Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors to remotely compromise affected devices. The vulnerability, identified as CVE-2024-11237, affects TP-Link VN020 F3v(T) routers running firmware version TT_V6.2.1021, which are primarily deployed through Tunisie…

Read more →

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors to remotely compromise affected devices. The vulnerability, identified as CVE-2024-11237, affects TP-Link VN020 F3v(T) routers running firmware version TT_V6.2.1021, which are primarily deployed through Tunisie…

Read more →

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious e-commerce websites, leveraging multiple SEO malware families to achieve their goal. Three distinct threat actor groups were identified, each employing a unique malware family, with…

Read more →

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers in Europe and the USA during the Black Friday shopping season.  The campaign leveraged the legitimate payment processor Stripe to steal victims’ Cardholder Data (CHD)…

Read more →

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022 by employing sophisticated social engineering techniques to infiltrate target networks, often leveraging advanced malware to compromise systems undetected.  Once inside, Black Basta extorts victims with…

Read more →

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building web applications. The vulnerability allows unauthorized access by exploiting improperly validated inputs, potentially leading to privilege escalation, data tampering, or full system compromise. Given Laravel’s…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, CVE-2024-9463 and CVE-2024-9465, are reportedly actively exploited by malicious cyber…

Read more →

A critical vulnerability has been discovered in the popular “Really Simple Security” WordPress plugin, formerly known as “Really Simple SSL,” putting over 4 million websites at risk. The flaw, identified as CVE-2024-10924, exposes websites using the plugin to potential remote attacks,…

Read more →

Daren Li, 41, a dual citizen of China and St. Kitts and Nevis, and a resident of China, Cambodia, and the United Arab Emirates, pleaded guilty today to one count of conspiracy to commit money laundering for his role in…

Read more →

Google has once again raised the bar for mobile security by introducing two new AI-powered real-time protection features for Android users. With a strong commitment to user privacy and safety, these innovative tools aim to shield users from scams, fraud,…

Read more →

Google Cloud has announced a significant step forward in its commitment to transparency and security by stating it will begin issuing Common Vulnerabilities and Exposures (CVEs) for critical vulnerabilities found in its cloud services. This move, which underscores Google’s dedication…

Read more →

GitLab has rolled out critical security updates to address multiple vulnerabilities in its Community Edition (CE) and Enterprise Edition (EE), fixing issues that could lead to unauthorized access to Kubernetes clusters and other potential exploits. The latest patch versions, 17.5.2,…

Read more →

A newly discovered zero-day vulnerability, CVE-2024-43451, has been actively exploited in the wild, targeting Windows systems across various versions. This critical vulnerability, uncovered by the ClearSky Cyber Security team in June 2024, has been linked to attacks aimed specifically at Ukrainian…

Read more →

If you’re looking to make some extra cash or to start a business, you should consider online reselling. Online reselling is growing rapidly at 11% each year- according to ThredUp.  When partaking in online reselling it is important to have…

Read more →

Keeping track of who has access and managing their permissions has gotten a lot more complicated because there are so many users, devices, and systems involved. Using automation for managing who can access what helps companies stay secure, work more…

Read more →

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple products, including FortiAnalyzer, FortiClient, FortiManager, and FortiOS. These vulnerabilities could allow attackers to perform unauthorized operations, escalate privileges, or hijack user sessions. Below are detailed descriptions…

Read more →

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community websites to deliver Cobalt Strike malware, according to a recent investigation by Recorded Future’s Insikt Group. According to a report from Recorded Future, the investigation revealed…

Read more →

Ivanti, the well-known provider of IT asset and service management solutions, has issued critical security updates for its products Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC). These updates address multiple vulnerabilities, including medium, high, and critical…

Read more →

The Chrome team has officially announced the release of Chrome 131 for Windows, Mac, and Linux. The new version, Chrome 131.0.6778.69 for Linux and 131.0.6778.69/.70 for Windows and Mac is set to roll out to users over the coming days…

