A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker forums and Telegram channels. Priced at $100 per month, this malicious tool is gaining attention for its extensive capabilities and potential to wreak havoc on individuals…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution
A critical vulnerability has been identified in Siemens’ User Management Component (UMC), which could allow unauthenticated remote attackers to execute arbitrary code. The flaw, designated CVE-2024-49775, is a heap-based buffer overflow vulnerability. Siemens has issued Security Advisory SSA-928984 and urges customers…
Foxit PDF Editor Vulnerabilities Allows Remote Code Execution
Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF Reader and Foxit PDF Editor. The updates—Foxit PDF Reader 2024.4 and Foxit PDF Editor 2024.4/13.1.5—were released on December 17, 2024, to counter vulnerabilities that could leave…
Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access
Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could allow local attackers to escalate privileges to the SYSTEM level. Security researcher Alex Birnberg showcased the exploit during the renowned TyphoonPWN 2024 cybersecurity competition, securing…
NetWalker Ransomware Operator Sentenced to 20 Years in Prison
A Romanian man has been sentenced to 20 years in prison for his involvement in the notorious NetWalker ransomware attacks. The sentencing, which took place in the Middle District of Florida, also included a forfeiture order of $21.5 million in…
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. This newly uncovered flaw tracked as CVE-2024-12356, could allow attackers to execute malicious commands, posing…
CISA Releases Eight New ICS Advisories to Defend Cyber Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued eight detailed advisories on vulnerabilities affecting Industrial Control Systems (ICS). These vulnerabilities impact critical software and hardware across various industries, posing risks of service disruption, unauthorized access, and malicious code execution.…
NotLockBit – Previously Unknown Ransomware Attack Windows & macOS
A new and advanced ransomware family, dubbed NotLockBit, has emerged as a significant threat in the cybersecurity landscape, closely mimicking the behavior and tactics of the notorious LockBit ransomware. NotLockBit notably distinguishes itself by being one of the first ransomware…
BADBOX Botnet Hacked 74,000 Android Devices With Customizable Remote Codes
BADBOX is a cybercriminal operation infecting Android devices like TV boxes and smartphones with malware before sale, which are often sold through reputable retailers and pose a significant threat to users due to their pre-installed malicious software, making detection challenging.…
Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload
TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email containing a RAR archive, which included a decoy PDF, a malicious LNK file disguised as a PDF, and an ADS file with PowerShell code. This technique,…
Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace
Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the vulnerability of the platform to supply chain attacks similar to those previously seen in the npm community. Malicious actors are increasingly exploiting npm packages to distribute…
Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware
Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify a sophisticated malware delivery campaign. A link that was disguised as a legitimate SharePoint notification was included in the emails that were sent out at the…
Europol Details on How Cyber Criminals Exploit legal businesses for their Economy
Europol has published a groundbreaking report titled “Leveraging Legitimacy: How the EU’s Most Threatening Criminal Networks Abuse Legal Business Structures.” The report uncovers the alarming extent to which organized crime groups exploit legitimate business structures to strengthen their power, evade law…
CISA Proposes National Cyber Incident Response Plan
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed update to the National Cyber Incident Response Plan (NCIRP), inviting public feedback on the draft. This highly anticipated revision, outlined in a pre-decisional public comment draft released this month,…
Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure
In a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada, the United Kingdom, and Israel have issued an urgent warning about ongoing malicious cyber activities by advanced persistent threat (APT) actors affiliated with Iran’s Islamic Revolutionary…
