Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By manipulating its capabilities, attackers can execute arbitrary commands, download malicious payloads, and establish persistence, all while evading traditional security measures. It is a Windows tool for…

Read more →

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target e-commerce platforms during the holiday season, which allow attackers to craft convincing phishing emails, replicate legitimate websites, and gain unauthorized access to systems.  The objective of…

Read more →

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated learning (FL) to improve the efficiency and privacy of training large language models (PLMs) on specific tasks.  However, this approach introduces a new security risk called…

Read more →

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation platform. Alleged by a tweet from DailyDarkWeb, the breach is said to have compromised sensitive user data, including names, email addresses, phone numbers, and reservation details.…

Read more →

A significant vulnerability has been identified in TP-Link’s HomeShield function, affecting a range of their devices, including the Archer, Deco, and Tapo series routers. This vulnerability, labeled CVE-2024-53375, allows attackers to exploit a flaw in the device firmware, leading to…

Read more →

A critical vulnerability has been discovered in Salesforce applications that could potentially allow a full account takeover. The vulnerability, uncovered during a penetration testing exercise, hinges on misconfigurations within Salesforce Communities, particularly exploiting the Salesforce Lightning component framework. The implications…

Read more →

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated Windows RAT that, initially detected in 2023, employs advanced evasion tactics and robust C2 capabilities to target Indian government agencies, diplomatic personnel, and military installations.  The…

Read more →

A Russian court has sentenced Stanislav Moiseyev, believed to be the founder of the notorious Hydra darknet marketplace, to life imprisonment. The Moscow Regional Court delivered the verdict on charges related to organized crime and drug trafficking, concluding a significant…

Read more →

CleverSoar, a new malware installer, targets Chinese and Vietnamese users to deploy advanced tools like Winos4.0 and Nidhogg rootkit. These tools enable keylogging, data theft, security circumvention, and stealthy system control for potential long-term espionage. It was initially uploaded to…

Read more →

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin addressing a critical vulnerability in its IceWall product line. Identified as CVE-2024-11856, this flaw could allow attackers to remotely modify data without authorization. This flaw is capable of enabling unauthorized…

Read more →

Recent research uncovered a novel crypto-jacking attack targeting the Python Package Index (PyPI), where malicious actors uploaded a legitimate-seeming cryptocurrency client package, “aiocpa,” to gradually build a user base.  Subsequently, a malicious update was pushed, compromising user wallets. By utilizing…

Read more →

Amazon has taken a significant step forward to enhance the security of its cloud environment. The introduction of advanced AI/ML threat detection capabilities in Amazon GuardDuty marks a major milestone in securing applications, workloads, and data against modern threats. This…

Read more →

In a recent announcement, Linus Torvalds, the creator of Linux, officially released the first release candidate (RC1) for Linux kernel version 6.13. This release marks the end of the merge window, and for the first time in recent memory, the…

Read more →

Cybersecurity researchers have identified a critical 0-day vulnerability in Windows Server 2012 and Server 2012 R2. This previously unknown security flaw allows attackers to bypass the Mark of the Web (MoTW) verification on certain files, posing a significant threat to…

Read more →

A critical vulnerability identified as CVE-2024-44308 has been actively exploited in the wild, affecting multiple versions of Apple Safari across iOS, visionOS, and macOS platforms. This flaw, located within WebKit’s DFG JIT compiler, poses a significant threat by allowing remote…

Read more →

Researchers uncovered the resurgence of APT-C-01, also known as the Poison Ivy group, an advanced persistent threat organization notorious for its sustained cyber attacks. This group has been actively targeting sectors such as defense, government, technology, and education since 2007,…

Read more →

Several vulnerabilities affecting MediaTek processors have been identified, potentially allowing attackers to escalate privileges on affected devices. These vulnerabilities span multiple components, including video decoding, telephony, power management, and modem functionalities, posing significant risks to users worldwide. Overview of Vulnerabilities…

