Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A new critical vulnerability has been discovered in two of the Rust standard libraries, which could allow a threat actor to execute shell commands on vulnerable versions. This vulnerability has been assigned CVE-2024-24576, and its severity has been given as…

Read more →

Two new techniques uncovered in SharePoint enable malicious actors to bypass traditional security measures and exfiltrate sensitive data without triggering standard detection mechanisms. Illicit file downloads can be disguised as harmless activities, making it difficult for cybersecurity defenses to detect…

Read more →

Cyber Threat Intelligence (CTI) is a process that actively gathers and analyzes information on potential cyber threats, including Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) used by attackers, along with their goals and capabilities.  The ultimate goal…

Read more →

In a groundbreaking Check Point Research (CPR) analysis, vulnerabilities have been uncovered in several popular dating applications, cumulatively boasting over 10 million downloads. This investigation focused on the inherent risks associated with the use of geolocation data—a feature that, while…

Read more →

YubiKey Manager GUI on Windows before version 1.2.6 has a vulnerability that could allow an attacker to escalate privileges. Due to a limitation in Windows, it requires administrator privileges to interact with FIDO authenticators.  An attacker can exploit this by…

Read more →

Cybersecurity experts have identified a new threat lurking in the shadows of the dark web, a Remote Access Trojan (RAT) known as Oxycorat. This malicious software is specifically designed to infiltrate Android devices. Cybercriminals looking for a comprehensive toolkit to…

Read more →

Hackers have been found hijacking Facebook pages to impersonate popular AI brands, thereby injecting malware into the devices of unsuspecting users. This revelation comes from a detailed investigation by Bitdefender Labs, which has been closely monitoring these malicious campaigns since…

Read more →

A new critical vulnerability has been discovered in Progress Flowmon, assigned with CVE-2024-2389. Progress Flowmon is a Cloud Application Performance monitoring solution that can help analyze network and application traffic. Moreover, it can also be used for several purposes, such…

Read more →

Four new vulnerabilities have been discovered in the Ivanti Connect Secure and Policy Secure Gateways. These vulnerabilities were associated with Heap overflow, null pointer dereference, and XML entity Expansion. These vulnerabilities have been assigned with CVEs CVE-2024-21894, CVE-2024-22052, CVE-2024-22053, and…

Read more →

Hackers commonly employ dynamic-link library (DLL) hijacking and unhooking of APIs to damage security measures and authorize harmful activities on breached systems. In this regard, DLL hijacking permits them to load malicious code by utilizing flaws in the way applications…

Read more →

Hackers have been exploiting Microsoft Bing’s advertising platform to launch a malvertising campaign that impersonates the reputable VPN service NordVPN. This sophisticated scheme aims to trick users into downloading a Remote Access Trojan (RAT) known as SecTopRAT, which poses security…

Read more →

The research investigates the persistence and scale of AI package hallucination, a technique where LLMs recommend non-existent malicious packages.  The Langchain framework has allowed for the expansion of previous findings by testing a more comprehensive range of questions, programming languages…

Read more →

The FCC’s Public Safety and Homeland Security Bureau is seeking input on how communication service providers are securing SS7 and Diameter protocols to prevent location-tracking vulnerabilities.  The protocols are crucial for call routing, network interconnection, and data exchange in mobile…

Read more →

AT&T, a leading American telecommunications company, is facing a wave of lawsuits following a data breach that exposed the sensitive information of 73 million customers.  The breach, confirmed by AT&T on March 30, 2024, included full name, email address, mailing…

Read more →

The AhnLab Security Intelligence Center (ASEC) has detected a sophisticated cyberattack targeting users of the popular text and code editor, Notepad++. Hackers have successfully manipulated a default plugin within the Notepad++ package, potentially compromising the security of countless systems. The…

Read more →

ReversingLabs has uncovered a series of Visual Studio Code (VS Code) extensions designed to transfer sensitive information from unsuspecting users. This discovery highlights the growing trend of supply chain attacks increasingly targeting open-source repositories and platforms. The threat landscape has…

Read more →

A new ransomware variant is targeting VMware ESXi servers, a popular virtualization platform used by hosting providers worldwide. Dubbed “SEXi” by its creators, this ransomware has already made significant waves, with Powerhost’s CEO revealing a staggering ransom demand of approximately…

