Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

An international coalition led by the U.S. Department of Justice has dismantled the infrastructure behind the notorious RedLine and META infostealers. These malware variants have plagued millions of computers worldwide, stealing sensitive information and facilitating further cybercriminal activities. Operation Magnus…

Read more →

The Canadian Centre for Cyber Security (Cyber Centre), a Communications Security Establishment Canada (CSE) division, has warned Canadian organizations about an ongoing cyber threat. The Cyber Centre reports that a sophisticated state-sponsored threat actor from the People’s Republic of China…

Read more →

Open Policy Agent (OPA) recently patched a critical vulnerability that could have exposed NTLM credentials of the OPA server’s local user account to remote attackers, which was present in both the OPA CLI and Go SDK.  By exploiting this flaw,…

Read more →

Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins. These plugins, disguised as legitimate tools, inject malicious JavaScript code into compromised websites, tricking users into installing malware.  The malware uses blockchain…

Read more →

Recent analysis has revealed a concerning trend in mobile app security: Many popular apps store hardcoded and unencrypted cloud service credentials directly within their codebases.  It poses a significant security risk as anyone accessing the app’s binary or source code…

Read more →

Latrodectus, a new malware loader, has rapidly evolved since its discovery, potentially replacing IcedID. It includes a command to download IcedID and has undergone multiple iterations, likely to evade detection.  Extracting configurations from these versions is crucial for effective threat…

Read more →

Researcher Marco Figueroa has uncovered a method to bypass the built-in safeguards of ChatGPT-4o and similar AI models, enabling them to generate exploit code. This discovery highlights a significant vulnerability in AI security measures, prompting urgent discussions about the future…

Read more →

Nintendo has cautioned its users about a sophisticated phishing attack that involves emails mimicking official Nintendo communication. These emails, appearing to come from addresses, are being sent by third parties and are not legitimate communications from the company. Details of…

Read more →

Multiple vulnerabilities have been discovered in the Realtek SD card reader driver, RtsPer.sys, affecting a wide range of laptops from major manufacturers like Dell and Lenovo. These vulnerabilities have been present for years, allowing non-privileged users to exploit the system…

Read more →

WhatsUp Gold, a popular network monitoring software, has identified a significant security vulnerability that could potentially expose numerous organizations to cyber attacks. The flaw, which affects versions released before 2024.0.0, involves multiple critical vulnerabilities that could allow attackers to gain…

Read more →

The St. Petersburg Garrison Military Court has sentenced four individuals involved in a notorious ransomware operation. Artem Zayets, Aleksey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov have been found guilty of illegally circulating means of payment. Puzyrevsky and Khansvyarov were also…

Read more →

A critical security vulnerability has been identified in the Common Log File System (CLFS) driver of Windows 11, allowing local users to gain elevated privileges. The Common Log File System (CLFS) is a Windows service for efficient, reliable logging, used…

Read more →

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, along with Windows and macOS. Here we have provided you with the top 10 best Linux distros in 2024 for all professionals. Hence Linux…

Read more →

A significant security vulnerability was uncovered in the AWS Cloud Development Kit (CDK), an open-source framework widely used by developers to define cloud infrastructure using familiar programming languages. This vulnerability could allow attackers to gain unauthorized access to S3 buckets,…

Read more →

NVIDIA has issued essential security updates for its GPU Display Driver, addressing multiple vulnerabilities affecting Windows and Linux systems. Users are urged to download and install these updates promptly via the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal…

Read more →

GitLab has announced the release of critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address a high-severity HTML injection vulnerability that could lead to cross-site scripting (XSS) attacks. The patched versions, 17.5.1, 17.4.3, and…

Read more →

Multiple Xerox printer models, including EC80xx, AltaLink, VersaLink, and WorkCentre, have been identified as vulnerable to an authenticated remote code execution (RCE) attack. This vulnerability tracked as CVE-2024-6333, poses a significant risk, fully allowing attackers with administrative web credentials to…

