Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential of monetizing the stolen data, ransoms, and fraudulent activities. The digital revolution of businesses has invented more openings to exploit financial transactions and access sensitive financial…

Read more →

A critical vulnerability has been discovered in the “Facebook” module (pkfacebook) from Promokit.eu for PrestaShop. The vulnerability, CVE-2024-36680, allows a guest to perform SQL injection attacks on affected module versions. CVE-2024-36680 – Vulnerability Details The vulnerability stems from the Ajax…

Read more →

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart from typical Distributed Denial of Service (DDoS) botnets. Discovered by the XLab Cyber Threat Insight Analysis (CTIA) system on May 20, 2024, Zergeca has already demonstrated…

Read more →

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user information, including names and financial details, is vulnerable to exploitation by criminals.  The leaked information can be used for phishing attacks, financial fraud, and even harassment,…

Read more →

Hackers target vaults, buckets, and secrets to access some of the most classified and valuable information, including API keys, logins, and other useful data kept within these storage solutions. These storage solutions’ centralized and often inadequately protected nature makes them…

Read more →

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to execute arbitrary code on the server. An attacker can exploit these vulnerabilities by sending a specially crafted email to an administrator.  When the administrator views the…

Read more →

In 2021, UNC3886, a suspected China nexus cyber espionage actor, was found to be targeting strategic organizations on a large scale, utilizing multiple vulnerabilities in FortiOS and VMware to install backdoors on the infected machines. Fortinet and VMware have released…

Read more →

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as an executable disguised as a Word document attached to phishing emails.  It uses evasion techniques to avoid detection and analysis. Then it downloads a malicious payload…

Read more →

LNK files, a shortcut file type in Windows OS, provide easy access to programs, folders, or websites. Created automatically during shortcut creation or manually by users, LNK files contain the target location and other information useful for threat intelligence.  It…

Read more →

In a concerning development for cybersecurity, hackers are increasingly leveraging Progressive Web Apps (PWAs) to execute sophisticated phishing attacks aimed at stealing user credentials. This emerging threat has been highlighted by security researcher mr.d0x, who has detailed the technique in…

Read more →

A threat actor has claimed responsibility for breaching the systems of Jollibee Foods Corporation, the Philippines’ largest fast-food chain. Deepwebkonek, a company known for sharing information related to cyber threats and breaches, made the announcement via a post on the…

Read more →

Threat actors have claimed responsibility for a significant data breach involving Accenture, one of the world’s leading consulting firms. The news broke on Twitter, with the account DarkWebInformer posting a detailed status update on the incident. According to the post,…

Read more →

Threat actors exploit Linux systems because they are prevalent in organizations that host servers, databases, and other important resources.  Exploiting vulnerabilities in Linux systems allows attackers to gain access to sensitive data, disrupt services, or deploy malware.  Besides this, the…

Read more →

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards accounts. The breach between May 15, 2024, and May 18, 2024, allowed unauthorized parties to access users’ accounts. The company believes the hackers obtained login credentials…

Read more →

Google has announced a new update for the Chrome browser, rolling out version 126.0.6478.114/115 for Windows and Mac and 126.0.6478.114 for Linux. This update, which will be distributed over the coming days and weeks, addresses several security vulnerabilities. Users are…

Read more →

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by a threat actor group, Void Arachne. This group has targeted Chinese-speaking users by distributing malicious Windows Installer (MSI) files. The campaign leverages popular software and AI technologies to lure unsuspecting…

Read more →

Hackers are offering “free” mobile data access on Telegram channels by exploiting loopholes in telecom provider policies, which target users in Africa and Asia and involve sharing configuration files to mimic zero-rated traffic.  The channels function as technical support hubs…

Read more →

Stuxnet, a complex worm discovered in 2010, targeted Supervisory Control and Data Acquisition (SCADA) systems used in industrial facilities. By exploiting multiple vulnerabilities, including zero-days, it breached air-gapped networks (isolated systems) and disrupted Iranian nuclear centrifuges controlled by Siemens Step7…

Read more →

Several phishing campaign kits have been used widely by threat actors in the past. One popular PhaaS (Phishing-as-a-Platform) was Caffeine, which was first identified and reported by Mandiant researchers.  MRxC0DER, an Arabic-speaking threat actor, developed and maintained the caffeine kit.…

Read more →

A threat actor named ” IntelBroker ” claims to have breached AMD in June 2024 and is now selling the allegedly stolen data on hacking forums. The compromised information reportedly includes sensitive data such as future AMD product plans, specification…

