Ensuring adherence to GDPR, the ANY RUN sandbox service employs TLS 1.3 for data in transit and AES-256 for data at rest; it is hosted in Germany and provides supplementary tools, predominantly for enterprise plans, to empower users with greater…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
CrushFTP Vulnerability Exploited in Wild to Execute Remote Code
A critical vulnerability in CrushFTP, identified as CVE-2024-4040, has been actively exploited in the wild. It allows attackers to perform unauthenticated remote code execution on vulnerable servers. This severe security flaw affects versions of CrushFTP before 10.7.1 and 11.1.0, enabling…
Hackers Abuse Google Search Ads to Deliver MSI-Packed Malware
Hackers have been found exploiting Google search ads to distribute malware through MSI (Microsoft Installer) packages. This campaign, involving the malware loader known as FakeBat, targets unsuspecting users by masquerading as legitimate software downloads. The Infection Chain: From Ad to…
Veeam RCE Flaws Let Hackers Gain Access To VSPC Servers
Veeam Service Provider console has been discovered with two critical vulnerabilities that were associated with Remote Code Execution. A CVE for these vulnerabilities is yet to be assigned. These vulnerabilities exist in version 7.x and version 8.x of the Veeam…
Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users
A new critical vulnerability has been discovered in PDF.js, which could allow a threat actor to execute arbitrary code when opening a malicious PDF. PDF.js allows browsers to render PDF files without any plugins or external software. This vulnerability affects…
Hackers Employing Steganography Methods to Deliver Notorious RemcosRAT
Hackers are now using steganography techniques to distribute the notorious Remote Access Trojan (RAT) known as RemcosRAT. This method, which involves hiding malicious code within seemingly innocuous image files, marks a concerning evolution in malware delivery tactics. The Initial Breach:…
Hackers Actively Exploiting Ivanti Pulse Secure Vulnerabilities
Juniper Threat Labs has reported active exploitation attempts targeting vulnerabilities in Ivanti Pulse Secure VPN appliances. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited to deliver the Mirai botnet, among other malware, posing a significant threat to network…
Google Simplifies Two-Factor Authentication Setup Process
Google has announced an update to its two-factor authentication (2FA) process, also known as 2-step Verification (2SV), aimed at simplifying the setup and making it easier for users to secure their accounts. The changes rolled out on Monday, May 6,…
NCA Unmasks and Sanctions Leader of Notorious LockBit Ransomware Group
In collaboration with US and Australian authorities, the UK’s National Crime Agency (NCA) has unmasked and sanctioned the leader of the notorious LockBit ransomware group, once considered the world’s most harmful cybercrime operation. Russian national Dmitry Khoroshev, who went by…
Weaponized Windows Shortcut Files Deploying Fileless RokRat Malware
Hackers target LNK (Windows shortcut) files to disseminate malware because they can embed malicious code that automatically executes when the shortcut is clicked. LNK files appear harmless but can stealthily trigger malware downloads or other malicious actions, making them an…
Trend Micro Antivirus One Let Attacker Inject Malicious Code Into Application
A significant update for Trend Micro’s Antivirus One software has been released. The update addresses a critical vulnerability that may have enabled attackers to inject malicious code. The vulnerability, called custom dynamic library injection vulnerability CVE-2024-34456, may enable an attacker…
Multiple Samsung Mobile Devices Flaw Let Attackers Execute Arbitrary Code
In a cybersecurity update, Samsung announced the patching of 25 vulnerabilities in its mobile devices, aiming to fortify them against potential code execution and privilege escalation attacks. This move is part of Samsung’s ongoing efforts to enhance the security of…
New TunnelVision Attack Lets Attackers Snoop on VPN Traffic
In a groundbreaking discovery, cybersecurity experts at Leviathan Security Group have unveiled a new type of cyberattack dubbed “TunnelVision,” which poses a threat to the security of Virtual Private Networks (VPNs). This sophisticated attack method allows cybercriminals to bypass the…
Citrix NetScaler ADC & Gateway Flaw Lets Attackers Obtain Sensitive Data Remotely
A security vulnerability has been identified in Citrix NetScaler ADC and Gateway appliances, allowing remote attackers to access sensitive data without authentication. This flaw, identified as an out-of-bounds memory read issue, affects versions up to 13.1-50.23 of the software and…
