The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) announced today that major retail banks will phase out the use of One-Time Passwords (OTPs) for bank account logins within the next three months. This change…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Malicious NuGet Campaign Tricking Developers To Inject Malicious Code
Hackers often target NuGet as it’s a popular package manager for .NET, which developers widely use to share and consume reusable code. Threat actors can distribute malicious code to many projects by compromising the NuGet packages. In August 2023, ReversingLabs…
ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution
ViperSoftX is an advanced malware that has become more complicated since its recognition in 2020, to the extent that eBooks are used on Torrent sites to spread across systems. Unlike other kinds of malware developers who mainly focus on developing…
Akira Ransomware Attacking Airline Industry With Legitimate Tools
Airlines often become the target of hackers as they contain sensitive personal and financial details of passengers as well as travel schedules and loyalty programs. Since airlines are attractive to threat actors, disrupting their operations can be quite damaging to…
Threat Actor Claiming Breach of Coingecko Database, 1.9M Email Address
A threat actor has claimed responsibility for breaching the database of CoinGecko, a leading cryptocurrency data aggregator. The alleged breach has reportedly compromised 1.9 million email addresses, raising significant concerns about data security in the cryptocurrency industry. The Alleged Breach…
Beware Of Weaponized EBooks That Deliver AsyncRAT
EBooks are popular, and their popularity lucrative threat actors the most, as they are widely shared digital assets that can easily circumvent security measures. Threat actors exploit users’ trust in seemingly harmless documents by embedding malware in eBook files or…
DarkGate Malware Exploiting Excel Files And SMB File Shares
DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing various distribution methods, including email attachments, malicious ads, and compromised Samba shares. Initially a human-operated command-and-control infrastructure, DarkGate has evolved into a versatile tool offering remote…
mSpy Data Breach: Millions of Customers’ Data Exposed
mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing the sensitive information of millions of its customers. The breach, which Brainstack, mSpy’s parent company, has not publicly acknowledged, has raised serious concerns about spyware applications’…
Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed
RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has recently been the victim of a cyber attack. The breach, which occurred on April 14, 2024, was discovered on June 10, 2024, and has compromised the…
Hackers Using ClickFix Social Engineering Tactics to Deploy Malware
Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery, dubbed the “ClickFix” infection chain. This novel attack strategy leverages advanced social engineering techniques to manipulate unsuspecting users into executing malicious scripts, leading to severe security…
Coyote Banking Trojan Attacking Windows Users To Steal Login Details
Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept and modify transactions, allowing hackers to drain bank accounts or make unauthorized purchases. BlackBerry cybersecurity researchers recently detected that the Coyote banking trojan has been actively…
Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets
As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has emerged, targeting fans and attendees. Cybersecurity firm QuoIntelligence has uncovered a sophisticated fraudulent campaign involving over 700 fake domains designed to sell counterfeit tickets for the…
Japanese Space Agency Spotted zero-day via Microsoft 365 Services
The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that occurred last year, involving unauthorized access to its internal servers. The breach, detected in October 2023, has prompted JAXA to implement robust countermeasures to prevent future…
Top 10 Active Directory Management Tools – 2024
Active Directory Management Tools are essential for IT administrators to manage and secure Active Directory (AD) environments efficiently. These tools streamline tasks such as user and group management, permissions assignment, and policy enforcement, ensuring the AD infrastructure remains organized and…
New Eldorado Ransomware Attacking Windows And Linux Systems
Ransomware-as-a-service (RaaS) has evolved into sophisticated enterprise-like model. From 2022 to 2023, ransomware programs advertised on the dark web increased by half, with 27 ads identified. The RAMP forum was made the main hub of hiring for ransomware. Attacks published…
