Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin vulnerable to severe security threats. The Enhanced Authentication Plugin (EAP), which provided seamless login capabilities to vSphere’s management interfaces, is susceptible to authentication relay and session…

Read more →

In a significant blow to one of the most prolific ransomware operations, authorities from the U.S. and U.K., in collaboration with international law enforcement, have disrupted the LockBit ransomware variant. The coordinated effort led to the arrest of two operators…

Read more →

Reddit, the popular social media platform known as the “front page of the internet,” has reportedly signed a significant content licensing agreement with an undisclosed AI company. This $60 million deal is poised to impact AI research substantially, Reddit’s impending…

Read more →

Spyware firms target iOS, Android, and Windows devices due to their widespread usage, making them lucrative targets for gathering sensitive information.  Each platform offers unique exploitation opportunities, with iOS and Android dominating the mobile market, while Windows remains a primary…

Read more →

Ransomware utilizes living-off-the-land tools in Windows attacks for stealth and evasion. They can blend in with normal system activities by leveraging legitimate, built-in tools like PowerShell or Windows Management Instrumentation (WMI). This stealthy move makes it harder for security measures…

Read more →

Earlier this week, Europol and the UK’s National Crime Agency announced they had successfully taken down the dark web platform associated with LockBit, a notorious ransomware group. LockBit has been one of the most active and prolific ransomware groups, and…

Read more →

Threat actors use stealers to collect sensitive information from unsuspecting users covertly. These tools are favored for their ability to infiltrate systems, remain undetected, and extract valuable data, which threat actors can exploit for financial gain and several malicious purposes.…

Read more →

An individual residing in Vinnytsia, aged 31, has been apprehended for purportedly pilfering confidential data of Android users and exploiting their Google accounts belonging to citizens of the United States and Canada. The cybercrime incident resulted in the perpetrator acquiring…

Read more →

An individual residing in Vinnytsia, aged 31, has been apprehended for purportedly pilfering confidential data of Android users and exploiting their Google accounts belonging to citizens of the United States and Canada. The cybercrime incident resulted in the perpetrator acquiring…

Read more →

SolarWinds has released their Access Rights Manager version 2023.2.3, in which several vulnerabilities associated with Deserialization and Directory Traversal leading to Remote code execution have been fixed. The CVEs of these vulnerabilities were assigned with The severity for these vulnerabilities…

Read more →

Threat actors exploit Cisco AnyConnect vulnerabilities to gain unauthorized access to networks, compromise sensitive information, and potentially execute malicious activities.  Exploiting these vulnerabilities allows attackers to bypass security measures, leading to unauthorized control over network resources, potential disruptions to operations,…

Read more →

ESET, a cybersecurity firm, has released patches for a high-severity vulnerability identified in several Windows-based security products, including consumer, business, and server security. The vulnerability tracked as CVE-2024-0353 has a CVSS score of 7.8 and was identified in the real-time…

Read more →

Malware often targets Windows users due to the operating system’s widespread popularity, making it a lucrative target for threat actors.  Windows systems have historically been perceived as more vulnerable due to their larger user base and the majority of security…

Read more →

The Russian cyber espionage threat group “Turla APT group” was discovered to be using a new backdoor for its malicious operations. This new backdoor has been termed “TinyTurla-NG” (TTNG), which shares similarities with a previously disclosed implant, TinyTurla, regarding coding…

Read more →

A novel, very sophisticated mobile Trojan dubbed GoldPickaxe.iOS that targets iOS users exclusively was discovered to collect facial recognition data, intercept SMS, and gather identity documents. The Asia-Pacific region includes the majority of those impacted by this harmful activity. On the other hand,…

Read more →

A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacker with HTTP(S) access to a TeamCity server may bypass authentication procedures and take administrative control of that TeamCity server…

Read more →

Vyacheslav Igorevich Penchukov, a 37-year-old resident of Donetsk, Ukraine, has pleaded guilty to his key role in developing and deploying the notorious Zeus and IcedID malware attacks.  In 2022, he was apprehended in Switzerland and extradited to the United States…

