EvilBamboo, formerly known as “Evil Eye,” has been found to target Tibetan, Uyghur, and Taiwanese organizations and individuals. This threat actor was mentioned as conducting custom Android malware campaigns in September 2019. In April 2020, EvilBamboo was discovered to be…
Category: GBHackers – Latest Cyber Security News | Hacker News
Threat Actors Actively Using Remote Management Tools to Deploy Ransomware
The threat actors have been spotted increasingly depending on Remote Management and Monitoring (RMM) tools, which resulted in a relatively botched Hive ransomware distribution. The original payload consisted of an executable file disguised as a legitimate document. According to Huntress, this campaign…
Millions Of Newborn Registry Records Were Compromised In A MOVEit Data Breach
The Progress MOVEit software’s vulnerability resulted in a cybersecurity breach that affected BORN (the Better Outcomes Registry & Network), which gathers data on pregnancies, births, the postpartum period, and childhood. Unauthorized copies of files containing sensitive personal health data were obtained…
Google Chrome use-after-free Vulnerability Leads to Remote Attack
Google Chrome has been recently discovered to be a Use-after-free vulnerability that threat actors can exploit to attack users. This vulnerability exists in the Google Chrome VideoEncoder, which can be triggered using a malicious web page. However, Google Chrome version…
BIND DNS System Flaws Let Attackers Launch DoS Attacks
In a recent disclosure, BIND 9, a widely-used DNS (Domain Name System) server software, has been found vulnerable to two critical security flaws, labeled CVE-2023-4236 and CVE-2023-3341. These vulnerabilities, if exploited, could have serious consequences, making it imperative for users…
OilRig: Never-seen C#/.NET Backdoor to Attack Wide Range of Industries
OilRig (APT34) is an Iranian cyberespionage group active since 2014, targeting Middle Eastern governments and various industries like:- OilRig launched DNSpionage in 2018-2019 against Lebanon and the UAE, followed by the 2019-2020 HardPass campaign using LinkedIn for energy and government…
Most Important Network Penetration Testing Checklist
Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering Open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator to close unused ports, additional services, Hide or customize banners, troubleshoot services, and…
Cryptojacking Campaign Infected Online Thesaurus With Over 5 Million Visitors
Students, authors, and anybody else wishing to improve their vocabulary and language abilities frequently utilize Thesaurus, one of the well-known platforms with 5 million monthly visitors. Cybersecurity analysts at Group-IB recently found a cryptojacking scheme on a popular Thesaurus site,…
Gold Melody Attacking Organizations With Burp Extension, Mimikatz, and Other Tools
The financially motivated GOLD MELODY threat group has been active at least since 2017, attacking organizations by taking advantage of flaws in unpatched internet-facing servers. A threat group serves as an initial access broker (IAB) by selling access to organizations…
MOVEit Transfer SQL Injection Let the Attacker Gain Unauthorized Access to the Database
MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2) and a Reflected Cross-Site Scripted (XSS). The severity for these vulnerabilities ranges between 6.1 (Medium) and 8.8 (High). Progress-owned MOVEit transfer was popularly exploited by…
LUCR-3 Attacking Fortune 2000 Companies Using Victims’ Own Tools & Apps
A new financially motivated threat group named “LUCR-3” has been discovered targeting organizations to steal intellectual property for extortion. This threat actor surpasses Scatter Spider, Oktapus, UNC3944, and Storm-0875. LUCR-3 is targeting Fortune 2000 companies in various sectors, which include…
Is QakBot Malware Officially Dead?
Only a few malware families can claim to have persisted for nearly twenty years, and QakBot (also referred to as QBot) stands among them as one of the most enduring. Since its first appearance in 2008, it has been deployed…
System Admin Pleads Guilty for Selling Pirated Business Phone Software Licenses
For taking part in a large international scheme to earn millions of dollars by selling pirated business telephone system software licenses, a computer system admin and his spouse pled guilty. Software licenses with a retail value of over $88 million are…
Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code
If you use Trend Micro Apex One, you should know that the third-party Antivirus uninstaller feature may have a security hole. This flaw could make it possible for random code to be run. Even though the National Vulnerability Database (NVD)…
T-Mobile App Glitch Exposes Other User’s Sensitive Data
The mobile application of T-Mobile has recently been a cause of concern among its customers due to issues concerning privacy. Users have reported accessing sensitive information belonging to other customers when logging into their own accounts. This alarming situation has…
China Accuses the US of Hacking Huawei Servers Since 2009
Huawei is known for its telecommunications equipment and consumer electronics, including smartphones, and the USA banned Huawei primarily due to national security concerns. As the Chinese government may utilize Huawei’s technology for spying, the U.S. government claimed that the business…
Bumblebee Malware Abuses WebDAV Protocol to Attack Organizations
In recent cybersecurity news, the notorious Bumblebee loader has made a resurgence in a new campaign, posing a significant threat to organizations’ digital security. This loader, often used as a stepping stone for ransomware attacks, had taken a pause but…
Nagios Monitoring Tool Vulnerabilities Let Attackers SQL Queries
Nagios XI is a prominent and frequently used commercial monitoring system for IT infrastructure and network monitoring. Vulnerability Research Engineer Astrid Tedenbrant found four distinct vulnerabilities in Nagios XI (version 5.11.1 and below) while conducting routine research. By making use…
Hackers Attacking Telecoms Servers With HTTPSnoop Malware
In 2022, state-sponsored actors and advanced adversaries consistently targeted telecoms globally, making it a top sector in Talos IR cases. Telecom firms with critical infrastructure assets are prime targets due to their role in national networks and as potential gateways…
Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code
Recent reports indicate that Fortinet FortiOS has been discovered with Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, which threat actors can use for malicious purposes. These vulnerabilities have been given the CVE IDs CVE-2023-29183 and CVE-2023-34984. The severity…