Passkeys Available for Passkeys high-risk Users in the Advanced Protection Program
Google has announced the integration of passkeys into its Advanced Protection Program (APP). This development aims to provide an easier and more secure alternative to traditional passwords, enhancing protection against common cyber threats such as phishing, malware, and unauthorized data…
Chinese APT40 Is Ready To Exploit New Vulnerabilities Within Hours Of Release
Multiple international cybersecurity agencies jointly warn of a PRC state-sponsored cyber group, linked to the Ministry of State Security and known by various names like APT40, Leviathan. The group, based in Hainan Province, has targeted organizations globally, including in Australia…
Scammers Offering Fraud-as-a-service to Other Scammers to Drain Victims Funds
Scammers no longer need to possess technical expertise or devise intricate fraud schemes. The rise of Fraud-as-a-Service (FaaS) has revolutionized scam execution, making it easier for even the most inexperienced fraudsters to prey on unsuspecting victims. This article delves into…
Threat Actors Claiming Breach of KFC Database
A group of threat actors has claimed responsibility for breaching the database of fast-food giant KFC. The announcement was made via a post on the social media platform X by the user @MonThreat, who is known for disseminating information about…
U.S. Disrupts AI-Powered Russian State-Sponsored Hackers Bot Farm
In collaboration with international partners, the U.S. Federal Bureau of Investigation (FBI) and the Cyber National Mission Force (CNMF) have successfully disrupted a sophisticated AI-powered bot farm operated by Russian state-sponsored hackers. The bot farm, known as Meliorator, was used…
X-Files Stealer Attacking Windows Users to Steal Passwords
Cybersecurity experts have identified a new malware strain, dubbed “XFiles Stealer,” which is actively targeting Windows users to steal passwords and other sensitive information. The discovery was made public by MonThreat, a prominent cybersecurity research group, via their official social…
Universal Code Execution Vulnerability In Browsers Puts Millions Of Users At Risk
Hackers remotely execute malicious code on a compromised device or server by exploiting the Universal Code Execution vulnerability. Through this vulnerability, threat actors can inject codes into server-side interpreter languages such as Java, Python, and PHP. Hacking into this security…
Ghostscript Rendering Platform Vulnerability Let Attackers Execute Remote Code
A critical vulnerability has been discovered in the Ghostscript rendering platform, identified as CVE-2024-29510. This flaw, a format string vulnerability, affects versions up to 10.03.0 and allows attackers to bypass the -dSAFER sandbox, leading to remote code execution (RCE). This…
Turla Hackers Weaponizing LNK-Files To Deploy Fileless Malware
Hackers often weaponize LNK files because they can carry malware into systems undetected by anyone. LNK files are shortcuts that, when opened, launch a malicious payload (like scripts or executables). LNK files are widely used in Windows environments and can…
HCL Domino Vulnerability Let Attackers obtain Sensitive information
A critical security vulnerability has been discovered in HCL Domino, a popular enterprise server software, that could potentially expose sensitive configuration information to remote unauthenticated attackers. This vulnerability, CVE-2024-23562, has raised concerns among cybersecurity experts and enterprises relying on HCL…
Apple Removed VPN Services from the Russian AppStore
Apple has removed several prominent VPN service apps from the Russian division of the App Store. The affected apps include Proton VPN, Red Shield VPN, NordVPN, and Le VPN. This action comes in response to complaints from Roskomnadzor, Russia’s federal…
Egyptian Health Department Data Breach: 120,000 Users’ Data Exposed
The Egyptian Health Department (EHD) has reported a data breach affecting 121,995 individuals, including one resident of Maine. The breach, which occurred on December 21, 2023, was discovered on the same day and has since raised serious concerns about data…
Europol Concerns Over Privacy Enhancing Technologies Challenge Lawful Interception
A new position paper argues that Privacy Enhancing Technologies (PET) used in Home Routing are making it difficult for law enforcement to intercept information during investigations lawfully. Home Routing allows a user’s communication to be routed through their home network…
Orcinius Trojan Attacking Users Via Dropbox & Google Docs
A newly identified multi-stage trojan, dubbed “Orcinius,” has been reported to exploit popular cloud services Dropbox and Google Docs as part of its attack strategy. The sophisticated malware begins its assault with an innocuous-looking Excel spreadsheet, which contains a VBA…