Read more →

A prominent figure from the dark web, known by the alias “Nevermore,” has been found promoting a sophisticated ransomware builder. This alarming development has raised concerns among cybersecurity experts and law enforcement agencies worldwide. The Rise of Nevermore Nevermore, a…

Read more →

Fake websites of authoritative and popular companies claiming to be genuine sites make users believe that the site belongs to that specific company and is safe to use. Besides this, hackers can more easily lure victims into entering sensitive information…

Read more →

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for their suspected involvement in malware-enabled scams targeting Singaporeans since June 2023. The suspects will be charged in court today. The SPF, in collaboration with the Hong…

Read more →

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by conducting the federal government’s inaugural tabletop exercise focused on artificial intelligence (AI) security incidents. This groundbreaking event, led by the Joint Cyber Defense Collaborative (JCDC), brought…

Read more →

Europol and law enforcement agencies from ten countries have taken down 13 websites linked to terrorist operations. The joint operation, known as Operation HOPPER II, targeted online platforms used by religious and politically motivated terrorist organizations to spread propaganda and…

Read more →

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data. ARM’s Memory Tagging Extension (MTE) aims to mitigate by tagging memory and checking tags on access.  The following researchers found speculative execution attacks can leak MTE…

Read more →

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage campaign named Operation Celestial Force, targeting Indian entities. Since 2018, they have used GravityRAT malware, initially for Windows and later for Android, which has been deployed…

Read more →

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric’s systems in Germany. The announcement was made via a post on the social media platform Twitter by the account MonThreat, which is known for tracking cyber threats…

Read more →

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine hosts by using new binaries chkstart (remote access with payload execution), exeremo (lateral movement through SSH), and vurld (Go downloader for malware retrieval) and a persistence…

Read more →

A critical vulnerability has been discovered in several models of D-Link wireless routers, allowing unauthenticated attackers to gain administrative access to the devices. The CVE-2024-6045 vulnerability has a CVSS score of 8.8, indicating a high severity level. CVE-2024-6045 – Vulnerability…

Read more →

A 22-year-old British man was apprehended by authorities in Palma de Mallorca, Spain. The arrest, carried out by the United States Federal Bureau of Investigation (FBI) in collaboration with the Spanish Police, marks a breakthrough in the fight against cybercrime.…

Read more →

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt services, or manipulate outcomes in their favor. By compromising the ML models, hackers can degrade the system performance, cause financial…

Read more →

A threat actor has claimed responsibility for leaking the personal data of 5 million Ecuadorian citizens. The announcement was made via a post on social media tweets from the DarkWebInformer account. The breach has raised significant concerns about data security…

Read more →

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes. Resecurity researchers have recently revealed that the Smishing Triad group has launched a fresh smishing campaign targeting Pakistani mobile users. The gang members send harmful messages…

Read more →

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a threat actor to read sensitive files on the host machine. This vulnerability existed in the SolarWinds Serv-U File Transfer solution and was assigned with CVE-2024-28995 –…

Read more →

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery efforts following a recent cybersecurity breach. With the assistance of third-party cybersecurity experts, the company has identified that attackers accessed files from a small number of…

Read more →

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection for Amazon Simple Storage Service (Amazon S3). This new feature expands GuardDuty Malware Protection to detect malicious file uploads to selected S3 buckets, enhancing the security…

Read more →

WARMCOOKIE is a new Windows backdoor that is deployed by a phishing effort with a recruiting theme dubbed REF6127. The WARMCOOKIE backdoor can be used to take screenshots of the target computer, deliver additional payloads, and fingerprint a system. “This…

Read more →

A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code View Function. Summernote is a JavaScript library that helps you create WYSIWYG editors online. An attacker can insert harmful executable…

Read more →

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group. The group has been exploiting a known vulnerability (CVE-2017-11882) in the Microsoft Office equation editor (EQNEDT32.EXE) to distribute a keylogger, posing significant user risks worldwide. The Vulnerability:…

Read more →

In May 24, 2024, Zero-Day Initiative released a security advisory for Ivanti EPM which was associated with SQL injection Remote code execution vulnerability. This vulnerability was assigned with CVE-2024-29824 and the severity was given as 9.6 (Critical). Though ZDI did…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge in impersonation scams. These scams often involve fraudsters pretending to be government employees, using their names and titles to deceive unsuspecting victims. Recently, CISA has become…