Next.js Vulnerability Let Attackers Bypass Authentication
A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows attackers to bypass authentication under specific circumstances. The issue, cataloged as CVE-2024-51479, affects versions from 9.5.5 up to 14.2.14. Developers using these versions must quickly upgrade…
CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies
In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services. This directive mandates federal civilian agencies to adopt stringent security measures for…
Critical Chrome Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely
Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205 for Windows and Mac and 131.0.6778.204 for Linux. This update addresses multiple high-severity vulnerabilities, ensuring enhanced safety for users. The rollout will occur gradually over the coming…
Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely
Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing two critical vulnerabilities affecting its FortiManager and FortiWLM products. The vulnerabilities, which can allow unauthorized code execution and sensitive file read access, demand immediate attention to…
Chrome Security Update, Patch for Multiple Security Flaws
Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205 for Windows and Mac and 131.0.6778.204 for Linux. This update addresses multiple high-severity vulnerabilities, ensuring enhanced safety for users. The rollout will occur gradually over the coming…
CISA Released Secure Mobile Communication Best Practices – 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has released new best practice guidance to safeguard mobile communications amid rising concerns over cyber espionage activities linked to People’s Republic of China (PRC)-affiliated threat actors. These malicious actors have been targeting commercial…
New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials
The VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing campaigns. Delivered as attachments disguised as archives or Microsoft 365 files, it employs malicious Microsoft Office documents to spread through command-and-control (C2) infrastructure. It targets sensitive…
INTERPOL Urges to End ‘Pig Butchering’ & Replaces With “Romance Baiting”
INTERPOL has called for the term “romance baiting” to replace “pig butchering,” a phrase widely used to describe a manipulative scam where victims are emotionally exploited and financially defrauded. The international law enforcement organization emphasizes that the new term fosters…
New I2PRAT Malware Using encrypted peer-to-peer communication to Evade Detections
Cybersecurity experts are sounding the alarm over a new strain of malware dubbed “I2PRAT,” which leverages encrypted peer-to-peer (P2P) communication via the Invisible Internet Project (I2P) network to avoid detection. The malware, first reported on November 19 by the researcher…
Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks
A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has brought rogue Remote Desktop Protocol (RDP) attacks to the forefront of cybersecurity concerns. Leveraging a combination of RDP relays, rogue RDP servers, and custom malicious configuration…
1-Click RCE Attack In Kerio Control UTM Allow Attackers Gain Firewall Root Access Remotely
GFI Software’s Kerio Control, a popular UTM solution, was found to be vulnerable to multiple HTTP Response Splitting vulnerabilities, which affecting versions 9.2.5 through 9.4.5, could potentially allow attackers to inject malicious code into web pages, leading to cross-site scripting…
RiseLoader Attack Windows By Employed A VMProtect To Drop Multiple Malware Families
RiseLoader, a new malware family discovered in October 2024, leverages a custom TCP-based binary protocol similar to RisePro for downloading and executing second-stage payloads. Despite RisePro’s development discontinuation in June 2024, RiseLoader’s emergence suggests a potential connection to the threat…
Careto – A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal Files
Recent research has linked a series of cyberattacks to The Mask group, as one notable attack targeted a Latin American organization in 2022, where attackers compromised the organization’s MDaemon email server and exploited the WorldClient webmail component to maintain persistent…
Cybercriminals Exploit Google Calendar and Drawings in Phishing Campaigns