APT42 Hackers Posing As Event Organizers To Hijack Victim Network
APT42, a group linked to the Iranian government, is using social engineering tactics such as impersonating journalists and event organizers to trick NGOs, media, academia, legal firms, and activists into providing credentials to access their cloud environments. They exfiltrate data…
New Atomic Stealer Malware Copies Passwords & Wallets from Infected Macs
Several new variants of Atomic macOS Stealer, or AMOS have been observed that are intended to exfiltrate sensitive data from affected Macs. AMOS is transmitted by Trojan horses, which frequently pose as allegedly pirated or “cracked” versions of apps. It…
Best SIEM Tools List For SOC Team – 2024
The Best SIEM tools for you will depend on your specific requirements, budget, and organizational needs. There are several popular and highly regarded SIEM (Security Information and Event Management) tools available in the market What is SIEM? A security information…
Beware of Phishing Attacks Targeting AmericanExpress Card Users
Cybercriminals target American Express cardholders through deceptive emails that mimic official communications from the financial services giant. The scam attempts to trick users into divulging sensitive personal and financial information. How the Scam Works According to a recent tweet from…
Indonesia Emerging As A Hub For Highly Invasive Spyware
In today’s digital age, civil society is facing a serious threat in the form of invasive malware and surveillance technology that has the potential to cause irreparable harm. These malicious tools can infiltrate systems and compromise sensitive information, posing a…
Hackers Use Custom Backdoor & Powershell Scripts to Attack Windows Machines
The Damselfly Advanced Persistent Threat (APT) group, also known as APT42, has been actively utilizing custom backdoor variants, NiceCurl and TameCat, to infiltrate Windows machines. These backdoors are primarily delivered through spear-phishing campaigns, marking a significant escalation in the capabilities…
Europe’s Most Wanted Teenage Hacker Arrested
Julius “Zeekill” Kivimäki, once Europe’s most wanted teenage hacker, has been arrested. Kivimäki, known for his involvement with the notorious Lizard Squad, was apprehended after a series of cybercrimes that shocked the continent. A Decade of Cyber Terror Julius Kivimäki’s cybercrime career began in his early teens and quickly escalated to high-profile attacks. As…
Linksys Router Flaw Let Attackers Perform Command Injection, PoC Released
Linksys routers were discovered with two vulnerabilities: CVE-2024-33788 and CVE-2024-33789. These vulnerabilities were associated with Command Injection on Linksys routers. The severity of these vulnerabilities is yet to be categorized. However, a proof-of-concept has been published for these two vulnerabilities.…
Tinyproxy Flaw Let Attackers Execute Remote Code
A security flaw has been identified in Tinyproxy, a lightweight HTTP/HTTPS proxy daemon widely used in small network environments. The vulnerability, cataloged under CVE-2023-49606, allows remote attackers to execute arbitrary code on the host machine. This flaw poses a critical…
Ex-Cybersecurity Consultant Jailed For Trading Confidential Data
Vincent Cannady, a professional who used to work as a consultant in the cybersecurity field, has been taken into custody for allegedly trying to extort a sum of money that could go up to $1.5 million from an IT company…
Mal.Metrica Malware Hijacks 17,000+ WordPress Sites
Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges. Clicking initiates a malicious redirect, exposing users to scams or malware exploiting user familiarity with CAPTCHAs, bypassing suspicion, and…
ApacheMQ Authentication Flaw Let Unauthorized Users Perform Multiple Actions
Apache ActiveMQ is a Java based communication management tool for communicating with multiple components in a server. It is an open-source widely used messaging service that can be used to send messages between two or more applications. However, Apache ActiveMQ…
Hackers Exploit Microsoft Graph API For C&C Communications
An emerging threat leverages Microsoft’s Graph API to facilitate command-and-control (C&C) communications through Microsoft cloud services. Recently, security analysts at Symantec discovered a previously undocumented malware called BirdyClient or OneDriveBirdyClient. This malware targeted an organization in Ukraine. It abused Microsoft…
68% of Data Breach Occurs Due to Social Engineering Attacks
In the latest edition of Verizon’s Data Breach Investigations Report (DBIR) for 2024, a concerning trend has been highlighted, a significant 68% of data breaches are now occurring due to social engineering attacks. This revelation underscores the increasing sophistication and…