Read more →

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088. With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations. CVE-2024-30088 -Vulnerability Details The vulnerability resides in the implementation of the NtQueryInformationToken function within Microsoft Windows. This function is…

Read more →

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote Code Execution (RCE) flaw in Microsoft Message Queuing (MSMQ) services. The flaw, designated CVE-2024-30080, poses a significant threat to global cybersecurity. It could allow malicious actors…

Read more →

An Indian national was sentenced to two years and eight months in jail for unauthorized access to his former employer’s computer systems, resulting in substantial financial losses. Background of the Incident Kandula Nagaraju, a 39-year-old Indian national, was employed by…

Read more →

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if solid passwords and access controls are not implemented. Exposed SSH ports (default 22) are scanned by attackers…

Read more →

Hackers go for Apple due to its massive user base along with rich customers, including business people and managers who use those devices with some important information. Even with these security measures in place, Apple is a likely target since…

Read more →

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and later) exposed access tokens to malicious content within GitHub pull requests, allowing attackers to steal tokens and potentially compromise linked accounts, even with two-factor authentication enabled. …

Read more →

Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been rated as high impact. This update is crucial for users to ensure their browsing experience remains secure. Below is a detailed breakdown of the vulnerabilities fixed…

Read more →

The notorious Charon Android Botnet has resurfaced with enhanced capabilities, according to a threat actor’s announcement on a popular cybercrime forum. The botnet, an edited version of the infamous Ermac, has undergone significant improvements, making it a formidable threat in…

Read more →

Pure Storage has confirmed that a third party temporarily gained unauthorized access to a Snowflake data analytics workspace. This workspace contained telemetry information used by Pure Storage to provide proactive customer support services. The exposed data includes company names, LDAP…

Read more →

Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing) and the Windows Wi-Fi Driver. The CVE for these vulnerabilities has been assigned with CVE-2024-30080 and CVE-2024-30078.  The severity for these vulnerabilities was given as 9.8…

Read more →

Cleveland City Hall and Erieview offices will remain closed for a second consecutive day, June 11, as officials continue investigating a significant “cyber event” that has disrupted city operations. A recent tweet from the City of Cleveland shared that the City Hall and Erieview are closed today June 10, except…

Read more →

Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing) and the Windows Wi-Fi Driver. The CVE for these vulnerabilities has been assigned with CVE-2024-30080 and CVE-2024-30078.  The severity for these vulnerabilities was given as 9.8…

Read more →

Malware distributors use MSI installers as Windows OS already trusts them to run with administrative rights by bypassing security controls. For this reason, MSI files are a convenient means of spreading ransomware, spyware, and other malware that can be passed…

Read more →

Researchers identified a campaign distributing Remcos RAT, a Remote Access Trojan, where the attack uses phishing emails disguised as legitimate business communication, such as import/export or quotations.  The emails contain a UUEncoded (UUE) file compressed with Power Archiver, which likely…

Read more →

Cybersecurity experts have identified a new type of malware called “Noodle RAT,” which Chinese-speaking hacker groups use to target Linux servers. Although this malware has been active since 2016, it has only recently been properly classified, shedding light on its…

Read more →

The Mali GPU driver is a widely used Graphical Processing Unit for multiple devices, including Android and Linux. A new vulnerability has been discovered in the Mali GPU Kernel driver. It allows an authenticated, low-privileged user to gain access to…

Read more →

Hackers utilize MSC or Microsoft Management Console files in themed attack campaigns as these files contain commands and scripts that enable them to perform different administrative tasks on the target system.  By mimicking legitimate files, MSC files can evade various…

Read more →

Officers have made two arrests in connection with using a “text message blaster,” believed to have been used to send thousands of smishing messages posing as banks and other official organizations. These messages targeted unsuspecting members of the public. Unprecedented…

Read more →

VPN apps for Android increase privacy and security over the internet since connection data is encrypted, consequently making it impossible for hackers or other parties to access communication data.  They also help unblock region-restricted content through IP address hiding, support…

Read more →

A proof-of-concept (PoC) exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager. The vulnerability, identified as CVE-2024-29849, has a CVSS score of 9.8, indicating its high severity. This article delves into the details of…

Read more →

Ransomware is used by hackers to abuse victims’ data, locking it until a ransom is paid. This method of cyber attack is profitable as it takes advantage of data’s proximity and vitality to individuals and companies, so they have no…

