Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Cacti, the widely utilized network monitoring tool, has recently issued a critical security update to address a series of vulnerabilities, with the most severe being CVE-2024-25641. This particular vulnerability has been assigned a high severity rating with a CVSS score…

Read more →

Nmap’s version 7.95 emerges as a testament to the relentless efforts of its development team, spearheaded by the renowned Gordon Fyodor Lyon. The update showcases the remarkable processing of over 6,500 new OS and service detection fingerprints, underscoring the tool’s…

Read more →

A zero-day vulnerability in Microsoft Edge, which has been tagged as CVE-2024-4671, has been aggressively exploited by evil organizations, according to reports. This security flaw originates from the Chromium engine that underpins the browser. Chromium is also the foundation for…

Read more →

FIDO2 (Fast Identity Online) is a passwordless authentication method developed by FIDO Alliance to prevent Man-in-the-Middle (MiTM) attacks, Phishing attacks, and session hijacking attacks. This FIDO2 authentication works using a physical or embedded key. However, this secure passwordless authentication method…

Read more →

Many businesses use enterprise resource planning (ERP) systems like Apache OFBiz. However, it has been found to have significant security holes that let attackers run harmful code from afar without being verified. Businesses that depend on Apache OFBiz for budgeting,…

Read more →

A major cybersecurity breach happened at the Ohio Lottery, letting people into its private systems without permission. The breach wasn’t found until April 5, 2024, so the information of about 538,959 people was out in the open for months. People’s…

Read more →

Cybersecurity researchers are sounding the alarm that hackers are exploiting software vulnerabilities faster than ever before. A new report from Fortinet found that in the second half of 2023, the average time between a vulnerability being disclosed and actively exploited…

Read more →

Hackers were actively exploiting the generative AI for cyber attacks; not only that, even threat actors are also exploring new ways to exploit other advanced LLMs like ChatGPT. They could leverage Large Language Models (LLMs) and generative AI for several…

Read more →

Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY SSH and Telnet client. The flaw, CVE-2024-31497, allows attackers to recover private keys generated with the NIST P-521 elliptic curve in PuTTY versions…

Read more →

Modern cars have microcontrollers that use the Controller Area Network (CAN) to perform safety and luxury functions.  However, vehicle hijacking can occur through message injection attacks because the CAN network lacks the security of drive-by-wire systems such as speed control,…

Read more →

The latest Nexusguard DDoS Trend Report for 2024 has unveiled a significant escalation in the size of Distributed Denial of Service (DDoS) attacks throughout 2023, with an average increase of 233.33% compared to the previous year. Despite a 54.74% drop…

Read more →

Researchers have identified a new form of cyberattack termed “LLMjacking,” which exploits stolen cloud credentials to hijack cloud-hosted large language models (LLMs). This sophisticated attack leads to substantial financial losses and poses significant risks to data security. LLMjacking involves attackers…

Read more →

In a recent cybersecurity breakthrough, researchers have unveiled significant updates to the HijackLoader malware, a sophisticated modular loader notorious for delivering a variety of malicious payloads. The malware has been updated to deploy threats such as Amadey, Lumma Stealer, Racoon…

Read more →

The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and system management tools to conduct espionage activities. This revelation highlights the evolving tactics of cyber adversaries and the increasing complexity…

Read more →

Google has urgently updated its Chrome browser across all platforms after a critical vulnerability, identified as CVE-2024-4671, was found being actively exploited. Users are strongly advised to update their browsers immediately to prevent potential security breaches. CVE-2024-4671: Details and Impact…

Read more →

Several Stack Overflow users have begun deleting their contributions from the platform, a move that has sparked widespread debate within the developer community. This action follows a newly announced partnership between Stack Overflow and OpenAI, detailed in a press release…

Read more →

Dell Technologies recently disclosed a data breach involving a company portal that contained limited customer information related to purchases. The breach exposed customer names, physical addresses, and detailed order information, including service tags, item descriptions, order dates, and warranty details.…

Read more →

Google released a critical security update for its Chrome web browser to address attackers exploiting a high-severity vulnerability. The update brings Chrome to version 124.0.6367.201 for Windows, Mac, and Linux users on the Stable release channel. The vulnerability, tracked as…

Read more →

Researchers found several points of entry for potential attackers, one of which was Apple’s Book Travel portal, where they took advantage of a significant SQL injection vulnerability. Experimenting with the Masa/Mura CMS revealed the attack surface, primarily the one available…

