pi Launched for Just $50
Raspberry Pi has announced the launch of a new 2GB variant of the Raspberry Pi 5, priced at an affordable $50. This release makes powerful computing accessible to a wider audience, fulfilling the original Raspberry Pi dream of providing an…
Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites
A critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform. This vulnerability, CVE-2024-5932, exposes over 100,000 WordPress sites to potential remote code execution (RCE) attacks. The vulnerability was responsibly disclosed by a security…
Autodesk AutoCAD Vulnerability Let Attackers Execute Arbitrary Code
Autodesk has disclosed a critical vulnerability in its AutoCAD software, which could allow malicious actors to execute arbitrary code. This vulnerability, CVE-2024-7305, identified in the AdDwfPdk.dll component, is triggered when a specially crafted DWF (Design Web Format) file is parsed.…
Lazarus Hacker Group Exploited Microsoft Windows Zero-day
The notorious Lazarus hacker group has been identified as exploiting a zero-day vulnerability in Microsoft Windows, specifically targeting the Windows Ancillary Function Driver for WinSock (AFD.sys). This vulnerability, cataloged as CVE-2024-38193, was discovered by researchers Luigino Camastra and Milanek in…
Linux Kernal Vulnerability Let Attackers Bypass CPU & Gain Read/Write Access
Researchers have uncovered a critical vulnerability within the Linux kernel’s dmam_free_coherent() function. This flaw, identified as CVE-2024-43856, stems from a race condition caused by the improper order of operations when freeing Direct Memory Access (DMA) allocations and managing associated resources. The vulnerability…
Researchers Found a New Technique to Defend Cache Side Channel Attacks
Researchers from the University of Rochester have unveiled a novel technique to defend against cache side-channel attacks, a prevalent threat in modern computing systems. The new method, named RollingCache, promises to enhance the security of shared systems by dynamically altering…
BeaverTail Malware Attacking Windows Users Via Weaponized Games
Researchers uncovered a new malware campaign dubbed BeaverTail, a North Korean cyber espionage malware family primarily focusing on job seekers. Initially identified as a JavaScript-based info stealer, it has since morphed into a native macOS version that pretends to be…
Iranian APT42 Group Launch A Massive Phishing Campaign To Attack U.S. Presidential Election
APT42 is an APT group that is believed to be backed by the Iranian government, and this group primarily focuses on cyber espionage. Besides this, APT42 is also well-known for other illicit activities. Apart from cyber espionage, they also conduct…
Ransomware Group Added a New EDR Killer Tool to their arsenal
A ransomware group known as RansomHub has been found deploying a new tool designed to disable endpoint detection and response (EDR) systems. This tool, EDRKillShifter, represents a significant advancement in the tactics used by cybercriminals to bypass security measures and…
News Malspam Attacks AnyDesk and Microsoft Teams
Cybersecurity researchers have uncovered a sophisticated malspam campaign targeting unsuspecting users through email and phone calls. Attackers are leveraging popular platforms like AnyDesk and Microsoft Teams to gain unauthorized access to victims’ computers, raising alarms about cybercriminals’ evolving tactics. The…
NIST Finalizes 3 Algorithms to Combat Future Quantum Cyber Threats
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has taken a step in safeguarding digital security against future quantum threats. By finalizing a set of three encryption algorithms, NIST aims to protect sensitive information from the…
Critical Vulnerabilities in IBM QRadar Allow Attackers to Execute Arbitrary Code Remotely
IBM recently disclosed critical vulnerabilities affecting its QRadar Suite Software and IBM Cloud Pak for Security. These vulnerabilities, if exploited, could allow attackers to execute arbitrary code remotely, potentially leading to severe security breaches. The company has addressed these issues…
Face Check With Microsoft Entra Verified ID Is Now Generally Available, Microsoft
Microsoft announced that Face Check with Microsoft Entra Verified ID is now generally accessible. It is available standalone and as part of the Microsoft Entra Suite, a comprehensive identity solution that combines network access, identity protection, governance, and identity verification…
Earth Baku Using Customized Tools To Maintain Persistence And Steal Data