Read more →

In a critical security disclosure, it has been revealed that thousands of end-of-life (EOL) D-Link DSL-6740C routers are vulnerable to password change attacks. The vulnerability tracked as CVE-2024-11068 has been rated as critical by the TWCERT/CC, with an alarming CVSS score…

Read more →

Navigating the world of cryptocurrencies can feel like unlocking a new frontier. I remember my first foray into crypto wallet management, and the thrill of securing my digital assets was exhilarating. With the rapid growth of digital currencies, managing a…

Read more →

Diving into the world of crypto mining has always intrigued me. The allure of turning computer power into digital currency feels like a modern-day gold rush. As I explored this field, I discovered that understanding the profitability of crypto mining…

Read more →

Exploring the world of cryptocurrencies has been a thrilling journey for me. The allure of digital currencies lies not just in their potential for profit but also in the intricate technology that underpins them. One aspect that’s particularly fascinating is…

Read more →

Diving into the world of cryptocurrencies, I’ve found it’s a fascinating intersection of technology and economics. The crypto market isn’t just about digital coins; it’s deeply influenced by macroeconomic factors that shape its dynamics. Understanding these factors can unlock insights…

Read more →

Diving into the world of crypto investments has been one of the most exhilarating journeys I’ve embarked on. The dynamic nature of cryptocurrencies offers a unique blend of innovation and opportunity that’s hard to find elsewhere. Crafting a solid crypto…

Read more →

VMware has announced that its popular desktop hypervisor products, VMware Workstation and VMware Fusion, are now free to all users across various commercial, educational, and personal sectors. The transition, effective November 11, 2024, marks a shift in VMware’s strategy to…

Read more →

Dell Technologies has disclosed multiple critical security vulnerabilities in its Enterprise SONiC OS, which could allow attackers to gain control of affected systems. These vulnerabilities, identified through the Common Vulnerabilities and Exposures (CVE) system, are critical and affect Dell Enterprise…

Read more →

Amazon has confirmed that sensitive employee data was exposed due to a breach at a third-party vendor. The breach arose from exploiting a critical vulnerability in MOVEit, a widely used file transfer software. The vulnerability, first reported in mid-2023 under…

Read more →

Best DNS Management Tools play a crucial role in efficiently managing domain names and their associated DNS records. These tools enable users to make necessary changes and updates to DNS records, ensuring seamless website performance and accessibility. These tools are…

Read more →

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse complaints and temporary disruptions. While the attack affected non-exit relays and caused some relays to be taken offline, the overall impact on Tor users was…

Read more →

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from screenshots stored on infected devices.  By stealthily capturing screenshots, the malware bypasses traditional security measures that rely on text-based detection, which allows it to efficiently…

Read more →

The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced an exciting new release packed with cutting-edge features. The latest update includes new payloads targeting the emerging RISC-V architecture, a sophisticated SMB-to-HTTP(S) relay exploit for…

Read more →

A threat actor has allegedly scraped 489 million lines of Instagram user data, including sensitive information, which is now reportedly being sold on the dark web. DarkWebInformer’s official X account revealed the alarming incident, raising concerns over the scale and…

Read more →

Threat actors known as “888” have allegedly leaked the database of Appleton Harley-Davidson, a prominent dealership affiliated with the iconic motorcycle brand. The breach, first reported by DarkWebInformer on their account on X, has sparked concerns over the safety of…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability in Palo Alto Networks’ Expedition tool, which could lead to severe security breaches. The vulnerability, CVE-2024-5910, is classified as a “Missing Authentication” flaw that potentially allows…

Read more →

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 that could allow remote, unauthenticated attackers to access sensitive information. This vulnerability, classified under CWE-200 (Exposure of Sensitive Information…

Read more →

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points. This flaw tracked as CVE-2024-20418 enables unauthenticated, remote attackers to perform command injection attacks and execute arbitrary commands as…

Read more →

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information by impersonating various brands and apps to gain trust. It also utilizes C2 servers to receive updates and evolve continuously.  A builder tool empowers threat actors…

