Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious actors could exploit. The update is now available on the Stable channel, with version 130.0.6723.69/.70 for Windows and Mac and version 130.0.6723.69 for Linux. The…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Threat Actors Allegedly Selling Database of 1,000 NHS Email Accounts
A database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has…
Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected
Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post…
Threat Actors Allegedly Selling Database of 1,000 NHS Email Accounts
A database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has…
Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected
Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post…
Mallox Ransomware Vulnerability Lets Victims Decrypt Files
Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware, a particularly active variant between 2023 and early 2024. This flaw allows victims of this specific Mallox variant to decrypt their files without paying a…
Red Hat NetworkManager Flaw Allows Hackers to Gain Root Access
A recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could allow unauthorized users to gain root access. This security flaw, publicly disclosed on August 30, 2024, and last modified on September…
Tor Browser 14.0 Released With New Android Circuit Options
Tor Browser 14.0 has been officially launched. It brings significant updates and new features to enhance user privacy and browsing experience. This release is built on Firefox ESR 128, integrating a year’s worth of updates and improvements from Firefox while…
Beware Of Callback Phishing Attacks Google Groups That Steal Login Details
Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where attackers impersonate legitimate entities and trick victims into divulging sensitive information or downloading malware. The BazarCall…
New AI Tool To Discover 0-Days At Large Scale With A Click Of A Button
Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over 10,000 stars) within hours. These vulnerabilities include Local File Inclusion (LFI), Cross-Site Scripting (XSS), Server-Side Request…
GHOSTPULSE Hides Within PNG File Pixel Structure To Evade Detections
Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script. The…
Critical Chrome Vulnerabilities Let Malicious Apps Run Shell Command on Your PC
Researchers discovered vulnerabilities in the Chromium web browser that allowed malicious extensions to escape the sandbox and execute arbitrary code on the user’s system. These vulnerabilities exploited the privileged nature of WebUI pages, which provide the user interface for Chromium’s…
IcePeony Hackers Exploiting Public Web Servers To Inject Webshells
IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally exposed a server…
Russia-Linked Hackers Attacking Governmental And Political Organizations
Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations on October 14, 2024. The campaign targeted logistics, manufacturing, government, and political entities. An attack leveraged various non-spoofed direct-path DDoS attack vectors, including well-known nuisance networks,…
FBI & CISA Warns of Tactics Used by Hackers Targeting 2024 U.S. General Election
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint public service announcement (PSA) warning of sophisticated tactics foreign actors are employing to spread disinformation ahead of the 2024 U.S. general election.…
Winnebago Public Schools Suffers Cyber Attack, Services Shut Down
Winnebago Public Schools (WPS) in Nebraska was the victim of a cyberattack on October 21, 2024, which caused significant disruptions to its operations. The school district has been scrambling to restore its systems and maintain essential services. Superintendent Kamau Turner…
Hackers Use Bumblebee Malware to Gain Access to Corporate Networks
A sophisticated malware loader known as Bumblebee has resurfaced, posing a significant threat to corporate networks worldwide. Cybersecurity researchers at Netskope Threat Labs have uncovered a new infection chain linked to Bumblebee. This marks its first appearance since Operation Endgame,…
FBI Arrested Hacker Behind the Takeover of the U.S. SEC X account
The Federal Bureau of Investigation (FBI) has apprehended Eric Council Jr., a 25-year-old resident of Athens, Alabama, for his alleged involvement in the unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024. The incident…
Hackers Mimic as ESET to Deliver Wiper Malware
Hackers impersonated the cybersecurity firm ESET to distribute destructive wiper malware. The campaign, which began on October 8, 2024, utilized phishing emails that appeared to originate from ESET’s legitimate domain. The malicious emails, purportedly from “ESET’s Advanced Threat Defense Team,”…