Read more →

Outlook has been discovered to have an interesting vulnerability while handling specific hyperlinks, which was found to be exploited by threat actors in the wild. This vulnerability has been assigned with CVE-2024-21413, and the severity was given as 9.8 (Critical).…

Read more →

Wireshark is backed by the nonprofit Wireshark Foundation, which relies on your support to advance protocol analysis education. However, Wireshark 4.2.3 is out now, and this new version is Packed with multiple new features, rich protocol support, user-friendly design, and…

Read more →

An advanced phishing attack typically involves sophisticated tactics such as compelling email and website replicas that are often tailored to specific targets. These attacks may use social engineering techniques to manipulate victims into revealing sensitive information and installing malware. Cybersecurity…

Read more →

While Artificial Intelligence holds immense potential for good, its power can also attract those with malicious intent.  State-affiliated actors, with their advanced resources and expertise, pose a unique threat, leveraging AI for cyberattacks that can disrupt infrastructure, steal data, and…

Read more →

A new flaw has been discovered in DNSSEC, which, when exploited by threat actors, could result in the unavailability of technologies such as web browsing, email, and instant messaging. This new class of attacks has been termed “KeyTrap” by researchers. …

Read more →

As part of its February 2024 Patch Tuesday updates, Microsoft has published patches to address 73 security flaws, including two zero-day vulnerabilities that have been actively exploited. Five of the 73 vulnerabilities are classified as ‘Critical’, 65 as ‘Important’, and…

Read more →

Threat actors exploit HijackLoader because it is a powerful tool for injecting malicious code into legitimate processes, enabling stealthy execution of payloads.  This technique helps them to evade detection by leveraging trusted applications to carry out malicious activities.  This scenario…

Read more →

Thorough, independent tests are vital as cybersecurity leaders and their teams evaluate vendors’ abilities to guard against increasingly sophisticated threats to their organizations. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluations: Enterprise. This evaluation…

Read more →

A critical security update for both Windows and macOS is available for Adobe Acrobat and Reader.  Per Adobe, this update fixes serious vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory leaks. Document Live Account Takeover Attack…

Read more →

ZLoader is a banking Trojan malware that steals sensitive financial information from infected systems. Threat actors exploit this malware to conduct a multitude of illicit activities. This malware is often distributed through phishing emails or malicious websites, allowing the threat…

Read more →

Hunter-Killer is a sophisticated type of malware primarily designed to actively seek out and neutralize other malware present on a system.  It operates by identifying and removing competing threats that potentially pose a serious risk to the security and privacy…

Read more →

Following the FBI’s shutdown of Qakbot infrastructure in August 2023, security analysts at EclecticIQ observed a surge in the use of the DarkGate loader. EclecticIQ believes DarkGate is primarily in the hands of financially motivated groups like TA577 and Ducktail…

Read more →

Threat actors are distributing Revenge RAT malware, developed using legitimate tools like “smtp-validator” and “Email to SMS.” When executed, the malware runs a malicious file and a legitimate tool, making it difficult for users to know there is malicious activity.…

Read more →

An ongoing campaign of cloud account takeover has affected hundreds of user accounts, including those of senior executives, and impacted dozens of Microsoft Azure environments. Threat actors attack users with customized phishing lures inside shared documents as part of this…

Read more →

Threat actors target financial institutions due to the potential for significant financial gains and access to sensitive customer data. These entities are attractive targets for threat actors seeking lucrative opportunities and avenues for money laundering, fraud, and ransom.  While successfully…

Read more →

Despite not being 0-day or even 1-day vulnerabilities, three well-known and outdated CVEs in Microsoft Word and Excel continue to pose a threat to the cybersecurity industry. In these three CVEs, researchers found several connections, including technical tricks to conceal the harmful…