Read more →

Weaponized Linux virtual machines are used for offensive cybersecurity purposes, such as “penetration testing” or “exploiting vulnerabilities.” These setups often use the tools and frameworks that are designed for ethical hacking. Securonix researchers recently detected CRON#TRAP campaign that has been…

Read more →

North Korean threat actors behind the Contagious Interview and WageMole campaigns have refined their tactics, enhancing the obfuscation of their scripts to evade detection.  InvisibleFerret now boasts a dynamic RMM configuration and OS-specific persistence mechanisms, while Contagious Interview has expanded…

Read more →

Ransomware-as-a-Service (RaaS) platforms have revolutionized the ransomware market. Unlike traditional standalone ransomware sales, RaaS offers a subscription-based model where attackers can access pre-built ransomware tools and infrastructure without significant upfront costs.  These platforms provide user-friendly dashboards, customization options, and ongoing…

Read more →

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a hacking group responsible for distributed denial-of-service attacks.  LameDuck, a new threat actor, has carried out several massive distributed denial of service (DDoS) attacks to affect critical…

Read more →

Recent discoveries by Binary Security have revealed critical vulnerabilities in Azure API Management (APIM) that could allow attackers with minimal privileges to escalate their access and take full control over the APIM service. These vulnerabilities were reported to Microsoft, leading to some…

Read more →

Google has released a new update for its Chrome browser, addressing two high-severity vulnerabilities. The Stable channel has now been updated to version 130.0.6723.116/.117 for Windows and Mac and version 130.0.6723.116 for Linux. The update will be rolled out to users over the next…

Read more →

A new tactic, “ClickFix,” has emerged. It exploits fake Google Meet and Zoom pages to deliver sophisticated malware. The Sekoia Threat Detection & Research (TDR) team monitors this social engineering strategy closely. It represents a significant evolution in how threat…

Read more →

APT36, a sophisticated threat actor, has been actively targeting Indian entities with advanced malware like ElizaRAT, which is designed for espionage. It leverages cloud-based services for covert communication and data exfiltration.  Recent campaigns have seen significant enhancements in ElizaRAT’s evasion…

Read more →

The Phish, ‘n’ Ships fraud operation leverages, compromised websites to redirect users to fake online stores, which, optimized for search engine visibility, trick victims into providing credit card details to third-party payment processors, resulting in financial loss without receiving any…

Read more →

Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to test an AV/EDR bypass tool were compromised, granting unauthorized access. The threat actor utilized a bypass tool, likely purchased from cybercrime forums, to compromise the system.…

Read more →

Google has released a batch of security updates addressing 40 vulnerabilities, two of which are critical zero-day exploits. As reported in the November 2024 Android Security Bulletin, these updates are crucial for maintaining the integrity and safety of Android devices…

Read more →

The threat actor known as IntelBroker, in collaboration with EnergyWeaponUser, has claimed responsibility for a significant data breach involving Nokia’s proprietary source code. The news, which has sent ripples through the tech industry, was shared on social media, highlighting the…

Read more →

A security researcher discovered a vulnerability in Windows theme files in the previous year, which allowed malicious actors to steal Windows users’ credentials. When a theme file specifies a network path for specific properties, like the brand image or wallpaper,…

Read more →

Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to launch highly evasive password spray attacks, successfully stealing credentials from multiple Microsoft customers.  The stolen credentials are then leveraged by threat actors like Storm-0940 to…

Read more →

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against critical Ukrainian infrastructure, including government agencies, key industries, and military entities. Phishing emails promoting integration with Amazon, Microsoft, and ZTA contained malicious .rdp files. Upon…

Read more →

Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in various sectors. The attacks involve sending signed RDP configuration files to thousands of targets, aiming to compromise systems for intelligence gathering.  The actor impersonates Microsoft…

Read more →

The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese government entity in early 2023, which leverages three modules, CGM, CGN, and COL, to hijack web sessions and access cloud services like Google Drive, Gmail,…

Read more →

The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to distribute the SYS01 InfoStealer through ElectronJs applications disguised as legitimate software like video editors, productivity tools, and streaming services.  The campaign leverages nearly a hundred…