U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers
The United States government has issued a stark warning about a new wave of social engineering attacks orchestrated by North Korean hackers. The Department of State, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have jointly…
Threat Actors Renting Out Compromised Routers To Other Criminals
APT actors and cybercriminals both exploit proxy anonymization layers and VPN nodes to mask their malicious activities, while Pawn Storm, a well-known APT group, infiltrated a cybercriminal botnet of compromised Ubiquiti EdgeRouters in 2022 and used it for espionage. The…
Cisco IP Phone Vulnerability Let Attackers Trigger DoS Attack
Cisco has disclosed multiple vulnerabilities in its IP Phone firmware that could severely impact users by allowing unauthenticated, remote attackers to perform denial of service (DoS) attacks, gain unauthorized access, and view sensitive information. These vulnerabilities affect several Cisco IP…
New “Goldoon” Botnet Hijacking D-Link Routers to Use for Other Attacks
Security researchers at FortiGuard Labs discovered a new botnet in April that exploits a weakness in D-Link devices. Dubbed “Goldoon,” this botnet has been observed exploiting a nearly decade-old security flaw, CVE-2015-2051, to gain unauthorized control over affected routers and…
LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere
LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at…
Cuttlefish 0-click Malware Hijacks Routers & Captures Data
Cuttlefish is a new malware platform that has been identified to be active since at least July 2023. This malware platform specifically targets networking equipment like enterprise-grade small office/home office routers. The latest campaign is discovered to be ongoing from…
GoldDigger Malware Using Deep Fake AI Photos To Hijack Bank Accounts
Hackers use deep fake AI photos to impersonate individuals online, allowing them to deceive, manipulate, or gain unauthorized access to sensitive information or systems. Cybersecurity researchers at InfoBlox recently discovered GoldFamily, an evolved GoldDigger trojan targeting iOS devices to steal…
LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere
LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at…
VNC Is The Hacker’s New Remote Desktop Tool For Cyber Attacks
While facilitating remote work, remote desktop software presents security challenges for IT teams due to the use of various tools and ports. The multitude of ports makes it difficult to monitor for malicious traffic. Weak credentials and software vulnerabilities are…
ArubaOS Critical Vulnerability Let Attackers Execute Remote Code
Multiple vulnerabilities have been discovered in ArubaOS that affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. These vulnerabilities are linked to Unauthenticated Buffer Overflow (CVE-2024-26305, CVE-2024-26304, CVE-2024-33511, CVE-2024-33512 and…
Hackers Claiming Breach of UAE Government Servers
A group of hackers has claimed responsibility for infiltrating several servers belonging to the United Arab Emirates government. The announcement was made through a tweet, which has sparked widespread concern and discussions about cybersecurity measures within government infrastructures. Document Integrate…
Russian Hackers Actively Attacking Small-scale Infrastructure Sectors
Russian hacktivists increasingly target small-scale operational technology (OT) systems across North America and Europe. These attacks, primarily focused on the Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture sectors, pose significant threats to critical infrastructure. The Cybersecurity…
Threat Actors Attacking MS-SQL Servers to Deploy Ransomware
Cybersecurity experts have uncovered a series of sophisticated cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers. The attackers, identified as the TargetCompany ransomware group, have been deploying the Mallox ransomware in a bid to encrypt systems and extort victims. This…
USB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics
Honeywell’s 2024 GARD USB Threat Report analyzes malware discovered on USB devices used in industrial settings, highlighting a significant increase in malware prevalence, with a 33% rise in detections compared to the prior year. The malware poses a serious threat…
REvil Ransomware Affiliate Sentenced for 13 Years in Prison
A Ukrainian national, Yaroslav Vasinskyi, has been sentenced to 13 years and seven months in prison. Vasinskyi, known in the cyber underworld as Rabotnik, was also ordered to pay over $16 million in restitution for his role in orchestrating more…