Read more →

DuckDuckGo has unveiled a new feature, AI Chat, which offers users an anonymous way to access popular AI chatbots. This innovative service includes models like OpenAI’s GPT 3.5 Turbo, Anthropic’s Claude 3 Haiku, and two open-source models, Meta Llama 3…

Read more →

Researchers detected an attack involving a fake KMSPico activator tool, which delivered Vidar Stealer through several events. The attack leveraged Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload via the shellcode. The…

Read more →

Due to the growing popularity of Apple devices, cybercriminals are increasingly targeting iOS and macOS with malware. The App Store is no longer secure, and iCloud is a new target, as Apple’s allowance of third-party app stores in Europe is…

Read more →

Sticky Werewolf, a cyber threat group, has shifted its targeting strategy from sending phishing emails with download links to malicious files to using archive attachments containing LNK files, which act as shortcuts to malicious executables hosted on WebDAV servers.  When…

Read more →

Apache RocketMQ platform is a widely used messaging system that handles high volumes of data and critical operations, often attracting hackers.  Exploiting the vulnerabilities in RocketMQ allows attackers to disrupt communications, access sensitive information, and potentially gain control over the…

Read more →

The North Korean state-sponsored group known as Kimsuky has launched a sophisticated cyber-espionage campaign targeting a prominent weapons manufacturer in Western Europe. This attack released on LinkedIn, discovered on May 16, 2024, underscores the growing threat state-sponsored cyber actors pose…

Read more →

Hacktivist groups are increasingly targeting critical infrastructure’s Operational Technology (OT) systems, motivated by geopolitical issues that, unlike traditional website defacements, can disrupt essential services and endanger public safety.   The success of high-profile attacks on Industrial control systems (ICS) by groups…

Read more →

The government computer emergency response team of Ukraine, CERT-UA, in direct cooperation with the Cyber Security Center of the Armed Forces of Ukraine (CCB), has detected and investigated the activity of the UAC-0020 (Vermin) group, aimed at the Defense Forces…

Read more →

ReversingLabs researchers recently uncovered a malicious open-source package named xFileSyncerx on the Python Package Index (PyPI). This package, which had been downloaded nearly 300 times, contained separate malicious “wiper” components. Initially, it raised concerns about being an open-source supply chain…

Read more →

Tenable® Holdings, Inc., a leading Exposure Management company, has announced a definitive agreement to acquire Eureka Security, Inc., a prominent provider of data security posture management (DSPM) for cloud environments. This strategic acquisition aims to bolster Tenable’s cloud security capabilities,…

Read more →

It is difficult to secure cloud accounts from threat actors who exploit multi-factor authentication (MFA) settings. Threat actors usually alter compromised users’ MFA attributes by bypassing the requirements, disabling MFA for others, or enrolling rogue devices in the system. They…

Read more →

A new ransomware variant dubbed ‘Fog’ has been spotted targeting US businesses in the education and recreation sectors. Forensic data revealed that threat actors accessed victim environments using compromised VPN credentials. Notably, two different VPN gateway providers were used for…

Read more →

Mandiant identified a UNC1151 information campaign targeting Ukraine, Lithuania, Latvia, and Poland with disinformation, as CRIL linked a recent malicious XLS campaign to UNC1151.  The attackers used spam emails with Excel documents containing VBA macros that dropped LNK and DLL…

Read more →

A cybercriminal group is selling and distributing a sophisticated phishing kit called “V3B” through Phishing-as-a-Service (PhaaS) and self-hosting methods, which targets EU banking customers and is designed to steal login credentials and one-time codes (OTPs) through social engineering tactics.  Launched…

Read more →

A malicious Python package named “crytic-compilers” was identified on PyPI. Masquerading as a legitimate library for intelligent contract compilation, it mimicked the name and versioning scheme of the real “crytic-compile” tool.  The imposter package infiltrated popular development environments by appearing…

Read more →

The Parrot Security team has officially announced the release of Parrot OS 6.1, the latest version of their popular Linux distribution tailored for security professionals, ethical hackers, and privacy enthusiasts. This new release brings a range of enhancements, updated tools,…

Read more →

Apple has refused to pay Kaspersky Lab a reward for discovering critical vulnerabilities in iOS that allowed attackers to install spyware on any iPhone. According to RTVI, the vulnerabilities were reported to Apple in 2023, and under the Apple Security…