Read more →

Singapore’s government has instructed internet service providers to block access to websites deemed “inauthentic,” which are believed to be part of hostile information campaigns potentially targeting Singapore.  The government’s action is intended to combat the distribution of false information and…

Read more →

In July 2024, the ransomware group Embargo targeted US companies using the malicious loader MDeployer and EDR killer MS4Killer. MDeployer deployed MS4Killer, which disabled security products, before executing the Embargo ransomware.  The ransomware encrypted files with a random six-letter extension…

Read more →

Researchers discovered a Russian-linked threat actor, UNC5812, utilizing a Telegram persona named “Civil Defense. ” This persona has been distributing Windows and Android malware disguised as legitimate software designed to aid potential conscripts in Ukraine.  Once installed, these malicious apps…

Read more →

The “You Dun” hacking group exploited vulnerable Zhiyuan OA software using SQL injection, leveraging tools like WebLogicScan, Vulmap, and Xray for reconnaissance. They further escalated privileges on compromised hosts with tools like traitor and CDK.  Active Cobalt Strike server leaked,…

Read more →

The researchers have observed consistent efforts by Russia, Iran, and China to exert foreign influence on democratic processes in the United States.  Recent U.S. government actions have exposed Iranian cyberattacks on the Trump-Vance campaign and the dissemination of stolen Trump…

Read more →

A newly discovered vulnerability in Okta’s Device Access features for Windows could allow attackers to steal user passwords on compromised devices. The flaw affecting the Okta Verify agent for Windows specifically concerns how the software interacts with OktaDeviceAccessPipe, a component…

Read more →

In its recent MediaTek Product Security Bulletin, the chipmaker disclosed two high-severity security vulnerabilities that affect multiple devices, including smartphones, tablets, AIoT (Artificial Intelligence of Things), smart displays, and more. The vulnerabilities could allow attackers to escalate their privileges on…

Read more →

A well-known dark web forum threat actor allegedly claimed responsibility for leaking data from Dell’s enterprise partner portal. According to the claim, the leak exposes sensitive information of approximately 80,000 users, including user IDs and email addresses, primarily belonging to…

Read more →

The rapid growth of cloud computing has made SaaS applications indispensable across industries. While they offer many advantages, they are also prime targets for cybercriminals who exploit security risks to steal data or disrupt services. As businesses increasingly focus on SaaS…

Read more →

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices. The malware’s core binaries were even signed with the same certificate used in jailbreak kits, indicating deep integration. The C2 servers, active until October 26,…

Read more →

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits the popular social platform Discord to maintain persistence on infected systems. Discord, known for its real-time communication features, has become a hub for various communities…

Read more →

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations using sophisticated spear-phishing tactics. Known for its stealth and precision, Konni has been active since 2014, primarily targeting regions like Russia and South Korea. Recent…

Read more →

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions of users worldwide. The latest Stable channel update, version 130.0.6723.91/.92 for Windows and Mac and 130.0.6723.91 for Linux will be rolled out over the coming…

Read more →

Recent cyberattacks involving Akira and Fog threat actors have targeted various industries, exploiting a vulnerability (CVE-2024-40766) in SonicWall SSL VPN devices, where these attacks, initiated early in the kill chain, leverage malicious VPN logins from VPS-hosted IP addresses.  The rapid…

Read more →

The researcher discovered a vulnerability in the Windows Update process that allowed them to downgrade critical system components, including DLLs, drivers, and the NT kernel. This enabled the attacker to bypass security measures like Secure Boot and expose previously patched…

Read more →

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games like Badugi, Go-Stop, and Hold’em to disguise itself as a malicious program.  The attackers created a fraudulent gambling website that, when accessed, prompts users to…

Read more →

An international coalition led by the U.S. Department of Justice has dismantled the infrastructure behind the notorious RedLine and META infostealers. These malware variants have plagued millions of computers worldwide, stealing sensitive information and facilitating further cybercriminal activities. Operation Magnus…