Roblox Data Breach: Email & IP address Details Exposed
Roblox, the globally renowned online gaming platform, has suffered a data breach. According to a tweet from cybersecurity expert H4ckManac, the breach has exposed sensitive information, including email addresses and IP addresses of millions of users. This alarming incident has…
The Problem With Bug Bounties
A Technically Skilled individual who finds a bug faces an ethical decision: report the bug or profit from it. This is nowhere more relevant than in crypto. In this article, with the help of Ilan Abitbol from Resonance Security, I look at the…
Cloudflare Details 1.1.1.1 Service Outage Following BGP Hijack
On June 27, 2024, Cloudflare experienced a disruption of its 1.1.1.1 DNS resolver service. This several-hour incident was caused by a combination of BGP (Border Gateway Protocol) hijacking and a route leak. The event led to a noticeable impact on…
Cloudflare Details 1.1.1.1 Service Outage Incident
On June 27, 2024, Cloudflare experienced a disruption of its 1.1.1.1 DNS resolver service. This several-hour incident was caused by a combination of BGP (Border Gateway Protocol) hijacking and a route leak. The event led to a noticeable impact on…
Mekotio Banking Trojan Attacking American Users To Steal Financial Data
Active since 2015, Mekotio is a Latin American banking trojan specifically designed to target financial data in regions like Brazil, Chile, Mexico, Spain, and Peru. It exhibits links to the recently disrupted Grandoreiro malware, both likely originating from the same…
Kimusk’s HappyDoor Executed Via regsvr32 File To Evade Detection
Kimsuky, also known as the Velvet Chollima, Black Banshee, THALLIUM, or Emerald Sleet, is a North Korean state-sponsored advanced cyber espionage group that uses sophisticated methods to target political, economic, and national security interests for various countries. They are very…
Hackers Compromised Ethereum’s Mailing List to Drain Their Crypto Funds
In a recent cyberattack, hackers successfully compromised Ethereum’s mailing list, attempting to drain users’ crypto funds through a sophisticated phishing campaign. The breach has raised significant concerns within the cryptocurrency community, prompting immediate action from Ethereum’s internal security team. The…
Threat Actor Claiming 2FA Bypass Vulnerability in HackerOne Bug Bounty Platform
A threat actor has claimed to have discovered a vulnerability that bypasses the two-factor authentication (2FA) on the HackerOne bug bounty platform. The claim was made public via a tweet from the account MonThreat, which is known for sharing cybersecurity-related…
Hackers Abused Twilio API To Verify Phone Numbers used For MFA
An unauthenticated endpoint vulnerability allowed threat actors to identify phone numbers associated with Authy accounts, which was identified, and the endpoint has been secured to prevent unauthorized access. No evidence suggests the attackers gained access to internal systems or other…
Over 380,000+ Hosts Embedding Polyfill JS script Linking to Malicious Domain
Over 380,000 web hosts have been found embedding a compromised Polyfill.io JavaScript script, linking to a malicious domain. This supply chain attack has sent shockwaves through the web development community, highlighting the vulnerabilities inherent in widely used open-source libraries. Polyfill.js,…
FakeBat Malware Weaponizing AnyDesk, Zoom, Teams & Chrome
Hackers target and weaponize AnyDesk, Zoom, Teams, and Chrome as these applications are widely used in a multitude of sectors. Not only that, but even these widely used applications also provide access to many users and sensitive information. Cybersecurity researchers…
New ‘Pryx’ Ransomware Hijacked 30,000 University Applications
A new player has emerged on the cybercrime landscape the ransomware group “Pryx.” Pryx has claimed its first attack, announcing that it has compromised the systems of Rowan College at Burlington County (RCBC.edu) and stolen 30,000 university applications. This announcement…
Threat Actors Selling Shopify Commerce Platform Data on Dark Web
Threat actors have been found selling sensitive data from the Shopify commerce platform on the dark web. This alarming news was first reported by DarkWebInformer on their social media Twitter account, raising significant concerns about the security of e-commerce platforms…
TotalEnergies Cyber Attack: Data of 210,715 Customers Exposed
TotalEnergies Clientes SAU has reported a significant cyberattack that has compromised the personal data of 210,715 customers. The incident has raised serious concerns about data security and the integrity of digital infrastructures in the energy sector. Unauthorized Access Detected TotalEnergies…
Hiap Seng Industries Servers Attacked by Ransomware