Read more →

Despite not being 0-day or even 1-day vulnerabilities, three well-known and outdated CVEs in Microsoft Word and Excel continue to pose a threat to the cybersecurity industry. In these three CVEs, researchers found several connections, including technical tricks to conceal the harmful…

Read more →

Phishing has been one of the primary methods threat actors use for impersonating individuals or brands with a sense of urgency that could result in private information being entered on a malicious URL. Phishing has been set with several preventive…

Read more →

Federal authorities have dismantled a major malware operation, seizing online marketplaces and being involved in its sale and support.  This international effort targeted a service known as “Warzone RAT,” a powerful tool cybercriminals use to remotely access and steal data…

Read more →

Customers of ExpressVPN have been notified of a vulnerability in the most recent version of the Windows app that permitted some DNS requests to be routed to a third-party server, usually the user’s internet service provider (ISP). After a reviewer…

Read more →

A network of at least 123 websites based in the People’s Republic of China that posed as local news outlets in 30 countries across Europe, Asia, and Latin America.  The websites are disseminating pro-Beijing falsehoods and ad hominem attacks together…

Read more →

The Roaming Mantis threat group distributes a well-known Android malware family called “MoqHao.” This malware family has been previously reported to be targeting Asian countries such as Korea and Japan. Though the distribution method remains the same, the new variants…

Read more →

Mandiant and VMware recently uncovered a sophisticated cyber espionage campaign. The attackers, a Chinese group identified as UNC3886, leveraged a known vulnerability in VMware software (CVE-2023-34048) to maintain access to the targeted systems for over a year. This case highlights…

Read more →

The United States State Department has recently revealed a $10 million reward for any valuable information that could lead to the detection or whereabouts of the principal members of the Hive ransomware gang. Following that, the State Department has announced…

Read more →

BitLocker is a computer program provided by Microsoft that users can use to encrypt their entire volumes, preventing unauthorized access in case of device theft. Many organizations have been using this security feature to prevent data theft, stolen devices leading…

Read more →

Cisco released patches to address multiple vulnerabilities in the Cisco Expressway Series that might allow an attacker to do arbitrary operations on a vulnerable device. Cisco Expressway Series includes Cisco Expressway Control (Expressway-C) and Cisco Expressway Edge (Expressway-E) devices. “Multiple…

Read more →

A new malware called Ov3r_Stealer was found to be intended for stealing cryptocurrency wallets and passwords and then sending them to a Telegram channel that the threat actor maintains. Identified early in December, the malware was spread via a Facebook advertisement for…

Read more →

A recent massive operation by INTERPOL, which happens to be the biggest international police organization in the world, has successfully targeted the underlying infrastructure behind malicious activities such as phishing, malware, and ransomware attacks. The operation is a significant step…

Read more →

Ivanti has disclosed two new zero-day vulnerabilities assigned with CVE-2024-21888 and CVE-2024-21893 in the products Ivanti Connect Secure and Ivanti Policy Secure. The vulnerability (CVE-2024-2188) exists in Ivanti Connect Secure and Ivanti Policy Secure web components, allowing a threat actor…

Read more →

A critical security vulnerability was detected in TeamCity On-Premises, tagged as CVE-2024-23917, with a CVSS score of 9.8. An unauthenticated attacker with HTTP(S) access to a TeamCity server may bypass authentication procedures and take administrative control of that TeamCity server if the…

Read more →

An intrusion set called FIN7 has been known to be operating since 2015 and is composed of Russian-speaking members. This threat group also pretends to be a company that recruits IT experts to hide their illegal activities.  Targets of this…

Read more →

Indicators of Compromise (IOCs) are the fuel that powers our cybersecurity defenses and keeps them effective. The most sought-after source of these indicators is malware configurations. Accessing them is equal to exposing the attacker’s playbook. Hence, thousands of analysts spend…

Read more →

Cybercriminals use email phishing as one form of cybercrime to deceive victims into disclosing personal information like passwords, credit card details, or Social Security numbers.  To accomplish this, they send emails that seem to be from reliable sources, like banks,…

