Mobile Guardian, a leading Mobile Device Management (MDM) vendor, experienced unauthorized access to its platform on August 4th. The incident has impacted iOS and ChromeOS devices enrolled globally in the Mobile Guardian system. What Happened On August 4th at 2…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Authorities have Uncovered USD 40 Million from Hackers
Singapore authorities have successfully intercepted and reclaimed over USD 40 million defrauded in a sophisticated business email compromise (BEC) scam. The operation, facilitated by INTERPOL’s Global Rapid Intervention of Payments (I-GRIP) mechanism, marks the largest-ever recovery of fraudulently obtained funds…
Threat Actor Claiming Breach of Gregory’s Foods 400Gb Database
A threat actor has claimed responsibility for breaching Gregory’s Foods, a well-known supplier of frozen bread, bun, and cookie doughs, among other bakery products. The announcement was made on a dark web forum, where the alleged hacker stated that a…
New LianSpy Attacking Android Users to Steal Sensitive Data
Cybersecurity experts have uncovered a sophisticated Android spyware, LianSpy, targeting users to steal sensitive data. This spyware employs advanced evasion techniques, making it a significant threat to Android device users worldwide. How LianSpy Operates LianSpy begins its operation by determining…
Threat Actor Allegedly Claims Leak of SisaCloud Database
A threat actor has reportedly claimed responsibility for leaking a database belonging to SisaCloud, Thailand’s School Information System Advance. This alarming news was first reported by DailyDarkWeb on their social media platform, X.com, raising significant concerns about the security of…
Beware Of Fake AI Editor Website That Steals Your Login Credentials
Hackers often make use of fake AI editor websites for several illicit purposes with malicious intent. Among their prime activities are deceiving users into providing personal information, downloading malware, making payments for fraudulent services, and many more. Recently, cybersecurity researchers…
Hackers Abused StackExchange Platform To Deliuver Malicious Python Package
Attackers uploaded malicious Python packages targeting Raydium and Solana users to PyPI, leveraging a StackExchange post to distribute the malware. The multi-stage malware stole sensitive data, drained cryptocurrency wallets, and established persistent backdoor access, bypassing Windows security protections, underscoring the…
Mirai Botnet Attacking Apache OFBiz Directory Traversal Vulnerability
The notorious Mirai botnet has been observed exploiting a recently disclosed directory traversal vulnerability in Apache OFBiz. This Java-based framework, supported by the Apache Foundation, is used for creating ERP (Enterprise Resource Planning) applications, which are critical for managing sensitive…
Hackers Infect Windows With Backdoor Malware Via “Car For Sale” Ad
Fighting Ursa, a Russian APT, has employed a car sales phishing lure to distribute the HeadLace backdoor malware targeting diplomats since March 2024. This strategy mirrors previous campaigns by the group and other Russian threat actors. The attack leveraged public,…
Exodus Underground Market Place Emerging As A Heaven For Cybercriminals
The Exodus Market, a haven for exiled criminals, has grown to become a significant player in the black market economy. The user “ExodusMarket” originally announced Exodus Market for Logs on the Cracked forum on February 10, 2024, after it was…
Mint-stealer Targeting web browsers, VPN clients & messaging apps to Steal Logins
Mint-Stealer is a Malware-as-a-Service tool designed to exfiltrate sensitive data from compromised systems stealthily and targets a broad spectrum of data, including web credentials, cryptocurrency wallet details, gaming credentials, VPN configurations, messaging app data, and FTP client information. Employing encryption…
Hackers Hijacked ISP Service Provider To Poison Software Updates
Hackers often attack ISP service providers for several illicit purposes. The most significant ones are disrupting internet services, stealing sensitive data, and many more. Besides this, such compromise also provides hackers with control over a vast number of connected devices,…
Beware Of New BingoMod Android Malware Steals Money & Formats Device
The wide use and the huge user base of Android often lucrative the threat actors. As threat actors often use Android malware to exploit vulnerabilities in the Android operating system. This enables them to perform several illicit activities like stealing…
Researchers Details How Hackers Can Steal Passwords via HDMI Cables
Security researchers have found a new way for hackers to steal sensitive information like passwords by eavesdropping on HDMI cables. This is a worrying development for computer users. Researchers at Universidad de la República in Uruguay discovered that hackers can…
Leaked Wallpaper Vulnerability Exposes Windows Users to Privilege Escalation Attacks
A newly discovered vulnerability in Windows File Explorer has raised alarms within the cybersecurity community. Identified as CVE-2024-38100, this security flaw allows attackers to escalate privileges by exploiting a seemingly innocuous wallpaper feature. CVE-2024-38100 – Windows File Explorer Elevation of…
Authorities Seized Cryptonator Site & Charged the Admin
The IRS-Criminal Investigation, the US Department of Justice (DOJ), and the Federal Bureau of Investigation (FBI), in partnership with the German Federal Criminal Police Office (BKA) and the Attorney General’s Office in Frankfurt, successfully seized the domain of the online…
