Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Strelastealer malware has been found to be distributed in large-scale campaigns that have currently impacted over 100 organizations across the U.S. and EU. The malware was first discovered in 2022 and is capable of stealing a victim’s email login information…

Read more →

A new threat is the emergence of a ransomware encryptor dubbed ‘HelloFire.’ This new player in the cybercrime arena is employing deceptive tactics to disguise its malicious intent as legitimate penetration testing activities. Here’s what you need to know about…

Read more →

A malvertising campaign has been discovered deploying a fake PuTTY client to deliver the Rhadamanthys stealer, a dangerous malware. This campaign cleverly exploits the trust in the widely used SSH and Telnet client, PuTTY, by presenting a counterfeit website through…

Read more →

A malvertising campaign has been discovered deploying a fake PuTTY client to deliver the Rhadamanthys stealer, a dangerous malware. This campaign cleverly exploits the trust in the widely used SSH and Telnet client, PuTTY, by presenting a counterfeit website through…

Read more →

Hackers have claimed unauthorized access to Fortinet devices across various companies. This breach highlights cybercriminals’ persistent threat to corporate security infrastructures and the importance of robust cybersecurity measures. Overview of the Breach A tweet from a dark-themed webpage has surfaced,…

Read more →

A new tool, GEOBOX, was advertised on the Dark Web that utilizes Raspberry Pi devices for fraud and anonymization, allowing users to spoof GPS locations, emulate network settings, mimic Wi-Fi access points, and bypass anti-fraud filters.  Criminals were using multiple…

Read more →

A client’s website was experiencing random pop-ups as server side scanner logs revealed a JavaScript injection related to Sign1, which is a malware campaign that targets websites and has infected over 2,500 websites in the past two months and uses…

Read more →

A new phishing campaign targets users with emails containing a button to “verify payment information.” Clicking the button triggers the download of a malicious JAR file (disguised as an invoice) that leverages a PowerShell command to download two additional JARs. …

Read more →

A new elevation of privilege vulnerability has been discovered in the Xbox Gaming services that allow a threat actor to elevate their privileges to that of a SYSTEM. This particular vulnerability has been assigned CVE-2024-28916, and its severity has been…

Read more →

Researchers have unveiled a new class of microarchitectural side-channel attacks that pose a severe threat to the security of Apple CPUs. The attack, GoFetch, exploits the Data Memory-dependent Prefetchers (DMPs) in modern processors to extract secret cryptographic keys from constant-time…

Read more →

Security researchers have uncovered a sophisticated method of exploiting the Dynamic Host Configuration Protocol (DHCP) administrators group to escalate privileges within Windows domains. This technique, dubbed “DHCP Coerce,” leverages legitimate privileges to compromise entire networks potentially. The vulnerability centers around…

Read more →

FortiClientEMS (Enterprise Management Server), the security solution used for scalable and centralized management, was discovered with an SQL injection vulnerability that could allow an unauthenticated threat actor to execute unauthorized code or command on vulnerable servers through specially crafted requests. …

Read more →

Tenable Research has identified a critical vulnerability within the AWS Managed Workflows for Apache Airflow (MWAA) service, which they have named “FlowFixation.” This vulnerability could have permitted attackers to execute a one-click takeover of a user’s web management panel for…

Read more →

Attackers are taking advantage of vulnerabilities in JetBrains Teamcity to distribute ransomware, coinminers, and backdoor payloads. Two critical vulnerabilities in the TeamCity On-Premises platform, identified as CVE-2024-27198 and CVE-2024-27199 by JetBrains, were published on March 4, 2024.  These flaws enable…

Read more →

Staying ahead of security measures and exploiting new vulnerabilities requires hackers to change their tactics. By doing so, they manage to bypass better defenses, maximize success rates, and keep on with their illegal activities.  The adaptation of techniques by hackers…

Read more →

A group of cybersecurity researchers has uncovered several critical security flaws in the Saflok electronic RFID locks by Dormakaba. These locks, widely used in hotels and multi-family housing environments across 131 countries, are now known to be susceptible to a…