Read more →

Russian authorities have arrested Mikhail Matveev, a notorious Russian hacker linked to multiple ransomware attacks worldwide. Matveev, who was also known by online aliases such as Wazawaka, Uhodiransomwar, m1x, and Boriselcin, was detained in Kaliningrad, Russia, following an investigation into…

Read more →

In a presentation at the POC 2024 conference, cybersecurity expert Andrey Konovalov revealed a novel method for covertly disabling the LED indicator of the ThinkPad X230’s webcam, highlighting ongoing vulnerabilities in USB-connected devices. Like many laptops, the ThinkPad X230 has…

Read more →

A sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users. This attack, which has rapidly gained attention nationwide, involves fraudsters impersonating bank representatives to deceive victims into providing sensitive banking information. The attack begins with a phone…

Read more →

Uniswap Labs has launched a $15.5 million bug bounty program to ensure the security of its latest protocol, Uniswap v4. This substantial bounty is the largest ever offered in the history of the DeFi sector. Uniswap v4 represents the latest…

Read more →

A publicly exposed database has left the sensitive information of hundreds of thousands of individuals vulnerable to potential misuse. Not protected by passwords or encryption, the database contained 644,869 PDF files, totaling 713.1 GB, exposing a treasure trove of personal…

Read more →

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack, leading to the declaration of a major incident. The cyberattack has affected the hospital’s IT systems, necessitating a shift from digital to paper-based processes in certain…

Read more →

Zyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products. This follows a detailed report by cybersecurity firm Sekoia highlighting vulnerabilities previously disclosed in Zyxel’s systems. The company has responded swiftly to these potential threats,…

Read more →

APT-C-60 launched a phishing attack in August 2024, targeting domestic organizations with malicious emails disguised as job applications. These emails, sent to recruitment departments, contained malware designed to compromise systems and potentially steal sensitive data.  The attack leverages a targeted…

Read more →

Helldown Ransomware, a sophisticated cyber threat, actively targets critical industries worldwide by leveraging advanced cross-platform capabilities, including Windows and Linux, to encrypt files and exploit system vulnerabilities.  Its modular design and anti-detection techniques enable continuous evolution and persistent attacks, which…

Read more →

UNC2465, a financially motivated threat actor, leverages the SMOKEDHAM backdoor to gain initial access to target networks, which are often delivered via phishing emails, trojanized software, or supply chain attacks, enabling persistence and lateral movement.  Once in the network, UNC2465…

Read more →

A JavaScript-based malware targeting Magento eCommerce websites has been identified, which is designed to skim payment card details and activates exclusively on checkout pages.  The malware dynamically generates a fraudulent credit card form or directly extracts sensitive payment information, where…

Read more →

Ransomware groups and state-sponsored actors increasingly exploit data exfiltration to maximize extortion and intelligence gains by leveraging a mix of custom and legitimate tools to steal sensitive data, including financial, personal, and classified information.  To mitigate risks, organizations must implement…

Read more →

A series of vulnerabilities have been identified, posing significant risks to the system’s security. These vulnerabilities could allow attackers to trigger denial of service (DoS) attacks and execute script injections, as highlighted in recent advisories. Denial of Service Vulnerability in…

Read more →

In today’s interconnected world, where digital communication and transactions dominate, phishing attacks have become an ever-present threat. By masquerading as trustworthy entities, phishing attacks deceive users and organizations into divulging sensitive information, such as passwords, financial data, and personal details.…

Read more →

A new vulnerability has been discovered in Windows 11, specifically affecting the 23H2 version. This vulnerability is identified in the ksthunk.sys driver, allows attackers to exploit an integer overflow in the CKSAutomationThunk::ThunkEnableEventIrp function to escalate their privileges on the system. Technical Details The flaw…

Read more →

Microsoft has re-released the November 2024 Security Update (SU) with enhancements to rectify problems encountered with transport rules. Originally rolled out on November 12, 2024, as part of its ongoing security update efforts, the initial SU (referred to as Nov…