Hiap Seng Industries, a prominent engineering and construction company, has fallen victim to a ransomware attack that compromised its servers. The company has swiftly taken measures to contain the breach and ensure the continuity of its business operations. Immediate Containment…
Gogs Vulnerabilities Let Attackers Hack Instances And Steal Source Code
Gogs is a standard open-source code hosting system used by many developers. Several Gogs vulnerabilities have been discovered recently by the cybersecurity researchers at SonarSource. Gogs can be hacked through these flaws, which put its instances at risk of source…
Juniper SRX Vulnerability Allows Attackers Trigger DoS Condition
A vulnerability in Junos OS on SRX Series devices allows attackers to trigger a DoS attack by sending crafted valid traffic, which is caused by improper handling of exceptional conditions within the Packet Forwarding Engine (PFE) and leads to PFE…
Critical WordPress Plugin Flaw Exposes 90,000+ WordPress Sites
A critical vulnerability has been discovered in the popular WordPress plugin “Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce.” The flaw, identified as CVE-2024-6172, has been assigned a CVSS score of 9.8, indicating its…
Hackers Claiming of Sandbox Escape RCE in 0-DAY Google Chrome
A group of hackers has claimed to have discovered a critical zero-day vulnerability in Google Chrome. This exploit, which reportedly enables a sandbox escape and remote code execution (RCE), could potentially compromise millions of users worldwide. The announcement was made…
Rafel RAT Attacking Android Devices To Gain Unauthorized Access
The Rafel RAT is an advanced Android-targeting Remote Access Trojan which poses a great cybersecurity danger. This malicious program has become popular due to its prominence for breaking into device security and taking away confidential details. Knowing the origin of…
Hackers Using Polyglot Files In the Wild, Here Comes PolyConv For Detection
Polyglot files have to fit in several file format specifications and respond differently depending on the calling program. This poses a significant risk to endpoint detection and response (EDR) systems and file uploaders, which mainly rely on format identification for…
Google to offer $250,000 for Full VM Escape Zero-day Vulnerability
Google has unveiled kvmCTF, a new vulnerability reward program (VRP) explicitly targeting the Kernel-based Virtual Machine (KVM) hypervisor. This initiative, first announced in October 2023, underscores Google’s commitment to enhancing the security of foundational technologies like Linux and KVM, which…
CapraRAT Mimics As Popular Android Apps Attacking Android Users
Transparent Tribe (aka APT36) has been active since 2016, focusing on social engineering strategies to target Indian government and military personnel. The CapraTube campaign of Transparent Tribe (aka APT36) was revealed in September 2023, in which threat actors employed weaponized…
Hackers Using Dropbox And Google Docs To Deliver Orcinius Malware
A new Orcinius Trojan has been discovered, employing VBA Stomping to hide its infection. The multi-stage trojan uses Dropbox and Google Docs to stay updated and deliver second-stage payloads. Typically, VBA stomping removes the VBA source code in a Microsoft…
Rapid7 to Acquire Noetic Cyber to Enhance Attack Surface Visibility
Rapid7, Inc., a leader in extended risk and threat detection, has announced a definitive agreement to acquire Noetic Cyber, a pioneering company in cyber asset surface management (CAASM). This strategic move aims to bolster Rapid7’s existing cybersecurity solutions by integrating…
Grasshopper Hackers Mimic As Penetration Testing Service To Deploy Malware
Hackers often mimic penetration testing services to disguise their malicious activities as legitimate security assessments. By imitating authorized security testing, attackers can exploit the trust and access typically granted to legitimate penetration testers, allowing them to move more freely within…
Water Sigbin Exploiting Oracle WebLogic Server Flaw
Water Sigbin (8220 Gang) exploits vulnerabilities (CVE-2017-3506, CVE-2023-21839) in Oracle WebLogic servers to deliver cryptocurrency miners using PowerShell scripts. They use a multi-stage loading technique with a .Net Reactor protecting the payload to deploy the PureCrypter loader and XMRig miner,…
Cisco NX-OS Zero-Day Command Injection Vulnerability Let Hackers Gain Root Access
Cisco has disclosed a critical vulnerability in its widely-used NX-OS network operating system that could allow attackers to execute arbitrary commands with root privileges on affected devices. The company urges customers to upgrade to patched versions as soon as possible.…
regreSSHion – OpenSSH RCE Vulnerability Impacts 700K Linux Systems