Read more →

Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software. The vulnerability could allow remote attackers to execute commands with root-level privileges. The flaw, CVE-2024-20329, affects devices running a vulnerable release of Cisco…

Read more →

Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious actors could exploit. The update is now available on the Stable channel, with version 130.0.6723.69/.70 for Windows and Mac and version 130.0.6723.69 for Linux. The…

Read more →

A database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has…

Read more →

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post…

Read more →

A database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has…

Read more →

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post…

Read more →

Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware, a particularly active variant between 2023 and early 2024. This flaw allows victims of this specific Mallox variant to decrypt their files without paying a…

Read more →

A recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could allow unauthorized users to gain root access. This security flaw, publicly disclosed on August 30, 2024, and last modified on September…

Read more →

Tor Browser 14.0 has been officially launched. It brings significant updates and new features to enhance user privacy and browsing experience. This release is built on Firefox ESR 128, integrating a year’s worth of updates and improvements from Firefox while…

Read more →

Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where attackers impersonate legitimate entities and trick victims into divulging sensitive information or downloading malware. The BazarCall…

Read more →

Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over 10,000 stars) within hours.  These vulnerabilities include Local File Inclusion (LFI), Cross-Site Scripting (XSS), Server-Side Request…

Read more →

Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script.  The…

Read more →

Researchers discovered vulnerabilities in the Chromium web browser that allowed malicious extensions to escape the sandbox and execute arbitrary code on the user’s system.  These vulnerabilities exploited the privileged nature of WebUI pages, which provide the user interface for Chromium’s…

Read more →

IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally exposed a server…

Read more →

Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations on October 14, 2024. The campaign targeted logistics, manufacturing, government, and political entities.  An attack leveraged various non-spoofed direct-path DDoS attack vectors, including well-known nuisance networks,…

Read more →

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint public service announcement (PSA) warning of sophisticated tactics foreign actors are employing to spread disinformation ahead of the 2024 U.S. general election.…

Read more →

Winnebago Public Schools (WPS) in Nebraska was the victim of a cyberattack on October 21, 2024, which caused significant disruptions to its operations. The school district has been scrambling to restore its systems and maintain essential services. Superintendent Kamau Turner…

Read more →

A sophisticated malware loader known as Bumblebee has resurfaced, posing a significant threat to corporate networks worldwide. Cybersecurity researchers at Netskope Threat Labs have uncovered a new infection chain linked to Bumblebee. This marks its first appearance since Operation Endgame,…

Read more →

The Federal Bureau of Investigation (FBI) has apprehended Eric Council Jr., a 25-year-old resident of Athens, Alabama, for his alleged involvement in the unauthorized takeover of the U.S. Securities and Exchange Commission’s (SEC) X account in January 2024. The incident…

Read more →

Hackers impersonated the cybersecurity firm ESET to distribute destructive wiper malware. The campaign, which began on October 8, 2024, utilized phishing emails that appeared to originate from ESET’s legitimate domain. The malicious emails, purportedly from “ESET’s Advanced Threat Defense Team,”…

Read more →

A 43-year-old Italian-Australian man, one of the FBI’s most wanted hackers, was apprehended at Milan’s Malpensa Airport after evading capture for over three years. The arrest, carried out by Milan State Police officers, marks a significant victory in the global…

Read more →

Fair Vote Canada has disclosed a data leak affecting approximately 34,000 email addresses. While the organization assures that no financial information was compromised, the incident has raised concerns about data security practices. Fair Vote Canada revealed that the breach involved…

Read more →

Ukrainian Roosh Ventures has invested in the French freelance platform Jump. This was announced by tech entrepreneur and co-founder of the Roosh investment fund, Serhiy Tokarev, on his LinkedIn page: “Thrilled to announce that Roosh Ventures is backing Jump, a platform that’s…