Attackers are ingeniously exploiting Google Calendar and Google Drawings in phishing campaigns, targeting unsuspecting individuals and organizations. Leveraging the inherent trust in Google’s widely used tools, cybercriminals are successfully deceiving users into revealing sensitive information and compromising their accounts. Google…
Google’s New XRefer Tool To Analyze More Complex Malware Samples
XRefer, an IDA Pro plugin, enhances binary analysis with a persistent companion view by employing Gemini-powered cluster analysis to decompose binaries into functional units, providing high-level architectural overviews akin to viewing a city’s districts. Simultaneously, it offers a context-aware view…
Azure Data Factory And Apache Airflow Integration Flaws Let Attackers Gain Write Access
Researchers have uncovered vulnerabilities in Microsoft Azure Data Factory’s integration with Apache Airflow, which could potentially allow attackers to gain unauthorized access and control over critical Azure resources. By exploiting these vulnerabilities, attackers could compromise the integrity of the Azure…
Spring Framework Path Traversal Vulnerability (CVE-2024-38819) PoC Exploit Released
A Proof of Concept (PoC) exploit for the critical path traversal vulnerability identified as CVE-2024-38819 in the Spring Framework has been released, shedding light on a serious security issue affecting applications that serve static resources via functional web frameworks. This…
Multiple SHARP Routers Vulnerabilities Let Attackers Execute Arbitrary Code
Multiple vulnerabilities have been identified in SHARP routers, potentially allowing attackers to execute arbitrary code with root privileges or compromise sensitive data. Labeled under JVN#61635834, the vulnerabilities highlight significant security concerns for affected devices. Overview and Key Vulnerabilities JPCERT/CC, alongside…
Hackers Attacking Linux SSH Servers DDoS Bot cShell Using Screen & hping3 Tools
The AhnLab Security Intelligence Center (ASEC) has detected a new strain of malware targeting poorly protected Linux SSH servers. This malware, named “cShell,” exploits existing Linux tools such as screen and hping3 to launch distributed denial-of-service (DDoS) attacks, highlighting a growing concern for server…
CISA Releases Secure Practices for Microsoft 365 Cloud Services
The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services, to enhance the cybersecurity posture of Federal Civilian Executive Branch (FCEB) agencies utilizing cloud services, including Microsoft 365. This directive,…
Cyber Criminals Exploit Windows Management Console to Deliver Backdoor Payloads
A recent campaign dubbed FLUX#CONSOLE has come to light, leveraging Microsoft Common Console Document (.MSC) files to infiltrate systems with backdoor malware. The campaign showcases the growing sophistication of phishing techniques and the exploitation of lesser-known Windows features. The FLUX#CONSOLE Campaign The FLUX#CONSOLE campaign…
Texas Tech Systems Breach, Hackers Accessed System Folders & Files
The Texas Tech University Health Sciences Center (TTUHSC) and Texas Tech University Health Sciences Center El Paso (TTUHSC El Paso), collectively known as the HSCs, have disclosed a significant cybersecurity breach impacting sensitive data. The breach, which occurred between September…
Beware of Malicious Ads on Captcha Pages that Deliver Password Stealers
Malicious actors have taken cybercrime to new heights by exploiting captcha verification pages, a typically harmless security feature, to launch large-scale malware distribution campaigns. This startling revelation uncovers how these fake captchas, interlaced with malicious advertising, are infecting users with…
ConnectOnCall Data Breach, 900,000 Customers Data Exposed
The healthcare communication platform ConnectOnCall, operated by ConnectOnCall.com, LLC, has confirmed a significant data breach that compromised the personal information of 900,000 patients and healthcare providers. The platform, designed to streamline after-hours communications between patients and healthcare providers, discovered the…
Hitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely
Critical Authentication Bypass Vulnerability Identified in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer. A severe vulnerability has been discovered in Hitachi’s Infrastructure Analytics Advisor and Ops Center Analyzer, posing a significant security risk to users of these products. The…
CISA Warns of Adobe & Windows Kernel Driver Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, actively exploited by malicious actors, underscore the growing risks facing organizations. Adobe ColdFusion Access Control Weakness…
Kali Linux 2024.4 Released – What’s New!