The Qualys Threat Research Unit has identified a newly discovered vulnerability in OpenSSH, dubbed “regreSSHion” (CVE-2024-6387). This critical flaw, which allows unauthenticated remote code execution (RCE) as root, affects over 700,000 Linux systems exposed to the internet. The regreSSHion vulnerability…
TeamViewer Confirms that Russian Actors Behind the Recent Hack
TeamViewer has confirmed that the cyberattack on its systems was orchestrated by Russian threat actors, specifically the APT29 or Midnight Blizzard group. The attack, detected on June 26, 2024, was contained in TeamViewer’s internal corporate IT environment. Importantly, the company…
Threat Actor IntelBroker Claims Leak of Cognizant OIPA Database
The notorious threat actor known as IntelBroker has claimed responsibility for leaking a database belonging to Cognizant’s Oracle Insurance Policy Administration (OIPA) system. The announcement was made via Twitter on the dark web, sending shockwaves through the cybersecurity community and…
New Hacker Group Attacking Systems With 10 Malware At Same Time
A malware campaign of huge magnitude, and perhaps run by just one group, is using artificially nested files for distribution named ‘WEXTRACT.EXE .MUI’. More than 50,000 files worldwide featuring this method are delivered by different…
Microsoft Alerts More Users in Update to Midnight Blizzard Hack
Microsoft has issued a new alert to its users, updating them on the continued threat posed by Midnight Blizzard, a Russian state-sponsored hacking group also known as NOBELIUM. The alert follows the initial detection of the attack by Microsoft’s Security…
Hackers Using Google Ads To Deliver ‘Poseidon’ Mac Stealer
Hackers abuse Mac Stealer to covertly extract sensitive information such as passwords, financial data, and personal files from macOS devices. Besides this, macOS users or Mac users are considered valuer targets. On June 24th, Malwarebytes researchers identified another Mac-specific stealer…
Juniper Releases Out-Of-Cycle Critical Update for Smart Routers
Juniper Networks has released an out-of-cycle critical update to address a severe vulnerability affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security flaw, identified as CVE-2024-2973, allows network-based attackers to bypass authentication and gain…
Sony Enters Crypto Exchange Arena with Acquisition of Amber
Sony Group, the Japanese conglomerate renowned for its gaming, music, and camera prowess, has officially entered the crypto exchange market. According to crypto reporter Wu Blockchain, Sony has acquired Amber Japan, a regulated digital asset trading service provider. Amber Japan,…
HubSpot Investigating Cyber Attack Following Customer Account Hacks
Marketing and sales software giant HubSpot announced on Friday that it is investigating a cybersecurity incident following reports of customer account hacks. The company, specializing in customer relationship management (CRM) and marketing automation software, identified the security breach on June…
TeamViewer Internal Systems Accessed by APT Hackers
TeamViewer, a leading provider of remote access software, announced that attackers had compromised its internal corporate IT environment. The company’s security team detected the breach, who noticed an “irregularity” in their internal systems, prompting an immediate response. Swift Response and…
Snowblind Abuses Android seccomp Sandbox To Bypass Security Mechanisms
A new Android banking trojan named Snowblind was discovered that exploits the Linux kernel feature seccomp, traditionally used for security, which installs a seccomp filter to intercept system calls and bypasses anti-tampering mechanisms in apps, even those with strong obfuscation…
U.S. Department of Justice Announced $10 Million Reward For Russian Hacker
The U.S. Department of Justice has announced a $10 million reward for information leading to the arrest of Amin Timovich Stigal (Амин Тимович Стигал), a 22-year-old Russian citizen charged with conspiracy to hack into and destroy computer systems and data.…
Chinese Hacker Groups Using Off-The-Shelf Tools To Deploy Ransomware
Cyberespionage actors are increasingly using ransomware as a final attack stage for financial gain, disruption, or to cover their tracks, as the report details previously undisclosed attacks by a suspected Chinese APT group, ChamelGang, who used CatB ransomware against a…
Former IT Employee Stolen 1 Million Geisinger Patient’s Personal Data
Geisinger Health System discovered a data breach involving the personal information of over one million patients. The breach was traced back to a former employee of Nuance Communications Inc., an external vendor providing IT services to Geisinger. The ex-employee accessed…
Poc Exploit Released for Fortra Filecatalyst SQL Injection Vulnerability
