Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Google Workspace has announced new password policies that will impact how users and third-party apps access Google services. The changes, aimed at eliminating less secure sign-in methods, will be implemented in stages throughout 2024. Here’s what you need to know…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently being exploited in the wild. These vulnerabilities affect various products, from routers to software platforms, posing significant risks to users worldwide. The vulnerabilities have been identified…

Read more →

In a new campaign that is aimed at users who speak Russian, the modular remote access tool (RAT) known as DCRat has been utilized.  Delivered through HTML smuggling, a technique not previously seen with DCRat, the malware leverages its typical…

Read more →

The newly emerged Gorilla Botnet has exhibited unprecedented activity, launching over 300,000 DDoS attacks against targets in over 100 countries between September 4 and 27.  The botnet, a modified version of Mirai, supports multiple CPU architectures and employs advanced techniques…

Read more →

Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according to Mayor Vitali Klitschko. The German-supplied technology has achieved a 100% hit rate in defending the Ukrainian capital. The German government plans to install Diehl missile…

Read more →

Simon Kaura, a Nigerian national deported from the United Kingdom, was sentenced in a U.S. federal court for his involvement in a global conspiracy to sell stolen financial information on the dark web. The sentencing marks a crucial victory in…

Read more →

Cybersecurity experts have uncovered a significant connection between hacktivist groups BlackJack and Twelve through overlapping tactics, techniques, and procedures (TTPs). This discovery illuminates the sophisticated methods employed by these groups and raises questions about their potential collaboration or shared objectives.…

Read more →

The Israeli army reportedly hacked into the control tower of Beirut’s Rafic Hariri International Airport. The incident involved issuing threats against an Iranian civilian aircraft attempting to land, according to official sources cited by Anadolu Agency. Lebanese Response to Israeli…

Read more →

Cybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto drainer app disguised as the legitimate WalletConnect protocol, which remained undetected for over five months and was downloaded 10,000 times, exploited the name of the well-known…

Read more →

Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which leverage NLP and ML are increasingly being used by businesses to enhance productivity and revenue. While they offer personalized experiences and valuable data insights, they also…

Read more →

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its stealer component, which is part of a broader set of transformations, making it difficult for analysts to reverse engineer the binary.  It introduces obfuscated code that…

Read more →

Phishing attackers employed an HTML smuggling technique to deliver a malicious payload, as the attack chain started with a phishing email mimicking an American Express notification, leading to a series of redirects.  The final redirect pointed to a Cloudflare R2…

Read more →

Hackers are increasingly exploiting third-party email infrastructures to send spam emails. This tactic complicates the detection and prevention of spam and threatens the integrity of legitimate email communications. By leveraging vulnerabilities in various online platforms, cybercriminals can masquerade as legitimate…

Read more →

Cybersecurity researchers have uncovered a significant vulnerability in Kia vehicles that allowed hackers to remotely control key functions using nothing more than a car’s license plate. This breach, discovered on June 11, 2024, exposed the potential for unauthorized access to…

Read more →

The original threat actor behind the Octo malware family has released a new variant, Octo2, with enhanced stability for remote action capabilities to facilitate Device Takeover attacks.  This new variant targets European countries and employs sophisticated obfuscation techniques, including the…

Read more →

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the Zerologon vulnerability, allowing them to gain unauthorized access to networks, affecting various industries and critical infrastructure sectors, demanding ransom payments for data release.  The group’s recent…

Read more →

Runtime environments offer a flexible way to customize Automation Account Runbooks with specific packages. While base system-generated environments can’t be directly modified, they can be indirectly changed by adding packages to the old experience and then switching to the new…

Read more →

The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations. It encrypts and deletes victim data, exfiltrates sensitive information, and aims to inflict maximum damage on critical assets. The threat actor likely scans IP address ranges…

Read more →

North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue for their regime, evading sanctions and funding WMD programs by exploiting privileged access to enable cyber intrusions.  Facilitators, often non-North Koreans, assist these workers by laundering…