Read more →

On November 23, 2023, Cloudflare detected a threat actor on the self-hosted Atlassian server. The attack was initiated using a single stolen access token and three compromised service account credentials, which were kept the same after the Okta compromise in…

Read more →

The Black Hunt ransomware has recently become a significant threat to the cybersecurity landscape. This malicious software has already wreaked havoc on around 300 companies in Paraguay, causing significant damage and disruption to their operations. The impact of this ransomware…

Read more →

Four new vulnerabilities have been identified in containers that could allow a threat actor to escape the container and gain access to the host system. These vulnerabilities have been named “Leaky Vessels” by researchers that could potentially enable a threat…

Read more →

When we talk about the cloud, it’s not just a matter of data drifting weightlessly in some digital ether. The cloud environment is more like a bustling cityscape, with new buildings popping up every day. This expansion is often referred…

Read more →

A new variant of Mispadu stealer has been identified by researchers, which specifically targets victims in Mexico. This variant of Mispadu stealer utilizes the Windows SmartScreen vulnerability CVE-2023-36025, to download and execute malicious payloads on the system.  Mispadu stealer is…

Read more →

A new large-scale campaign named “ApateWeb ” has been discovered, which uses over 130,000 domains to deliver scareware, potentially unwanted programs, and other scam pages. Threat actors use deceptive emails to lure victims into their malicious websites and redirect them…

Read more →

Twelve malicious Android espionage applications have been discovered by researchers, with all of them executing a remote access trojan (RAT) code known as VajraSpy. Six of them were discovered to be available on Google Play Store, whereas the other six…

Read more →

The FritzFrog botnet, originally identified in 2020, is an advanced peer-to-peer botnet built in Golang that can operate on both AMD and ARM-based devices. With constant updates, the malware has developed over time, adding and enhancing features. A new strain…

Read more →

Discovering a clandestine and potent menace, Aqua Nautilus researchers have brought to light the HeadCrab, an advanced threat actor wielding bespoke malware targeting Redis servers globally.  Redis, an open-source, in-memory data structure store, serves as the unsuspecting battleground for the…

Read more →

Two new zero-day vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure products that are assigned with CVE-2024-21888 and CVE-2024-21893. Additionally, one of the vulnerabilities (CVE-2024-21893) has been reported to be exploited by threat actors in the…

Read more →

The ANY.RUN sandbox has now been updated with support for Linux, further enhancing its ability to provide an isolated and secure environment for malware analysis and threat hunting. This newly added feature will enable security analysts to investigate and simulate…

Read more →

In the analysis by Trendmicro, they dissect the recent maneuvers of this advanced persistent threat (APT) actor, shedding light on its unyielding repetition of tactics and the intricate dance between its seemingly unsophisticated campaigns and the concealed sophistication within. Known…

Read more →

The Grandoreiro, a criminal organization that uses banking malware to commit electronic banking fraud against Spain, Mexico, Brazil, and Argentina, has been seized by authorities. It’s been operating since 2017. Through fraudulent actions, the criminal group is believed to have…

Read more →

Ransomware has been one of the top threats to organizations, contributing several millions of dollars to multiple organizations worldwide. Most of these ransomware operators infiltrate the systems, steal sensitive data, and lock the systems with ransomware. There have been a…

Read more →

Mercedes-Benz has been reported to have leaked its source code due to a GitHub token leak from an organization employee. This particular leak was identified during an internet scan from a research team, revealing a GitHub repository holding this information.…

Read more →

Email hijacking occurs when cybercriminals gain unauthorized access to an individual’s or organization’s email account, it continues to pose a significant threat in the digital world. This security incident has the potential to result in unauthorized access and misuse of…

Read more →

The Trigona ransomware threat actor has been observed engaging in new activities, such as installing Mimic malware that targets MS-SQL servers.  MS-SQL servers’ Bulk Copy Program (BCP) feature is abused during the malware installation process. The BCP utility bcp.exe is…