A Proof-of-Concept (PoC) exploit has been released for a critical SQL Injection vulnerability in Fortra FileCatalyst Workflow. This vulnerability could potentially allow attackers to modify application data. This vulnerability, CVE-2024-5276, affects all versions of Fortra FileCatalyst Workflow from 5.1.6 Build…
Xeno RAT Attacking Users Via GitHub Repository And .gg Domains
Threat actors use RATs because they provide attackers with persistent access to compromised systems, enabling long-term espionage and exploitation. North Korean hackers and other actors who target the gaming community are using free malware on GitHub called XenoRAT. Hunt’s research…
1-Click Exploit In Kakaotalk’s Android App Allows Arbitrary Code Execution
KakaoTalk is an Android application that is predominantly installed and used by over 100 million people. It is a widely popular application in South Korea that has payment, ride-hailing services, shopping, email etc., But the end-to-end encryption is not enabled…
New Medusa RAT Attacking Android Devices to Steal SMS & Screen Controls
A new variant of the Medusa malware family was discovered disguised as a “4K Sports” app, which exhibits changes in command structure and capabilities compared to previous versions. Researchers believe these changes are aimed at improving efficiency and strengthening the…
Hackers Attacking Linux Cloud Servers To Gain Complete Control
Malware storage, distribution, and command and control (C2) operations are increasingly being used to leverage cloud services for recent cybersecurity threats. But, this complicates the detection process and all the prevention efforts. Security researchers at FortiGuard Labs have recently observed…
Google Announced Chrome Enterprise Core Features for IT, Security Teams
Google has unveiled new features for Chrome Enterprise Core, formerly known as Chrome Browser Cloud Management. As organizations increasingly rely on cloud computing, hybrid work models, and Bring Your Device (BYOD) policies, the need for robust browser management has never…
Multiple TP-Link Omada Vulnerabilities Let Attackers Execute Remote Code
Multiple vulnerabilities have been identified in the TP-Link Omada system, a software-defined networking solution widely used by small to medium-sized businesses. These vulnerabilities, if exploited, could allow attackers to execute remote code, leading to severe security breaches. The affected devices…
BSNL Data Breach Exposes Millions of Users to Fraud and Security Risks
Bharat Sanchar Nigam Limited (BSNL), India’s state-owned telecommunications provider, has suffered a major data breach orchestrated by a threat actor known as “kiberphant0m”. The cyberattack has compromised over 278GB of sensitive data, putting millions of users at risk of SIM…
OilRig Hackers Attacking Individuals And Organizations In The Middle East
OilRig is an Iranian-linked cyber espionage group that has been active since 2015, and this group is known for its sophisticated spear-phishing campaigns and advanced infiltration techniques. This group conducts a multitude of cyber attacks against various sectors, and among…
P2Pinfect Redis Server with New Ransomware Payload
Cybersecurity researchers have identified a new ransomware payload associated with the P2Pinfect malware, primarily targeting Redis servers. This sophisticated malware, previously known for its peer-to-peer (P2P) botnet capabilities, has now evolved to include ransomware and crypto-mining functionalities. This article delves…
Ollama AI Platform Flaw Let Attackers Execute Remote Code
Hackers attack AI infrastructure platforms since these systems contain a multitude of valuable data, algorithms that are sophisticated in nature, and significant computational resources. So, compromising such platforms provides hackers with access to proprietary models and sensitive information, and…
New North Korean Actor Distributing Malicious npm Packages To Compromise Organizations
Early in 2024, North Korean threat actors persisted in using the public npm registry to disseminate malicious packages that were similar to those that Jade Sleet had previously used. Initially thought to be an extension of Sleet’s activity, further investigation…
Threat Actor Claims 0Day Sandbox Escape RCE in Chrome Browser
A threat actor has claimed to have discovered a zero-day vulnerability in the widely-used Google Chrome browser. The claim was made public via a tweet from the account MonThreat, which has previously been associated with credible cybersecurity disclosures. Details of…
Microsoft Announced Copilot for Security TI in Defender XDR
Microsoft has announced the general availability of Copilot for Security threat intelligence embedded experience in the Defender XDR portal. This AI-powered tool aims to revolutionize the way organizations access, operate on, and integrate Microsoft’s threat intelligence data. Enhancing Threat Intelligence…
Critical Vulnerability in MOVEit Transfer Let Hackers Gain Files Access