Read more →

Researchers observed two distinct instances where users were inadvertently led to malicious websites after conducting Google searches for video streaming services. These victims were redirected to malicious URLs that employed a deceptive tactic while attempting to access sports or movie…

Read more →

Kryptina RaaS, a free and open-source RaaS platform for Linux, initially struggled to attract attention. Still, after a Mallox affiliate’s staging server was leaked in May 2024, Kryptina’s modified version, branded Mallox v1.0, gained prominence.  The research examines the data…

Read more →

TeamTNT is targeting CentOS VPS clouds with SSH brute force attacks. It has uploaded a malicious script that disables security, deletes logs, and modifies system files to kill existing miners, remove Docker containers, and redirect DNS to Google servers. The…

Read more →

C2 frameworks, crucial for post-exploitation operations, offer open-source alternatives to Cobalt Strike. They streamline the management of compromised systems, enable efficient collaboration, and evade detection by providing customizable behaviors. It is a toolset attackers use to control and manage compromised…

Read more →

Microsoft has identified a new attack vector employed by the financially motivated threat actor Vanilla Tempest. This actor has been observed leveraging the INC ransomware to target healthcare organizations within the United States.  Specifically, Vanilla Tempest is exploiting vulnerabilities in…

Read more →

In the past four weeks, a significant increase in malware distribution attempts via fake Captcha campaigns has been observed, targeting over 1.4 million users. Lumma Stealer, a hazardous malware designed for data theft, is the primary payload being distributed.  Cybercriminals…

Read more →

Researchers are tracking a Russian threat actor deploying domains involved in crypto scams targeting the US Presidential Election and tech brands. The scams offer double crypto returns for deposits and are designed to deceive users into sending coins to attacker-controlled…

Read more →

Arc’s Boosts feature lets users customize websites with CSS and JavaScript. While JavaScript Boosts are not shareable to protect security, they are synced across devices for personal use. Misconfigured Firebase ACLs enabled unauthorized users to modify the creatorID of Boosts,…

Read more →

The Five Eyes agencies recently released a joint cybersecurity advisory detailing a new botnet, Flax Typhoon, linked to Chinese state-sponsored actors. The advisory highlights the actors’ use of compromised routers and IoT devices to establish a vast botnet capable of…

Read more →

Cybersecurity researchers from BitSight TRACE have uncovered multiple 0-day vulnerabilities in Automated Tank Gauge (ATG) systems, which are integral to managing fuel storage tanks across various critical infrastructures. These vulnerabilities in six ATG systems from five vendors pose significant threats…

Read more →

MoneyGram, a leading global money transfer service, has confirmed that it was the victim of a cyberattack, following a significant network outage that disrupted customer services worldwide. The company initially reported an issue with connectivity across several of its systems,…

Read more →

Franklin County, Kansas, has fallen victim to a ransomware attack that compromised the sensitive data of nearly 30,000 residents. The breach occurred on May 19, 2024, and was not discovered until August 29, 2024. According to a report submitted by…

Read more →

Cisco disclosed a critical vulnerability identified as CVE-2024-20439, affecting its Smart Licensing Utility. An independent researcher discovered this vulnerability through reverse engineering. It involves a hardcoded static password that could allow attackers to gain unauthorized access and control over affected…

Read more →

Researchers have uncovered a massive data breach at MC2 Data, a prominent background check firm. The breach has exposed sensitive information of over 100 million US citizens, raising serious concerns about data privacy and security. Background Check Firms Under Scrutiny…

Read more →

Hackers are now impersonating company Human Resources (HR) departments to deceive employees into revealing sensitive information. This latest phishing tactic highlights the increasing sophistication of cyber threats, leveraging trust and urgency to exploit corporate environments. In this article, we dissect…

Read more →

FreeBSD has disclosed a critical remote code execution (RCE) vulnerability affecting its bhyve hypervisor. This vulnerability, CVE-2024-41721, could allow attackers to execute malicious code on the host system. The advisory, which was announced on September 19, 2024, credits Synacktiv with…