FBI’s Most Wanted Hacker Arrested in Malpensa
A 43-year-old Italian-Australian man, one of the FBI’s most wanted hackers, was apprehended at Milan’s Malpensa Airport after evading capture for over three years. The arrest, carried out by Milan State Police officers, marks a significant victory in the global…
Fair Vote Canada Data Leak: 34k Email Addresses Leaked
Fair Vote Canada has disclosed a data leak affecting approximately 34,000 email addresses. While the organization assures that no financial information was compromised, the incident has raised concerns about data security practices. Fair Vote Canada revealed that the breach involved…
Serhiy Tokarev Reveals Roosh’s Investment in the French Freelance Platform
Ukrainian Roosh Ventures has invested in the French freelance platform Jump. This was announced by tech entrepreneur and co-founder of the Roosh investment fund, Serhiy Tokarev, on his LinkedIn page: “Thrilled to announce that Roosh Ventures is backing Jump, a platform that’s…
Roosh Ventures Invests in French Freelance Platform Jump
Roosh Ventures, a Ukrainian investment firm, has announced its investment in the French freelance platform Jump. This move was revealed by Serhiy Tokarev, co-founder of Roosh Ventures, on his LinkedIn page, highlighting the platform’s innovative approach to supporting freelancers. Revolutionizing…
SolarWinds Web Help Desk Vulnerability Allows Remote Code Execution
A critical vulnerability in SolarWinds Web Help Desk has been identified. It could allow attackers to execute arbitrary code on affected systems. The vulnerability tracked as CVE-2024-28988 was discovered by the Trend Micro Zero Day Initiative (ZDI) team during their…
Hacker Arrested for Invading Computers & Selling Police Data
The Federal Police arrested a 33-year-old Brazilian hacker in Belo Horizonte, Minas Gerais. The suspect is accused of infiltrating the systems of the Federal Police (PF) and other international institutions to sell sensitive data. This arrest marks a critical step…
Cisco ATA 190 Telephone Adapter Vulnerabilities Let Attackers Execute Remote Code
Cisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware, posing significant user risks. These vulnerabilities could allow remote attackers to execute unauthorized actions, including remote code execution, configuration changes, etc. Here’s a detailed breakdown of…
VMware HCX Platform Vulnerable to SQL Injection Attacks
VMware released an advisory (VMSA-2024-0021) addressing a critical vulnerability in its HCX platform. The vulnerability, CVE-2024-38814, is an authenticated SQL injection flaw that poses a significant security risk. With a CVSSv3 base score of 8.8, this issue is classified as…
Authorities Indicted Two Anonymous Sudan Hackers Over Cyberattacks
A federal grand jury has indicted two Sudanese nationals, Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27. The pair are accused of operating Anonymous Sudan, a notorious cybercriminal group responsible for tens of thousands of Distributed Denial…
Organization Hacked Following Accidental Hiring of North Korean Remote IT Worker
A company has fallen victim to a cyberattack after unknowingly hiring a North Korean cybercriminal as a remote IT worker. The unidentified firm, based in the UK, US, or Australia, discovered the breach after the hacker downloaded sensitive data and…
Microsoft Customers Facing 600 Million Cyber Attack Launched Every Day
Microsoft’s customers are under constant cyber assault, facing millions of attacks daily from various threat actors as nation-states and cybercrime gangs are increasingly collaborating, escalating the severity and frequency of attacks. They had observed a concerning trend of state-affiliated actors…
Hackers Abuse EDRSilencer Red Team Tool To Evade Detection
EDRSilencer, a red team tool, interferes with EDR solutions by blocking network communication for associated processes using the WFP, which makes it harder to identify and remove malware, as EDRs cannot send telemetry or alerts. The code demonstrates a technique…
Chrome Security Update, 17 Vulnerabilities Patched
Google has announced a significant security update for its Chrome browser, addressing 17 vulnerabilities in the latest build. The update, which affects the Stable and Extended Stable channels, will roll out over the coming days and weeks for Windows, Mac,…
CISA Releases ICS Advisories to Mitigate Cyber Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories on October 15, 2024. These advisories provide essential information about current security issues, vulnerabilities, and potential exploits affecting ICS. The advisories focus on vulnerabilities in…
