Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) announced today that major retail banks will phase out the use of One-Time Passwords (OTPs) for bank account logins within the next three months. This change…

Read more →

Hackers often target NuGet as it’s a popular package manager for .NET, which developers widely use to share and consume reusable code.  Threat actors can distribute malicious code to many projects by compromising the NuGet packages. In August 2023, ReversingLabs…

Read more →

ViperSoftX is an advanced malware that has become more complicated since its recognition in 2020, to the extent that eBooks are used on Torrent sites to spread across systems.  Unlike other kinds of malware developers who mainly focus on developing…

Read more →

Airlines often become the target of hackers as they contain sensitive personal and financial details of passengers as well as travel schedules and loyalty programs. Since airlines are attractive to threat actors, disrupting their operations can be quite damaging to…

Read more →

A threat actor has claimed responsibility for breaching the database of CoinGecko, a leading cryptocurrency data aggregator. The alleged breach has reportedly compromised 1.9 million email addresses, raising significant concerns about data security in the cryptocurrency industry. The Alleged Breach…

Read more →

EBooks are popular, and their popularity lucrative threat actors the most, as they are widely shared digital assets that can easily circumvent security measures.  Threat actors exploit users’ trust in seemingly harmless documents by embedding malware in eBook files or…

Read more →

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing various distribution methods, including email attachments, malicious ads, and compromised Samba shares.  Initially a human-operated command-and-control infrastructure, DarkGate has evolved into a versatile tool offering remote…

Read more →

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing the sensitive information of millions of its customers. The breach, which Brainstack, mSpy’s parent company, has not publicly acknowledged, has raised serious concerns about spyware applications’…

Read more →

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has recently been the victim of a cyber attack. The breach, which occurred on April 14, 2024, was discovered on June 10, 2024, and has compromised the…

Read more →

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery, dubbed the “ClickFix” infection chain. This novel attack strategy leverages advanced social engineering techniques to manipulate unsuspecting users into executing malicious scripts, leading to severe security…

Read more →

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept and modify transactions, allowing hackers to drain bank accounts or make unauthorized purchases. BlackBerry cybersecurity researchers recently detected that the Coyote banking trojan has been actively…

Read more →

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has emerged, targeting fans and attendees. Cybersecurity firm QuoIntelligence has uncovered a sophisticated fraudulent campaign involving over 700 fake domains designed to sell counterfeit tickets for the…

Read more →

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that occurred last year, involving unauthorized access to its internal servers. The breach, detected in October 2023, has prompted JAXA to implement robust countermeasures to prevent future…

Read more →

Active Directory Management Tools are essential for IT administrators to manage and secure Active Directory (AD) environments efficiently. These tools streamline tasks such as user and group management, permissions assignment, and policy enforcement, ensuring the AD infrastructure remains organized and…

Read more →

Ransomware-as-a-service (RaaS) has evolved into sophisticated enterprise-like model. From 2022 to 2023, ransomware programs advertised on the dark web increased by half, with 27 ads identified. The RAMP forum was made the main hub of hiring for ransomware. Attacks published…

Read more →

Google has announced the integration of passkeys into its Advanced Protection Program (APP). This development aims to provide an easier and more secure alternative to traditional passwords, enhancing protection against common cyber threats such as phishing, malware, and unauthorized data…

Read more →

Multiple international cybersecurity agencies jointly warn of a PRC state-sponsored cyber group, linked to the Ministry of State Security and known by various names like  APT40, Leviathan.  The group, based in Hainan Province, has targeted organizations globally, including in Australia…

Read more →

Scammers no longer need to possess technical expertise or devise intricate fraud schemes. The rise of Fraud-as-a-Service (FaaS) has revolutionized scam execution, making it easier for even the most inexperienced fraudsters to prey on unsuspecting victims. This article delves into…

Read more →

A group of threat actors has claimed responsibility for breaching the database of fast-food giant KFC. The announcement was made via a post on the social media platform X by the user @MonThreat, who is known for disseminating information about…