Read more →

Cybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems. This discovery, named ‘Bootkitty’, marks a new chapter in UEFI threats, which have predominantly targeted Windows systems until now. The UEFI (Unified Extensible Firmware Interface) threat landscape…

Read more →

In a major crackdown on illegal streaming, law enforcement authorities across Europe, supported by Europol and Eurojust, have successfully dismantled one of the largest illegal streaming networks operating both within and outside the EU. The extensive operation targeted a network…

Read more →

Cybersecurity researchers have uncovered a widespread Distributed Denial-of-Service (DDoS) campaign attributed to a threat actor using the alias “Matrix.” This campaign, characterized by its global scale and the actor’s low technical sophistication, highlights the evolving landscape of cyber threats where…

Read more →

Microsoft has recently released patches addressing multiple vulnerabilities that could enable attackers to elevate privileges across various Microsoft products. The patches are part of Microsoft’s continuous efforts to enhance security and protect its users from threats. The Microsoft Security Response…

Read more →

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices about which solutions and strategies they employ to protect their organizations. The “MITRE Engenuity ATT&CK Evaluations: Enterprise” stands out as an essential resource for cybersecurity decision-makers…

Read more →

The xattr command in Unix-like systems allows for the embedding of hidden metadata within files, similar to Windows ADS, known as Rustyattr, which is being exploited by threat actors like Lazarus Group to stealthily conceal malicious payloads within seemingly benign…

Read more →

ProjectSend, an open-source file-sharing web application, has become a target of active exploitation following the recent assignment of CVE-2024-11680 on November 25, 2024. Despite the availability of a patch for more than a year, adoption rates remain alarmingly low, leaving…

Read more →

NVIDIA has released a critical security update addressing a significant vulnerability in its Unified Fabric Manager (UFM) products. This flaw, identified as CVE-2024-0130, poses a high-severity risk to users, with a CVSS v3.1 base score of 8.8. The vulnerability could allow attackers…

Read more →

Fukui Prefectural Police have indicted a 15-year-old junior high school student from Saitama Prefecture for allegedly creating and distributing malware. The young suspect, who was only 14 at the time of the incidents, faces charges under Japan’s Unauthorized Access Prevention…

Read more →

GitLab, a widely used platform for DevOps lifecycle management, has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address multiple vulnerabilities, including a high-severity issue that could allow attackers to escalate privileges via…

Read more →

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical security fixes. This latest release enhances privacy, developer tools, and enterprise functionality while introducing several new features and updates. Here’s everything you need to know! One…

Read more →

In a new wave of cyberattacks, the Russia-aligned hacking group “RomCom” has been found exploiting critical zero-day vulnerabilities in Microsoft Windows and Mozilla Firefox products. Security researchers at ESET uncovered the alarming attack chain, which uses the vulnerabilities to deploy…

Read more →

Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and government entities since 2023.  They employ advanced techniques, including exploiting vulnerabilities, lateral movement, and deploying multiple backdoors like GHOSTSPIDER, SNAPPYBEE, and MASOL RAT, which have…

Read more →

A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which is installed on over 200,000 websites. The vulnerability, which includes two distinct flaws (CVE-2024-10542 and CVE-2024-10781), could allow attackers to install and activate arbitrary plugins…

Read more →

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users into granting excessive permissions, where these apps, installed millions of times, exfiltrate sensitive data to C2 servers via encrypted HTTP requests.  Primarily targeting South America,…

Read more →

CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond, LockBit, and Chaos to launch DDoS and ransomware attacks against targets opposing Russian interests.  The highly skilled members of the group modify and improve these…

Read more →

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created ripples across global retail and manufacturing sectors, affecting major players like Starbucks and prominent UK supermarket chains. The breach, which occurred on November 21, underscores…

Read more →

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of users to potential security risks. These flaws, categorized under various CVEs (Common Vulnerabilities and Exposures), range from privilege escalation to data theft and unauthorized access…