ErrorFather Hackers Attacking & Control Android Device Remotely
The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to target financial and social media apps, has continued to evolve and spread through various forks and variants. Recent research has uncovered a new campaign, dubbed ErrorFather,…
HORUS Protector Delivering AgentTesla, Remcos, Snake, NjRat Malware
The Horus Protector crypter is being used to distribute various malware families, including AgentTesla, Remcos, Snake, NjRat, and others, whose primarily spread through archive files containing VBE scripts, which are encoded VBS scripts. Once executed, these scripts decode and execute…
Hackers Allegedly Selling Data Stolen from Cisco
A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc. The breach, allegedly carried out by a collective known as IntelBroker in collaboration with EnergyWeaponUser and zjj, has raised significant concerns across the tech industry. Details of…
Fortigate SSLVPN Vulnerability Exploited in the Wild
A critical vulnerability in Fortinet’s FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in the wild. This format string flaw vulnerability has raised significant concerns due to its potential for remote code execution. The flaw allows attackers to control format…
Splunk Enterprise Vulnerabilities let Attackers Execute Remote Code
Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to execute remote code. These vulnerabilities, primarily affecting Windows installations, highlight the critical need for organizations to update and secure their systems promptly. Overview of the Security…
TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs
The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further investigation, where researchers have identified 40 variants, 16 droppers, and 22 active Command and Control servers associated with this threat. These variants employ advanced techniques like…
CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address
Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies and connecting to various IP addresses. It establishes multiple backdoor connections and monitors user activity through Windows UI element hooks, which poses a significant security risk…
OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details
Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on critical infrastructure in the UAE and wider Gulf region. The group employs sophisticated techniques to gain unauthorized access and exfiltrate sensitive data, such as using a…
pac4j Java Framework Vulnerable to RCE Attacks
A critical security vulnerability has been discovered in the popular Java framework pac4j. The vulnerability specifically affects versions before 4.0 of the pac4j-core module. This vulnerability, identified as CVE-2023-25581, exposes systems to potential remote code execution (RCE) attacks due to…
Beware of Fake AI Scam calls that Takeover your Gmail Account
Scammers use sophisticated AI technology to impersonate tech giants like Google, aiming to take over unsuspecting users’ Gmail accounts. A recent incident highlights these fraudsters’ cunning tactics, underscoring the need for heightened vigilance. The Initial Contact: A Suspicious Notification The…
Zendesk Email Spoofing Flaw Let Attackers Access Support Tickets
A security vulnerability in Zendesk, a widely used customer service tool, has been uncovered. This flaw allowed attackers to access support tickets from any company using Zendesk, posing significant risks to sensitive information. Zendesk initially dismissed the vulnerability, which involved…
18 Individuals Charged for Widespread Manipulation Cryptocurrency Markets
18 individuals and entities have been charged with widespread fraud and manipulation within the cryptocurrency markets. The charges, unsealed in Boston, target leaders of four cryptocurrency companies, four financial services firms known as “market makers,” and various employees. This case…
Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication
Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication on cryptocurrency exchanges, which is designed specifically for NAF (New Account Fraud) attacks and can create verified but synthetic accounts by mimicking facial recognition authentication. By…
Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks
A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported…
Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users
Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide. The flaw, identified as CVE-2024-43047, is a use-after-free vulnerability resulting from memory corruption in the DSP Services while maintaining memory maps of HLOS memory. Vulnerability in Qualcomm…
Wireshark 4.4.1 Released, What’s new!
Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a host of bug fixes and updates to enhance user experience and functionality. Hosted by the Wireshark Foundation, this tool is indispensable for troubleshooting, analysis, development, and…
Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code
Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability was found in Foxit PDF Reader, a widely used alternative to Adobe Acrobat. Given the memory corruption vulnerability, attackers could execute arbitrary code on the machine…
Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access
VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow attackers to gain root access. The vulnerabilities, identified as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, affect both VMware NSX and VMware Cloud Foundation. According to the Broadcom report,…
CISA Added Fortinet & Ivanti Vulnerabilities that Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action…
Network Penetration Testing Checklist – 2024
Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and…
Hackers Breached Japan Aerospace Company’s President Account
Hackers have infiltrated the Japan Aerospace Exploration Agency (JAXA), compromising the accounts of several high-ranking officials, including President Hiroshi Yamakawa. This alarming incident is part of a series of cyberattacks targeting JAXA since June 2023, raising concerns about the security…
Dark Angels Ransomware Attacking Windows And Linux/ESXi Systems
The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial ransom payments by employing third-party ransomware payloads like Babuk, RTM Locker, and RagnarLocker to encrypt files on Windows and Linux systems. It employs ransomware in a…
Chrome Security Update, Patched for High-Severity Vulnerabilities
Google has rolled out a new update for its Chrome browser, addressing several high-severity security vulnerabilities. The Stable channel has been updated to version 129.0.6668.100/.101 for Windows and Mac and 129.0.6668.100 for Linux. Users will be able to access this…
CISA Alerted Users to Remain Vigil on Natural Disasters Scam
As hurricanes and other natural disasters feel their presence, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging individuals to be on high alert for potential malicious cyber activities. The agency highlights the increased risk of fraudulent…
CISA Warns of Microsoft Zero-Day Vulnerabilities Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has warned regarding two critical zero-day vulnerabilities affecting Microsoft Windows products. These vulnerabilities, identified as CVE-2024-43572 and CVE-2024-43573, pose significant security risks and have been reportedly exploited in the wild. CVE-2024-43572: Microsoft Windows…
LemonDuck Malware Exploiting SMB Vulnerabilities To Attack Windwos Servers
The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm, creating a hidden administrative share and executing a malicious batch file named p.bat. This batch file performed various malicious actions like creating and executing malicious executables,…
Critical Automative 0-Day Flaws Let Attackers Gain Full Control Over Cars
Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day vulnerabilities that could allow attackers to gain full control over vehicle systems. These vulnerabilities, highlighted in a presentation by security researcher Amit Geynis of PlaxidityX, underscore…
Likho Hackers Using MeshCentral For Remotely Managing Victim Systems
The Awaken Likho APT group launched a new campaign in June of 2024 with the intention of targeting Russian government agencies and businesses by targeting them. The group has abandoned its previous use of the UltraVNC module for remote access…
Hackers Gained Unauthorized Network Access to Casio Networks
Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network on October 5th, leading to significant disruptions in its services. The company disclosed the breach after conducting an internal investigation. The investigation revealed that the unauthorized…
Open-Source Scanner Released to Detect CUPS Vulnerability
A new open-source scanner has been released to detect a critical vulnerability in the Common Unix Printing System (CUPS), explicitly targeting CVE-2024-47176. This vulnerability and others in the chain pose significant risks as it can allow remote code execution on…
Comcast Cyber Attack Impacts 237,000+ Users Personal Data
Comcast Cable Communications LLC has reported that over 237,000 users’ data has been compromised. The breach, which occurred on February 14, 2024, was discovered on July 17, 2024, and has raised concerns about the company’s cybersecurity measures. Details of the…
American Water Works Cyber Attack Impacts IT Systems
American Water Works Company, Inc., a leading provider of water and wastewater services, announced that it had detected unauthorized activity within its computer networks. The company confirmed that this activity was the result of a cybersecurity incident. Upon discovery, American…
Google Blocked Malicious Sideloading Apps for Indian Users
Google has launched a pilot program to block malicious sideloading apps. This initiative is part of Google’s ongoing efforts to protect users from financial fraud and cybercrime, which have risen globally, particularly in India. Cybercrime continues to be a significant…
Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been identified in the Cacti network monitoring tool that could allow attackers to execute remote code on affected systems. The vulnerability, detailed in the recent release of Cacti version 1.2.28, highlights the need for system…
RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files
The researcher investigated the potential security risks associated with debugging dump files in Visual Studio by focusing on vulnerabilities that could be exploited without relying on memory corruption or specific PDB file components. After analyzing various libraries used during debug…
Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers
Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group. This collaborative effort marks a significant step in safeguarding global democratic processes from cyber threats. Unsealing the Operation The United…
Chinese Group Hacked US Court Wiretap Systems
Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to systems used for court-authorized wiretapping. According to a Reuters report, the attack targeted the networks of Verizon Communications, AT&T, and Lumen Technologies. The breach raises severe…
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks – CVE-2024-45519
A critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on affected…
Prince Ransomware Hits UK and US via Royal Mail Phishing Scam
A new ransomware campaign targeting individuals and organizations in the UK and the US has been identified. The attack, known as the “Prince Ransomware,” utilizes a phishing scam that impersonates the British postal carrier Royal Mail. This campaign highlights the…
Cloud Penetration Testing Checklist – 2024
Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from…
Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group
Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of domains a Russian hacking group linked to the Federal Security Service (FSB) uses. This collaborative effort is critical in countering cyber threats targeting democratic institutions worldwide.…
Linux Malware perfctl Attacking Millions of Linux Servers
Researchers have uncovered a sophisticated Linux malware, dubbed “perfctl,” actively targeting millions of Linux servers worldwide. This malicious software exploits over 20,000 types of server misconfigurations, posing a significant threat to any Linux server connected to the internet. The malware’s…
Northern Ireland Police to Pay £750,000 Fine Following Data Breach
The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000 fine following a significant data breach last year. The breach involved the accidental release of the personal details of 9,400 officers and staff. Despite representations to…
ANY.RUN Upgrades Threat Intelligence to Identify Emerging Threats
ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify and analyze emerging cyber threats. This upgrade underscores ANY.RUN’s commitment to providing comprehensive threat intelligence solutions, empowering users to navigate the ever evolving landscape of cyber…
Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog. This vulnerability, CVE-2024-29824, affects Ivanti Endpoint Manager (EPM) and has become a target for cybercriminals using public exploits in…
Cisco Nexus Vulnerability Let Hackers Execute Arbitrary Commands on Vulnerable Systems
A critical vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC), potentially allowing hackers to execute arbitrary commands on affected systems. This flaw, identified as CVE-2024-20432, was first published on October 2, 2024. Its CVSS score of 9.9…
Tor Browser 13.5.6 Released – What’s New!
The Tor Project has announced the release of Tor Browser 13.5.6, which is now available for download from its official website and distribution directory. This latest version includes significant updates that focus on enhancing security and user experience across all…
New Bluetooth Vulnerability Leak, Your Passcode to Hackers During Pairing
A recently discovered vulnerability in Bluetooth technology has raised significant security concerns. This flaw could allow hackers to intercept passcodes during the device pairing process, affecting a wide range of Bluetooth devices and potentially having far-reaching implications for users worldwide.…
GhostStrike – A Cyber Security Tool for Red Team to Evade Detection
The need for advanced tools that can effectively simulate real-world threats is paramount. Enter GhostStrike, a sophisticated cybersecurity tool explicitly designed for Red Team operations. With its array of features aimed at evading detection and performing process hollowing on Windows…
Google Workspace Announced New Password Policies, What is Changing
Google Workspace has announced new password policies that will impact how users and third-party apps access Google services. The changes, aimed at eliminating less secure sign-in methods, will be implemented in stages throughout 2024. Here’s what you need to know…
CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently being exploited in the wild. These vulnerabilities affect various products, from routers to software platforms, posing significant risks to users worldwide. The vulnerabilities have been identified…
DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials
In a new campaign that is aimed at users who speak Russian, the modular remote access tool (RAT) known as DCRat has been utilized. Delivered through HTML smuggling, a technique not previously seen with DCRat, the malware leverages its typical…
GorillaBot Emerged As King For DDoS Attacks With 300,000+ Commands
The newly emerged Gorilla Botnet has exhibited unprecedented activity, launching over 300,000 DDoS attacks against targets in over 100 countries between September 4 and 27. The botnet, a modified version of Mirai, supports multiple CPU architectures and employs advanced techniques…
North Korean Hackers Attempted To Steal Sensitive Military Data
Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according to Mayor Vitali Klitschko. The German-supplied technology has achieved a 100% hit rate in defending the Ukrainian capital. The German government plans to install Diehl missile…
Nigeria Hackers Sentenced for Selling Financial Information on Dark Web
Simon Kaura, a Nigerian national deported from the United Kingdom, was sentenced in a U.S. federal court for his involvement in a global conspiracy to sell stolen financial information on the dark web. The sentencing marks a crucial victory in…
Hacktivist Groups Operating Together! Connection Ober TTPs Uncovered
Cybersecurity experts have uncovered a significant connection between hacktivist groups BlackJack and Twelve through overlapping tactics, techniques, and procedures (TTPs). This discovery illuminates the sophisticated methods employed by these groups and raises questions about their potential collaboration or shared objectives.…
Israeli Army Hacked Beirut Airport to Threaten Civilians
The Israeli army reportedly hacked into the control tower of Beirut’s Rafic Hariri International Airport. The incident involved issuing threats against an Iranian civilian aircraft attempting to land, according to official sources cited by Anadolu Agency. Lebanese Response to Israeli…
Malicious App On Google Play Steals Cryptocurrency From Android Users
Cybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto drainer app disguised as the legitimate WalletConnect protocol, which remained undetected for over five months and was downloaded 10,000 times, exploited the name of the well-known…
Hackers Attacking AI Agents To Hijacking Customer Sessions
Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which leverage NLP and ML are increasingly being used by businesses to enhance productivity and revenue. While they offer personalized experiences and valuable data insights, they also…
LummaC2 Stealer Leverages Customized Control Flow Indirection For Execution
The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its stealer component, which is part of a broader set of transformations, making it difficult for analysts to reverse engineer the binary. It introduces obfuscated code that…
Hackers Abuse HTML Smuggling Technique To Deliver Sophisticated Phishing Page
Phishing attackers employed an HTML smuggling technique to deliver a malicious payload, as the attack chain started with a phishing email mimicking an American Express notification, leading to a series of redirects. The final redirect pointed to a Cloudflare R2…
Hackers Abusing Third-Party Email Infrastructure to Send Spam Mails
Hackers are increasingly exploiting third-party email infrastructures to send spam emails. This tactic complicates the detection and prevention of spam and threatens the integrity of legitimate email communications. By leveraging vulnerabilities in various online platforms, cybercriminals can masquerade as legitimate…
Hacking Kia Cars Remotely with a License Plate
Cybersecurity researchers have uncovered a significant vulnerability in Kia vehicles that allowed hackers to remotely control key functions using nothing more than a car’s license plate. This breach, discovered on June 11, 2024, exposed the potential for unauthorized access to…
Octo2 Android Malware Attacking To Steal Banking Credentials
The original threat actor behind the Octo malware family has released a new variant, Octo2, with enhanced stability for remote action capabilities to facilitate Device Takeover attacks. This new variant targets European countries and employs sophisticated obfuscation techniques, including the…
RansomHub Ransomware Using Multiple Techniques To Disable EDR And Antivirus
The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the Zerologon vulnerability, allowing them to gain unauthorized access to networks, affecting various industries and critical infrastructure sectors, demanding ransom payments for data release. The group’s recent…
Researchers Backdoored Azure Automation Account Packages And Runtime Environments
Runtime environments offer a flexible way to customize Automation Account Runbooks with specific packages. While base system-generated environments can’t be directly modified, they can be indirectly changed by adding packages to the old experience and then switching to the new…
TWELVE Threat Attacks Windows To Encrypt Then Deleting Victims’ Data
The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations. It encrypts and deletes victim data, exfiltrates sensitive information, and aims to inflict maximum damage on critical assets. The threat actor likely scans IP address ranges…