Read more →

Buffalo, N.Y. — U.S. Attorney Trini E. Ross announced today that Wul Isaac Chol, 27, of Buffalo, NY, pleaded guilty before the U.S. District Judge John L. Sinatra, Jr. to possessing 15 or more unauthorized access devices intending to defraud.…

Read more →

The Kali Linux team has announced the release of Kali Linux 2024.2, the latest version of their popular penetration testing and security auditing Linux distribution. Kali Linux is one of the most powerful Debian-based Linux distributions, developed and maintained by…

Read more →

Sophos Managed Detection and Response (MDR) has uncovered a sophisticated, long-running cyberespionage campaign dubbed “Crimson Palace,” attributed to Chinese state-sponsored actors. The operation targeted a high-profile government organization in Southeast Asia, with activities spanning from early 2022 to April 2024.…

Read more →

Phishing attackers are distributing malicious HTML files as email attachments, containing code designed to exploit users by prompting them to directly paste and execute the code, which leverages social engineering, as users are tricked into running the malicious code themselves…

Read more →

Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses, of which 151M had never been seen in Have I Been…

Read more →

Attackers are using malicious Excel files with VBA macros to deploy DLLs and ultimately install Cobalt Strike on compromised Windows machines, which use obfuscation and target specific processes to avoid detection by antivirus software.  The attacks appear to target Ukrainian…

Read more →

Generative AI systems comprise several components and models geared to enhancing human interactions with the system.  However, while being as realistic and useful as possible, these models are protected by defense layers against generating misuse or inappropriate content against the…

Read more →

Hackers use packers maliciously to make their code difficult to recognize, as most antivirus programs are coded to be able to recognize these packers.  The packers initialize and encrypt the original malware payload into a new form, which is hard…

Read more →

Cybersecurity experts have discovered that the widely used messaging application Signal is being exploited to deliver DarkCrystal RAT malware to high-profile targets, including government officials, military personnel, and representatives of defense enterprises in Ukraine. The Infection Process According to a…

Read more →

 The former command senior chief of the littoral combat ship Manchester’s gold crew, Senior Chief Grisel Marrero, has been convicted at a court-martial for installing an unauthorized Wi-Fi system aboard the ship and subsequently lying about it to her superiors.…

Read more →

Hackers have multiple reasons for abusing malicious npm packages, as they can first use popular open-source libraries as a medium for distributing malware or backdoors without the users’ knowledge. Secondly, allow threat actors to penetrate into developers’ and agencies’ networks…

Read more →

Hackers have multiple reasons for abusing malicious npm packages, as they can first use popular open-source libraries as a medium for distributing malware or backdoors without the users’ knowledge. Secondly, allow threat actors to penetrate into developers’ and agencies’ networks…

Read more →

The ransomware landscape is rapidly diversifying in 2024, with a surge in new extortion groups as established attackers continue to target large companies. A record number of smaller groups are emerging—22 in just five months compared to 22 in a…

Read more →

Russia is intensifying disinformation campaigns against France, President Macron, the IOC, and the 2024 Paris Olympics, blending decades-old tactics with AI, as the Microsoft Threat Analysis Center (MTAC) identifies two primary goals: tarnishing the IOC’s reputation and fostering expectations of…

Read more →

Zyxel has released patches addressing critical command injection and remote code execution vulnerabilities in two of its NAS products, NAS326 and NAS542, which have reached end-of-vulnerability support. Users are strongly advised to install these patches to ensure optimal protection. What…

Read more →

Over the past year, the ransomware actor known as “Underground” has been less active than other groups, yet they remain a threat in the cybersecurity landscape. Despite their reduced activity, Underground continues to target industries of various sizes, causing substantial…

Read more →

Hackers take advantage of Word documents as weapons due to their widespread use and trust. This is facilitated by the ease with which users can be deceived into opening them.  These documents may have macros or exploits that are dangerous…

Read more →

The Oracle WebLogic Server vulnerabilities enable hackers to access unauthorized systems that are used for business data and applications.  This can enable threat actors to bring in external programs and complete system control, consequently assuming admin privileges. The end result…

Read more →

Hugging Face, a leading AI and machine learning platform, has reported unauthorized access to its Spaces platform, explicitly targeting Spaces secrets. This breach has raised concerns about the security of sensitive information and the potential impact on users. Unauthorized Access…

Read more →

A critical security vulnerability has been discovered in the wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, a popular plugin used by WordPress websites to create dynamic tables and charts. The vulnerability, CVE-2024-3820, allows attackers to perform…

Read more →