Read more →

In the murky depths of the digital underworld, a tale unfolds: the rise and fall of “King Bob,” a moniker masking 19-year-old Noah Michael Urban, a Florida man entangled in a web of cybercrime.  An investigation revealed the accused’s role…

Read more →

It was previously reported that Jenkins was discovered with a new critical vulnerability, which was associated with unauthenticated arbitrary file reads that can be utilized by threat actors to read sensitive files on the server. The CVE was mentioned as…

Read more →

It was previously reported that Jenkins was discovered with a new critical vulnerability, which was associated with unauthenticated arbitrary file reads that can be utilized by threat actors to read sensitive files on the server. The CVE was mentioned as…

Read more →

Peach Sandstorm APT targets defense contractors globally via the FalseFont Backdoor, which can access remote systems and exfiltrate data. In this campaign, the malware offers the user a realistic user interface and behavior while posing as a legitimate application from US Defense…

Read more →

Researchers discovered an Office document with a VBA script intended to spread the Phobos ransomware known as FAUST. The FAUST version can sustain persistence in a given environment and generates multiple threads for efficient execution.  A well-known family of malicious…

Read more →

GitLab releases security updates addressing several critical vulnerabilities, urging all users to upgrade immediately. This release is crucial for ensuring the security of GitLab instances, as it patches vulnerabilities that could allow attackers to: Document Run Free ThreatScan on Your…

Read more →

In an era where online threats no longer discriminate by business size, Control D, powered by Windscribe VPN‘s robust security expertise, announced today the launch of ‘Control D for Organizations‘. This cutting-edge DNS service brings cybersecurity within reach for businesses…

Read more →

Jenkins has been discovered with a critical vulnerability that is associated with arbitrary code execution that threat actors can exploit for malicious purposes. The vulnerability is tracked as CVE-2024-23898, and the severity is yet to be categorized. However, Jenkins has…

Read more →

Vladimir Dunaev, a resident of Amur Blast and aged 40, has confessed to creating and distributing Trickbot malware. The purpose of the malware was to launch cyberattacks against various American hospitals and companies. Trickbot has a collection of malware tools…

Read more →

Chief Information Security Officers (CISOs) hold a critical and challenging role in today’s rapidly evolving cybersecurity landscape. Here are the common security challenges CISOs face. As organizations increasingly rely on technology to drive their operations, CISOs face complex security challenges…

Read more →

In order to obtain unauthorized access and control, hackers take advantage of software vulnerabilities by manipulating updates. By corrupting the updates, hackers can disseminate malware, compromise user data, and build backdoors for future attacks. This enables hackers to compromise a…

Read more →

An extensive examination of the growing danger posed by the Pure malware family has been released, providing the industry with more insightful information about PureCrypter, PureLogs, and PureMiner. ANY. RUN has disclosed that Pure tools are disguised as legitimate software designed…

Read more →

Researchers have discovered a new loophole in Google Kubernetes Engine (GKE), which threat actors can utilize with a Google account to take over the misconfigured Kubernetes Cluster.  Threat actors can further use these compromised clusters for crypto mining, DoS (denial…

Read more →

The digital landscape is under siege. Surging browser-based phishing attacks, a 198% increase in just the second half of 2023, paint a chilling picture of cyber threats outsmarting traditional security.  Menlo Security’s 2023 State of Browser Security Report unveils this…

Read more →

Ransomware is a tool that hackers use to extort money from their targets like individuals, businesses, and governments. The malware encrypts the target’s data and demands payment to unlock it. This malicious strategy increases the possibility of payment by giving…

Read more →

Hackers in India are using fake loan applications to target Android users to take advantage of the rising demand for digital financial services by enticing consumers with instant credit offers. These malicious apps often steal personal and financial information, which…