Read more →

Researchers found several points of entry for potential attackers, one of which was Apple’s Book Travel portal, where they took advantage of a significant SQL injection vulnerability. Experimenting with the Masa/Mura CMS revealed the attack surface, primarily the one available…

Read more →

Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years. The California-based firm, which has performed over 500,000 blood tests, is notifying an…

Read more →

Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years. The California-based firm, which has performed over 500,000 blood tests, is notifying an…

Read more →

Critical operational elements such as data storage, processing, backups, and recovery heavily rely on Australian industrial organizations’ data centers. These facilities support various business functions, including productivity tools, transaction-intensive applications, big-data processing systems, and artificial intelligence (AI). The importance of…

Read more →

Enterprises are being targeted by the malware known as SocGholish through deceptive browser update prompts. This malware, notorious for its stealth and the complexity of its delivery mechanisms, has been identified in a series of incidents involving fake browser updates…

Read more →

A sprawling cybercrime network, “BogusBazaar,” has stolen credit card details from over 850,000 online shoppers, mainly in Western Europe and the United States, by operating tens of thousands of fraudulent e-commerce websites. Security researchers estimate that since 2021, the hackers…

Read more →

In a significant cybersecurity development, researchers have uncovered critical vulnerabilities in F5’s Next Central Manager, which could potentially allow attackers to gain full administrative control over the device. This alarming security flaw also creates hidden rogue accounts on any managed…

Read more →

The Polish computer emergency response team CERT.pl has issued a warning about an ongoing cyberattack campaign by the notorious APT28 hacking group, also known as Fancy Bear or Sofacy. The campaign is targeting various Polish government institutions with a new…

Read more →

Tappware, a prominent IT service provider, faced a breach when approximately 50GB of its database was leaked on a hacker forum. This database contained 2.3 million rows of data, including sensitive personal information such as names, addresses, and phone numbers…

Read more →

Ensuring adherence to GDPR, the ANY RUN sandbox service employs TLS 1.3 for data in transit and AES-256 for data at rest; it is hosted in Germany and provides supplementary tools, predominantly for enterprise plans, to empower users with greater…

Read more →

A critical vulnerability in CrushFTP, identified as CVE-2024-4040, has been actively exploited in the wild. It allows attackers to perform unauthenticated remote code execution on vulnerable servers. This severe security flaw affects versions of CrushFTP before 10.7.1 and 11.1.0, enabling…

Read more →

Hackers have been found exploiting Google search ads to distribute malware through MSI (Microsoft Installer) packages. This campaign, involving the malware loader known as FakeBat, targets unsuspecting users by masquerading as legitimate software downloads. The Infection Chain: From Ad to…

Read more →

Veeam Service Provider console has been discovered with two critical vulnerabilities that were associated with Remote Code Execution. A CVE for these vulnerabilities is yet to be assigned. These vulnerabilities exist in version 7.x and version 8.x of the Veeam…

Read more →

A new critical vulnerability has been discovered in PDF.js, which could allow a threat actor to execute arbitrary code when opening a malicious PDF. PDF.js allows browsers to render PDF files without any plugins or external software.  This vulnerability affects…

Read more →

Hackers are now using steganography techniques to distribute the notorious Remote Access Trojan (RAT) known as RemcosRAT. This method, which involves hiding malicious code within seemingly innocuous image files, marks a concerning evolution in malware delivery tactics. The Initial Breach:…

Read more →

Juniper Threat Labs has reported active exploitation attempts targeting vulnerabilities in Ivanti Pulse Secure VPN appliances. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited to deliver the Mirai botnet, among other malware, posing a significant threat to network…

Read more →

Google has announced an update to its two-factor authentication (2FA) process, also known as 2-step Verification (2SV), aimed at simplifying the setup and making it easier for users to secure their accounts. The changes rolled out on Monday, May 6,…

Read more →

In collaboration with US and Australian authorities, the UK’s National Crime Agency (NCA) has unmasked and sanctioned the leader of the notorious LockBit ransomware group, once considered the world’s most harmful cybercrime operation. Russian national Dmitry Khoroshev, who went by…

Read more →

Hackers target LNK (Windows shortcut) files to disseminate malware because they can embed malicious code that automatically executes when the shortcut is clicked.  LNK files appear harmless but can stealthily trigger malware downloads or other malicious actions, making them an…

Read more →

A significant update for Trend Micro’s Antivirus One software has been released. The update addresses a critical vulnerability that may have enabled attackers to inject malicious code.  The vulnerability, called custom dynamic library injection vulnerability CVE-2024-34456, may enable an attacker…