Read more →

As deep neural networks (DNNs) become more prevalent, concerns over their security against backdoor attacks that implant hidden malicious functionalities have grown.  Cybersecurity researchers (Wenmin Chen and Xiaowei Xu) recently proposed DEBA, an invisible backdoor attack leveraging singular value decomposition…

Read more →

Robert Purbeck, a hacker known as “Lifelock” and “Studmaster,”  hacked into the computer servers of the City of Newnan, a medical clinic in Griffin, and at least 17 other victims across the US.  He stole the personal information of more…

Read more →

The infamous Nemesis Market, a leading figure in the darknet marketplace ecosystem, has been successfully seized. This operation dismantles a major hub of illegal online trade, ranging from narcotics to stolen data, affecting thousands of users worldwide. The Rise of…

Read more →

Cybersecurity experts have uncovered a sophisticated cyber espionage campaign orchestrated by the North Korean threat actor group Kimsuky, Black Banshee, or Thallium. This group, notorious for its intelligence-gathering missions, has been active since at least 2012. It has primarily targeted…

Read more →

Denial-of-service (DoS) attacks are usually exploited by hackers to interrupt regular network and website functioning, with motives of making money or for political reasons or simply to create a mess.  The websites or networks can be made unavailable through the…

Read more →

An Iranian hacker group has claimed to have infiltrated the networks of the Dimona nuclear facility located in Israel’s Negev desert. Israeli cybersecurity teams are diligently working to verify the authenticity of the documents allegedly leaked during this cyber incident.…

Read more →

Group-IB, a cybersecurity firm, helped INTERPOL and Brazil dismantle the Grandoreiro banking trojan operation, as their expertise in threat intelligence and investigation was key.  Malware samples collected during independent investigations in Brazil and Spain (2020-2022) were analyzed by Group-IB and…

Read more →

Recent updates for Windows Server have been linked to significant disruptions in IT infrastructure, with numerous reports of domain controllers experiencing crashes and forced reboots. The issues have been traced back to the March 2024 cumulative updates for Windows Server…

Read more →

GitHub has leaped application security by introducing a new feature that promises to revolutionize how developers address code vulnerabilities. The new tool, code scanning autofix, is now available in public beta for all GitHub Advanced Security customers, harnessing the power…

Read more →

Operational Technology (OT) is a technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Distributed Control Systems (DCS).  OT is different from IT in that OT prioritizes safety, reliability,…

Read more →

AndroxGh0st is a malware that specifically targets Laravel applications. The malware scans and extracts login credentials linked to AWS and Twilio from .env files. AndroxGh0st was previously classified as an SMTP cracker since it exploits SMTP using various strategies such…

Read more →

GlorySprout stealer, advertised on the XSS forum in early March 2024, is a C++ stealer sold for $300 with lifetime access and temporary payload encryption, that includes a loader, anti-CIS execution, and a non-functional grabber module.  Taurus Stealer, a C++…

Read more →

In April 2023, Microsoft announced that it would be undertaking a multi-year effort to reduce domain fragmentation among authenticated, user-facing Microsoft 365 apps and services by bringing them onto a single, consistent and cohesive domain: cloud.microsoft. This consolidation will help improve security, administration,…

Read more →

A popular WordPress plugin, Automatic (premium version), developed by ValvePress, has been found to harbor critical security vulnerabilities that put over 40,000 websites at risk. This plugin, known for its capability to create posts from various sources, including YouTube, Twitter,…

Read more →

Researchers have discovered the workings of the MalSync malware known as the “DuckTail” or “SYS01”. The analysis of the malware revealed the infection vectors, command line usage, malware capabilities, and other information. The malware seems to have a targeted approach…

Read more →

Tor Project’s Anti-Censorship Team has made a groundbreaking announcement that promises to bolster the fight against internet censorship. On the World Day Against Cyber Censorship occasion, the team proudly introduced WebTunnel, a revolutionary new type of Tor bridge. This innovative…

Read more →

In a stark warning issued by the White House, it has been revealed that cyberattacks are increasingly targeting water and wastewater systems across the United States. These critical infrastructures are essential for providing clean and safe drinking water to communities,…

