Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has…

Read more →

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post…

Read more →

Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware, a particularly active variant between 2023 and early 2024. This flaw allows victims of this specific Mallox variant to decrypt their files without paying a…

Read more →

A recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could allow unauthorized users to gain root access. This security flaw, publicly disclosed on August 30, 2024, and last modified on September…

Read more →

Tor Browser 14.0 has been officially launched. It brings significant updates and new features to enhance user privacy and browsing experience. This release is built on Firefox ESR 128, integrating a year’s worth of updates and improvements from Firefox while…

Read more →

Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where attackers impersonate legitimate entities and trick victims into divulging sensitive information or downloading malware. The BazarCall…

Read more →

Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over 10,000 stars) within hours.  These vulnerabilities include Local File Inclusion (LFI), Cross-Site Scripting (XSS), Server-Side Request…

Read more →

Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script.  The…

Read more →

Researchers discovered vulnerabilities in the Chromium web browser that allowed malicious extensions to escape the sandbox and execute arbitrary code on the user’s system.  These vulnerabilities exploited the privileged nature of WebUI pages, which provide the user interface for Chromium’s…

Read more →

IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally exposed a server…

Read more →

Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations on October 14, 2024. The campaign targeted logistics, manufacturing, government, and political entities.  An attack leveraged various non-spoofed direct-path DDoS attack vectors, including well-known nuisance networks,…

Read more →

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint public service announcement (PSA) warning of sophisticated tactics foreign actors are employing to spread disinformation ahead of the 2024 U.S. general election.…

Read more →

Winnebago Public Schools (WPS) in Nebraska was the victim of a cyberattack on October 21, 2024, which caused significant disruptions to its operations. The school district has been scrambling to restore its systems and maintain essential services. Superintendent Kamau Turner…

Read more →

A sophisticated malware loader known as Bumblebee has resurfaced, posing a significant threat to corporate networks worldwide. Cybersecurity researchers at Netskope Threat Labs have uncovered a new infection chain linked to Bumblebee. This marks its first appearance since Operation Endgame,…

Read more →

The Federal Bureau of Investigation (FBI) has apprehended Eric Council Jr., a 25-year-old resident of Athens, Alabama, for his alleged involvement in the unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024. The incident…

Read more →

Hackers impersonated the cybersecurity firm ESET to distribute destructive wiper malware. The campaign, which began on October 8, 2024, utilized phishing emails that appeared to originate from ESET’s legitimate domain. The malicious emails, purportedly from “ESET’s Advanced Threat Defense Team,”…

Read more →

A 43-year-old Italian-Australian man, one of the FBI’s most wanted hackers, was apprehended at Milan’s Malpensa Airport after evading capture for over three years. The arrest, carried out by Milan State Police officers, marks a significant victory in the global…

Read more →

Fair Vote Canada has disclosed a data leak affecting approximately 34,000 email addresses. While the organization assures that no financial information was compromised, the incident has raised concerns about data security practices. Fair Vote Canada revealed that the breach involved…

Read more →

Ukrainian Roosh Ventures has invested in the French freelance platform Jump. This was announced by tech entrepreneur and co-founder of the Roosh investment fund, Serhiy Tokarev, on his LinkedIn page: “Thrilled to announce that Roosh Ventures is backing Jump, a platform that’s…

Read more →

Roosh Ventures, a Ukrainian investment firm, has announced its investment in the French freelance platform Jump. This move was revealed by Serhiy Tokarev, co-founder of Roosh Ventures, on his LinkedIn page, highlighting the platform’s innovative approach to supporting freelancers. Revolutionizing…

Read more →

A critical vulnerability in SolarWinds Web Help Desk has been identified. It could allow attackers to execute arbitrary code on affected systems. The vulnerability tracked as CVE-2024-28988 was discovered by the Trend Micro Zero Day Initiative (ZDI) team during their…