Read more →

Roosh Ventures, a Ukrainian investment firm, has announced its investment in the French freelance platform Jump. This move was revealed by Serhiy Tokarev, co-founder of Roosh Ventures, on his LinkedIn page, highlighting the platform’s innovative approach to supporting freelancers. Revolutionizing…

Read more →

A critical vulnerability in SolarWinds Web Help Desk has been identified. It could allow attackers to execute arbitrary code on affected systems. The vulnerability tracked as CVE-2024-28988 was discovered by the Trend Micro Zero Day Initiative (ZDI) team during their…

Read more →

The Federal Police arrested a 33-year-old Brazilian hacker in Belo Horizonte, Minas Gerais. The suspect is accused of infiltrating the systems of the Federal Police (PF) and other international institutions to sell sensitive data. This arrest marks a critical step…

Read more →

Cisco has disclosed multiple vulnerabilities affecting its ATA 190 Series Analog Telephone Adapter firmware, posing significant user risks. These vulnerabilities could allow remote attackers to execute unauthorized actions, including remote code execution, configuration changes, etc. Here’s a detailed breakdown of…

Read more →

VMware released an advisory (VMSA-2024-0021) addressing a critical vulnerability in its HCX platform. The vulnerability, CVE-2024-38814, is an authenticated SQL injection flaw that poses a significant security risk. With a CVSSv3 base score of 8.8, this issue is classified as…

Read more →

A federal grand jury has indicted two Sudanese nationals, Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27. The pair are accused of operating Anonymous Sudan, a notorious cybercriminal group responsible for tens of thousands of Distributed Denial…

Read more →

A company has fallen victim to a cyberattack after unknowingly hiring a North Korean cybercriminal as a remote IT worker. The unidentified firm, based in the UK, US, or Australia, discovered the breach after the hacker downloaded sensitive data and…

Read more →

Microsoft’s customers are under constant cyber assault, facing millions of attacks daily from various threat actors as nation-states and cybercrime gangs are increasingly collaborating, escalating the severity and frequency of attacks.  They had observed a concerning trend of state-affiliated actors…

Read more →

EDRSilencer, a red team tool, interferes with EDR solutions by blocking network communication for associated processes using the WFP, which makes it harder to identify and remove malware, as EDRs cannot send telemetry or alerts. The code demonstrates a technique…

Read more →

Google has announced a significant security update for its Chrome browser, addressing 17 vulnerabilities in the latest build. The update, which affects the Stable and Extended Stable channels, will roll out over the coming days and weeks for Windows, Mac,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories on October 15, 2024. These advisories provide essential information about current security issues, vulnerabilities, and potential exploits affecting ICS. The advisories focus on vulnerabilities in…

Read more →

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to target financial and social media apps, has continued to evolve and spread through various forks and variants.  Recent research has uncovered a new campaign, dubbed ErrorFather,…

Read more →

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla, Remcos, Snake, NjRat, and others, whose primarily spread through archive files containing VBE scripts, which are encoded VBS scripts.  Once executed, these scripts decode and execute…

Read more →

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc. The breach, allegedly carried out by a collective known as IntelBroker in collaboration with EnergyWeaponUser and zjj, has raised significant concerns across the tech industry. Details of…

Read more →

A critical vulnerability in Fortinet’s FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in the wild. This format string flaw vulnerability has raised significant concerns due to its potential for remote code execution. The flaw allows attackers to control format…

Read more →

Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to execute remote code. These vulnerabilities, primarily affecting Windows installations, highlight the critical need for organizations to update and secure their systems promptly. Overview of the Security…

Read more →

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further investigation, where researchers have identified 40 variants, 16 droppers, and 22 active Command and Control servers associated with this threat.  These variants employ advanced techniques like…

Read more →

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies and connecting to various IP addresses. It establishes multiple backdoor connections and monitors user activity through Windows UI element hooks, which poses a significant security risk…