Earth Baku, an APT actor who initially focused on the Indo-Pacific region, has grown its activities extensively since late 2022. The group has increased its presence in Europe, the Middle East, and Africa (MEA), having also confirmed engagements in Italy,…
Iranian APT42 Actors Conducting World Wide Surveillance Operations
APT42 (aka Damselfly, UNC788, CALANQUE, Charming Kitten) is a sophisticated Iranian state-sponsored cyber espionage group. This Advanced Persistent Threat (APT) group is known for its ability to carry out long-term and focused digital surveillance campaigns. The major targets of such…
BYOVDLL – A New Exploit That Is Bypassing LSASS Protection
In July 2022, Microsoft patched a well-known PPL bypass flaw, initially discovered by Ionescu and Forshaw. This allowed protection circumvention without kernel code execution, and this update now broke the PPLdump PoC. SCRT Team researchers at Orange Cyberdefense recently discovered…
Hackers Exploited by GraphQL Vulnerabilities to Compromise Organizations
Cyberattacks have highlighted vulnerabilities in GraphQL APIs, leading to significant security breaches in various organizations. GraphQL, a query language for APIs, allows clients to request specific data, making it a popular choice for developers. However, its flexibility also opens doors…
0-Click Outlook RCE Vulnerability Triggered When Email is Clicked – Technical Analysis
NetSPI discovered that Microsoft Outlook is vulnerable to authenticated remote code execution (CVE-2024-21378) due to improper validation of synchronized form objects. By manipulating a configuration file, attackers can automatically register and instantiate a custom form, specifying a malicious executable as…
Dark Web Marketplace Admins Busted Following Luxury Life
Two men living a life of luxury in Florida have been charged with cyber fraud after authorities became suspicious of their extravagant spending habits. Russian national Pavel Kublitskii and Kazakhstan national Alexandr Khodyrev, who arrived in the U.S. in 2022…
Clickbait PDFs, An Entry point For Multiple Web Based Attacks
Researchers studied the infrastructure behind clickbait PDF attacks by analyzing a large dataset of real-world PDFs to identify clickbait ones and their linked infrastructure and found that attackers use various hosting types, including object storage, website hosting, and CDNs. The…
Hackers Toolkit Unveiled, Comprehensive Tools For Various Cyber Attacks
Hackers always keep updating their tools and add new ones to adapt to evolving security measures, bypass defenses, and exploit newly discovered vulnerabilities. Staying ahead of the cybersecurity advancements is completely important for them as doing so helps them maintain…
Zoom Fixes Critical Vulnerabilities Allowing Privilege Escalation
Zoom Video Communications has recently disclosed several critical vulnerabilities affecting its Workplace Apps, SDKs, and Rooms Clients. These vulnerabilities, identified in multiple security bulletins, pose significant risks, potentially allowing attackers to escalate privileges on affected systems. The issues impact users…
CryptoScam Strikes Misusing Trump & Musk Interview
Scammers have exploited the popularity of former President Donald Trump and tech mogul Elon Musk to deceive unsuspecting victims. According to a recent tweet by Avast Threat Labs, the fraudulent scheme involved hijacking YouTube accounts to broadcast fake interviews, and…
Authorities Seized Dispossessor Ransomware Servers
FBI Cleveland announced a significant victory against cybercrime by disrupting “Radar/Dispossessor,” a notorious ransomware group led by the online moniker “Brain.” This operation dismantled three servers in the United States, three in the United Kingdom, and 18 in Germany. Additionally,…
DeathGrip Ransomware Expanding Services Using RaaS Service
A new Ransomware-as-a-Service (RaaS) platform known as DeathGrip has surfaced, offering sophisticated ransomware tools to aspiring cyber criminals. This service is being promoted through Telegram and various underground forums, providing a gateway for individuals with limited technical expertise to launch…
PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions
A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vulnerability in the pg_dump utility poses a significant security risk, especially when executed by superusers. CVE-2024-7348 – Vulnerability Details The flaw…
PostgreSQL Vulnerability Hackers Execute Arbitrary SQL Functions