Read more →

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler software that allows user credentials to be stored in plain text. This issue, identified as CVE-2024-49351, could enable local users to access sensitive information such…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment (RTA) conducted on a critical infrastructure organization in the United States. The assessment, carried out over three months, simulated real-world cyberattacks to evaluate the organization’s…

Read more →

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address multiple vulnerabilities that could allow malicious users to compromise affected systems. Wyse Management Suite is a flexible hybrid cloud solution that empowers IT admin to securely…

Read more →

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced techniques, whereas recent variants focus on stealing Facebook Ads Manager budget details, potentially enabling malicious ad campaigns.  Now they pilfer credit card information alongside browser…

Read more →

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims to fake login pages hosted on Weebly, targeting telecommunications and financial sectors in late October 2024. Financially motivated threat actors exploit Weebly’s ease of use…

Read more →

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute malicious JavaScript and send crafted requests to interconnected Microsoft applications like Outlook, OneDrive, and Copilot. The exploit leveraged the trust placed in Bing’s root domain…

Read more →

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including sophisticated fraud schemes such as “pig butchering.” This move is part of Meta’s ongoing effort to combat organized criminal networks that exploit social media platforms…

Read more →

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content management solution. The vulnerability, rated with a CVSS v3.1 Base Score of 9.8 (Critical), could allow attackers to execute arbitrary code on affected servers. This…

Read more →

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2024-11477, has been attributed to an integer underflow in the Zstandard decompression implementation, which could…

Read more →

A massive data breach has sent shockwaves across the globe, as a database containing sensitive financial information for over 1.2 million credit cards has been leaked on the dark web. According to reports from cybersecurity watchers, the database was shared…

Read more →

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as “GruesomeLarch” (also known as APT28, Fancy Bear, or Forest Blizzard), has unveiled a novel attack technique dubbed the “Nearest Neighbor Attack.” Leveraging compromised Wi-Fi networks close…

Read more →

Microsoft’s Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based cybercriminal Abanoub Nady, known online as “MRxC0DER.”  Nady developed and sold “do-it-yourself” phishing kits under the fraudulent “ONNX” brand, enabling cybercriminals to easily launch large-scale…

Read more →

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services.  The group has deployed various backdoors, including Cobalt…

Read more →

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions.  Initial access is…

Read more →

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection and analysis by infiltrating systems primarily via USB drives, utilizing the TOR network for covert communication with its C2 servers.  The malware’s multi-layered structure and…

Read more →

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report from Censys reveals that over 145,000 industrial control system (ICS) devices are exposed to the internet. Among these, thousands of human-machine interfaces (HMIs) — which…

Read more →

In a dramatic escalation of its antitrust lawsuit against Google, the U.S. Department of Justice (DOJ) has proposed sweeping changes to the tech giant’s operations, including the forced sale of its Chrome browser and potentially its Android operating system. The…

Read more →

The U.S. Department of Justice (DOJ) announced the seizure of the illicit PopeyeTools platform, a notorious online marketplace for stolen credit cards and cybercrime tools. Alongside the takedown, authorities unsealed criminal charges against three alleged administrators: Abdul Ghaffar (25) and…

Read more →

In a breach that lawmakers are calling the most serious in U.S. history, Chinese hackers infiltrated the nation’s telecommunications systems, gaining the ability to listen to phone conversations and read text messages by exploiting outdated equipment and vulnerabilities in network…

Read more →

A design flaw in the logging mechanism of Fortinet’s VPN servers has been uncovered, allowing attackers to conduct brute-force attacks without detection. This vulnerability, disclosed by cybersecurity researchers at Pentera, highlights a critical gap in Fortinet’s ability to log successful…

Read more →

Helldown, a new ransomware group, actively exploits vulnerabilities to breach networks, as since August 2024, they have compromised 28 victims, leaking their data on a dedicated website.  The ransomware group IS has updated its data leak site, removing three victims,…

Read more →