Read more →

The Web Platform is incredibly powerful, but regrettably, malicious websites will do all in their capacity to misuse it. To prevent such exploitation, blocking actions that weren’t accompanied by a “User Gesture” is one of the weakest (but easiest to…

Read more →

A group of hackers has announced the release of sensitive documents purportedly belonging to the Five Eyes Intelligence Group (FVEY), a prominent intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States. The United States Department…

Read more →

A critical vulnerability has been discovered in XZ Utils, a widely used data compression tool across Unix-like operating systems, including Linux. This vulnerability, identified as CVE-2024-3094, involves a backdoor that could potentially allow unauthorized remote access, posing a significant threat…

Read more →

Storm-0558, a cyberespionage group affiliated with the People’s Republic of China, has reportedly compromised Microsoft Exchange mailboxes of 22 organizations and over 500 individuals between May and June 2023. This was done by using authentication tokens of accounts that were…

Read more →

Jackson County, Missouri, has become the latest victim of a ransomware attack, which has caused substantial disruptions within its Information Technology (IT) systems. This attack has highlighted the vulnerabilities in digital infrastructures and the cascading effects such disruptions can have…

Read more →

A new menace has emerged that targets personal information with alarming precision. Dubbed the “Mighty Stealer,” this malicious software is designed to infiltrate devices and extract a wide range of sensitive data. The Mighty Stealer is a sophisticated malware that…

Read more →

DarkGate loader delivery surged after the Qakbot takedown, with financially motivated actors like TA577 and ransomware groups (BianLian, Black Basta) using it to target financial institutions (US, Europe) for double extortion.  It establishes an initial foothold and deploys info-stealers, ransomware,…

Read more →

Authentic8, provider of the leading OSINT research platform Silo for Research, today launched their Silo Shield Program to enhance online security for high-risk communities. Also today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched a webpage listing free tools…

Read more →

March saw many notable phishing attacks, with criminals using new tactics and approaches to target unsuspecting victims. It is time to explore some of the five most noteworthy campaigns to understand the current threat landscape better. Pay close attention to…

Read more →

Maintaining uninterrupted services is vital for any organization. The backbone of ensuring this continuous uptime lies in the Incident Management process. Incident triage is a significant component of this process. It enables organizations to prioritize and address potential incidents efficiently.…

Read more →

Today, Congressman Eric Swalwell, CA-14, announced that he has partnered with Wolfsbane.ai to help prevent his 2024 election campaign content from being used to create AI clones and deepfakes. Wolfsbane.ai will use its patent-pending technology to encode Rep. Swalwell’s campaign…

Read more →

A massive cyber fraud operation targeting Indians in Cambodia has emerged, with an estimated Rs 500 crore stolen in six months.  Over 5,000 Indian nationals are reportedly being held against their will and forced to participate in the elaborate scheme. …

Read more →

PandaBuy, a popular online shopping platform, has been the victim of a significant data breach. This breach has resulted in the leak of personal information belonging to more than 1.3 million customers. The incident has raised serious concerns about cybersecurity…

Read more →

Google has agreed to delete billions of data records that reflect the private browsing activities of users. This decision comes as part of a settlement for a lawsuit that accused the tech giant of improperly tracking users’ web-browsing habits who…

Read more →

The DoD DIB Cybersecurity Strategy is a three-year plan (FY24-27) to improve cybersecurity for defense contractors that aims to create a secure and resilient information environment for the Defense Industrial Base (DIB).  It will be achieved through collaboration between DoD…

Read more →

A critical vulnerability has been identified in the xz-utils package, versions 5.6.0 to 5.6.1, which harbors a backdoor capable of compromising system security. This vulnerability, cataloged under CVE-2024-3094, poses a significant threat to the Linux ecosystem, including the widely used…

Read more →

Ransomware, initially a Windows threat, now targets Linux systems, endangering IoT ecosystems. Linux ransomware employs diverse encryption methods, evading traditional forensics.  Still developing, it shows potential for Windows-level impact. Early awareness allows for assessing IoT security implications. The following cybersecurity…

Read more →

Veracode, a leading provider in the cybersecurity space, has officially announced its acquisition of Longbow Security. This strategic move is poised to revolutionize how organizations manage and mitigate risks in multi-cloud environments, offering a unified solution to the complex challenges…