Read more →

The Federal Police arrested a 33-year-old Brazilian hacker in Belo Horizonte, Minas Gerais. The suspect is accused of infiltrating the systems of the Federal Police (PF) and other international institutions to sell sensitive data. This arrest marks a critical step…

Read more →

Cisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware, posing significant user risks. These vulnerabilities could allow remote attackers to execute unauthorized actions, including remote code execution, configuration changes, etc. Here’s a detailed breakdown of…

Read more →

VMware released an advisory (VMSA-2024-0021) addressing a critical vulnerability in its HCX platform. The vulnerability, CVE-2024-38814, is an authenticated SQL injection flaw that poses a significant security risk. With a CVSSv3 base score of 8.8, this issue is classified as…

Read more →

A federal grand jury has indicted two Sudanese nationals, Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27. The pair are accused of operating Anonymous Sudan, a notorious cybercriminal group responsible for tens of thousands of Distributed Denial…

Read more →

A company has fallen victim to a cyberattack after unknowingly hiring a North Korean cybercriminal as a remote IT worker. The unidentified firm, based in the UK, US, or Australia, discovered the breach after the hacker downloaded sensitive data and…

Read more →

Microsoft’s customers are under constant cyber assault, facing millions of attacks daily from various threat actors as nation-states and cybercrime gangs are increasingly collaborating, escalating the severity and frequency of attacks.  They had observed a concerning trend of state-affiliated actors…

Read more →

EDRSilencer, a red team tool, interferes with EDR solutions by blocking network communication for associated processes using the WFP, which makes it harder to identify and remove malware, as EDRs cannot send telemetry or alerts. The code demonstrates a technique…

Read more →

Google has announced a significant security update for its Chrome browser, addressing 17 vulnerabilities in the latest build. The update, which affects the Stable and Extended Stable channels, will roll out over the coming days and weeks for Windows, Mac,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories on October 15, 2024. These advisories provide essential information about current security issues, vulnerabilities, and potential exploits affecting ICS. The advisories focus on vulnerabilities in…

Read more →

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to target financial and social media apps, has continued to evolve and spread through various forks and variants.  Recent research has uncovered a new campaign, dubbed ErrorFather,…

Read more →

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla, Remcos, Snake, NjRat, and others, whose primarily spread through archive files containing VBE scripts, which are encoded VBS scripts.  Once executed, these scripts decode and execute…

Read more →

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc. The breach, allegedly carried out by a collective known as IntelBroker in collaboration with EnergyWeaponUser and zjj, has raised significant concerns across the tech industry. Details of…

Read more →

A critical vulnerability in Fortinet’s FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in the wild. This format string flaw vulnerability has raised significant concerns due to its potential for remote code execution. The flaw allows attackers to control format…

Read more →

Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to execute remote code. These vulnerabilities, primarily affecting Windows installations, highlight the critical need for organizations to update and secure their systems promptly. Overview of the Security…

Read more →

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further investigation, where researchers have identified 40 variants, 16 droppers, and 22 active Command and Control servers associated with this threat.  These variants employ advanced techniques like…

Read more →

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies and connecting to various IP addresses. It establishes multiple backdoor connections and monitors user activity through Windows UI element hooks, which poses a significant security risk…

Read more →

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on critical infrastructure in the UAE and wider Gulf region.  The group employs sophisticated techniques to gain unauthorized access and exfiltrate sensitive data, such as using a…

Read more →

A critical security vulnerability has been discovered in the popular Java framework pac4j. The vulnerability specifically affects versions before 4.0 of the pac4j-core module. This vulnerability, identified as CVE-2023-25581, exposes systems to potential remote code execution (RCE) attacks due to…

Read more →

Scammers use sophisticated AI technology to impersonate tech giants like Google, aiming to take over unsuspecting users’ Gmail accounts. A recent incident highlights these fraudsters’ cunning tactics, underscoring the need for heightened vigilance. The Initial Contact: A Suspicious Notification The…