Read more →

A new evasive Azorult campaign that uses HTML smuggling to deliver a malicious JSON payload from an external website.  The JSON file is then loaded using reflective code loading, a fileless technique that bypasses disk-based detection and also employs an…

Read more →

The Andariel threat group has been discovered to be using MeshAgent when attacking Korean companies. The group has previously attacked Korean Asset management solutions for installing malware, such as AndarLoader and ModeLoader.  However, MeshAgent is used alongside other remote management…

Read more →

BunnyLoader is a rapidly developing malware that can steal information, credentials, and cryptocurrencies while also delivering new malware to its victims. Since its first detection in September 2023, the BunnyLoader malware as a service (MaaS) has regularly enhanced its features.  According…

Read more →

A new campaign has been identified as DEEP#GOSU is likely linked to the Kimsuky group, and it employs a new script-based attack chain that uses numerous PowerShell and VBScript stagers to stealthily infect systems.  Its features included data exfiltration, keylogging, clipboard monitoring, dynamic…

Read more →

A renowned software documentation platform has confirmed a security breach that led to the unauthorized access of 91 GitHub tokens. This incident has raised alarms about the potential exposure of private repositories and the overall security measures to protect sensitive…

Read more →

Over 900 websites inadvertently expose over 10 million passwords, many of which are in plaintext, alongside sensitive billing information and personally identifiable information (PII) of approximately 125 million users. This massive data exposure is attributed to misconfigured Firebase instances, a…

Read more →

In a cyberattack campaign dubbed “PhantomBlu,” hundreds of employees across various US-based organizations were targeted with phishing emails masquerading as messages from an accounting service. This campaign represents a significant evolution in the tactics, techniques, and procedures (TTPs) employed by…

Read more →

The database includes indicators of compromise (IOCs) and relationships between different artifacts observed within an analysis session. In October 2022, ANY.RUN launched TI Threat Intelligence Feeds to allow users to utilize this data.  Security experts assess threats using ANY.RUN, an…

Read more →

AhnLab security researchers detected a resurgence of CryptoWire, a ransomware strain originally prevalent in 2018, built with the AutoIt scripting language, which primarily spreads through phishing emails.  Unlike most ransomware, CryptoWire reportedly includes the decryption key within its code, while…

Read more →

Tampa, FL – In a significant crackdown on cybercrime, Sandu Boris Diaconu, a 31-year-old Moldovan national, has been sentenced to 42 months in federal prison after pleading guilty to charges related to operating a network of illicit websites. U.S. Senior…

Read more →

A new variant of the WhiteSnake Stealer, a formidable malware that has been updated to be more elusive and efficient in its malicious endeavors. One of the key features of the updated WhiteSnake Stealer is its use of mutexes (mutual…

Read more →

Large language models (LLMs) are vulnerable to attacks, leveraging their inability to recognize prompts conveyed through ASCII art.  ASCII art is a form of visual art created using characters from the ASCII (American Standard Code for Information Interchange) character set.…

Read more →

Microsoft has announced an important update for Windows users worldwide in a continuous effort to bolster security and performance. As part of its latest security enhancements, Microsoft is phasing out the support for 1024-bit RSA encryption keys within the Windows…

Read more →

The ongoing “free wedding invite” scam is one of several innovative campaigns aimed at the senior population. Through social media chats like WhatsApp, fraudsters use deceptive tactics, most often involving fake wedding invitations. It communicates with its victims over WhatsApp…

Read more →

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that has evolved significantly with the advent of the AutoSmuggle tool. Introduced in May 2022, AutoSmuggle facilitates embedding malicious files within HTML or SVG content, making it…

Read more →

In recent years, personal data security has surged in importance due to digital device usage. Side-channel attacks exploit system side effects to gather information.  Electronic emissions are a known vulnerability to such attacks. Acoustic side-channel attacks are particularly threatening. In…

Read more →

A critical vulnerability was discovered in two plugins developed by miniOrange. The affected plugins, miniOrange’s Malware Scanner and Web Application Firewall, contained a severe privilege escalation flaw that could allow unauthenticated attackers to gain administrative access to WordPress sites. This…

