Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Beware Of Weaponized EBooks That Deliver AsyncRAT

EBooks are popular, and their popularity lucrative threat actors the most, as they are widely shared digital assets that can easily circumvent security measures.  Threat actors exploit users’ trust in seemingly harmless documents by embedding malware in eBook files or…

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing various distribution methods, including email attachments, malicious ads, and compromised Samba shares.  Initially a human-operated command-and-control infrastructure, DarkGate has evolved into a versatile tool offering remote…

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing the sensitive information of millions of its customers. The breach, which Brainstack, mSpy’s parent company, has not publicly acknowledged, has raised serious concerns about spyware applications’…

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery, dubbed the “ClickFix” infection chain. This novel attack strategy leverages advanced social engineering techniques to manipulate unsuspecting users into executing malicious scripts, leading to severe security…

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept and modify transactions, allowing hackers to drain bank accounts or make unauthorized purchases. BlackBerry cybersecurity researchers recently detected that the Coyote banking trojan has been actively…

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has emerged, targeting fans and attendees. Cybersecurity firm QuoIntelligence has uncovered a sophisticated fraudulent campaign involving over 700 fake domains designed to sell counterfeit tickets for the…

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active Directory (AD) environments efficiently. These tools streamline tasks such as user and group management, permissions assignment, and policy enforcement, ensuring the AD infrastructure remains organized and…

New Eldorado Ransomware Attacking Windows And Linux Systems

Ransomware-as-a-service (RaaS) has evolved into sophisticated enterprise-like model. From 2022 to 2023, ransomware programs advertised on the dark web increased by half, with 27 ads identified. The RAMP forum was made the main hub of hiring for ransomware. Attacks published…

Threat Actors Claiming Breach of KFC Database

A group of threat actors has claimed responsibility for breaching the database of fast-food giant KFC. The announcement was made via a post on the social media platform X by the user @MonThreat, who is known for disseminating information about…

U.S. Disrupts AI-Powered Russian State-Sponsored Hackers Bot Farm

In collaboration with international partners, the U.S. Federal Bureau of Investigation (FBI) and the Cyber National Mission Force (CNMF) have successfully disrupted a sophisticated AI-powered bot farm operated by Russian state-sponsored hackers. The bot farm, known as Meliorator, was used…

X-Files Stealer Attacking Windows Users to Steal Passwords

Cybersecurity experts have identified a new malware strain, dubbed “XFiles Stealer,” which is actively targeting Windows users to steal passwords and other sensitive information. The discovery was made public by MonThreat, a prominent cybersecurity research group, via their official social…

HCL Domino Vulnerability Let Attackers obtain Sensitive information

A critical security vulnerability has been discovered in HCL Domino, a popular enterprise server software, that could potentially expose sensitive configuration information to remote unauthenticated attackers. This vulnerability, CVE-2024-23562, has raised concerns among cybersecurity experts and enterprises relying on HCL…

Apple Removed VPN Services from the Russian AppStore

Apple has removed several prominent VPN service apps from the Russian division of the App Store. The affected apps include Proton VPN, Red Shield VPN, NordVPN, and Le VPN. This action comes in response to complaints from Roskomnadzor, Russia’s federal…

Orcinius Trojan Attacking Users Via Dropbox & Google Docs

 A newly identified multi-stage trojan, dubbed “Orcinius,” has been reported to exploit popular cloud services Dropbox and Google Docs as part of its attack strategy. The sophisticated malware begins its assault with an innocuous-looking Excel spreadsheet, which contains a VBA…

Roblox Data Breach: Email & IP address Details Exposed

Roblox, the globally renowned online gaming platform, has suffered a data breach. According to a tweet from cybersecurity expert H4ckManac, the breach has exposed sensitive information, including email addresses and IP addresses of millions of users. This alarming incident has…

The Problem With Bug Bounties

A Technically Skilled individual who finds a bug faces an ethical decision: report the bug or profit from it. This is nowhere more relevant than in crypto. In this article, with the help of Ilan Abitbol from Resonance Security, I look at the…

Cloudflare Details 1.1.1.1 Service Outage Incident

On June 27, 2024, Cloudflare experienced a disruption of its 1.1.1.1 DNS resolver service. This several-hour incident was caused by a combination of BGP (Border Gateway Protocol) hijacking and a route leak. The event led to a noticeable impact on…