Read more →

Apple’s latest operating system update, macOS 15, also known as Sequoia, has disrupted the functionality of several prominent security tools. Users and developers have taken to social media and Mac-focused Slack channels to express their frustration over the issues caused…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued six advisories concerning vulnerabilities: These advisories highlight critical industrial control system vulnerabilities. Rockwell Automation’s RSLogix 5 and RSLogix 500 software Rockwell Automation’s RSLogix 5 and RSLogix 500 software are vulnerable due…

Read more →

A hacking group has allegedly claimed responsibility for breaching the Dell employee database. The claim was made public on a well-known hacking forum, where the group asserted that they had accessed sensitive information belonging to approximately 10,800 Dell employees and…

Read more →

Hertz, a well-known car rental company, has inadvertently exposed over 60,000 insurance claim reports. This breach has raised serious concerns about the company’s data security practices and left customers questioning the safety of their personal information. Discovery of the Breach…

Read more →

GitLab has issued an urgent call to action for organizations using its platform to patch a critical authentication bypass vulnerability. This security flaw, CVE-2024-45409, affects instances configured with SAML-based authentication. The vulnerability could potentially allow unauthorized access to sensitive data.…

Read more →

SambaSpy Attacking Windows Users With Weaponized PDF FilesResearchers discovered a targeted cybercrime campaign in May 2024 that exclusively focused on Italian victims, which was unusual as attackers typically aim for broader targets to increase profits.  However, this campaign implemented checks…

Read more →

Recent intelligence indicates a new technique employed by stealers to trick victims into entering credentials directly into a browser, enabling subsequent theft from the browser’s credential store. This method, used in conjunction with StealC malware, was first observed in August…

Read more →

Researchers identified an attack campaign targeting poorly secured Linux SSH servers, where the attack leverages Supershell, a cross-platform reverse shell backdoor written in Go, granting attackers remote control of compromised systems.  Following the initial infection, attackers are suspected to have…

Read more →

Researchers discovered a large, Chinese state-sponsored IoT botnet, “Raptor Train,” that compromised over 200,000 SOHO and IoT devices. Operated by Flax Typhoon, the botnet leveraged a sophisticated control system, “Sparrow,” to manage its extensive network.  The botnet posed a significant…

Read more →

A new method of attack has emerged that leverages WebDAV technology to host malicious files. This approach, which facilitates the distribution of the Emmenhtal loader—also known as PeakLight—has been under scrutiny since December 2023. The loader is notorious for its…

Read more →

A proof-of-concept (PoC) exploit has been released for a critical zero-day vulnerability identified as CVE-2024-7965, affecting Google’s Chrome browser. This vulnerability explicitly targets the V8 JavaScript engine and is exclusive to ARM64 architectures. The release of this PoC has raised…

Read more →

A threat actor on a well-known dark web forum has allegedly claimed responsibility for a significant data breach involving the Indian financial institution, Federal Bank. The breach reportedly exposes sensitive information of hundreds of thousands of customers, raising serious concerns…

Read more →

The anonymity of the Tor network has been scrutinized in a recent investigation by German law enforcement agencies. Despite these revelations, the Tor Project maintains that its network remains secure for users. This article delves into the details of the…

Read more →

Authorities have successfully dismantled “Ghost,” an encrypted communication platform allegedly used by cybercriminals worldwide. The operation, led by the Australian Federal Police (AFP) and involving international law enforcement agencies, marks a major victory in the ongoing battle against transnational crime…

Read more →

Cybersecurity firm Dr.Web faced a targeted cyber attack on its infrastructure on September 14. The incident prompted the company to disconnect its servers as a precautionary measure. Despite the disruption, no users protected by Dr.Web’s systems were affected. Dr.Web specialists…

Read more →

LibreOffice users are urged to update their software after disclosing a critical vulnerability, CVE-2024-7788, which affects the document repair mode. This flaw allows attackers to manipulate document signatures, potentially leading to security breaches. Vulnerability Overview LibreOffice, a popular open-source office…