A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vulnerability in the pg_dump utility poses a significant security risk, especially when executed by superusers. CVE-2024-7348 – Vulnerability Details The flaw…
Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts
A newly discovered phishing marketplace, ONNX Store, empowers cybercriminals to launch sophisticated attacks against Microsoft 365 and Office 365 environments. The platform provides tools to circumvent robust 2FA safeguards, enabling threat actors to compromise accounts with increased efficiency. Corporate security…
Australian Gold Mining Company Reports Ransomware Attack
Evolution Mining Limited, a prominent global player in the gold mining industry, has reported a ransomware attack that impacted its IT systems. The company, which operates several mines across Australia and Canada, discovered the breach on August 8, 2024. This…
Critical AWS Services Vulnerability Let Attackers Execute Remote Code
Hackers attack AWS as it hosts a vast number of high-value targets, including sensitive data, business applications, and cloud resources for organizations worldwide. In February 2024, six AWS services were found to have some critical vulnerabilities. The services include CloudFormation,…
Hackers Exploiting WinRAR Flaw To Attacks Windows & Linux(ESXi) Machines
Head Mare, a hacktivist group targeting Russia and Belarus, leverages phishing campaigns distributing WinRAR archives to exploit CVE-2023-38831 for initial access. By deploying LockBit and Babuk ransomware, they encrypt victim systems and publicly disclose stolen data. The group shares similarities…
NCSC to Build Nation-Scale Evidence Base for Cyber Deception
The UK’s National Cyber Security Centre (NCSC) recently hosted an unprecedented conference at its London headquarters, bringing together international government partners, UK government officials, and industry leaders. The focus was on exploring the potential of cyber deception technologies and techniques…
Google’s Quick Share Vulnerabilities Let Attackers Execute Remote Code
By reverse-engineering Quick Share’s proprietary communication protocol, researchers uncovered multiple vulnerabilities, including unauthorized file writes, forced Wi-Fi connections, directory traversal, and denial-of-service conditions. These flaws were chained together to achieve remote code execution on Windows systems with Quick Share installed,…
Authorities Arrested Two Admins of WWH-Club Stolen Credit Card Marketplace
U.S. authorities have arrested two believed administrators of the notorious WWH-Club, an online marketplace for stolen credit card information. The arrests mark a major step in the ongoing battle against cybercrime and the illicit trade of unauthorized access devices. The…
Threat Actors Exploiting Windows Systems To Deploy Multiple Malwares
A sophisticated phishing campaign targeting Windows systems leverages multiple evasion techniques, including Python obfuscation, shellcode generation, and loading, to deploy a payload of malware. This multi-stage attack, disguised as a customer service request, delivers malicious attachments that, once opened, install…
North Korean Kimusky Group Attacking University Professors
Kimsuky, a North Korean APT group, employs targeted phishing campaigns, leveraging DMARC exploitation to conceal social engineering, infiltrate university networks, and steal research for the Reconnaissance General Bureau. It aligns with North Korea’s goal of intelligence acquisition to advance its…
Iranian Hackers Targeting 2024 US Election Campaigns
Microsoft has released a report detailing Iran’s efforts to influence the upcoming 2024 US presidential election. The report highlights the increasing activity of groups linked to the Iranian government, aiming to sway voters and create controversy, particularly in key swing…
Confusion Attacks Vulnerability In Apache HTTP Server Allow Attackers To Gain Root Access Remotely
The Apache HTTP Server relies on hundreds of independently developed modules to handle client requests, sharing a complex data structure for communication. While modularity promotes specialization, the lack of standardized interfaces, coupled with the massive scale of the system, introduces…
0.0.0.0 Day – 18 Yr Old Vulnerability Allow Attackers to Bypass All Browser Security
Threat actors often target and exploit security flaws in web browsers, as exploiting flaws in web browsers enables them to gain unauthorized access and perform several illicit activities. Not only that, threat actors also get a wide attack surface with…