Microsoft Patched a Critical Edge Flaw that Led to Arbitrary Code Execution
Microsoft has addressed several critical vulnerabilities in its Chromium-based Edge browser. Users of the affected versions are strongly advised to update to the latest version to mitigate potential security risks. According to the Asec Ahnlab reports, the vulnerabilities were found…
Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability
Hackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas). The vulnerability, CVE-2024-6220, allows unauthenticated threat actors to upload arbitrary files to a vulnerable site, potentially leading to remote code execution and complete site takeover. This…
NCA Shuts Down Major Fraud Platform that Triggers 1.8 Million Scam Calls
Today, the National Crime Agency (NCA) revealed the successful shutdown of Russian Coms, a sophisticated fraud platform responsible for defrauding thousands of victims worldwide. Established in 2021, this platform facilitated over 1.3 million scam calls to 500,000 unique UK phone…
TgRAT Malware Attacking Linux Servers with New Variant
A new variant of the TgRAT malware, initially discovered in 2022 targeting Windows systems, has been observed attacking Linux servers. This evolution marks a significant shift in the malware’s capabilities, broadening its potential impact on a wider range of systems.…
Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks
A recently discovered vulnerability in Bitdefender’s GravityZone Update Server has raised significant security concerns. Identified as CVE-2024-6980, this flaw allows attackers to execute server-side request forgery (SSRF) attacks, potentially compromising sensitive data and systems. With a CVSS score of 9.2,…
Beware Of Malicious Crypto Management App That Drains Your Wallet
A forwarded Telegram video advertises heavily discounted, high-profile cryptocurrency projects, enticing viewers with links to a seemingly legitimate second-tier exchange and a concealed malicious link. Through the use of this social engineering strategy, which is intended to lull victims into…
CrowdStrike & Microsoft to Face Lawsuit from Delta Air Lines Following System Crash
Delta Air Lines has enlisted the legal expertise of David Boies, chairman of Boies Schiller Flexner, to seek damages from cybersecurity firm CrowdStrike and tech giant Microsoft. This follows a catastrophic system crash on July 19 that resulted in the…
Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS
Users use Voice Over Wi-Fi (VoWiFi) quite frequently nowadays, as it’s a technology that enables them to make voice calls over a Wi-Fi network. This technology does so without relying on traditional cellular networks. Besides this, doing so allows the…
Germany has accused China of Attack on Critical Infrastructure Since 2021
Following extensive analyses and investigations by German security authorities, the Federal Government has officially attributed responsibility for a significant cyberattack on the Federal Office of Cartography and Geodesy (BKG) at the end of 2021 to Chinese state actors. The federal…
OAuth Vulnerability Exposes 1 Million Websites To XSS Attacks
Despite robust defenses, Cross-Site Scripting (XSS) remains a persistent web vulnerability, as its exploitation has become increasingly challenging. A recent discovery highlights how integrating OAuth, a modern authentication standard, with vulnerable websites can resurrect XSS risks. By manipulating OAuth flows…
World Wide Web Consortium Opposed Google’s Decision on Third-party cookies
The World Wide Web Consortium (W3C) has strongly opposed Google’s decision to halt the deprecation of third-party cookies. The W3C has updated its Technical Architecture Group (TAG) finding to emphasize the necessity of removing third-party cookies due to their inherent…
New Specula Tool Turning Outlook as a C2 Server by Leveraging Registry
Cybersecurity firm TrustedSec has unveiled a powerful new tool called Specula. It exploits a longstanding vulnerability in Microsoft Outlook to transform it into a Command and Control (C2) server. This revelation has sent shockwaves through the cybersecurity community, highlighting a…
Meta paid a $1.4 Billion Settlement for the Unauthorized Capture of Personal Biometric Data
Texas Attorney General Ken Paxton has secured a $1.4 billion settlement with Meta Platforms Inc. (formerly known as Facebook) over the unauthorized capture and use of millions of Texans’ personal biometric data. This settlement marks the largest privacy settlement ever…
Chrome Security Update: Patch for Critical Flaw that Leads to Exploitation
Google has rolled out a new security update for its Chrome browser, addressing several critical vulnerabilities. The update on the Stable channel brings Chrome to version 127.0.6533.88/89 for Windows and Mac, and 127.0.6533.88 for Linux. The update will be distributed…
Progress Patched New MOVEit File Transfer Flaw that Allows Privilege Escalation
Progress, the company behind MOVEit Transfer, has issued a critical security alert addressing a newly discovered vulnerability in its MOVEit Transfer product. The flaw, CVE-2024-6576, has been classified as a high-severity issue, with a CVSS score of 7.3, indicating a…
ubook Suffered Data Breach, 710,000 Users’ Data Exposed
The popular audiobook and podcast platform uBook has been affected by a data breach that exposed the personal information of 710,000 users. According to a tweet by ThreatMon, the breach, which occurred in July 2024, was announced by a member…
Critical OpenSSH “regreSSHion” Vulnerability Impacted macOS Systems, Patch Now