Read more →

Since office documents are often used in business communications, hackers take advantage of this fact to disseminate malicious malware easily. Hackers can mislead users into unintentionally activating malware by hiding it in documents that appear to be safe, which gives…

Read more →

To maintain access to compromised networks, hackers use specialized hacking tools. Such tools help the threat actors evade the detection mechanisms and maintain control over the compromised system. This unauthorized access enables the threat actors to extract sensitive information from…

Read more →

Two malicious npm packages were discovered on the npm open source package manager, which leverages GitHub to store stolen Base64-encrypted SSH keys obtained from developer systems that installed the malicious npm packages. In recent weeks, two suspicious npm packages, namely warbeast2000…

Read more →

VexTrio, a cybercrime syndicate with a history dating back to at least 2017, has been implicated in nefarious activities utilizing a sophisticated dictionary domain generation algorithm (DDGA).  Their malicious campaigns encompass scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and…

Read more →

Hackers use supply chain attacks to breach a target by gaining access to and taking advantage of weaknesses in the vendor, partner, or supplier network. Threat actors can enter the target firm by distributing malware, influencing software upgrades, and gaining…

Read more →

Penetration Testing Companies are pillars when it comes to information security; nothing is more important than ensuring your systems and data are safe from unauthorized access; many organizations have a flawed security culture, with employees motivated to protect their information…

Read more →

In the murky depths of the digital world lurks a cunning predator – Parrot TDS, a cyber campaign that has flown under the radar for years, leaving a trail of compromised websites and vulnerable users in its wake.  Parrot TDS…

Read more →

A PyPI malware author identified as “WS” was discovered by researchers to be covertly uploading malicious packages to PyPI that were impacting both Windows and Linux devices.  Over time, the malware author distributes multiple information-stealing packages into the PyPI library, each with unique…

Read more →

Hackers target cybersecurity professionals as successfully compromising their systems or gaining access to their credentials provides a gateway to valuable information and tools. Besides this, gaining control over cybersecurity professionals’ systems could be a strategic move to disrupt or evade…

Read more →

In a brazen act of digital deception, the U.S. Securities and Exchange Commission’s (SEC) official Twitter account, @SECGov, was compromised on January 9th, 2024.  This wasn’t just a prank; it sent shockwaves through the financial world, momentarily igniting a frenzy…

Read more →

Threat actors have been using several methods for credential stealing, which varies based on the environment and infrastructure of the system. Most of the time, the threat actors dump the LSASS process to extract the account credentials. For this, tools…

Read more →

SSH or Secure Shell is a cryptographic network protocol that enables secure communication and remote access over an unsecured network.  This network protocol is widely used for secure command-line login, file transfers, and tunneling of other protocols. It provides a…

Read more →

Similar to ZuRu malware, a new malware has been found embedded in pirated macOS applications, which downloads and executes several payloads to compromise devices in the background. Specifically, these apps are hosted on Chinese pirate websites to entice more victims.…

Read more →

DarkGate is a type of malware that employs Auto-It compiled loaders that cause a considerable threat because of its advanced evasion strategies and persistence within compromised systems. By using obfuscated AutoIt scripting and multi-stage payloads, the malware makes it more difficult to identify using conventional…

Read more →

A new Outlook vulnerability that can be used to extract NTLMv2 hashes by exploiting Outlook, Windows Performance Analyzer (WPA), and Windows File Explorer has been identified. This vulnerability has been assigned with CVE-2023-35636, and the severity has been given as…

Read more →

Hackers exploit UEFI flaws to gain unauthorized access to a system’s firmware, enabling them to implant persistent malware or manipulate the boot process. This provides a stealthy entry point that allows attackers to bypass traditional security measures and maintain control…

Read more →

Malicious cyber incidents, such as ransomware and unauthorized access, have affected the Water and Wastewater Sector (WWS) in the past few years. Particularly, ransomware is a common tactic cybercriminals use to target WWS utilities. Cyber threat actors target the WWS…

Read more →