Read more →

In collaboration with international partners, the U.S. Federal Bureau of Investigation (FBI) and the Cyber National Mission Force (CNMF) have successfully disrupted a sophisticated AI-powered bot farm operated by Russian state-sponsored hackers. The bot farm, known as Meliorator, was used…

Read more →

Cybersecurity experts have identified a new malware strain, dubbed “XFiles Stealer,” which is actively targeting Windows users to steal passwords and other sensitive information. The discovery was made public by MonThreat, a prominent cybersecurity research group, via their official social…

Read more →

Hackers remotely execute malicious code on a compromised device or server by exploiting the Universal Code Execution vulnerability. Through this vulnerability, threat actors can inject codes into server-side interpreter languages such as Java, Python, and PHP. Hacking into this security…

Read more →

A critical vulnerability has been discovered in the Ghostscript rendering platform, identified as CVE-2024-29510. This flaw, a format string vulnerability, affects versions up to 10.03.0 and allows attackers to bypass the -dSAFER sandbox, leading to remote code execution (RCE). This…

Read more →

Hackers often weaponize LNK files because they can carry malware into systems undetected by anyone. LNK files are shortcuts that, when opened, launch a malicious payload (like scripts or executables). LNK files are widely used in Windows environments and can…

Read more →

A critical security vulnerability has been discovered in HCL Domino, a popular enterprise server software, that could potentially expose sensitive configuration information to remote unauthenticated attackers. This vulnerability, CVE-2024-23562, has raised concerns among cybersecurity experts and enterprises relying on HCL…

Read more →

Apple has removed several prominent VPN service apps from the Russian division of the App Store. The affected apps include Proton VPN, Red Shield VPN, NordVPN, and Le VPN. This action comes in response to complaints from Roskomnadzor, Russia’s federal…

Read more →

The Egyptian Health Department (EHD) has reported a data breach affecting 121,995 individuals, including one resident of Maine. The breach, which occurred on December 21, 2023, was discovered on the same day and has since raised serious concerns about data…

Read more →

A new position paper argues that Privacy Enhancing Technologies (PET) used in Home Routing are making it difficult for law enforcement to intercept information during investigations lawfully.  Home Routing allows a user’s communication to be routed through their home network…

Read more →

 A newly identified multi-stage trojan, dubbed “Orcinius,” has been reported to exploit popular cloud services Dropbox and Google Docs as part of its attack strategy. The sophisticated malware begins its assault with an innocuous-looking Excel spreadsheet, which contains a VBA…

Read more →

Roblox, the globally renowned online gaming platform, has suffered a data breach. According to a tweet from cybersecurity expert H4ckManac, the breach has exposed sensitive information, including email addresses and IP addresses of millions of users. This alarming incident has…

Read more →

A Technically Skilled individual who finds a bug faces an ethical decision: report the bug or profit from it. This is nowhere more relevant than in crypto. In this article, with the help of Ilan Abitbol from Resonance Security, I look at the…

Read more →

On June 27, 2024, Cloudflare experienced a disruption of its 1.1.1.1 DNS resolver service. This several-hour incident was caused by a combination of BGP (Border Gateway Protocol) hijacking and a route leak. The event led to a noticeable impact on…

Read more →

On June 27, 2024, Cloudflare experienced a disruption of its 1.1.1.1 DNS resolver service. This several-hour incident was caused by a combination of BGP (Border Gateway Protocol) hijacking and a route leak. The event led to a noticeable impact on…

Read more →

Active since 2015, Mekotio is a Latin American banking trojan specifically designed to target financial data in regions like Brazil, Chile, Mexico, Spain, and Peru. It exhibits links to the recently disrupted Grandoreiro malware, both likely originating from the same…

Read more →

Kimsuky, also known as the Velvet Chollima, Black Banshee, THALLIUM, or Emerald Sleet, is a North Korean state-sponsored advanced cyber espionage group that uses sophisticated methods to target political, economic, and national security interests for various countries. They are very…