A critical security vulnerability, CVE-2024-5806, has been identified in MOVEit Transfer, a widely used managed file transfer software. The vulnerability poses significant risks to organizations relying on the software for secure data transfers. The vulnerability is rooted in improper validation of user-supplied input during the authentication process. It can…
Beware Of Shorten URLs With Word Files That Install Remcos RAT
A new method of distributing the Remcos Remote Access Trojan (RAT) has been identified. This malware, known for providing attackers complete control over infected systems, is being spread through malicious Word documents containing shortened URLs. These URLs lead to the…
Top 10 Best Penetration Testing Companies & Services in 2024
Penetration Testing Companies are pillars of information security; nothing is more important than ensuring your systems and data are safe from unauthorized access. Many organizations have a flawed security culture, with employees motivated to protect their information rather than the…
Hackers Use Windows XSS Flaw To Execute Arbitrary Command In MMC Console
Attackers are leveraging a new infection technique called GrimResource that exploits MSC files. By crafting malicious MSC files, they can achieve full code execution within the context of mmc.exe (Microsoft Management Console) upon a user click. It offers several advantages…
New Webkit Vulnerabilities Let Attackers Exploit PS4 And PS5 Playstations
Webkit vulnerabilities in PS4 and PS5 refer to bugs found in the Webkit engine used by their web browsers. These bugs, discovered in browsers like Safari and Chrome, can also exist in PS4 and PS5 because they share the same…
Hackers Exploit Multiple WordPress Plugins to Hack Websites & Create Rogue Admin Accounts
Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins. The initial discovery was made when the team found that the Social Warfare plugin had been injected with malicious code on June 22nd, 2024. This discovery was…
Hackers Attacking Windows IIS Server to Upload Web Shells
Windows IIS Servers often host critical web applications and services that provide a gateway to sensitive data and systems due to which hackers attack Windows IIS servers. A South Korean medical establishment’s Windows IIS server with a Picture Archiving and…
WikiLeaks Founder Julian Assange Released in Stunning Deal with U.S.
WikiLeaks founder Julian Assange has been released from prison after reaching a deal with the U.S. government. The agreement, announced early today, ends the long-standing legal battle between Assange and the U.S. authorities. Terms of the Deal Assange, 52, was…
Four Members of FIN9 Hackers Charged for Attacking U.S. Companies
Four Vietnamese nationals have been charged for their involvement in a series of computer intrusions that caused over $71 million in losses to U.S. companies. The indictment, unsealed today, names Ta Van Tai, aka “Quynh Hoa,” aka “Bich Thuy;” Nguyen…
BREAKING: NHS England’s Synnovis Hit by Massive Cyber Attack
In a shocking development, the NHS has revealed that it was the victim of a major cyber attack targeting Synnovis. Synnovis, formerly Viapath, is a London-based provider of pathology services. It is a partnership between Guy’s and St Thomas’ NHS…
LockBit Ransomware Group Claims Hack of US Federal Reserve
The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve, allegedly compromising 33 terabytes of sensitive data. The announcement was made on Twitter via the group’s Dark Web Intelligence, sending shockwaves through financial and governmental sectors.…
Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader
A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB bootloader that allows for local privilege escalation (LPE). This alarming development has raised significant concerns within the cybersecurity community. A recent tweet from Dark Web Intelligence…
Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data
A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying reports, which affects tens of thousands of organizations and grants access to employee, customer, and potentially confidential data. By exploiting this vulnerability, attackers can extract information…
Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements
Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay $11.3 million to resolve allegations of failing to meet cybersecurity requirements. Guidehouse Inc., headquartered in McLean, Virginia, will pay $7.6 million, while Nan McKay and Associates,…
New RAT Malware SneakyChef & SugarGhost Attack Windows Systems
Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef. This operation leverages the SugarGh0st RAT and other malware to target government agencies, research institutions, and various organizations worldwide. The campaign began in early August 2023…