Kali Linux has unveiled its final release for 2024, version Kali Linux 2024.4, packed with notable updates, including new tools and enhancements. This highly anticipated update caters to the needs of security professionals, ethical hackers, and tech enthusiasts with a…
The Rise of AI-Generated Professional Headshots
It’s clear that a person’s reputation is increasingly influenced by their online presence, which spans platforms like LinkedIn, corporate websites, and various professional networks. In today’s digital age, having a quality photograph is essential rather than optional. In the past,…
Hackers Abuse Google Ads To Attacking Graphic Design Professionals
Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as the actor has launched at least 10 malvertising campaigns hosted on two specific IP addresses: 185.11.61[.]243 and 185.147.124[.]110, where these malicious ads, when clicked, redirect…
Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads
Hackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact…
Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls
Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in Israel and the US, have been attributed to the Iranian-backed CyberAv3ngers. The attacks, leveraging a custom-built malware named IOCONTROL, exploit vulnerabilities in IoT and OT devices,…
Hackers Weaponizing Microsoft Teams to Gain Remote Access
Recent cybersecurity research has uncovered a concerning trend where hackers are exploiting Microsoft Teams to gain remote access to victim systems. Utilizing sophisticated social engineering tactics, these malicious actors pose as legitimate employees or trusted contacts, leveraging video calls on…
“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords
Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second, nearly double the rate from just a year ago. This surge in cyber threats underscores the urgent need for more robust authentication methods, with passkeys…
Password Era is Ending Microsoft to Delete 1 Billion Passwords
Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second, nearly double the rate from just a year ago. This surge in cyber threats underscores the urgent need for more robust authentication methods, with passkeys…
Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit
The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks from pprof endpoints, and potential code execution threats, which could lead to data breaches, system outages, and unauthorized access. Vulnerable Prometheus servers are exposed to internet…
Nigerian National Extradited to Nebraska for Wire Fraud Charges
United States Attorney Susan Lehr announced the extradition of Abiola Kayode, 37, from Nigeria to the District of Nebraska. The extradition follows a Conspiracy to Commit Wire Fraud indictment filed against Kayode in August 2019. This case highlights international cooperation…
Dell Security Update, Patch for Multiple Critical Vulnerabilities
Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose affected systems to exploitation by malicious actors. Customers are strongly encouraged to review the findings and update their systems accordingly. This update includes remediation for two…
CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities across Siemens’ industrial products. Released on December 12, 2024, these advisories expose multiple flaws in Siemens’ hardware and software platforms critical to industrial control systems (ICS).…
FBI Seizes Rydox Marketplace, Arrests Key Administrators
The Federal Bureau of Investigation (FBI) announced the seizure of Rydox, an illicit online marketplace that facilitated the buying and selling of stolen personal information and cybercrime tools. Alongside the crackdown, law enforcement arrested three key administrators linked to the…
MITRE ATT&CK Evaluation Results 2024 – Cynet Became a Leader With 100% Detection & Protection
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor…
Antidot Malware Attacking Employees Android Devices To Inject Malicious Payloads
Researchers discovered a new variant of the AntiDot banking trojan targeting Android mobile devices through a mobile-phishing (mishing) campaign, where this variant builds upon the version identified by Cyble in May 2024. The attackers leverage social engineering tactics, posing as…
New Chinese Surveillance Tool Attack Android Users Since 2017
Wuhan Chinasoft Token Information Technology Co., Ltd. developed EagleMsgSpy, a surveillance tool operational since 2017, which, installed as an APK, secretly collects extensive user data, including chat messages, screen recordings, audio, call logs, contacts, SMS, location, and network activity. Because…
Malicious ESLint Package Let Attackers Steal Data And Inject Remote Code
Cybercriminals exploited typosquatting to deploy a malicious npm package, `@typescript_eslinter/eslint`, targeting developers seeking the legitimate TypeScript ESLint plugin, which was designed to mimic the genuine plugin, compromised systems by monitoring keystrokes, clipboard data, and executing remote commands. They leveraged a…