Read more →

Ransomware attackers are increasingly exfiltrating data using tools like MEGAsync and Rclone. Shellbags analysis by modePUSH reveals their navigation of directories and file shares to find sensitive data. Despite exfiltrating large amounts of data, attackers prioritize valuable and protected information.…

Read more →

Windows Minifilter drivers are a type of file system filter driver that operates within the Windows operating system to manage and modify I/O operations without direct access to the file system.  They utilize the Filter Manager, which simplifies their development…

Read more →

Microsoft has confirmed the exploitation of a Windows Kernel vulnerability, identified as CVE-2024-37985, in the wild. This vulnerability, first released on July 9, 2024, and last updated on September 17, 2024, poses a significant risk due to its potential for…

Read more →

UNC2970, a North Korean cyber espionage group, used customized SumatraPDF trojans to deliver MISTPEN backdoors to victims through phishing emails pretending to be job recruiters.  The group targeted the energy and aerospace industries, copying job descriptions and engaging with victims…

Read more →

Discord has introduced end-to-end encryption (E2EE) for audio and video chats. Known as the DAVE protocol, this new feature aims to provide users with a more secure communication experience without compromising the platform’s renowned quality and performance. A Commitment to…

Read more →

A threat actor has allegedly put up for sale a database belonging to Bharat Petroleum Corporation Limited (BPCL). This alarming news was first reported by DarkWebInformer on X, raising significant cybersecurity concerns for the corporation and its stakeholders. Details of…

Read more →

VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its vCenter Server and VMware Cloud Foundation products. CVE-2024-38812 and CVE-2024-38813 vulnerabilities could allow attackers to execute remote code and escalate privileges. CVE-2024-38812: Heap-Overflow Vulnerability The first…

Read more →

The Chrome team has officially announced the release of Chrome 129, which is now available on the stable channel for Windows, Mac, and Linux. This update, which will be gradually rolled out over the coming days and weeks, addresses several…

Read more →

Two campaigns targeting Selenium Grid’s default lack of authentication are underway, as threat actors are exploiting this vulnerability to deploy malicious payloads, including exploit kits, cryptominers, and proxyjackers. Selenium Grid’s widespread use among developers, coupled with its default lack of…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities affecting Microsoft Windows MSHTML and Progress WhatsUp Gold. These vulnerabilities, identified as CVE-2024-43461 and CVE-2024-6670, are reportedly being exploited widely, posing significant risks to…

Read more →

Honeypots, decoy systems, detect and analyze malicious activity by coming in various forms and can be deployed on cloud platforms to provide insights into attacker behavior, enhancing security. The study proposes to create an interactive honeypot system using a Large…

Read more →

North Korean hackers have been identified as targeting LinkedIn users to deliver sophisticated malware known as RustDoor. This cyber threat underscores the evolving tactics of state-sponsored hacking groups, mainly from North Korea, which have increasingly turned to social engineering on…

Read more →

The Russian ransomware group Key Group, active since early 2023, is targeting organizations globally, as their modus operandi involves encrypting files and stealing data before demanding ransom via Telegram. The group utilizes the .NET-based Chaos ransomware builder to create their…

Read more →

Song Wu, a Chinese national, has been indicted on charges of wire fraud and aggravated identity theft. The charges stem from his alleged involvement in a sophisticated spear-phishing campaign targeting sensitive U.S. research and technology. This case highlights ongoing concerns…

Read more →

Millions of D-Link routers are at risk due to several critical vulnerabilities. Security researcher Raymond identified these vulnerabilities, which have been assigned multiple CVE IDs and pose severe threats to users worldwide. D-Link has issued urgent firmware updates to mitigate…

Read more →

Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products, as ColdFusion received a critical patch to mitigate a code execution flaw rated at CVSS 9.8.  Other critical vulnerabilities were found in Photoshop, Illustrator, Premier Pro,…