Read more →

A new Aiohttp vulnerability has been discovered, which the threat actor ShadowSyndicate exploits. Aiohttp is an asynchronous HTTP client/server framework that has extensive capabilities and flexibility to make aiohttp perform various asynchronous tasks.  The ShadowSyndicate threat actor operates as a…

Read more →

INTERPOL’s latest assessment on global financial fraud uncovers the sophisticated evolution of cybercrime, fueled by advancements in technology such as Artificial Intelligence (AI), cryptocurrencies, and the proliferation of phishing- and ransomware-as-a-service models. These developments have made fraud schemes more intricate…

Read more →

Fujitsu Limited announced the discovery of malware on several of its operational computers, raising concerns over the potential leak of files containing personal and customer information. The company has taken immediate action to isolate the affected computers and enhance the…

Read more →

With our weekly GBHackers news summary, explore and learn about the most recent developments in the cybersecurity field.  This practice will allow you to remain up-to-date on the newest developments, weaknesses, groundbreaking progress, hacking incidents, potential dangers, and fresh narratives…

Read more →

Cybersecurity researchers at vx-underground have reported that over 70 million records from an unspecified division of telecommunications giant AT&T have been leaked online. The breach, one of the largest in recent times, has raised serious concerns about data security and…

Read more →

DarkGPT, your next-level OSINT (Open Source Intelligence) assistant. In this digital era, the ability to sift through vast amounts of data is invaluable, and DarkGPT, leveraging the power of GPT-4-200K, is designed to query leaked databases with precision. A Spanish…

Read more →

Sandu Boris Diaconu, a 31-year-old Moldovan national, has been sentenced to 42 months in federal prison for his role in operating a notorious dark web marketplace known as E-Root. The sentencing was carried out by U.S. Senior District Judge James…

Read more →

A new variant of StopCrypt ransomware has been discovered. It executes multi-stage shellcodes before launching a final payload containing the file encryption code. This malware uses several techniques, such as detection evasion, a time-delaying loop of 600 million iterations, and…

Read more →

In a sophisticated cyberattack campaign, malicious actors impersonating Colombian government agencies target individuals across Latin America. The attackers are distributing emails containing PDF attachments, falsely accusing recipients of traffic violations or other legal infractions. These deceptive communications are designed to…

Read more →

A new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that leads to remote code execution with SYSTEM-level privileges on the compromised Windows node. The severity for this vulnerability has been given…

Read more →

ANY.RUN now integrates with OpenCTI, a cyber threat intelligence platform that allows automatic enrichment of OpenCTI observations with malware data directly from ANY.RUN analysis.  Users can access indicators like TTPs, hashes, IPs, and domains without manual data source checks.  The…

Read more →

The RA World ransomware, previously known as the RA Group, has been a significant threat to organizations worldwide since its emergence in April 2023. Focusing on the healthcare and financial sectors, ransomware has predominantly targeted entities in the United States…

Read more →

The cybersecurity landscape has been shaken by the discovery that a single piece of malware, known as RedLine, has stolen over 170 million passwords in the past six months. This alarming statistic has placed RedLine at the forefront of cyber…

Read more →

Google has announced an upgrade to its Safe Browsing technology to provide Chrome users with real-time protection against phishing, malware, and other malicious sites. This enhancement is set to revolutionize how users navigate the web, ensuring safety without compromising privacy.…

Read more →

Threat actors can exploit ChatGPT’s ecosystem for several illicit purposes, such as crafting prompts to generate malicious code, phishing lures, and disinformation content. Even threat actors can exploit ChatGPT’s exceptional capabilities to craft and launch a multitude of sophisticated and…

Read more →

The operators of DarkGate successfully leveraged a patched Windows Defender SmartScreen vulnerability, identified as CVE-2024-21412, as a zero-day attack to disseminate the complex and ever-evolving DarkGate malware. The vulnerability tracked as CVE-2024-21412, with a CVSS base score of 8.1, is a Microsoft Defender…

Read more →

Viber, known for its encrypted messaging and voice services, boasts millions of users worldwide who rely on its platform for secure communication. The breach, if confirmed, represents one of the largest in recent history, potentially exposing a vast amount of…