Read more →

Professor Ross Anderson, who passed away on March 28, 2024. Anderson, a pioneer in security engineering, was the author of the seminal book ‘Security Engineering’, which has educated countless professionals and academics on the complexities of securing systems. Born on…

Read more →

Active since 2023, the Mysterious Werewolf cluster has shifted targets to the military-industrial complex (MIC) by using phishing emails with a weaponized archive.  The archive contains a seemingly legitimate PDF document along with a malicious CMD file, and when the…

Read more →

Activision, the powerhouse behind popular titles such as Call of Duty, is currently embroiled in an investigation into a hacking campaign aimed at its players. The primary objective of cybercriminals is to siphon off player credentials, focusing on gaming accounts…

Read more →

Imperva SecureSphere WAF, a security tool for on-premise web applications, has a vulnerability in some versions that allows attackers to bypass filters when inspecting POST data.  By sneaking malicious content past the WAF, attackers could potentially exploit security flaws in…

Read more →

A startling revelation has identified a dangerous security vulnerability in the xz compression utility, specifically within its liblzma library. This vulnerability has been found to compromise SSH server security. Xz Utils is a tool found almost everywhere in Linux. It…

Read more →

Hackers have been found leveraging Microsoft OneNote files as a vector to compromise systems across various industries. The campaign, under the radar of cybersecurity experts, showcases a new trend in cyber threats, exploiting commonly used office applications to gain unauthorized…

Read more →

DinodasRAT, also known as XDealer, is a sophisticated C++ backdoor targeting multiple operating systems. It is designed to enable attackers to monitor and extract sensitive information from compromised systems covertly. Notably, a Windows variant of this RAT was employed in…

Read more →

The notorious WarzoneRAT malware has made a comeback, despite the FBI’s recent efforts to dismantle its operations. Initially detected in 2018, WarzoneRAT was disrupted by the FBI in mid-February when they seized the malware’s infrastructure and arrested two individuals linked…

Read more →

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed “Operation FlightNight” targeting Indian government entities and energy companies.  The attackers, likely state-sponsored, leveraged a modified version of the open-source information stealer HackBrowserData to steal sensitive data. EclecticIQ identified that the…

Read more →

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation, and growth. However, this shift towards a more interconnected digital ecosystem has not come without its risks. According to the “2024 State of SaaS Security Report”…

Read more →

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature. However, it has a big attack surface with over 2.5 billion active Android devices all over the world. It also poses challenges when it comes…

Read more →

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed light on the growing concerns within the cybersecurity community. The survey, which gathered insights from over 800 IT and security executives globally, reveals a stark reality:…

Read more →

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse engineering .NET malware.  The write-up outlines the importance of sandbox analysis in preparing for reverse engineering by highlighting what to expect and focus on, given that…

Read more →

In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers, successful evaluations, and partnerships such as BMW Group, Daimler Truck AG, Marelli, NTT Data, Siemens, and Valeo, among others. C2A Security’s DevSecOps Platform, ‘EVSec’, has…

Read more →

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered platform designed to redefine how we work. This innovative solution aims to streamline communication, enhance collaboration, and boost productivity. It addresses the challenges of dispersed teams…

Read more →

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and education. The latest update, Wireshark 4.2.4, includes a host of fixes and updates to further cement its position as the go-to tool for network professionals and…

Read more →

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information and grant unauthorized access. It’s an effective social engineering technique that can bypass even robust technical security measures.  Phishing kits and services provide a low-cost, low-effort…

Read more →

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and turning them into bots for the Faceless proxy service. TheMoon bots grew to over 40,000 in early 2024 and enabled Faceless to gain nearly 7,000 new…

Read more →

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including two zero-day exploits showcased at the prestigious Pwn2Own 2024 hacking competition. The update, which affects Chrome users on Windows, Mac, and Linux, elevates the browser version…

Read more →

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across various sectors, including education, cryptocurrency, and biopharma. This vulnerability, known as CVE-2023-48022, has been under active exploitation for the past seven months, allowing attackers to hijack…

Read more →

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two Chinese Advanced Persistent Threat (APT) groups targeting entities and member countries of the Association of Southeast Asian Nations (ASEAN). This alarming development underscores the escalating cyber…