Read more →

In a recent cyberattack, hackers successfully compromised Ethereum’s mailing list, attempting to drain users’ crypto funds through a sophisticated phishing campaign. The breach has raised significant concerns within the cryptocurrency community, prompting immediate action from Ethereum’s internal security team. The…

Read more →

A threat actor has claimed to have discovered a vulnerability that bypasses the two-factor authentication (2FA) on the HackerOne bug bounty platform. The claim was made public via a tweet from the account MonThreat, which is known for sharing cybersecurity-related…

Read more →

An unauthenticated endpoint vulnerability allowed threat actors to identify phone numbers associated with Authy accounts, which was identified, and the endpoint has been secured to prevent unauthorized access.  No evidence suggests the attackers gained access to internal systems or other…

Read more →

Over 380,000 web hosts have been found embedding a compromised Polyfill.io JavaScript script, linking to a malicious domain. This supply chain attack has sent shockwaves through the web development community, highlighting the vulnerabilities inherent in widely used open-source libraries. Polyfill.js,…

Read more →

Hackers target and weaponize AnyDesk, Zoom, Teams, and Chrome as these applications are widely used in a multitude of sectors. Not only that, but even these widely used applications also provide access to many users and sensitive information. Cybersecurity researchers…

Read more →

A new player has emerged on the cybercrime landscape the ransomware group “Pryx.” Pryx has claimed its first attack, announcing that it has compromised the systems of Rowan College at Burlington County (RCBC.edu) and stolen 30,000 university applications. This announcement…

Read more →

Threat actors have been found selling sensitive data from the Shopify commerce platform on the dark web. This alarming news was first reported by DarkWebInformer on their social media Twitter account, raising significant concerns about the security of e-commerce platforms…

Read more →

TotalEnergies Clientes SAU has reported a significant cyberattack that has compromised the personal data of 210,715 customers. The incident has raised serious concerns about data security and the integrity of digital infrastructures in the energy sector. Unauthorized Access Detected TotalEnergies…

Read more →

Hiap Seng Industries, a prominent engineering and construction company, has fallen victim to a ransomware attack that compromised its servers. The company has swiftly taken measures to contain the breach and ensure the continuity of its business operations. Immediate Containment…

Read more →

Gogs is a standard open-source code hosting system used by many developers. Several Gogs vulnerabilities have been discovered recently by the cybersecurity researchers at SonarSource.  Gogs can be hacked through these flaws, which put its instances at risk of source…

Read more →

A vulnerability in Junos OS on SRX Series devices allows attackers to trigger a DoS attack by sending crafted valid traffic, which is caused by improper handling of exceptional conditions within the Packet Forwarding Engine (PFE) and leads to PFE…

Read more →

A critical vulnerability has been discovered in the popular WordPress plugin “Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce.” The flaw, identified as CVE-2024-6172, has been assigned a CVSS score of 9.8, indicating its…

Read more →

A group of hackers has claimed to have discovered a critical zero-day vulnerability in Google Chrome. This exploit, which reportedly enables a sandbox escape and remote code execution (RCE), could potentially compromise millions of users worldwide. The announcement was made…

Read more →

The Rafel RAT is an advanced Android-targeting Remote Access Trojan which poses a great cybersecurity danger. This malicious program has become popular due to its prominence for breaking into device security and taking away confidential details. Knowing the origin of…

Read more →

Polyglot files have to fit in several file format specifications and respond differently depending on the calling program. This poses a significant risk to endpoint detection and response (EDR) systems and file uploaders, which mainly rely on format identification for…

Read more →

Google has unveiled kvmCTF, a new vulnerability reward program (VRP) explicitly targeting the Kernel-based Virtual Machine (KVM) hypervisor. This initiative, first announced in October 2023, underscores Google’s commitment to enhancing the security of foundational technologies like Linux and KVM, which…