Read more →

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on critical infrastructure in the UAE and wider Gulf region.  The group employs sophisticated techniques to gain unauthorized access and exfiltrate sensitive data, such as using a…

Read more →

A critical security vulnerability has been discovered in the popular Java framework pac4j. The vulnerability specifically affects versions before 4.0 of the pac4j-core module. This vulnerability, identified as CVE-2023-25581, exposes systems to potential remote code execution (RCE) attacks due to…

Read more →

Scammers use sophisticated AI technology to impersonate tech giants like Google, aiming to take over unsuspecting users’ Gmail accounts. A recent incident highlights these fraudsters’ cunning tactics, underscoring the need for heightened vigilance. The Initial Contact: A Suspicious Notification The…

Read more →

A security vulnerability in Zendesk, a widely used customer service tool, has been uncovered. This flaw allowed attackers to access support tickets from any company using Zendesk, posing significant risks to sensitive information. Zendesk initially dismissed the vulnerability, which involved…

Read more →

18 individuals and entities have been charged with widespread fraud and manipulation within the cryptocurrency markets. The charges, unsealed in Boston, target leaders of four cryptocurrency companies, four financial services firms known as “market makers,” and various employees. This case…

Read more →

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication on cryptocurrency exchanges, which is designed specifically for NAF (New Account Fraud) attacks and can create verified but synthetic accounts by mimicking facial recognition authentication. By…

Read more →

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported…

Read more →

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide. The flaw, identified as CVE-2024-43047, is a use-after-free vulnerability resulting from memory corruption in the DSP Services while maintaining memory maps of HLOS memory. Vulnerability in Qualcomm…

Read more →

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a host of bug fixes and updates to enhance user experience and functionality. Hosted by the Wireshark Foundation, this tool is indispensable for troubleshooting, analysis, development, and…

Read more →

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability was found in Foxit PDF Reader, a widely used alternative to Adobe Acrobat.  Given the memory corruption vulnerability, attackers could execute arbitrary code on the machine…

Read more →

VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow attackers to gain root access. The vulnerabilities, identified as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, affect both VMware NSX and VMware Cloud Foundation. According to the Broadcom report,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action…

Read more →

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and…

Read more →

Hackers have infiltrated the Japan Aerospace Exploration Agency (JAXA), compromising the accounts of several high-ranking officials, including President Hiroshi Yamakawa. This alarming incident is part of a series of cyberattacks targeting JAXA since June 2023, raising concerns about the security…

Read more →

The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial ransom payments by employing third-party ransomware payloads like Babuk, RTM Locker, and RagnarLocker to encrypt files on Windows and Linux systems.  It employs ransomware in a…

Read more →

Google has rolled out a new update for its Chrome browser, addressing several high-severity security vulnerabilities. The Stable channel has been updated to version 129.0.6668.100/.101 for Windows and Mac and 129.0.6668.100 for Linux. Users will be able to access this…

Read more →

As hurricanes and other natural disasters feel their presence, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging individuals to be on high alert for potential malicious cyber activities. The agency highlights the increased risk of fraudulent…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has warned regarding two critical zero-day vulnerabilities affecting Microsoft Windows products. These vulnerabilities, identified as CVE-2024-43572 and CVE-2024-43573, pose significant security risks and have been reportedly exploited in the wild. CVE-2024-43572: Microsoft Windows…

Read more →

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm, creating a hidden administrative share and executing a malicious batch file named p.bat.  This batch file performed various malicious actions like creating and executing malicious executables,…

Read more →

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day vulnerabilities that could allow attackers to gain full control over vehicle systems. These vulnerabilities, highlighted in a presentation by security researcher Amit Geynis of PlaxidityX, underscore…

Read more →

The Awaken Likho APT group launched a new campaign in June of 2024 with the intention of targeting Russian government agencies and businesses by targeting them. The group has abandoned its previous use of the UltraVNC module for remote access…