Read more →

The Canadian Centre for Cyber Security (Cyber Centre), a Communications Security Establishment Canada (CSE) division, has warned Canadian organizations about an ongoing cyber threat. The Cyber Centre reports that a sophisticated state-sponsored threat actor from the People’s Republic of China…

Read more →

Open Policy Agent (OPA) recently patched a critical vulnerability that could have exposed NTLM credentials of the OPA server’s local user account to remote attackers, which was present in both the OPA CLI and Go SDK.  By exploiting this flaw,…

Read more →

Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins. These plugins, disguised as legitimate tools, inject malicious JavaScript code into compromised websites, tricking users into installing malware.  The malware uses blockchain…

Read more →

Recent analysis has revealed a concerning trend in mobile app security: Many popular apps store hardcoded and unencrypted cloud service credentials directly within their codebases.  It poses a significant security risk as anyone accessing the app’s binary or source code…

Read more →

Latrodectus, a new malware loader, has rapidly evolved since its discovery, potentially replacing IcedID. It includes a command to download IcedID and has undergone multiple iterations, likely to evade detection.  Extracting configurations from these versions is crucial for effective threat…

Read more →

Researcher Marco Figueroa has uncovered a method to bypass the built-in safeguards of ChatGPT-4o and similar AI models, enabling them to generate exploit code. This discovery highlights a significant vulnerability in AI security measures, prompting urgent discussions about the future…

Read more →

Nintendo has cautioned its users about a sophisticated phishing attack that involves emails mimicking official Nintendo communication. These emails, appearing to come from addresses, are being sent by third parties and are not legitimate communications from the company. Details of…

Read more →

Multiple vulnerabilities have been discovered in the Realtek SD card reader driver, RtsPer.sys, affecting a wide range of laptops from major manufacturers like Dell and Lenovo. These vulnerabilities have been present for years, allowing non-privileged users to exploit the system…

Read more →

WhatsUp Gold, a popular network monitoring software, has identified a significant security vulnerability that could potentially expose numerous organizations to cyber attacks. The flaw, which affects versions released before 2024.0.0, involves multiple critical vulnerabilities that could allow attackers to gain…

Read more →

The St. Petersburg Garrison Military Court has sentenced four individuals involved in a notorious ransomware operation. Artem Zayets, Aleksey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov have been found guilty of illegally circulating means of payment. Puzyrevsky and Khansvyarov were also…

Read more →

A critical security vulnerability has been identified in the Common Log File System (CLFS) driver of Windows 11, allowing local users to gain elevated privileges. The Common Log File System (CLFS) is a Windows service for efficient, reliable logging, used…

Read more →

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, along with Windows and macOS. Here we have provided you with the top 10 best Linux distros in 2024 for all professionals. Hence Linux…

Read more →

A significant security vulnerability was uncovered in the AWS Cloud Development Kit (CDK), an open-source framework widely used by developers to define cloud infrastructure using familiar programming languages. This vulnerability could allow attackers to gain unauthorized access to S3 buckets,…

Read more →

NVIDIA has issued essential security updates for its GPU Display Driver, addressing multiple vulnerabilities affecting Windows and Linux systems. Users are urged to download and install these updates promptly via the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal…

Read more →

GitLab has announced the release of critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address a high-severity HTML injection vulnerability that could lead to cross-site scripting (XSS) attacks. The patched versions, 17.5.1, 17.4.3, and…

Read more →

Multiple Xerox printer models, including EC80xx, AltaLink, VersaLink, and WorkCentre, have been identified as vulnerable to an authenticated remote code execution (RCE) attack. This vulnerability tracked as CVE-2024-6333, poses a significant risk, fully allowing attackers with administrative web credentials to…

Read more →

Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software. The vulnerability could allow remote attackers to execute commands with root-level privileges. The flaw, CVE-2024-20329, affects devices running a vulnerable release of Cisco…

Read more →

Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious actors could exploit. The update is now available on the Stable channel, with version 130.0.6723.69/.70 for Windows and Mac and version 130.0.6723.69 for Linux. The…

Read more →

A database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has…

Read more →

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post…

Read more →