Hackers Compromised Ethereum’s Mailing List to Drain Their Crypto Funds

In a recent cyberattack, hackers successfully compromised Ethereum’s mailing list, attempting to drain users’ crypto funds through a sophisticated phishing campaign. The breach has raised significant concerns within the cryptocurrency community, prompting immediate action from Ethereum’s internal security team. The…

Hackers Abused Twilio API To Verify Phone Numbers used For MFA

An unauthenticated endpoint vulnerability allowed threat actors to identify phone numbers associated with Authy accounts, which was identified, and the endpoint has been secured to prevent unauthorized access.  No evidence suggests the attackers gained access to internal systems or other…

FakeBat Malware Weaponizing AnyDesk, Zoom, Teams & Chrome

Hackers target and weaponize AnyDesk, Zoom, Teams, and Chrome as these applications are widely used in a multitude of sectors. Not only that, but even these widely used applications also provide access to many users and sensitive information. Cybersecurity researchers…

TotalEnergies Cyber Attack: Data of 210,715 Customers Exposed

TotalEnergies Clientes SAU has reported a significant cyberattack that has compromised the personal data of 210,715 customers. The incident has raised serious concerns about data security and the integrity of digital infrastructures in the energy sector. Unauthorized Access Detected TotalEnergies…

Hiap Seng Industries Servers Attacked by Ransomware

Hiap Seng Industries, a prominent engineering and construction company, has fallen victim to a ransomware attack that compromised its servers. The company has swiftly taken measures to contain the breach and ensure the continuity of its business operations. Immediate Containment…

Critical WordPress Plugin Flaw Exposes 90,000+ WordPress Sites

A critical vulnerability has been discovered in the popular WordPress plugin “Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce.” The flaw, identified as CVE-2024-6172, has been assigned a CVSS score of 9.8, indicating its…

Hackers Claiming of Sandbox Escape RCE in 0-DAY Google Chrome

A group of hackers has claimed to have discovered a critical zero-day vulnerability in Google Chrome. This exploit, which reportedly enables a sandbox escape and remote code execution (RCE), could potentially compromise millions of users worldwide. The announcement was made…

Google to offer $250,000 for Full VM Escape Zero-day Vulnerability

Google has unveiled kvmCTF, a new vulnerability reward program (VRP) explicitly targeting the Kernel-based Virtual Machine (KVM) hypervisor. This initiative, first announced in October 2023, underscores Google’s commitment to enhancing the security of foundational technologies like Linux and KVM, which…

CapraRAT Mimics As Popular Android Apps Attacking Android Users

Transparent Tribe (aka APT36) has been active since 2016, focusing on social engineering strategies to target Indian government and military personnel. The CapraTube campaign of Transparent Tribe (aka APT36) was revealed in September 2023, in which threat actors employed weaponized…

Water Sigbin Exploiting Oracle WebLogic Server Flaw

Water Sigbin (8220 Gang) exploits vulnerabilities (CVE-2017-3506, CVE-2023-21839) in Oracle WebLogic servers to deliver cryptocurrency miners using PowerShell scripts.  They use a multi-stage loading technique with a .Net Reactor protecting the payload to deploy the PureCrypter loader and XMRig miner,…

regreSSHion – OpenSSH RCE Vulnerability Impacts 700K Linux Systems

The Qualys Threat Research Unit has identified a newly discovered vulnerability in OpenSSH, dubbed “regreSSHion” (CVE-2024-6387). This critical flaw, which allows unauthenticated remote code execution (RCE) as root, affects over 700,000 Linux systems exposed to the internet. The regreSSHion vulnerability…

TeamViewer Confirms that Russian Actors Behind the Recent Hack

TeamViewer has confirmed that the cyberattack on its systems was orchestrated by Russian threat actors, specifically the APT29 or Midnight Blizzard group. The attack, detected on June 26, 2024, was contained in TeamViewer’s internal corporate IT environment. Importantly, the company…

Threat Actor IntelBroker Claims Leak of Cognizant OIPA Database

The notorious threat actor known as IntelBroker has claimed responsibility for leaking a database belonging to Cognizant’s Oracle Insurance Policy Administration (OIPA) system. The announcement was made via Twitter on the dark web, sending shockwaves through the cybersecurity community and…