Attention all Windows Users! The Microsoft April Security Update Could Break Your VPN
In a recent development that has caught the attention of IT administrators and users alike, Microsoft has acknowledged a significant issue affecting VPN connections on Windows devices. This problem has emerged following the installation of the April 2024 security update,…
Panda Restaurant Corporate Systems Hacked: Customer Data Exposed
Panda Restaurant Group, Inc., a leading name in the fast-food industry, has confirmed a significant breach in its corporate data systems. The incident, which came to light on March 10, 2024, has potentially compromised the personal information of an undisclosed…
Google Guide! How to Detect Browser Data Theft Using Windows Event Logs
In the ever-evolving cybersecurity landscape, Google is continually striving to protect user data from malicious actors. In a recent blog post, the tech giant revealed a novel method to detect browser data theft using Windows Event Logs. This approach aims…
Millions of Malicious “Imageless” Docker Hub Repositories Drop Malware
In a startling revelation, nearly 20% of Docker Hub repositories have been identified as conduits for malware and phishing scams, underscoring the sophisticated tactics employed by cybercriminals to exploit the platform’s credibility. The investigation unveiled that attackers had been operating…
Attackers Leverage Sidecar Container Injection Technique To Stay Stealthy
Kubernetes (K8s) is an open-source container orchestration platform designed to automate application container deployment, scaling, and running. Containers are isolated software packages that are lightweight and contain everything required for running an app. In Kubernetes, a “sidecar” refers to an…
How to Utilize Azure Logs to Identify Threats: Insights From Microsoft
Microsoft’s Azure platform is a highly acclaimed and widely recognized solution that organizations worldwide are leveraging. It is regarded as a game-changer in the industry and has emerged as a dependable and efficient platform that helps businesses achieve their goals…
Redline Malware Using Lua Bytecode to Challenge the SOC/TI Team to Detect
The first instance of Redline using such a method is in a new variant of Redline Stealer malware that McAfee has discovered uses Lua bytecode to obfuscate its malicious code. The malware was discovered on a legitimate Microsoft repository (vcpkg)…
Threat Actor Claims Selling of Dell Database with 49M User Records
A threat actor reportedly sells a database containing 49 million user records from Dell, one of the world’s leading technology companies. This significant security breach encompasses a wide range of personal and corporate information, potentially exposing millions of Dell customers…
Google Blocks 2.28M Malicious Apps Entering The Play Store
A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide the framework to create that experience for both users and developers. Here’s what these principles mean in practice: With those…
New Android Malware Mimic As Social Media Apps Steals Sensitive Data
A new RAT malware has been discovered to be targeting Android devices. This malware is capable of executing additional commands compared to other RAT malware. This malware can also perform phishing attacks by disguising itself as legitimate applications like Snapchat,…
LightSpy Malware Actively Targeting MacOS Devices
BlackBerry reported a new iOS LightSpy malware, but Huntress researchers found it to be a macOS variant targeting Intel or Apple Silicon with Rosetta 2-enabled devices. This caused media confusion, as Apple’s recent spyware alert likely referred to Pegasus spyware,…
Kaiser Permanente Cyber Attack Exposes 13.4 Million Users Data
Kaiser Permanente, one of the largest healthcare providers in the United States, was the victim of a cyber attack that compromised the personal information of approximately 13.4 million users. This incident, which involved unauthorized access to the systems of City…
Safari Vulnerability Exposes EU iOS Users to Malicious Marketplaces
A serious concern has arisen for iPhone users in the European Union as a newly discovered flaw in Apple’s Safari browser has the potential to expose them to tracking and malicious activities. The vulnerability lies in the fact that third-party…
Darkgate Malware Leveraging Autohotkey Following Teams
Researchers have uncovered a novel infection chain associated with the DarkGate malware. This Remote Access Trojan (RAT), developed using Borland Delphi, has been marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum since at least 2018. The DarkGate…
Meet the New Exclusive AI Malware Analyst: Gemini 1.5 Pro