Triad Nexus, Chinese Hackers Using 200,000 Domains For Widespread Cyber Attack
Researchers identified FUNNULL, a Chinese CDN, as hosting malicious content, which includes fake trading apps for financial fraud, gambling sites likely used for money laundering, and phishing login pages targeting luxury brands. The gambling sites use algorithmically generated domains and…
ConvoC2 – A Red Teamers Tool To Execute Commands on Hacked Hosts Via Microsoft Teams
A stealthy Command-and-Control (C2) infrastructure Red Team tool named ConvoC2 showcases how cyber attackers can exploit Microsoft Teams to execute system commands on compromised hosts remotely. This innovative project, designed with Red Team operations in mind, uses Teams messages for…
Cleo 0-day Vulnerability Exploited to Deploy Malichus Malware
Cybersecurity researchers have uncovered a sophisticated exploitation campaign involving a zero-day (0-day) vulnerability in Cleo file transfer software platforms. This campaign has been used to deliver a newly identified malware family, now dubbed “Malichus.” The threat, recently analyzed by Huntress…
GitLab Security Update, Patch for Critical Vulnerabilities
GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The newly released versions 17.6.2, 17.5.4, and 17.4.6 address several high-severity vulnerabilities, and GitLab strongly recommends that all self-managed installations be upgraded immediately.…
BadRAM Attack Breaches AMD Secure VMs with $10 Device
Researchers have uncovered a vulnerability that allows attackers to compromise AMD’s Secure Encrypted Virtualization (SEV) technology using a $10 device. This breakthrough exposes a previously underexplored weakness in memory module security, specifically in cloud computing environments where SEV is widely…
Splunk RCE Vulnerability Let Attackers Execute Remote Code
Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability. This flaw, identified as CVE-2024-53247, affects several versions of Splunk Enterprise and the Splunk Secure Gateway app on the Splunk Cloud Platform. The vulnerability…
Europol Shutsdown 27 DDoS Service Provider Platforms
In a major international operation codenamed “PowerOFF,” Europol, collaborating with law enforcement agencies across 15 countries, has taken down 27 illegal platforms facilitating Distributed Denial-of-Service (DDoS) attacks. This takedown marks a significant blow to the cybercrime industry, disrupting one of…
Hackers Deploy Weaponized LNK Files for Malicious Payload Delivery
Researchers reported a phishing attack on December 4th, 2024, where malicious emails purportedly from the Ukrainian Union of Industrialists and Entrepreneurs were distributed, inviting recipients to a NATO standardization conference. The emails aimed to compromise systems by delivering malware, and…
US Charged Chinese Hackers for Exploiting Thousands of Firewall
The US Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned Sichuan Silence Information Technology Company and its employee Guan Tianfeng for their involvement in the April 2020 global firewall compromise, which targeted numerous US critical infrastructure companies. The…
Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication
Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive potential, as the latest version, 2.9.4.0, introduces a custom DNS tunnel for covert C2 communications, bypassing traditional network security measures. An interactive shell empowers attackers…
APT-C-60 Hackers Penetrate Org’s Network Using a Weapanized Google Drive link
The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has confirmed an advanced cyber attack against organizations in Japan, believed to have been conducted by the cyber espionage group APT-C-60. The attackers used phishing techniques, masquerading as a job applicant…
Windows RDP Service Flaw let Hackers Execute Remote Code
A critical security vulnerability (CVE-2024-49115) in Windows Remote Desktop Services (RDS) has been disclosed, potentially allowing hackers to execute arbitrary remote code via the network. The flaw, assigned the highest severity classification, was officially confirmed by Microsoft on December 10,…
Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access
Ivanti has issued critical software updates to address several severe vulnerabilities in its Cloud Services Application (CSA). These vulnerabilities tracked as CVE-2024-11639, CVE-2024-11772, and CVE-2024-11773, affect CSA versions 5.0.2 and earlier. Without mitigation, these flaws could allow malicious attackers to…
Chrome Security Update, Patch For Multiple Vulnerabilities
Google has released a new update on the Stable channel for its Chrome browser, addressing a series of security vulnerabilities. The update has been rolled out as version 131.0.6778.139/.140 for Windows and Mac, and 131.0.6778.139 for Linux. Users can expect the patch to become…