Read more →

Medusa, a relatively new ransomware group, has gained notoriety for its dual-pronged online presence. Unlike its peers, Medusa maintains a visible profile on the surface web alongside its traditional dark web operations.  This unusual strategy has amplified its impact, with…

Read more →

A vulnerability in Azure API Management (APIM) has been identified. It allows attackers to escalate privileges and access sensitive information. This issue arises from a flaw in the Azure Resource Manager (ARM) API, which permits unauthorized access to critical resources.…

Read more →

A newly discovered vulnerability in the Spring Framework has been identified, potentially allowing attackers to access any file on the system. This vulnerability tracked as CVE-2024-38816, affects applications using the functional web frameworks WebMvc.fn or WebFlux.fn. It is classified as…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has called upon federal agencies and organizations to take immediate action concerning a critical vulnerability affecting Ivanti Cloud Services Appliance (CSA) 4.6. The vulnerability, CVE-2024-8190, poses a significant threat as it allows cyber…

Read more →

Cluster Bravo, despite its brief initial activity, subsequently targeted 11 organizations in the same region, as researchers found that these attackers used compromised environments within the same vertical for malware staging.  Cluster Charlie, after being disrupted, returned with new techniques,…

Read more →

Kali Linux 2024.3, the most recent iteration of Offensive Security’s highly regarded Debian-based distribution designed for ethical hacking and penetration testing, has been released. This new release is a major update that includes 11 new hacking tools and focuses on…

Read more →

A hacker known as Amadon has reportedly managed to bypass the safety protocols of ChatGPT, a popular AI chatbot developed by OpenAI, to generate instructions for creating homemade explosives. This incident raises significant questions about generative AI technologies’ security and…

Read more →

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace app for Windows. These vulnerabilities, identified as CVE-2024-7889 and CVE-2024-7890, pose significant security risks. They allow local privilege escalation that could enable attackers to gain SYSTEM-level…

Read more →

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign Excel file that exploits CVE-2017-0199. By exploiting this vulnerability in Microsoft Office, attackers are able to embed malicious code within the file using OLE objects.  It…

Read more →

A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers. The flaw designated CVE-2024-45195, allows for unauthenticated remote code execution (RCE), posing a threat to organizations relying on OFBiz for their operations. CVE-2024-45195 – Vulnerability Details…

Read more →

Docker has addressed critical vulnerabilities in Docker Desktop that could allow attackers to execute remote code. These vulnerabilities, identified as CVE-2024-8695 and CVE-2024-8696, highlight the ongoing risks associated with software extensions and the importance of timely updates. CVE-2024-8695: Crafted Extension…

Read more →

Fortinet, a leading cybersecurity firm, has confirmed a data breach involving a third-party cloud service after a hacker, known by the alias “Fortibitch,” claimed to have stolen 440GB of data. The breach primarily affects a small number of Fortinet’s Asia-Pacific…

Read more →

In a strategic move to bolster its cybersecurity capabilities, Mastercard has announced an agreement to acquire Recorded Future, a leading global threat intelligence company, for $2.65 billion. This acquisition, from Insight Partners, aims to enhance Mastercard’s existing suite of services…

Read more →

RCE attacks on WhatsUp Gold exploited the Active Monitor PowerShell Script to execute malicious code, as the vulnerabilities CVE-2024-6670 and CVE-2024-6671, patched on August 16, were leveraged to execute remote access tools and gain persistence. Despite the availability of patches,…

Read more →

Exploiting memory corruption vulnerabilities in server-side software often requires knowledge of the binary and environment, which limits the attack surface, especially for unknown binaries and load-balanced environments.  Successful exploitation is challenging due to the difficulty of preparing the heap and…

Read more →

The Iranian threat actor APT34, also known as GreenBug, has recently launched a new campaign targeting Iraqi government entities by employing a custom toolset, including a novel IIS backdoor and DNS tunneling protocol.  The malware used in this campaign shares…