Read more →

Transparent Tribe (aka APT36) has been active since 2016, focusing on social engineering strategies to target Indian government and military personnel. The CapraTube campaign of Transparent Tribe (aka APT36) was revealed in September 2023, in which threat actors employed weaponized…

Read more →

A new Orcinius Trojan has been discovered, employing VBA Stomping to hide its infection. The multi-stage trojan uses Dropbox and Google Docs to stay updated and deliver second-stage payloads.  Typically, VBA stomping removes the VBA source code in a Microsoft…

Read more →

Rapid7, Inc., a leader in extended risk and threat detection, has announced a definitive agreement to acquire Noetic Cyber, a pioneering company in cyber asset surface management (CAASM). This strategic move aims to bolster Rapid7’s existing cybersecurity solutions by integrating…

Read more →

Hackers often mimic penetration testing services to disguise their malicious activities as legitimate security assessments.  By imitating authorized security testing, attackers can exploit the trust and access typically granted to legitimate penetration testers, allowing them to move more freely within…

Read more →

Water Sigbin (8220 Gang) exploits vulnerabilities (CVE-2017-3506, CVE-2023-21839) in Oracle WebLogic servers to deliver cryptocurrency miners using PowerShell scripts.  They use a multi-stage loading technique with a .Net Reactor protecting the payload to deploy the PureCrypter loader and XMRig miner,…

Read more →

Cisco has disclosed a critical vulnerability in its widely-used NX-OS network operating system that could allow attackers to execute arbitrary commands with root privileges on affected devices. The company urges customers to upgrade to patched versions as soon as possible.…

Read more →

The Qualys Threat Research Unit has identified a newly discovered vulnerability in OpenSSH, dubbed “regreSSHion” (CVE-2024-6387). This critical flaw, which allows unauthenticated remote code execution (RCE) as root, affects over 700,000 Linux systems exposed to the internet. The regreSSHion vulnerability…

Read more →

TeamViewer has confirmed that the cyberattack on its systems was orchestrated by Russian threat actors, specifically the APT29 or Midnight Blizzard group. The attack, detected on June 26, 2024, was contained in TeamViewer’s internal corporate IT environment. Importantly, the company…

Read more →

The notorious threat actor known as IntelBroker has claimed responsibility for leaking a database belonging to Cognizant’s Oracle Insurance Policy Administration (OIPA) system. The announcement was made via Twitter on the dark web, sending shockwaves through the cybersecurity community and…

Read more →

A malware campaign of huge magnitude, and perhaps run by just one group, is using artificially nested files for distribution named ‘WEXTRACT.EXE            .MUI’. More than 50,000 files worldwide featuring this method are delivered by different…

Read more →

Microsoft has issued a new alert to its users, updating them on the continued threat posed by Midnight Blizzard, a Russian state-sponsored hacking group also known as NOBELIUM. The alert follows the initial detection of the attack by Microsoft’s Security…

Read more →

Hackers abuse Mac Stealer to covertly extract sensitive information such as passwords, financial data, and personal files from macOS devices. Besides this, macOS users or Mac users are considered valuer targets. On June 24th, Malwarebytes researchers identified another Mac-specific stealer…

Read more →

Juniper Networks has released an out-of-cycle critical update to address a severe vulnerability affecting its Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. The security flaw, identified as CVE-2024-2973, allows network-based attackers to bypass authentication and gain…

Read more →

Sony Group, the Japanese conglomerate renowned for its gaming, music, and camera prowess, has officially entered the crypto exchange market. According to crypto reporter Wu Blockchain, Sony has acquired Amber Japan, a regulated digital asset trading service provider. Amber Japan,…

Read more →

Marketing and sales software giant HubSpot announced on Friday that it is investigating a cybersecurity incident following reports of customer account hacks. The company, specializing in customer relationship management (CRM) and marketing automation software, identified the security breach on June…