Read more →

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network on October 5th, leading to significant disruptions in its services. The company disclosed the breach after conducting an internal investigation. The investigation revealed that the unauthorized…

Read more →

A new open-source scanner has been released to detect a critical vulnerability in the Common Unix Printing System (CUPS), explicitly targeting CVE-2024-47176. This vulnerability and others in the chain pose significant risks as it can allow remote code execution on…

Read more →

Comcast Cable Communications LLC has reported that over 237,000 users’ data has been compromised. The breach, which occurred on February 14, 2024, was discovered on July 17, 2024, and has raised concerns about the company’s cybersecurity measures. Details of the…

Read more →

American Water Works Company, Inc., a leading provider of water and wastewater services, announced that it had detected unauthorized activity within its computer networks. The company confirmed that this activity was the result of a cybersecurity incident. Upon discovery, American…

Read more →

Google has launched a pilot program to block malicious sideloading apps. This initiative is part of Google’s ongoing efforts to protect users from financial fraud and cybercrime, which have risen globally, particularly in India. Cybercrime continues to be a significant…

Read more →

A critical security vulnerability has been identified in the Cacti network monitoring tool that could allow attackers to execute remote code on affected systems. The vulnerability, detailed in the recent release of Cacti version 1.2.28, highlights the need for system…

Read more →

The researcher investigated the potential security risks associated with debugging dump files in Visual Studio by focusing on vulnerabilities that could be exploited without relying on memory corruption or specific PDB file components.  After analyzing various libraries used during debug…

Read more →

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group. This collaborative effort marks a significant step in safeguarding global democratic processes from cyber threats. Unsealing the Operation The United…

Read more →

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to systems used for court-authorized wiretapping. According to a Reuters report, the attack targeted the networks of Verizon Communications, AT&T, and Lumen Technologies. The breach raises severe…

Read more →

A critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on affected…

Read more →

A new ransomware campaign targeting individuals and organizations in the UK and the US has been identified. The attack, known as the “Prince Ransomware,” utilizes a phishing scam that impersonates the British postal carrier Royal Mail. This campaign highlights the…

Read more →

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from…

Read more →

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of domains a Russian hacking group linked to the Federal Security Service (FSB) uses. This collaborative effort is critical in countering cyber threats targeting democratic institutions worldwide.…

Read more →

Researchers have uncovered a sophisticated Linux malware, dubbed “perfctl,” actively targeting millions of Linux servers worldwide. This malicious software exploits over 20,000 types of server misconfigurations, posing a significant threat to any Linux server connected to the internet. The malware’s…

Read more →

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000 fine following a significant data breach last year. The breach involved the accidental release of the personal details of 9,400 officers and staff. Despite representations to…

Read more →

ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify and analyze emerging cyber threats. This upgrade underscores ANY.RUN’s commitment to providing comprehensive threat intelligence solutions, empowering users to navigate the ever evolving landscape of cyber…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog. This vulnerability, CVE-2024-29824, affects Ivanti Endpoint Manager (EPM) and has become a target for cybercriminals using public exploits in…

Read more →

A critical vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC), potentially allowing hackers to execute arbitrary commands on affected systems. This flaw, identified as CVE-2024-20432, was first published on October 2, 2024. Its CVSS score of 9.9…

Read more →

The Tor Project has announced the release of Tor Browser 13.5.6, which is now available for download from its official website and distribution directory. This latest version includes significant updates that focus on enhancing security and user experience across all…

Read more →

A recently discovered vulnerability in Bluetooth technology has raised significant security concerns. This flaw could allow hackers to intercept passcodes during the device pairing process, affecting a wide range of Bluetooth devices and potentially having far-reaching implications for users worldwide.…

Read more →

The need for advanced tools that can effectively simulate real-world threats is paramount. Enter GhostStrike, a sophisticated cybersecurity tool explicitly designed for Red Team operations. With its array of features aimed at evading detection and performing process hollowing on Windows…

Read more →