Read more →

A security vulnerability in Zendesk, a widely used customer service tool, has been uncovered. This flaw allowed attackers to access support tickets from any company using Zendesk, posing significant risks to sensitive information. Zendesk initially dismissed the vulnerability, which involved…

Read more →

18 individuals and entities have been charged with widespread fraud and manipulation within the cryptocurrency markets. The charges, unsealed in Boston, target leaders of four cryptocurrency companies, four financial services firms known as “market makers,” and various employees. This case…

Read more →

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication on cryptocurrency exchanges, which is designed specifically for NAF (New Account Fraud) attacks and can create verified but synthetic accounts by mimicking facial recognition authentication. By…

Read more →

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported…

Read more →

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide. The flaw, identified as CVE-2024-43047, is a use-after-free vulnerability resulting from memory corruption in the DSP Services while maintaining memory maps of HLOS memory. Vulnerability in Qualcomm…

Read more →

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a host of bug fixes and updates to enhance user experience and functionality. Hosted by the Wireshark Foundation, this tool is indispensable for troubleshooting, analysis, development, and…

Read more →

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability was found in Foxit PDF Reader, a widely used alternative to Adobe Acrobat.  Given the memory corruption vulnerability, attackers could execute arbitrary code on the machine…

Read more →

VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow attackers to gain root access. The vulnerabilities, identified as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, affect both VMware NSX and VMware Cloud Foundation. According to the Broadcom report,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action…

Read more →

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and…

Read more →

Hackers have infiltrated the Japan Aerospace Exploration Agency (JAXA), compromising the accounts of several high-ranking officials, including President Hiroshi Yamakawa. This alarming incident is part of a series of cyberattacks targeting JAXA since June 2023, raising concerns about the security…

Read more →

The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial ransom payments by employing third-party ransomware payloads like Babuk, RTM Locker, and RagnarLocker to encrypt files on Windows and Linux systems.  It employs ransomware in a…

Read more →

Google has rolled out a new update for its Chrome browser, addressing several high-severity security vulnerabilities. The Stable channel has been updated to version 129.0.6668.100/.101 for Windows and Mac and 129.0.6668.100 for Linux. Users will be able to access this…

Read more →

As hurricanes and other natural disasters feel their presence, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging individuals to be on high alert for potential malicious cyber activities. The agency highlights the increased risk of fraudulent…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has warned regarding two critical zero-day vulnerabilities affecting Microsoft Windows products. These vulnerabilities, identified as CVE-2024-43572 and CVE-2024-43573, pose significant security risks and have been reportedly exploited in the wild. CVE-2024-43572: Microsoft Windows…

Read more →

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm, creating a hidden administrative share and executing a malicious batch file named p.bat.  This batch file performed various malicious actions like creating and executing malicious executables,…

Read more →

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day vulnerabilities that could allow attackers to gain full control over vehicle systems. These vulnerabilities, highlighted in a presentation by security researcher Amit Geynis of PlaxidityX, underscore…

Read more →

The Awaken Likho APT group launched a new campaign in June of 2024 with the intention of targeting Russian government agencies and businesses by targeting them. The group has abandoned its previous use of the UltraVNC module for remote access…

Read more →

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network on October 5th, leading to significant disruptions in its services. The company disclosed the breach after conducting an internal investigation. The investigation revealed that the unauthorized…

Read more →

A new open-source scanner has been released to detect a critical vulnerability in the Common Unix Printing System (CUPS), explicitly targeting CVE-2024-47176. This vulnerability and others in the chain pose significant risks as it can allow remote code execution on…

Read more →

Comcast Cable Communications LLC has reported that over 237,000 users’ data has been compromised. The breach, which occurred on February 14, 2024, was discovered on July 17, 2024, and has raised concerns about the company’s cybersecurity measures. Details of the…