Hackers Using Google Ads To Deliver ‘Poseidon’ Mac Stealer

Hackers abuse Mac Stealer to covertly extract sensitive information such as passwords, financial data, and personal files from macOS devices. Besides this, macOS users or Mac users are considered valuer targets. On June 24th, Malwarebytes researchers identified another Mac-specific stealer…

Juniper Releases Out-Of-Cycle Critical Update for Smart Routers

Juniper Networks has released an out-of-cycle critical update to address a severe vulnerability affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security flaw, identified as CVE-2024-2973, allows network-based attackers to bypass authentication and gain…

Sony Enters Crypto Exchange Arena with Acquisition of Amber

Sony Group, the Japanese conglomerate renowned for its gaming, music, and camera prowess, has officially entered the crypto exchange market. According to crypto reporter Wu Blockchain, Sony has acquired Amber Japan, a regulated digital asset trading service provider. Amber Japan,…

HubSpot Investigating Cyber Attack Following Customer Account Hacks

Marketing and sales software giant HubSpot announced on Friday that it is investigating a cybersecurity incident following reports of customer account hacks. The company, specializing in customer relationship management (CRM) and marketing automation software, identified the security breach on June…

TeamViewer Internal Systems Accessed by APT Hackers

TeamViewer, a leading provider of remote access software, announced that attackers had compromised its internal corporate IT environment. The company’s security team detected the breach, who noticed an “irregularity” in their internal systems, prompting an immediate response. Swift Response and…

Xeno RAT Attacking Users Via GitHub Repository And .gg Domains

Threat actors use RATs because they provide attackers with persistent access to compromised systems, enabling long-term espionage and exploitation. North Korean hackers and other actors who target the gaming community are using free malware on GitHub called XenoRAT. Hunt’s research…

Hackers Attacking Linux Cloud Servers To Gain Complete Control

Malware storage, distribution, and command and control (C2) operations are increasingly being used to leverage cloud services for recent cybersecurity threats.  But, this complicates the detection process and all the prevention efforts.  Security researchers at FortiGuard Labs have recently observed…

P2Pinfect Redis Server with New Ransomware Payload

Cybersecurity researchers have identified a new ransomware payload associated with the P2Pinfect malware, primarily targeting Redis servers. This sophisticated malware, previously known for its peer-to-peer (P2P) botnet capabilities, has now evolved to include ransomware and crypto-mining functionalities. This article delves…

Ollama AI Platform Flaw Let Attackers Execute Remote Code

⁤Hackers attack AI infrastructure platforms since these systems contain a multitude of valuable data, algorithms that are sophisticated in nature, and significant computational resources. ⁤ ⁤So, compromising such platforms provides hackers with access to proprietary models and sensitive information, and…

Microsoft Announced Copilot for Security TI in Defender XDR

Microsoft has announced the general availability of Copilot for Security threat intelligence embedded experience in the Defender XDR portal. This AI-powered tool aims to revolutionize the way organizations access, operate on, and integrate Microsoft’s threat intelligence data. Enhancing Threat Intelligence…

Critical Vulnerability in MOVEit Transfer Let Hackers Gain Files Access

A critical security vulnerability, CVE-2024-5806, has been identified in MOVEit Transfer, a widely used managed file transfer software. The vulnerability poses significant risks to organizations relying on the software for secure data transfers. The vulnerability is rooted in improper validation of user-supplied input during the authentication process. It can…

Top 10 Best Penetration Testing Companies & Services in 2024

Penetration Testing Companies are pillars of information security; nothing is more important than ensuring your systems and data are safe from unauthorized access. Many organizations have a flawed security culture, with employees motivated to protect their information rather than the…

Hackers Attacking Windows IIS Server to Upload Web Shells

Windows IIS Servers often host critical web applications and services that provide a gateway to sensitive data and systems due to which hackers attack Windows IIS servers. A South Korean medical establishment’s Windows IIS server with a Picture Archiving and…

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve, allegedly compromising 33 terabytes of sensitive data. The announcement was made on Twitter via the group’s Dark Web Intelligence, sending shockwaves through financial and governmental sectors.…

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB bootloader that allows for local privilege escalation (LPE). This alarming development has raised significant concerns within the cybersecurity community. A recent tweet from Dark Web Intelligence…

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef. This operation leverages the SugarGh0st RAT and other malware to target government agencies, research institutions, and various organizations worldwide. The campaign began in early August 2023…