Read more →

In a cybersecurity update, Samsung announced the patching of 25 vulnerabilities in its mobile devices, aiming to fortify them against potential code execution and privilege escalation attacks. This move is part of Samsung’s ongoing efforts to enhance the security of…

Read more →

In a groundbreaking discovery, cybersecurity experts at Leviathan Security Group have unveiled a new type of cyberattack dubbed “TunnelVision,” which poses a threat to the security of Virtual Private Networks (VPNs).  This sophisticated attack method allows cybercriminals to bypass the…

Read more →

A security vulnerability has been identified in Citrix NetScaler ADC and Gateway appliances, allowing remote attackers to access sensitive data without authentication. This flaw, identified as an out-of-bounds memory read issue, affects versions up to 13.1-50.23 of the software and…

Read more →

APT42, a group linked to the Iranian government, is using social engineering tactics such as impersonating journalists and event organizers to trick NGOs, media, academia, legal firms, and activists into providing credentials to access their cloud environments. They exfiltrate data…

Read more →

Several new variants of Atomic macOS Stealer, or AMOS have been observed that are intended to exfiltrate sensitive data from affected Macs.  AMOS is transmitted by Trojan horses, which frequently pose as allegedly pirated or “cracked” versions of apps. It…

Read more →

The Best SIEM tools for you will depend on your specific requirements, budget, and organizational needs. There are several popular and highly regarded SIEM (Security Information and Event Management) tools available in the market What is SIEM? A security information…

Read more →

Cybercriminals target American Express cardholders through deceptive emails that mimic official communications from the financial services giant. The scam attempts to trick users into divulging sensitive personal and financial information. How the Scam Works According to a recent tweet from…

Read more →

In today’s digital age, civil society is facing a serious threat in the form of invasive malware and surveillance technology that has the potential to cause irreparable harm. These malicious tools can infiltrate systems and compromise sensitive information, posing a…

Read more →

The Damselfly Advanced Persistent Threat (APT) group, also known as APT42, has been actively utilizing custom backdoor variants, NiceCurl and TameCat, to infiltrate Windows machines. These backdoors are primarily delivered through spear-phishing campaigns, marking a significant escalation in the capabilities…

Read more →

Julius “Zeekill” Kivimäki, once Europe’s most wanted teenage hacker, has been arrested. Kivimäki, known for his involvement with the notorious Lizard Squad, was apprehended after a series of cybercrimes that shocked the continent. A Decade of Cyber Terror Julius Kivimäki’s cybercrime career began in his early teens and quickly escalated to high-profile attacks. As…

Read more →

Linksys routers were discovered with two vulnerabilities: CVE-2024-33788 and CVE-2024-33789. These vulnerabilities were associated with Command Injection on Linksys routers. The severity of these vulnerabilities is yet to be categorized. However, a proof-of-concept has been published for these two vulnerabilities.…

Read more →

A security flaw has been identified in Tinyproxy, a lightweight HTTP/HTTPS proxy daemon widely used in small network environments. The vulnerability, cataloged under CVE-2023-49606, allows remote attackers to execute arbitrary code on the host machine. This flaw poses a critical…

Read more →

Vincent Cannady, a professional who used to work as a consultant in the cybersecurity field, has been taken into custody for allegedly trying to extort a sum of money that could go up to $1.5 million from an IT company…

Read more →

Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges.  Clicking initiates a malicious redirect, exposing users to scams or malware exploiting user familiarity with CAPTCHAs, bypassing suspicion, and…

Read more →

Apache ActiveMQ is a Java based communication management tool for communicating with multiple components in a server. It is an open-source widely used messaging service that can be used to send messages between two or more applications. However, Apache ActiveMQ…

Read more →

An emerging threat leverages Microsoft’s Graph API to facilitate command-and-control (C&C) communications through Microsoft cloud services.  Recently, security analysts at Symantec discovered a previously undocumented malware called BirdyClient or OneDriveBirdyClient. This malware targeted an organization in Ukraine. It abused Microsoft…

Read more →

In the latest edition of Verizon’s Data Breach Investigations Report (DBIR) for 2024, a concerning trend has been highlighted, a significant 68% of data breaches are now occurring due to social engineering attacks. This revelation underscores the increasing sophistication and…

Read more →

The United States government has issued a stark warning about a new wave of social engineering attacks orchestrated by North Korean hackers. The Department of State, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have jointly…

Read more →

APT actors and cybercriminals both exploit proxy anonymization layers and VPN nodes to mask their malicious activities, while Pawn Storm, a well-known APT group, infiltrated a cybercriminal botnet of compromised Ubiquiti EdgeRouters in 2022 and used it for espionage.  The…