New APT Actor240524 Weaponizing Official Documents To Deliver Malware
A new APT group, dubbed Actor240524, launched a spear-phishing campaign targeting Azerbaijani and Israeli diplomats on July 1, 2024, where the attackers employed a malicious Word document containing Azerbaijani-language content disguised as official documentation to lure victims. The attack indicates…
Leaked MDM Credentials Exposes Commonly Laptops And Smartphones For Hacking
Mobile Device Management (MDM) is a device management solution for laptops, tablets, and smartphones used by organizations to enable them to control and protect their employees’ mobile devices. Moreover, MDM has been developed with various tools that administrators can use…
Critical Jenkins Vulnerabilities Expose Servers To RCE Attack
Jenkins, an open source automation server, has been found to have two security issues, one of which is a critical flaw that, if exploited, might lead to remote code execution (RCE). An attacker may be able to read arbitrary files…
CISA Warns of Cisco Smart Install Feature Actively Exploited by Hackers
The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms over malicious cyber actors’ active exploitation of the Cisco Smart Install feature. This legacy feature, originally designed to simplify the deployment of new switches, is now being leveraged by hackers…
Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems To Old Vulnerabilities
Every software and operating system vendor has been implementing security measures to protect their products. This is due to the fact that threat actors require a lot of time to find a zero-days but require less time to find a…
GhostWrite Vulnerability Let Hackers Read And Write Any Part Of The Computer’s Memory
Such is the industry, that RISC-V, an open and extensible instruction set architecture (ISA) has now invaded the CPU market, opening up many opportunities for new entrants. It has gained a lot of traction through Linux kernel support as well…
DISPOSSESSOR And RADAR Ransomware Emerging With RaaS Model
Ransomware affiliates are forming alliances to recoup losses from unreliable partners. A prominent example involves ALPHV extorting $22 million from Change Healthcare but withholding funds from its data exfiltration affiliate. To remedy this, the affiliate has reportedly partnered with RansomHub…
Hackers Exploit iOS Settings to Trigger Fake iOS Updates on Hijacked Devices
A sophisticated mobile attack vector involves a deceptive iOS update that masquerades as the legitimate iOS 18, tricking users into installing malicious code. The persistence mechanism allows threat actors to maintain covert control over the compromised device, facilitating data exfiltration…
MongoDB Vulnerabilities Let Attackers Escalate Privileges
MongoDB has disclosed a critical vulnerability that could allow attackers to escalate privileges on systems running certain versions of MongoDB. This vulnerability, CVE-2024-7553, affects multiple versions of MongoDB Server, C Driver, and PHP Driver. The flaw stems from incorrect validation…
Authorities Dismantled North Korean Remote IT Worker Laptop Farm
Authorities have dismantled a “laptop farm” in Nashville, Tennessee, allegedly used to support the Democratic People’s Republic of Korea’s (DPRK) weapons program. Matthew Isaac Knoot, 38, has been charged with multiple offenses, including conspiracy to cause damage to protected computers…
STAC6451 Hacker Hijacking Microsoft SQL Servers to Compromise Organizations
A sophisticated threat activity cluster, STAC6451, has been identified targeting Microsoft SQL servers. This cluster, primarily observed by Sophos Managed Detection and Response (MDR) teams, has compromised organizations by exploiting SQL server vulnerabilities. The attackers have been using a combination…
Record Breaking DDoS Attack 419 TB of Malicious Traffic Within 24-Hours
A record-breaking Distributed Denial of Service (DDoS) attack unleashed 419 terabytes of malicious traffic over 24 hours. This unprecedented event, which began at 8:05 UTC on July 15, 2024, targeted a financial services company in Israel, showcasing the evolving threat…
Critical Cisco Small Business IP Phone Flaws Exposes Users to Remote Attacks
Cisco has issued a security advisory warning users of its Small Business SPA300 and SPA500 Series IP Phones about multiple critical vulnerabilities that could allow remote attackers to execute arbitrary commands or cause denial of service (DoS) conditions. These vulnerabilities…
Tor Browser 13.5.2 Released: What’s New!