Read more →

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included in the Edge Bounty Program. The Microsoft Edge Bounty Program aims to find vulnerabilities that are specific to the upcoming Chromium-based Microsoft Edge, and that instantly affect…

Read more →

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft SharePoint Server, CVE-2023-24955. This vulnerability poses a significant risk to organizations using the platform. It allows attackers with certain privileges to execute code remotely, potentially leading…

Read more →

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user devices into proxy nodes, potentially engaging in malicious activities without their knowledge. This discovery has raised significant concerns about the safety of free VPN apps on…

Read more →

Despite AMD’s growing market share with Zen CPUs, Rowhammer attacks were absent due to challenges in reverse engineering DRAM addressing, synchronizing with refresh commands, and achieving sufficient row activation throughput.  Researchers addressed these through ZENHAMMER, the first Rowhammer attack on…

Read more →

Federal Office for Information Security (BSI) in Germany has announced that at least 17,000 Microsoft Exchange servers across the country are exposed to one or more critical vulnerabilities. This figure only scratches the surface, as several servers remain unaccounted for,…

Read more →

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions provider in Germany. This acquisition marks a step for Airbus as it aims to enhance the security of its digital infrastructure amidst the growing cyber threats…

Read more →

Metasploit Framework 6.4 introduces significant improvements to Kerberos authentication. The auxiliary/admin/kerberos/forge_ticket module now supports diamond and sapphire techniques alongside golden and silver tickets and is compatible with Windows Server 2022.  A new post/windows/manage/kerberos_tickets module allows Kerberos tickets to be dumped…

Read more →

Microsoft released an out-of-band update, KB5037422, on March 22, 2024, specifically for Windows Server 2022 (OS Build 20348.2342) to address a critical memory leak issue in the Local Security Authority Subsystem Service (LSASS).  The leak occurred on domain controllers (DCs)…

Read more →

Global threat intelligence (GTI) is crucial for cybersecurity as it offers real-time data on emerging and persistent cyber threats worldwide. Threats can originate anywhere, so understanding regional variations is essential.  For example, North Korean actors target government infrastructure, while Eastern…

Read more →

Hackers use 2FA (Two-Factor Authentication) phishing kits to overcome the additional security layer provided by 2FA.  These kits typically mimic legitimate login pages and prompt users to enter their credentials along with the one-time passcodes generated by their authenticator apps…

Read more →

A malicious software known as EagleSpy Android RAT (Remote Access Trojan) 3.0 has been shared on a notorious online forum by a threat actor. This advanced malware version is specifically designed to target mobile phones, posing significant personal and financial…

Read more →

A recent security alert warns of three critical vulnerabilities actively exploited in the wild, of which the first is CVE-2023-48788, an SQL injection vulnerability in Fortinet FortiClient EMS. Attackers can use SQL injection vulnerabilities to insert malicious SQL code into…

Read more →

CrowdStrike and HCLTech, a leading global technology company, have announced a strategic partnership. This collaboration aims to enhance HCLTech’s managed detection and response (MDR) solutions with the cutting-edge AI-native CrowdStrike Falcon® XDR platform. Here’s a detailed look at this partnership…

Read more →

Giant Tiger, a prominent Ottawa-based discount retailer, has announced a breach of customer data. This incident, linked to a third-party vendor responsible for managing the retailer’s customer communications and engagement, has put the personal information of an undisclosed number of…

Read more →

Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have warned technology manufacturers and their customers about the persistent threat posed by SQL injection vulnerabilities. Despite being a well-documented issue for over two decades, SQL injection—or…

Read more →

Softline Group, a major IT solutions provider, has confirmed the suspension of access to cloud products offered by Microsoft, Amazon, and Google for Russian customers. Microsoft Corporation has recently announced the suspension of new sales in Russia. This disruption is…

Read more →

Over 170,000 users have fallen victim to a meticulously orchestrated scheme exploiting the Python software supply chain. The Checkmarx Research team has uncovered a multi-faceted attack campaign that leverages fake Python infrastructure to distribute malware, compromising the security of countless…

Read more →

Political parties are often targeted by hackers since they want to achieve various goals. This is because hackers may attempt to access confidential data like campaign strategies, opposition research, or even personal communications, which helps them interfere with election processes…

Read more →