Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

ToddyCat is an APT group that has been active since December 2020, and primarily it targets the government and military entities in Europe and Asia.  The group is known for its sophisticated cyber-espionage tactics and has been involved in multiple…

Read more →

Halliburton Company has confirmed that a cyber attack led to unauthorized access and data theft from its systems. The incident, which came to light on August 21, 2024, has prompted the company to initiate a comprehensive cybersecurity response plan. Immediate…

Read more →

Microsoft released several patches for multiple vulnerabilities during the Patch Tuesday for August 2024. One of the vulnerabilities listed by Microsoft was the CVE-2024-38106. This vulnerability is associated with Windows Kernel Privilege Escalation affecting multiple Microsoft Windows OSes including Windows…

Read more →

Google has released a patch addressing a critical zero-day vulnerability that has been actively exploited. This vulnerability, CVE-2024-32896, is a privilege escalation flaw within the Android Framework component. The patch, part of the Android Security Bulletin for September 2024, underscores…

Read more →

The FBI has issued a stark warning to cryptocurrency companies, highlighting increased sophisticated cyberattacks orchestrated by North Korean hackers. These attacks, primarily targeting employees within the decentralized finance (DeFi) and cryptocurrency sectors, are part of a broader strategy to steal…

Read more →

A new malicious software named “Fury Stealer” has been detected, posing a significant threat to online security. The malware, created by an unidentified threat actor, is designed to steal sensitive information, including login passwords, from unsuspecting victims. Cybersecurity analyst MonThreat…

Read more →

The D-Link DAP-2310 Wireless Access Point (WAP) has been identified as vulnerable to remote code execution (RCE). Dark Wolf Solutions discovered this vulnerability, which seriously threatens users by allowing attackers to gain unauthorized remote access. This guide delves into the…

Read more →

Cyble Research & Intelligence Labs has recently found information about a new type of malware-as-a-service (MaaS) called ‘ManticoraLoader’ in some underground forums. Since August 8, 2024, on forums and Telegram, this MaaS service has been offered by the threat group…

Read more →

The FTC has ordered Verkada to implement a comprehensive information security program to address its lax security practices that allowed a hacker to compromise customer security cameras.  Verkada will pay a $2.95 million fine for violating the CAN-SPAM Act by…

Read more →

Microsoft identified a new custom multi-stage backdoor, “Tickler,” deployed by the Iranian state-sponsored threat actor Peach Sandstorm between April and July 2024.  Targeting sectors like satellite, communications equipment, oil and gas, and government, Tickler has been used to gather intelligence.…

Read more →

Microsoft has identified a North Korean threat actor, Citrine Sleet, exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution on cryptocurrency targets.  The threat actor deployed the FudModule rootkit, previously attributed to Diamond Sleet, suggesting potential shared…

Read more →

Head Mare, a Russian-focused hacktivist group, gained notoriety in 2023 by targeting organizations in Russia and Belarus as they employ phishing tactics to distribute WinRAR archives exploiting the CVE-2023-38831 vulnerability, gaining initial access to victims’ systems.  Once inside, they steal…

Read more →

Zoom is a widely used videotelephony software used for virtual meetings, and its wide audience base attracts the hackers most. Cyble Research & Intelligence Labs (CRIL) has uncovered a sophisticated phishing operation targeting Zoom users.  The scheme utilizes a fraudulent…

Read more →

The stable channel for desktops has been updated to version 128.0.6613.119/.120 for Windows and Mac, and 128.0.6613.119 for Linux. This update will be gradually rolled out over the coming days and weeks. For those using the Extended Stable channel, version…

Read more →

The People’s Cyber Army of Russia is a Russian hacktivist group known for its strategic use of DDoS attacks and other disruptive tactics.  Operating as part of the broader Russian cyber warfare landscape, the group has been involved in several…

Read more →

The FBI, CISA, MS-ISAC, and HHS have released a joint advisory detailing known RansomHub ransomware indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).  RansomHub, a ransomware-as-a-service variant, has been active since February 2024, targeting various critical infrastructure sectors,…

Read more →

Microsoft has identified a new Iranian state-sponsored threat actor, Peach Sandstorm, deploying a custom multi-stage backdoor named Tickler.  This backdoor has been used to target various sectors, including satellite, communications equipment, oil and gas, and government, in the United States…

Read more →

The recent campaign targeting the Czech Republic involves a malicious ZIP file that contains a decoy LNK file and a batch script. The LNK runs the batch script, which spawns a decoy PDF document and renames a masqueraded PDF file…

Read more →

Security Operations Centers (SOCs) and security analysts are under immense pressure to stay ahead of potential attacks. Enter CloudSOC, an open-source project designed to empower SOC teams and security analysts by providing a modern architecture that leverages open-source tools for…

Read more →

The APT-Q-12 group, also known as Pseudo Hunter, is a Northeast Asian threat actor linked to Darkhotel, which primarily targets East Asian countries, including China, North Korea, Japan, and South Korea.  They employ sophisticated techniques to infiltrate systems and steal…

Read more →

Hackers usually shift their attention towards Atlassian due to flaws in its software, especially in products like Confluence, which put organizations’ private data at risk. There are many exploits accessible over the Internet, and the ease of the attack vector…

Read more →

BlackByte, a Ransomware-as-a-Service (RaaS) group that surfaced about mid-2021 appears to have traces of Conti’s evolution. It uses productive sophistication such as bypassing security measures through the use of kernel-level exploited drivers, inducing self-replicating ransomware with worm features, and leveraging…

Read more →