Read more →

TeamViewer, a leading provider of remote access software, announced that attackers had compromised its internal corporate IT environment. The company’s security team detected the breach, who noticed an “irregularity” in their internal systems, prompting an immediate response. Swift Response and…

Read more →

A new Android banking trojan named Snowblind was discovered that exploits the Linux kernel feature seccomp, traditionally used for security, which installs a seccomp filter to intercept system calls and bypasses anti-tampering mechanisms in apps, even those with strong obfuscation…

Read more →

The U.S. Department of Justice has announced a $10 million reward for information leading to the arrest of Amin Timovich Stigal (Амин Тимович Стигал), a 22-year-old Russian citizen charged with conspiracy to hack into and destroy computer systems and data.…

Read more →

Cyberespionage actors are increasingly using ransomware as a final attack stage for financial gain, disruption, or to cover their tracks, as the report details previously undisclosed attacks by a suspected Chinese APT group, ChamelGang, who used CatB ransomware against a…

Read more →

Geisinger Health System discovered a data breach involving the personal information of over one million patients. The breach was traced back to a former employee of Nuance Communications Inc., an external vendor providing IT services to Geisinger. The ex-employee accessed…

Read more →

A Proof-of-Concept (PoC) exploit has been released for a critical SQL Injection vulnerability in Fortra FileCatalyst Workflow. This vulnerability could potentially allow attackers to modify application data. This vulnerability, CVE-2024-5276, affects all versions of Fortra FileCatalyst Workflow from 5.1.6 Build…

Read more →

Threat actors use RATs because they provide attackers with persistent access to compromised systems, enabling long-term espionage and exploitation. North Korean hackers and other actors who target the gaming community are using free malware on GitHub called XenoRAT. Hunt’s research…

Read more →

KakaoTalk is an Android application that is predominantly installed and used by over 100 million people. It is a widely popular application in South Korea that has payment, ride-hailing services, shopping, email etc., But the end-to-end encryption is not enabled…

Read more →

A new variant of the Medusa malware family was discovered disguised as a “4K Sports” app, which exhibits changes in command structure and capabilities compared to previous versions.  Researchers believe these changes are aimed at improving efficiency and strengthening the…

Read more →

Malware storage, distribution, and command and control (C2) operations are increasingly being used to leverage cloud services for recent cybersecurity threats.  But, this complicates the detection process and all the prevention efforts.  Security researchers at FortiGuard Labs have recently observed…

Read more →

Google has unveiled new features for Chrome Enterprise Core, formerly known as Chrome Browser Cloud Management. As organizations increasingly rely on cloud computing, hybrid work models, and Bring Your Device (BYOD) policies, the need for robust browser management has never…

Read more →

Multiple vulnerabilities have been identified in the TP-Link Omada system, a software-defined networking solution widely used by small to medium-sized businesses. These vulnerabilities, if exploited, could allow attackers to execute remote code, leading to severe security breaches. The affected devices…

Read more →

Bharat Sanchar Nigam Limited (BSNL), India’s state-owned telecommunications provider, has suffered a major data breach orchestrated by a threat actor known as “kiberphant0m”. The cyberattack has compromised over 278GB of sensitive data, putting millions of users at risk of SIM…

Read more →

OilRig is an Iranian-linked cyber espionage group that has been active since 2015, and this group is known for its sophisticated spear-phishing campaigns and advanced infiltration techniques.  This group conducts a multitude of cyber attacks against various sectors, and among…

Read more →

Cybersecurity researchers have identified a new ransomware payload associated with the P2Pinfect malware, primarily targeting Redis servers. This sophisticated malware, previously known for its peer-to-peer (P2P) botnet capabilities, has now evolved to include ransomware and crypto-mining functionalities. This article delves…

Read more →

⁤Hackers attack AI infrastructure platforms since these systems contain a multitude of valuable data, algorithms that are sophisticated in nature, and significant computational resources. ⁤ ⁤So, compromising such platforms provides hackers with access to proprietary models and sensitive information, and…