Read more →

Cisco has disclosed multiple vulnerabilities in its IP Phone firmware that could severely impact users by allowing unauthenticated, remote attackers to perform denial of service (DoS) attacks, gain unauthorized access, and view sensitive information. These vulnerabilities affect several Cisco IP…

Read more →

Security researchers at FortiGuard Labs discovered a new botnet in April that exploits a weakness in D-Link devices. Dubbed “Goldoon,” this botnet has been observed exploiting a nearly decade-old security flaw, CVE-2015-2051, to gain unauthorized control over affected routers and…

Read more →

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at…

Read more →

Cuttlefish is a new malware platform that has been identified to be active since at least July 2023. This malware platform specifically targets networking equipment like enterprise-grade small office/home office routers. The latest campaign is discovered to be ongoing from…

Read more →

Hackers use deep fake AI photos to impersonate individuals online, allowing them to deceive, manipulate, or gain unauthorized access to sensitive information or systems.  Cybersecurity researchers at InfoBlox recently discovered GoldFamily, an evolved GoldDigger trojan targeting iOS devices to steal…

Read more →

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at…

Read more →

While facilitating remote work, remote desktop software presents security challenges for IT teams due to the use of various tools and ports. The multitude of ports makes it difficult to monitor for malicious traffic.  Weak credentials and software vulnerabilities are…

Read more →

Multiple vulnerabilities have been discovered in ArubaOS that affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. These vulnerabilities are linked to Unauthenticated Buffer Overflow (CVE-2024-26305, CVE-2024-26304, CVE-2024-33511, CVE-2024-33512 and…

Read more →

A group of hackers has claimed responsibility for infiltrating several servers belonging to the United Arab Emirates government. The announcement was made through a tweet, which has sparked widespread concern and discussions about cybersecurity measures within government infrastructures. Document Integrate…

Read more →

Russian hacktivists increasingly target small-scale operational technology (OT) systems across North America and Europe. These attacks, primarily focused on the Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture sectors, pose significant threats to critical infrastructure. The Cybersecurity…

Read more →

Cybersecurity experts have uncovered a series of sophisticated cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers. The attackers, identified as the TargetCompany ransomware group, have been deploying the Mallox ransomware in a bid to encrypt systems and extort victims. This…

Read more →

Honeywell’s 2024 GARD USB Threat Report analyzes malware discovered on USB devices used in industrial settings, highlighting a significant increase in malware prevalence, with a 33% rise in detections compared to the prior year.  The malware poses a serious threat…

Read more →

A Ukrainian national, Yaroslav Vasinskyi, has been sentenced to 13 years and seven months in prison. Vasinskyi, known in the cyber underworld as Rabotnik, was also ordered to pay over $16 million in restitution for his role in orchestrating more…

Read more →

In a recent development that has caught the attention of IT administrators and users alike, Microsoft has acknowledged a significant issue affecting VPN connections on Windows devices. This problem has emerged following the installation of the April 2024 security update,…

Read more →

Panda Restaurant Group, Inc., a leading name in the fast-food industry, has confirmed a significant breach in its corporate data systems. The incident, which came to light on March 10, 2024, has potentially compromised the personal information of an undisclosed…

Read more →

In the ever-evolving cybersecurity landscape, Google is continually striving to protect user data from malicious actors. In a recent blog post, the tech giant revealed a novel method to detect browser data theft using Windows Event Logs. This approach aims…

Read more →

In a startling revelation, nearly 20% of Docker Hub repositories have been identified as conduits for malware and phishing scams, underscoring the sophisticated tactics employed by cybercriminals to exploit the platform’s credibility. The investigation unveiled that attackers had been operating…

Read more →

Kubernetes (K8s) is an open-source container orchestration platform designed to automate application container deployment, scaling, and running.  Containers are isolated software packages that are lightweight and contain everything required for running an app.  In Kubernetes, a “sidecar” refers to an…

Read more →

Microsoft’s Azure platform is a highly acclaimed and widely recognized solution that organizations worldwide are leveraging. It is regarded as a game-changer in the industry and has emerged as a dependable and efficient platform that helps businesses achieve their goals…

Read more →

The first instance of Redline using such a method is in a new variant of Redline Stealer malware that McAfee has discovered uses Lua bytecode to obfuscate its malicious code.  The malware was discovered on a legitimate Microsoft repository (vcpkg)…

Read more →

A threat actor reportedly sells a database containing 49 million user records from Dell, one of the world’s leading technology companies. This significant security breach encompasses a wide range of personal and corporate information, potentially exposing millions of Dell customers…