The Tor Project has announced the release of Tor Browser 13.5.2, now available for download from the Tor Browser download page and the distribution directory. This latest version brings crucial security updates and several enhancements to improve user experience and…
AWS Launches Mithra To Detect Malicious Domains Across Systems
Amazon’s e-commerce platforms and cloud services form a digital ecosystem requiring a strong cybersecurity framework. Amazon, which has a vast online presence covering multiple domains and services, is at great risk of being attacked by advanced cyber threats. For this…
Researchers Proposed MME Framework To Enhance API Sequence-Based Malware Detection
Deep learning models analyzing API sequences for Windows malware detection face challenges due to evolving malware variants. A group of researchers recently proposed the MME framework, which enhances the existing detectors by leveraging API knowledge graphs and system resource encodings. …
Microsoft 365 Vulnerability Let Hackers Bypass Anti-phishing Feature
A vulnerability in Microsoft 365 (formerly Office 365) has been found that allows malicious actors to bypass anti-phishing measures. One of the anti-phishing features available in Exchange Online Protection (EOP) and Microsoft Defender to Office 365 enterprises is the ‘First…
Apple Tightens macOS Gatekeeper Controls in macOS Sequoia
Apple has announced changes to its macOS Gatekeeper security feature with the release of macOS Sequoia. These changes aim to bolster user security by making it more challenging to run potentially harmful software. Stricter Gatekeeper Policies In macOS Sequoia, Apple…
New Zola Ransomware Using Multiple Tools to Disable Windows Defender
Seemingly new ransomware, Zola, is the newest version of the Proton family that appeared in March 2023. This rebranding highlights the unbroken trend of ransomware’s evolution. Cybersecurity researchers at Acronis identified and warned of the new Zola ransomware, which was…
XDSpy Hackers Attacking Users to Steal Sensitive Data
The notorious threat actor group XDSpy has been reported to target organizations in Russia and Moldova. The sophisticated phishing malware campaign aims to steal sensitive data through well-coordinated attack chains. Spear-phishing emails as the Initial Vector According to the Broadcom…
Chrome Security Update: Patch for Multiple Vulnerabilities
Google has announced a critical security update for its Chrome browser, addressing several vulnerabilities that malicious actors could exploit. The Stable channel has been updated to version 127.0.6533.99/.100 for Windows and Mac and 127.0.6533.99 for Linux. This update will be…
Panamorfi TCP flood DDoS Attack Targeting Jupyter Notebooks
An attacker, identified as Yawixooo, leveraged a publicly accessible Jupyter Notebook honeypot as an initial access vector. The honeypot’s exposure to the internet-enabled Yawixooo to exploit it without requiring complex techniques. Once gaining a foothold on the system, the attacker…
North Korean Hackers Exploit VPN Update Flaw To Breach Networks
North Korean state-sponsored hacking groups, including Kimsuky (APT43) and Andariel (APT45), have significantly increased cyberattacks on South Korean construction and machinery sectors. This surge aligns with Kim Jong-un’s “Local Development 20×10 Policy,” aimed at modernizing industrial facilities across North Korea. …
Chameleon Device-Takeover Malware Attacking IT Employees
Researchers have identified a new Chameleon campaign targeting hospitality employees, where the attackers employed a deceptive tactic, disguising malicious software as a CRM app. File names uploaded to VirusTotal revealed evidence of targeted attacks, including a reference to a prominent…
40 French Museums IT Systems Hit by Ransomware Attack
Ransomware has infiltrated the IT systems of 40 French museums, including the renowned Louvre. The incident, which occurred on the night of August 3-4, 2024, was first detected by the director of information systems at the Grand Palais site. The…