Read more →

Early in 2024, North Korean threat actors persisted in using the public npm registry to disseminate malicious packages that were similar to those that Jade Sleet had previously used.  Initially thought to be an extension of Sleet’s activity, further investigation…

Read more →

A threat actor has claimed to have discovered a zero-day vulnerability in the widely-used Google Chrome browser. The claim was made public via a tweet from the account MonThreat, which has previously been associated with credible cybersecurity disclosures. Details of…

Read more →

Microsoft has announced the general availability of Copilot for Security threat intelligence embedded experience in the Defender XDR portal. This AI-powered tool aims to revolutionize the way organizations access, operate on, and integrate Microsoft’s threat intelligence data. Enhancing Threat Intelligence…

Read more →

A critical security vulnerability, CVE-2024-5806, has been identified in MOVEit Transfer, a widely used managed file transfer software. The vulnerability poses significant risks to organizations relying on the software for secure data transfers. The vulnerability is rooted in improper validation of user-supplied input during the authentication process. It can…

Read more →

A new method of distributing the Remcos Remote Access Trojan (RAT) has been identified. This malware, known for providing attackers complete control over infected systems, is being spread through malicious Word documents containing shortened URLs. These URLs lead to the…

Read more →

Penetration Testing Companies are pillars of information security; nothing is more important than ensuring your systems and data are safe from unauthorized access. Many organizations have a flawed security culture, with employees motivated to protect their information rather than the…

Read more →

Attackers are leveraging a new infection technique called GrimResource that exploits MSC files. By crafting malicious MSC files, they can achieve full code execution within the context of mmc.exe (Microsoft Management Console) upon a user click.  It offers several advantages…

Read more →

Webkit vulnerabilities in PS4 and PS5 refer to bugs found in the Webkit engine used by their web browsers. These bugs, discovered in browsers like Safari and Chrome, can also exist in PS4 and PS5 because they share the same…

Read more →

Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins.  The initial discovery was made when the team found that the Social Warfare plugin had been injected with malicious code on June 22nd, 2024. This discovery was…

Read more →

Windows IIS Servers often host critical web applications and services that provide a gateway to sensitive data and systems due to which hackers attack Windows IIS servers. A South Korean medical establishment’s Windows IIS server with a Picture Archiving and…

Read more →

WikiLeaks founder Julian Assange has been released from prison after reaching a deal with the U.S. government. The agreement, announced early today, ends the long-standing legal battle between Assange and the U.S. authorities. Terms of the Deal Assange, 52, was…

Read more →

Four Vietnamese nationals have been charged for their involvement in a series of computer intrusions that caused over $71 million in losses to U.S. companies. The indictment, unsealed today, names Ta Van Tai, aka “Quynh Hoa,” aka “Bich Thuy;” Nguyen…

Read more →

In a shocking development, the NHS has revealed that it was the victim of a major cyber attack targeting Synnovis. Synnovis, formerly Viapath, is a London-based provider of pathology services. It is a partnership between Guy’s and St Thomas’ NHS…

Read more →

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve, allegedly compromising 33 terabytes of sensitive data. The announcement was made on Twitter via the group’s Dark Web Intelligence, sending shockwaves through financial and governmental sectors.…

Read more →

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB bootloader that allows for local privilege escalation (LPE). This alarming development has raised significant concerns within the cybersecurity community. A recent tweet from Dark Web Intelligence…

Read more →

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying reports, which affects tens of thousands of organizations and grants access to employee, customer, and potentially confidential data.  By exploiting this vulnerability, attackers can extract information…

Read more →

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay $11.3 million to resolve allegations of failing to meet cybersecurity requirements. Guidehouse Inc., headquartered in McLean, Virginia, will pay $7.6 million, while Nan McKay and Associates,…

Read more →

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef. This operation leverages the SugarGh0st RAT and other malware to target government agencies, research institutions, and various organizations worldwide. The campaign began in early August 2023…

Read more →