Gemini 1.5 Pro is the latest version of the Gemini AI malware analysis platform, which is set to transform the cybersecurity industry. With its innovative features, it enables security teams to detect, investigate, and respond to malware threats with unprecedented…
An Empty S3 Bucket Can Make Your AWS Bills Explode
In the world of cloud computing, Amazon Web Services (AWS) is a giant that offers a wide range of services that cater to various needs, from storage to computation. Among these services, AWS S3 (Simple Storage Service) is a trendy…
Grafana Tool Vulnerability Let Attackers Inject SQL Queries
The popular open-source platform Grafana, widely used for monitoring and observability, has been found to contain a severe SQL injection vulnerability. This flaw allows attackers with valid user credentials to execute arbitrary SQL commands, potentially leading to data leakage and…
Hackers Tool 29 Days from Initial Hack to Sabotage Ransomware Attack
Cybersecurity experts have meticulously traced the timeline of a sophisticated ransomware attack that spanned 29 days from the initial breach to the deployment of Dagon Locker ransomware. This case study not only illuminates cybercriminals’ efficiency and persistence but also underscores…
Chinese Botnet As-A-Service Bypasses Cloudflare & Other DDoS Protection Services
A large botnet-as-a-service network originating from China was discovered, which comprises numerous domains, over 20 active Telegram groups, and utilizes other domestic communication channels. The infrastructure that supports this botnet, located in China, raises concerns about the potential for large-scale,…
PoC Exploit Released For Windows Kernel EoP Vulnerability
Microsoft released multiple product security patches on their April 2024 Patch Tuesday updates. One of the vulnerabilities addressed was CVE-2024-26218, associated with the Windows Kernel Privilege Escalation vulnerability, which had a severity of 7.8 (High). This vulnerability relates to a…
KageNoHitobito Ransomware Attacking Windows Users Around the Globe
A new ransomware named KageNoHitobito has been targeting Windows users across various countries. It encrypts their data and demands a ransom through sophisticated means. This article delves into the mechanics of the KageNoHitobito ransomware and its attack methodology and provides…
1,200+ Vulnerabilities Detected In Microsoft Products In 2023
Hackers often focus on flaws in Microsoft products since they are commonly employed in various institutions and personal computers, which means they have a bigger area to attack. This is because these systems could be used as an entry point…
Android Malware Brokewell With Complete Device Takeover Capabilities
A new family of mobile malware known as “Brokewell” has been found to have a wide range of device takeover capabilities. This seriously threatens the banking sector by giving attackers remote access to all the resources made available via mobile…
Okta Warns of Credential Stuffing Attacks Using Proxy Services
Okta has issued a warning about the increasing prevalence of credential-stuffing attacks. These attacks, which leverage stolen user credentials to gain unauthorized access to accounts, are facilitated by the widespread use of residential proxy services. This alarming trend underscores the…
Fileless .NET Based Code Injection Attack Delivers AgentTesla Malware
A recent malware campaign used a VBA macro in a Word document to download and execute a 64-bit Rust binary. This binary employs fileless injection techniques to load a malicious AgentTesla payload into its memory space. The malware leverages CLR…
NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication
Some router models have identified a security vulnerability that allows attackers to bypass authentication. To exploit this vulnerability, an attacker must know the WiFi password or have an Ethernet connection to a device on the victim’s network. Firmware updates that…
5000+ CrushFTP Servers Hacked Using Zero-Day Exploit
Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage. This makes them attractive targets for data theft and ransomware attacks for the threat actors. Besides this, the vulnerabilities in CrushFTP servers…
13,142,840 DDoS Attacks Targeted Organization Around The Globe
DDoS attacks are a significant and growing risk that can overpower websites, crash servers, and block out authorized users with never-ending waves of offensive traffic. More than 13 million DDoS attacks were recorded in 2023 alone, which reveals the real…
Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike
Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine. It has been closely monitoring the situation and has successfully detected all stages of the attack. CVE-2017-8570: The Initial Vector…