Read more →

CosmicBeetle, a threat actor specializing in ransomware, has recently replaced its old ransomware, Scarab, with ScRansom, a custom-built ransomware that continues to evolve.  The threat actor has been actively targeting SMBs worldwide, exploiting vulnerabilities to gain access to their systems…

Read more →

Cody Thomas developed Apfell, an open-source macOS post-exploitation framework, in 2018 and evolved into Mythic, a cross-platform framework that addresses the limitations of existing tools.  Mythic provides a unified interface for managing agents written in various languages for different platforms,…

Read more →

SCATTERED SPIDER, a ransomware group, leverages cloud infrastructure and social engineering to target insurance and financial institutions by using stolen credentials, SIM swaps, and cloud-native tools to gain and maintain access, impersonating employees to deceive victims.  Their partnership with BlackCat…

Read more →

Phishing remains a significant concern for both individuals and organizations. Recent findings from ThreatLabz have highlighted the alarming prevalence of phishing attacks targeting major brands, with Google, Microsoft, and Amazon emerging as the top three most impersonated companies. This article…

Read more →

Researchers discovered flaws in the Autel MaxiCharger EV charger that make it potential to execute arbitrary code on the device by just placing it within Bluetooth range. The vulnerabilities tracked as CVE-2024-23958, CVE-2024-23959, and CVE-2024-23967 were identified during Pwn2Own Automotive…

Read more →

CAMO, or Commercial Applications, Malicious Operations, highlights attackers’ increasing reliance on legitimate IT tools to bypass security defenses, which can be used for various malicious activities like ransomware distribution, network scanning, lateral movement, and C2 establishment. It can mislead security…

Read more →

Siemens ProductCERT has disclosed a critical vulnerability in its Industrial Edge Management systems. The vulnerability, identified as CVE-2024-45032, poses a significant risk by allowing unauthenticated remote attackers to impersonate other devices within the system. This flaw has been rated with…

Read more →

Recent research has revealed a new Android malware targeting mnemonic keys, a crucial component for cryptocurrency wallet recovery. Disguised as legitimate apps, this malware scans devices for images containing mnemonic phrases. Once installed, it covertly steals personal data like text…

Read more →

RansomHub has recently employed a novel attack method utilizing TDSSKiller and LaZagne, where TDSSKiller, traditionally used to disable EDR systems, was deployed to compromise network defenses.  Subsequently, LaZagne was used to harvest credentials from compromised systems, which is unprecedented in…

Read more →

Adobe has issued a crucial security update for its Acrobat and Reader software on Windows and macOS platforms. This update, identified as APSB24-70, addresses multiple vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update was…

Read more →

Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a modified version of the open-source network scanning tool NBTscan over the past decade.  NBTscan, designed for network discovery and forensics, sends NetBIOS status queries to IP…

Read more →

In August 2024, researchers detected a malicious Google Chrome browser infection that led to the distribution of LummaC2 stealer malware that utilized a drive-by download of a ZIP archive containing an MSI app packaging file, which, when executed, installed the…

Read more →

The air-gap data protection method isolates local networks from the internet to mitigate cyber threats and protect sensitive data, which is commonly used by organizations dealing with confidential information such as personal, financial, medical, legal, and biometric data.  By eliminating…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three critical vulnerabilities currently being exploited in the wild. These vulnerabilities affect a range of widely used software and systems, posing significant risks to organizations and individuals…

Read more →

The Zengo X Research Team has uncovered a critical flaw in WhatsApp’s “View Once” feature, designed to enhance user privacy by allowing media to be viewed only once before disappearing. This flaw, now exploited in the wild, raises significant concerns…

Read more →

Charles Darwin School in Biggin Hill, London, has been forced to close its doors following a sophisticated ransomware attack temporarily. The incident has left students and parents uncertain as the school works to restore its systems and secure sensitive data.…

Read more →

Threat actors have allegedly leaked sensitive data from Capgemini, a global leader in consulting, technology services, and digital transformation. The claims surfaced on the dark web, raising alarms about the potential impact on the company’s operations and client confidentiality. According…

Read more →