Read more →

Hackers have been found utilizing weaponized LNK files to deploy a strain of AutoIt malware, raising alarms across the cybersecurity community. Unpacking the LNK Malware The infection chain begins with a seemingly innocuous LNK file, which, upon closer inspection, reveals…

Read more →

Organizations have many tools when investigating cyber threats, but two stand out: Threat Intelligence Platforms (TIPs) and sandboxes. Each solution provides distinct advantages, yet combining their capabilities can lead to a more practical approach to detecting, analyzing, and responding to…

Read more →

Threat actors have been observed hosting phishing documents on legitimate digital document publishing (DDP) sites as part of continuous session harvesting and credential attempts.  Since DDP sites are unlikely to be blocked by web filters, have a good reputation, and…

Read more →

Microsoft Copilot for security was a generative AI solution that can help security and IT professionals handle their security operations much more efficiently. This was claimed to be the industry’s first generative AI solution for strengthening an organization’s security expertise. …

Read more →

A federal jury in Washington, D.C., has convicted Roman Sterlingov, a dual Russian-Swedish national, for operating the notorious darknet cryptocurrency mixer, Bitcoin Fog. This service, which has operated since 2011, facilitated the laundering of approximately $400 million in cryptocurrency, marking…

Read more →

The “State of the UAE—Cybersecurity Report 2024,” a collaborative effort by the UAE Cyber Security Council and CPX Holding, has released the United Arab Emirates (UAE) cybersecurity landscape. The report presents a detailed examination of the cyber threats that the…

Read more →

Hackers target these platforms due to their hosting of valuable resources and data. For financial gain or some other bad motive, the hackers intrude on these platforms to steal data, deploy malicious software, or launch other cyber attacks. Cybersecurity analysts…

Read more →

Organizations using SAP products are urged to prioritize patching vulnerabilities outlined in the latest SAP Security Notes, which was released on 12th March 2024 on SAP Security Patch Day. SAP Security Notes are official communications from SAP that detail newly…

Read more →

Fortinet has disclosed a critical vulnerability in its FortiOS and FortiProxy captive portal systems, potentially allowing attackers to execute arbitrary code through specially crafted HTTP requests. This revelation underscores the ongoing challenges in safeguarding digital infrastructures against sophisticated threats. Technical…

Read more →

Threat actors use malicious PyPI packages to infiltrate systems and execute various attacks like data exfiltration, ransomware deployment, or system compromise.  By masquerading as legitimate Python libraries all these packages can easily bypass security measures.  This allows it to infect…

Read more →

The Stanford University data breach involved a ransomware attack by the Akira ransomware gang. The breach occurred between May 12, 2023, and September 27, 2023, with the university discovering the attack on September 27, 2023. The compromised information varied but…

Read more →

In the wake of the LockBit ransomware group’s takedown, a shift has occurred within the cybercriminal underworld, leading to a sharp rise in activities by the Akira ransomware collective. This group, known for its sophisticated attacks, particularly against healthcare entities…

Read more →

The Andariel threat group was observed conducting persistent attacks against domestic businesses, specifically installing MeshAgent for remote screen control while conducting the attack. MeshAgent collects basic system information for remote management and performs activities such as power and account management,…

Read more →

Researchers at HiddenLayer have unveiled a series of vulnerabilities within Google’s Gemini AI that could allow attackers to manipulate user queries and control the output of the Large Language Models (LLMs). This revelation has raised concerns over the security and…

Read more →

An infostealer disguised as the Adobe Reader installation has been observed. The file is disseminated in PDF format and prompts users to download and run it. The fake PDF file, according to AhnLab Security Intelligence Center (ASEC), is written in Portuguese…

Read more →

A new threat actor, Magnet Goblin, emerged by rapidly exploiting recently disclosed vulnerabilities (CVE-2023-46805 & CVE-2023-21887) in Ivanti Connect Secure VPN, which allowed them to deploy custom Linux backdoors on vulnerable systems. Magnet Goblin has a history of targeting platforms…

Read more →

There are advantages to using standalone AI chatbots over cloud-based alternatives such as OpenAI; however, there are also some security risks. Research shows NextChat, a popular standalone chatbot with over 7500 exposed instances, is vulnerable to a critical SSRF vulnerability…