Microsoft Publicly Releases MS-DOS 4.0 Source Code
In a historic move, Microsoft has made the source code for MS-DOS 4.0, one of the most influential operating systems of all time, publicly available on GitHub. This decision marks a significant milestone in the company’s commitment to open-source software…
New SSLoad Malware Combined With Tools Hijacking Entire Network Domain
A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which utilized SSLoad malware for its operations and Cobalt Strike Implants to pivot and take over the entire network. In addition, the threat actors also used Remote…
Analyze Malicious Powershell Scripts by Running Malware in ANY.RUN Sandbox
Hackers exploit PowerShell, a built-in scripting tool on Windows (and sometimes Linux), to launch various attacks. PowerShell scripts can download malware, bypass antivirus, steal data, and grant remote access. The scripts are attractive to attackers because they are easy to…
Beware! Zero-click RCE Exploit for iMessage Circulating on Hacker Forums
A new cybersecurity threat has emerged as a zero-click remote code execution (RCE) exploit targeting Apple’s iMessage service is reportedly being circulated on various hacker forums. This exploit, which allows hackers to take control of an iPhone without any interaction…
New DragonForce Ransomware Emerged From The Leaked LOCKBIT Builder
Hackers exploit LOCKBIT Builder due to its versatility in creating customized ransomware payloads which enable them to tailor attacks to specific targets and evade detection by security measures. DragonForce Ransomware emerged in November 2023, employing double extortion tactics – data…
JudgeO Online Code Editor Flaw Let Attackers Execute Code as Root User
A critical flaw has been identified in the popular online code editor, JudgeO. If exploited, this vulnerability could allow attackers to execute arbitrary code with root-level privileges, posing a significant threat to systems and data integrity. Is Your Network Under…
Cyber Attack Defenders Up For Battle: Huge Uptick In Timely Detections
Attackers are employing evasion techniques to bypass detection and extend dwell time on compromised systems. This is achieved by targeting unmonitored devices, leveraging legitimate tools, and exploiting zero-day vulnerabilities. While defenders are improving detection speed (dwell time decreased from 16…
Cyber Attack Defenders Up For Battle: Huge Uptick In Timely Attack Detections
Attackers are employing evasion techniques to bypass detection and extend dwell time on compromised systems. This is achieved by targeting unmonitored devices, leveraging legitimate tools, and exploiting zero-day vulnerabilities. While defenders are improving detection speed (dwell time decreased from 16…
Alert! Cisco Releases Critical Security Updates to Fix 2 ASA Firewall 0-Days
Cisco has released critical security updates to address multiple vulnerabilities in its Adaptive Security Appliance (ASA) devices and Firepower Threat Defense (FTD) software, collectively known as the “ArcaneDoor” vulnerabilities. If exploited, these vulnerabilities could allow a cyber threat actor to…
Pakistani APT Hackers Attacking Indian Govt Entities With Weaponized Shortcut Files
Cybersecurity experts at Seqrite Labs have reported a surge in cyberattacks against Indian government entities. These attacks have been attributed to Pakistani Advanced Persistent Threat (APT) groups, which have been intensifying their malicious activities. Attack Methods The recent campaigns uncovered…
Authorities Warned that Hackers Are Exploiting Flaws in CISCO ASA VPNs
In a joint advisory released by cybersecurity agencies across Canada, Australia, and the United Kingdom, IT professionals and managers in government and critical sectors are alerted to sophisticated cyber-attacks targeting CISCO ASA VPN devices. Background on the Cyber Threat The…
Hackers Exploit Cisco Firewall Zero-Days to Hack Government Networks
Security researchers at Cisco Talos have uncovered a sophisticated cyber espionage campaign dubbed “ArcaneDoor” conducted by a state-sponsored threat actor tracked as UAT4356 (STORM-1849). This campaign targeted government networks globally by exploiting multiple zero-day vulnerabilities in Cisco’s Adaptive Security Appliance…
Phishing Attacks Rise By 58% As The Attackers Leverage AI Tools
AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns. Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders. Zscaler’s Phishing Report 2024 is based…
CoralRaider Hacker Evade Antivirus Detections Using Malicious LNK File