Read more →

American Water Works Company, Inc., a leading provider of water and wastewater services, announced that it had detected unauthorized activity within its computer networks. The company confirmed that this activity was the result of a cybersecurity incident. Upon discovery, American…

Read more →

Google has launched a pilot program to block malicious sideloading apps. This initiative is part of Google’s ongoing efforts to protect users from financial fraud and cybercrime, which have risen globally, particularly in India. Cybercrime continues to be a significant…

Read more →

A critical security vulnerability has been identified in the Cacti network monitoring tool that could allow attackers to execute remote code on affected systems. The vulnerability, detailed in the recent release of Cacti version 1.2.28, highlights the need for system…

Read more →

The researcher investigated the potential security risks associated with debugging dump files in Visual Studio by focusing on vulnerabilities that could be exploited without relying on memory corruption or specific PDB file components.  After analyzing various libraries used during debug…

Read more →

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group. This collaborative effort marks a significant step in safeguarding global democratic processes from cyber threats. Unsealing the Operation The United…

Read more →

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to systems used for court-authorized wiretapping. According to a Reuters report, the attack targeted the networks of Verizon Communications, AT&T, and Lumen Technologies. The breach raises severe…

Read more →

A critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on affected…

Read more →

A new ransomware campaign targeting individuals and organizations in the UK and the US has been identified. The attack, known as the “Prince Ransomware,” utilizes a phishing scam that impersonates the British postal carrier Royal Mail. This campaign highlights the…

Read more →

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from…

Read more →

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of domains a Russian hacking group linked to the Federal Security Service (FSB) uses. This collaborative effort is critical in countering cyber threats targeting democratic institutions worldwide.…

Read more →

Researchers have uncovered a sophisticated Linux malware, dubbed “perfctl,” actively targeting millions of Linux servers worldwide. This malicious software exploits over 20,000 types of server misconfigurations, posing a significant threat to any Linux server connected to the internet. The malware’s…

Read more →

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000 fine following a significant data breach last year. The breach involved the accidental release of the personal details of 9,400 officers and staff. Despite representations to…

Read more →

ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify and analyze emerging cyber threats. This upgrade underscores ANY.RUN’s commitment to providing comprehensive threat intelligence solutions, empowering users to navigate the ever evolving landscape of cyber…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog. This vulnerability, CVE-2024-29824, affects Ivanti Endpoint Manager (EPM) and has become a target for cybercriminals using public exploits in…

Read more →

A critical vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC), potentially allowing hackers to execute arbitrary commands on affected systems. This flaw, identified as CVE-2024-20432, was first published on October 2, 2024. Its CVSS score of 9.9…

Read more →

The Tor Project has announced the release of Tor Browser 13.5.6, which is now available for download from its official website and distribution directory. This latest version includes significant updates that focus on enhancing security and user experience across all…

Read more →

A recently discovered vulnerability in Bluetooth technology has raised significant security concerns. This flaw could allow hackers to intercept passcodes during the device pairing process, affecting a wide range of Bluetooth devices and potentially having far-reaching implications for users worldwide.…

Read more →

The need for advanced tools that can effectively simulate real-world threats is paramount. Enter GhostStrike, a sophisticated cybersecurity tool explicitly designed for Red Team operations. With its array of features aimed at evading detection and performing process hollowing on Windows…

Read more →

Google Workspace has announced new password policies that will impact how users and third-party apps access Google services. The changes, aimed at eliminating less secure sign-in methods, will be implemented in stages throughout 2024. Here’s what you need to know…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently being exploited in the wild. These vulnerabilities affect various products, from routers to software platforms, posing significant risks to users worldwide. The vulnerabilities have been identified…

Read more →

In a new campaign that is aimed at users who speak Russian, the modular remote access tool (RAT) known as DCRat has been utilized.  Delivered through HTML smuggling, a technique not previously seen with DCRat, the malware leverages its typical…