WPForms Vulnerability Let Users Issues Subscription Payments
A critical security vulnerability, tracked as CVE-2024-11205, was recently discovered in the popular WordPress plugin, WPForms, which boasts over 6 million active installations globally. This flaw, identified by researcher villu164 through the Wordfence Bug Bounty Program, allows authenticated users with at least subscriber-level…
Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day
In its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical vulnerabilities and 1 zero-day. This December update marks a crucial milestone in Microsoft’s ongoing efforts to enhance…
Microsoft Patch Tuesday December 2024, Patch for 16 Critical Security Flaws
In its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical flaws. This December update marks a crucial milestone in Microsoft’s ongoing efforts to enhance the security of…
RedLine Malware Weaponizing Pirated Corporate Softwares To Steal Logins
Attackers are distributing a malicious .NET-based HPDxLIB activator disguised as a new version, which is signed with a self-signed certificate, and targets entrepreneurs automating business processes and aims to compromise their systems. They are distributing malicious activators on forums targeting…
Visual Studio Tunnels Abused For Stealthy Remote Access
In an attack campaign dubbed “Operation Digital Eye,” a suspected China-nexus threat actor has been observed targeting business-to-business IT service providers in Southern Europe. The attack operation lasted roughly three weeks, from late June to mid-July 2024. The intrusions could…
Critical SAP Vulnerabilities Let Attackers Upload Malicious PDF Files
SAP has issued Security Note 3536965 to address multiple high-severity vulnerabilities in the Adobe Document Services of SAP NetWeaver AS for JAVA. These vulnerabilities, identified as CVE-2024-47578, CVE-2024-47579, and CVE-2024-47580, allow attackers to manipulate or upload malicious PDF files, potentially compromising internal systems and exposing sensitive data. Details of the Vulnerabilities CVE-2024-47578:…
Dell Warns of Critical Code Execution Vulnerability in Power Manager
Dell Technologies has issued a security advisory, DSA-2024-439, to alert users of a critical vulnerability in its Dell Power Manager software. The vulnerability, identified as CVE-2024-49600, could allow malicious attackers to execute arbitrary code and gain elevated privileges on the affected…
Researchers Uncovered Hackers Infrastructre Using Passive DNS Technique
Cybersecurity researchers have unveiled an advanced technique to uncover hackers’ operational infrastructure using passive DNS data. This groundbreaking method sheds light on how attackers establish and maintain their networks to perpetrate malicious activities while remaining resilient to detection. By leveraging…
Let’s Encrypt to End Support for Online Certificate Status Protocol (OCSP)
Let’s Encrypt has officially announced its timeline to phase out support for the Online Certificate Status Protocol (OCSP). The nonprofit Certificate Authority (CA) plans to fully transition to Certificate Revocation Lists (CRLs) by mid-2025, citing privacy concerns and efficiency gains…
Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins
Cybercriminals online take advantage of well-known events to register malicious domains with keywords related to the event, with the intention of tricking users through phishing and other fraudulent schemes. The analysis examines event-related abuse trends across domain registrations, DNS and…
Black Basta Ransomware Leverages Microsoft Teams To Deliver Malicious Payloads
In a resurgence since May 2024, the Black Basta ransomware campaign has exhibited a troubling escalation in its attack methods, incorporating a multi-stage infection chain that blends social engineering, a custom packer, a mix of malware payloads, and advanced delivery…
Hackers Target Android Users via WhatsApp to Steal Sensitive Data
Researchers analyzed a malicious Android sample created using Spynote RAT, targeting high-value assets in Southern Asia, which, likely deployed by an unknown threat actor, aims to compromise sensitive information. Although the target’s precise location and nature have not been disclosed,…
Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners
The Apache ActiveMQ server is vulnerable to remote code execution (CVE-2023-46604), where attackers can exploit this vulnerability by manipulating serialized class types in the OpenWire protocol to load malicious class configurations from external sources. Successful exploitation allows attackers to execute…
New Meeten Malware Attacking macOS And Windows Users To Steal Logins
A sophisticated crypto-stealing malware, Realst, has been targeting Web3 professionals, as the threat actors behind this campaign have employed AI-generated content to create fake companies, such as “Meetio,” to appear legitimate. By tricking victims into participating in video calls, cybercriminals…