This campaign is observed to be targeting multiple countries, including the U.S., Nigeria, Germany, Egypt, the U.K., Poland, the Philippines, Norway, and Japan. The threat actor behind this ongoing campaign has been identified as “CoralRaider, ” whose Tactics, Techniques, and…
Multiple MySQL2 Flaw Let Attackers Arbitrary Code Remotely
The widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code execution, Arbitrary code injection, and Prototype Pollution. These vulnerabilities have been assigned with CVE-2024-21508, CVE-2024-21509, and CVE-2024-21511. The severity of these vulnerabilities ranges from 6.5 (Medium)…
Spyroid RAT Attacking Android Users to Steal Confidential Data
A new type of Remote Access Trojan (RAT) named Spyroid has been identified. This malicious software is specifically designed to infiltrate Android systems, stealing confidential data and compromising user privacy. What is Spyroid RAT? Spyroid RAT is a sophisticated malware…
Researchers Uncover that UK.GOV Websites Sending Data to Chinese Ad Vendor Analysts
Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites sending user data to a controversial Chinese advertising technology vendor, Yeahmobi. This discovery raises significant concerns about privacy and the integrity of data handling by public…
Ransomware Victims Who Opt To Pay Ransom Hits Record Low
Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members aiming to undermine affiliate confidence. In response, LockBit publicly exposed an affiliate payment dispute, potentially causing further affiliate migration. The behavior of a major RaaS group…
IBM Nearing Talks to Acquire Cloud-software Provider HashiCorp
IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure software market player. This potential acquisition is part of IBM’s transformation into a hybrid cloud and AI-focused enterprise. Potential Acquisition Details Sources close to the matter…
Rewards Up to $10 Million for Information on Iranian Hackers
The United States Justice Department has announced big rewards for information leading to the capture of four Iranian nationals. These individuals are accused of conducting a sophisticated multi-year cyber campaign against American companies. The announcement underscores the gravity of cyber…
Tracing the Steps of Cyber Intruders: The Path of Lateral Movement
When cyber attacks strike, it’s rarely a single computer that suffers. Nowadays, cybercriminals set their sights on corporate networks, aiming to infiltrate and compromise multiple systems. But how do these bad actors manage to breach large networks? It all starts…
PoC Exploit Released For Critical Oracle VirtualBox Vulnerability
Oracle Virtualbox was identified and reported as having a critical vulnerability associated with Privilege Escalation and Arbitrary File Move/Delete. This vulnerability was assigned with CVE-2024-21111, and the severity was 7.8 (High). However, Oracle has acted swiftly upon the report and…
U.S. to Impose Visa Restrictions on 13 Individuals Involved in Commercial Spyware Operations
To combat the misuse of commercial spyware, the United States Department of State has announced visa restrictions on 13 individuals linked to developing and selling these invasive technologies. This decision underscores a broader initiative by the U.S. government to address…
Volkswagen Group’s Systems Hacked: 19,000+ Documents Stolen
The Volkswagen Group has fallen victim to a sophisticated hacking incident, with over 19,000 sensitive documents stolen. Investigations point towards a possible involvement of Chinese hackers, raising concerns over international cyber espionage and the security of global automotive giants. The…
Hacker Offers Upto $300 To Mobile Networks Staff For Illegal SIM Swaps
A SIM Swap Scam or SIM Cloning Scam exploits a vulnerability in a two-factor authentication (2FA) system that relies on SMS messages for verification codes, where attackers aim to gain control of the victim’s mobile phone number by convincing the…
Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code
Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool. This flaw, if exploited, could allow attackers to execute arbitrary code remotely, posing a significant threat to systems using this software. The vulnerability has been…
Critical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks
A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks. Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw…
Europol calls for Tech Giants to Get Lawful Access To end-to-end Encryption
The ongoing tension between privacy rights and public safety, Europol, along with European Police Chiefs, has issued a call for tech giants to provide lawful access to encrypted communications. This development comes as major social media platforms, including those owned…