Read more →

A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide the framework to create that experience for both users and developers. Here’s what these principles mean in practice: With those…

Read more →

A new RAT malware has been discovered to be targeting Android devices. This malware is capable of executing additional commands compared to other RAT malware. This malware can also perform phishing attacks by disguising itself as legitimate applications like Snapchat,…

Read more →

BlackBerry reported a new iOS LightSpy malware, but Huntress researchers found it to be a macOS variant targeting Intel or Apple Silicon with Rosetta 2-enabled devices.  This caused media confusion, as Apple’s recent spyware alert likely referred to Pegasus spyware,…

Read more →

Kaiser Permanente, one of the largest healthcare providers in the United States, was the victim of a cyber attack that compromised the personal information of approximately 13.4 million users. This incident, which involved unauthorized access to the systems of City…

Read more →

A serious concern has arisen for iPhone users in the European Union as a newly discovered flaw in Apple’s Safari browser has the potential to expose them to tracking and malicious activities. The vulnerability lies in the fact that third-party…

Read more →

Researchers have uncovered a novel infection chain associated with the DarkGate malware. This Remote Access Trojan (RAT), developed using Borland Delphi, has been marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum since at least 2018. The DarkGate…

Read more →

Gemini 1.5 Pro is the latest version of the Gemini AI malware analysis platform, which is set to transform the cybersecurity industry. With its innovative features, it enables security teams to detect, investigate, and respond to malware threats with unprecedented…

Read more →

In the world of cloud computing, Amazon Web Services (AWS) is a giant that offers a wide range of services that cater to various needs, from storage to computation. Among these services, AWS S3 (Simple Storage Service) is a trendy…

Read more →

The popular open-source platform Grafana, widely used for monitoring and observability, has been found to contain a severe SQL injection vulnerability. This flaw allows attackers with valid user credentials to execute arbitrary SQL commands, potentially leading to data leakage and…

Read more →

Cybersecurity experts have meticulously traced the timeline of a sophisticated ransomware attack that spanned 29 days from the initial breach to the deployment of Dagon Locker ransomware. This case study not only illuminates cybercriminals’ efficiency and persistence but also underscores…

Read more →

A large botnet-as-a-service network originating from China was discovered, which comprises numerous domains, over 20 active Telegram groups, and utilizes other domestic communication channels.  The infrastructure that supports this botnet, located in China, raises concerns about the potential for large-scale,…

Read more →

Microsoft released multiple product security patches on their April 2024 Patch Tuesday updates. One of the vulnerabilities addressed was CVE-2024-26218, associated with the Windows Kernel Privilege Escalation vulnerability, which had a severity of 7.8 (High).  This vulnerability relates to a…

Read more →

A new ransomware named KageNoHitobito has been targeting Windows users across various countries. It encrypts their data and demands a ransom through sophisticated means. This article delves into the mechanics of the KageNoHitobito ransomware and its attack methodology and provides…

Read more →

Hackers often focus on flaws in Microsoft products since they are commonly employed in various institutions and personal computers, which means they have a bigger area to attack.  This is because these systems could be used as an entry point…

Read more →

A new family of mobile malware known as “Brokewell” has been found to have a wide range of device takeover capabilities.  This seriously threatens the banking sector by giving attackers remote access to all the resources made available via mobile…

Read more →

Okta has issued a warning about the increasing prevalence of credential-stuffing attacks. These attacks, which leverage stolen user credentials to gain unauthorized access to accounts, are facilitated by the widespread use of residential proxy services. This alarming trend underscores the…

Read more →

A recent malware campaign used a VBA macro in a Word document to download and execute a 64-bit Rust binary. This binary employs fileless injection techniques to load a malicious AgentTesla payload into its memory space.  The malware leverages CLR…

Read more →

Some router models have identified a security vulnerability that allows attackers to bypass authentication. To exploit this vulnerability, an attacker must know the WiFi password or have an Ethernet connection to a device on the victim’s network.  Firmware updates that…

Read more →

Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage. This makes them attractive targets for data theft and ransomware attacks for the threat actors.  Besides this, the vulnerabilities in CrushFTP servers…

Read more →

DDoS attacks are a significant and growing risk that can overpower websites, crash servers, and block out authorized users with never-ending waves of offensive traffic. More than 13 million DDoS attacks were recorded in 2023 alone, which reveals the real…

Read more →

Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine. It has been closely monitoring the situation and has successfully detected all stages of the attack. CVE-2017-8570: The Initial Vector…

Read more →