Read more →

The newly emerged Gorilla Botnet has exhibited unprecedented activity, launching over 300,000 DDoS attacks against targets in over 100 countries between September 4 and 27.  The botnet, a modified version of Mirai, supports multiple CPU architectures and employs advanced techniques…

Read more →

Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according to Mayor Vitali Klitschko. The German-supplied technology has achieved a 100% hit rate in defending the Ukrainian capital. The German government plans to install Diehl missile…

Read more →

Simon Kaura, a Nigerian national deported from the United Kingdom, was sentenced in a U.S. federal court for his involvement in a global conspiracy to sell stolen financial information on the dark web. The sentencing marks a crucial victory in…

Read more →

Cybersecurity experts have uncovered a significant connection between hacktivist groups BlackJack and Twelve through overlapping tactics, techniques, and procedures (TTPs). This discovery illuminates the sophisticated methods employed by these groups and raises questions about their potential collaboration or shared objectives.…

Read more →

The Israeli army reportedly hacked into the control tower of Beirut’s Rafic Hariri International Airport. The incident involved issuing threats against an Iranian civilian aircraft attempting to land, according to official sources cited by Anadolu Agency. Lebanese Response to Israeli…

Read more →

Cybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto drainer app disguised as the legitimate WalletConnect protocol, which remained undetected for over five months and was downloaded 10,000 times, exploited the name of the well-known…

Read more →

Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which leverage NLP and ML are increasingly being used by businesses to enhance productivity and revenue. While they offer personalized experiences and valuable data insights, they also…

Read more →

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its stealer component, which is part of a broader set of transformations, making it difficult for analysts to reverse engineer the binary.  It introduces obfuscated code that…

Read more →

Phishing attackers employed an HTML smuggling technique to deliver a malicious payload, as the attack chain started with a phishing email mimicking an American Express notification, leading to a series of redirects.  The final redirect pointed to a Cloudflare R2…

Read more →

Hackers are increasingly exploiting third-party email infrastructures to send spam emails. This tactic complicates the detection and prevention of spam and threatens the integrity of legitimate email communications. By leveraging vulnerabilities in various online platforms, cybercriminals can masquerade as legitimate…

Read more →

Cybersecurity researchers have uncovered a significant vulnerability in Kia vehicles that allowed hackers to remotely control key functions using nothing more than a car’s license plate. This breach, discovered on June 11, 2024, exposed the potential for unauthorized access to…

Read more →

The original threat actor behind the Octo malware family has released a new variant, Octo2, with enhanced stability for remote action capabilities to facilitate Device Takeover attacks.  This new variant targets European countries and employs sophisticated obfuscation techniques, including the…

Read more →

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the Zerologon vulnerability, allowing them to gain unauthorized access to networks, affecting various industries and critical infrastructure sectors, demanding ransom payments for data release.  The group’s recent…

Read more →

Runtime environments offer a flexible way to customize Automation Account Runbooks with specific packages. While base system-generated environments can’t be directly modified, they can be indirectly changed by adding packages to the old experience and then switching to the new…

Read more →

The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations. It encrypts and deletes victim data, exfiltrates sensitive information, and aims to inflict maximum damage on critical assets. The threat actor likely scans IP address ranges…

Read more →

North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue for their regime, evading sanctions and funding WMD programs by exploiting privileged access to enable cyber intrusions.  Facilitators, often non-North Koreans, assist these workers by laundering…

Read more →

Researchers observed two distinct instances where users were inadvertently led to malicious websites after conducting Google searches for video streaming services. These victims were redirected to malicious URLs that employed a deceptive tactic while attempting to access sports or movie…

Read more →

Kryptina RaaS, a free and open-source RaaS platform for Linux, initially struggled to attract attention. Still, after a Mallox affiliate’s staging server was leaked in May 2024, Kryptina’s modified version, branded Mallox v1.0, gained prominence.  The research examines the data…

Read more →