Read more →

An infostealer disguised as the Adobe Reader installation has been observed. The file is disseminated in PDF format and prompts users to download and run it. The fake PDF file, according to AhnLab Security Intelligence Center (ASEC), is written in Portuguese…

Read more →

CloudGrappler is an innovative open-source tool designed to detect the presence of notorious threat actors in cloud environments. This tool is a beacon of hope for security teams struggling to keep pace with the sophisticated tactics of groups like LUCR-3,…

Read more →

Cybersecurity experts have identified a new tool being promoted in the internet’s darker corners. Dubbed the “FUD APK Crypter,” this software claims to offer the ability to encrypt and obfuscate payloads created by Android Remote Administration Tools (RATs), making them…

Read more →

Threat actors use pentesting tools to identify vulnerabilities and weaknesses in target systems or networks. These tools provide a simulated environment for testing potential attack vectors that allow threat actors to exploit security gaps and gain unauthorized access.  By using…

Read more →

Several French government websites faced disruptions due to a severe Distributed Denial of Service (DDoS) attack, marking a concerning escalation in cyber threats against state infrastructure. The attack commenced in the early hours of Sunday, rapidly escalating in intensity. Cloudflare’s…

Read more →

The Italian Data Protection Authority (DPA) has initiated a thorough investigation into OpenAI, the American tech giant, following its recent announcement of a cutting-edge AI model named ‘Sora.’ This new model can generate dynamic, realistic, and imaginative scenes from simple…

Read more →

Over 200,000 websites have been left vulnerable to Cross-Site Scripting (XSS) attacks due to a flaw in the Ultimate Member plugin for WordPress. This vulnerability, discovered by a researcher known as stealthcopter, underscores the ongoing risks in the digital ecosystem…

Read more →

Cybercriminals usually use free apps to take advantage of the large number of people who use them freely.  The broader user base serves as a larger attack surface that ensures the effective distribution of malware.  In addition, this could happen…

Read more →

Recent developments within the cybersecurity landscape have included the emergence of KrustyLoader, a sophisticated Rust-based backdoor that has caught the attention of multiple industry experts. This malware, which boasts Windows and Linux variants, has been implicated in a series of…

Read more →

BianLian attackers exploited a TeamCity vulnerability (CVE-2024-27198 or CVE-2023-42793) to gain initial access and move laterally within the network.  They deployed a PowerShell backdoor disguised as legitimate tools that use two-layer obfuscation with encryption and string substitution to communicate with…

Read more →

BianLian attackers exploited a TeamCity vulnerability (CVE-2024-27198 or CVE-2023-42793) to gain initial access and move laterally within the network.  They deployed a PowerShell backdoor disguised as legitimate tools that use two-layer obfuscation with encryption and string substitution to communicate with…

Read more →

A recent surge in attacks from a new malware campaign exploits a known vulnerability in the WordPress plugin Popup Builder, infecting over 3,300 websites with XSS attacks. A recent Balada Injector campaign discovered in January exploited a cross-site scripting (XSS) vulnerability tracked…

Read more →

Threat actors target a niche group of internet users, security researchers, penetration testers, and even cybercriminals. The weapon of choice is malicious software known as CyberGate Remote Access Trojan (RAT), which has been lurking in the cyber realm for several…

Read more →

Threat actors target a niche group of internet users, security researchers, penetration testers, and even cybercriminals. The weapon of choice is malicious software known as CyberGate Remote Access Trojan (RAT), which has been lurking in the cyber realm for several…

Read more →

QNAP has disclosed a series of vulnerabilities within its operating systems and applications that could potentially allow attackers to compromise system security and execute malicious commands. These vulnerabilities, identified as CVE-2024-21899, CVE-2024-21900, and CVE-2024-21901, pose significant risks to users of…

Read more →

A Proof of Concept (PoC) exploit has been released for a vulnerability in the OpenEdge Authentication Gateway and AdminServer. This vulnerability, CVE-2024-1403, affects multiple versions of the OpenEdge platform and could potentially allow unauthorized access to sensitive systems. Understanding the…

Read more →