Authorities Dismantled Hackers Who Stolen Millions Using AirBnB
An international cybercrime network responsible for stealing millions of euros across at least ten European countries has been dismantled in a joint operation by the Rotterdam Police Cybercrime Team and the Belgian police. The sophisticated criminal group employed phishing schemes…
U.S. Subsidiary of a Japanese water Treatment Company Hit By Ransomware Attack
Kurita America Inc. (KAI), the North American subsidiary of Tokyo-based Kurita Water Industries Ltd., has confirmed it was the victim of a ransomware attack that compromised multiple servers and potentially leaked sensitive data. The attack was detected on Friday, November 29,…
APT-C-53 Weaponizing LNK Files To Deploy Malware Into Target Systems
Gamaredon, a persistent threat actor since 2013, targets the government, defense, diplomacy, and media sectors of their victims, primarily through cyberattacks, to gain sensitive information and disrupt operations. It continues to employ sophisticated tactics, leveraging malicious LNK and XHTML files…
Hackers Can Hijack Your Terminal Via Prompt Injection using LLM-powered Apps
Researchers have uncovered that Large Language Models (LLMs) can generate and manipulate ANSI escape codes, potentially creating new security vulnerabilities in terminal-based applications. ANSI escape sequences are a standardized set of control characters used by terminal emulators to manipulate the appearance and behavior of text displays. They enable…
Google Announces Vanir, A Open-Source Security Patch Validation Tool
Google has officially launched Vanir, an open-source security patch validation tool designed to streamline and automate the process of ensuring software security patches are integrated effectively. The announcement was made following Vanir’s initial preview during the Android Bootcamp earlier this year…
Raspberry Pi 500 & Monitor, Complete Desktop Setup at $190
Raspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its game with the launch of the Raspberry Pi 500 alongside an official Raspberry Pi Monitor. This much-anticipated release offers enthusiasts and learners a complete desktop setup priced at just…
New Transaction-Relay Jamming Vulnerability Let Attackers Exploits Bitcoin Nodes
A newly disclosed transaction-relay jamming vulnerability has raised concerns about the security of Bitcoin nodes, particularly in the context of time-sensitive contracting protocols like the Lightning Network. This attack exploits the transaction selection, announcement, and propagation mechanisms of Bitcoin’s base-layer…
Qlik Sense for Windows Vulnerability Allows Remote Code Execution
Qlik has identified critical vulnerabilities in its Qlik Sense Enterprise for Windows software that could lead to remote code execution (RCE) if exploited. Security patches have been released to mitigate these risks and ensure system integrity. The vulnerabilities, discovered during…
QNAP High Severity Vulnerabilities Let Remote attackers to Compromise System
QNAP Systems, Inc. has identified multiple high-severity vulnerabilities in its operating systems, potentially allowing attackers to compromise systems and execute malicious activities. These issues affect several versions of QNAP’s QTS and QuTS hero operating systems. Users are urged to update…
Healthcare Security Strategies for 2025
Imagine this: It’s a typical Tuesday morning in a bustling hospital. Doctors make their rounds, nurses attend to patients, and the hum of medical equipment creates a familiar backdrop. Suddenly, screens go dark, vital systems freeze, and a chilling message…
Hackers Use Artificial Intelligence to Create Sophisticated Social Engineering Attacks
The Federal Bureau of Investigation (FBI) has issued a warning about a growing trend in cybercrime, hackers leveraging generative artificial intelligence (AI) to develop highly sophisticated social engineering attacks. With advancements in AI technology, cybercriminals are crafting fraud schemes that…
DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory
Security researchers have identified a significant vulnerability dubbed “DaMAgeCard Attack” in the new SD Express card standard that could allow attackers to directly access system memory through Direct Memory Access (DMA) attacks. The vulnerability stems from SD Express cards’ use…
Deloitte Denies Breach, Claims Only Single System Affected
Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish the data it had stolen earlier this week. However, despite the claims, a Deloitte spokesperson said that its investigation indicates that the allegations relate to a…
Top Five Industries Most Frequently Targeted by Phishing Attacks
Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top five industries targeted by subject-customized emails, which often leverage personal information like names, emails, phone numbers, or company names to bypass security measures. Employing redaction techniques…