A serious flaw in OpenSSH servers, dubbed “regreSSHion,” affects macOS systems and could allow a remote attacker to execute arbitrary code. A few weeks ago, Qualys’ threat research unit discovered this vulnerability, which has been identified as regreSSHion and tracked…
Threat Actor Allegedly Claiming Hack of Microsoft Employee’s Device
A threat actor has taken to social media to claim responsibility for hacking into a Microsoft employee’s device. The announcement was made via a Telegram post, accompanied by a video purportedly showing the breach’s aftermath, as per a tweet by…
Hackers Exploiting ESXi Hypervisor Auth Bypass Flaw For Ransomware Attacks
Hackers prefer ransomware attacks primarily because they offer the highest chance of financial gain. By locking victims’ information systems and asking for payment to release them, ransomware attacks lock victims’ information systems and demand payment to unlock them. Considering such…
Proofpoint’s Email Protection Let Attackers Send Millions Of Phishing Emails
Hackers use phishing emails to mislead recipients into providing personal data like usernames, passwords, credit card numbers, or social security numbers. This method exploits human emotions and trust, allowing a threat actor to compromise an account, steal an identity, or…
SocGholish Malware Attacking Windows Users Using Fake Browser Update
The SocGholish downloader has been in operation since 2017 and it is still evolving. This malware, which poses as a browser update, is favored by multiple threat groups such as the Russian-operated Evil Corp (Manatee Tempest) and the Initial Access…
Threat Actor Allegedly Claiming Breach of Cyepr
A threat actor has allegedly claimed responsibility for breaching Cyepro Solutions, a company known for its cloud solutions tailored to the automotive sales industry. The breach, reportedly in July 2024, has potentially compromised the personal information of approximately 97,000 individuals.…
AcidPour Malware Attacking Linux Data Storage Devices To Wipe Out Data
In March 2024, a new variant of the AcidRain wiper malware dubbed “AcidPour” was noticed. It targets Linux data storage devices and permanently erases data from the targeted systems, making them inoperative. It targets crucial sectors of Linux devices such…
Hacker Attacking Bank Users With AI-powered Phishing Tools and Android Malware
Cybersecurity firm Group-IB has uncovered a sophisticated cybercrime operation targeting Spanish banking customers. The criminal group GXC Team has been using AI-powered phishing tools and Android malware to steal sensitive banking information. This article delves into the GXC Team’s operational…
DigiCert to Revoke Thousands of Certificates Following Domain Validation Error
DigiCert, a leading digital certificate provider, has announced the revocation of thousands of certificates due to a domain validation error. This decision follows the discovery of a critical issue in their Domain Control Validation (DCV) process, which has affected approximately…
Threat Actots Leveraging ChatGPT To Craft Sophisticated Attacks
Adversaries are employing Large Language Models to generate malicious code, delivered via phishing emails, for downloading diverse payloads, including Rhadamanthys, NetSupport, CleanUpLoader, ModiLoader, LokiBot, and Dunihi. It indicates a concerning trend of threat actors leveraging AI to automate malware creation…
Ukraine Hacked Russian Banks, Leading Major Disruption
A large-scale cyberattack orchestrated by Ukrainian intelligence led to disruptions in the Russian banking sector. According to a source from Ukrainian intelligence, ATM services at several top Russian banks were rendered inoperative, leaving customers unable to withdraw cash. The attack…
RaspAP Flaw Let Hackers Escalate Privileges with Raspberry Pi Devices
A critical local privilege escalation vulnerability has been discovered in RaspAP, an open-source project designed to transform Raspberry Pi devices into wireless access points or routers. Identified as CVE-2024-41637, this flaw has been rated with a severity score of 9.9…
Malicious Python Package Attacking macOS Developers To Steal Google Cloud Logins
Hackers continuously exploit malicious Python packages to attack developer environments and inject harmful code that enables them to steal sensitive information, install malware, or create backdoors. The method takes advantage of the widely-used repositories for packaging consequently creating a widespread…
North Korean Onyx Sleet Using Group Of Malware And Exploits to Gain Intelligence
Onyx Sleet, a cyber espionage group also known as SILENT CHOLLIMA, Andariel, DarkSeoul, Stonefly, and TDrop2, mainly targets the military, defense sector, and technology in the United States, South Korea, and India. The group historically used spear-phishing, but they have…
Hackers Attacking Users Searching For W2 Form
A malicious campaign emerged on June 21, 2024, distributing a JavaScript file hosted on grupotefex.com, which executes an MSI installer, subsequently dropping a Brute Ratel Badger DLL into the user’s AppData. The command-and-control framework Brute Ratel then downloads and inserts…
PKfail, Critical Firmware Supply-Chain Issue Let Attackers Bypass Secure Boot
Hackers often attack secure boot during the boot process to execute unauthorized code, which gives them the ability to bypass a system’s security measures. By compromising Secure Boot, they can install rootkits and malware at a low level, gaining persistent…
Cisco Patches the Products Impacted by RADIUS Protocol Vulnerability
Cisco has issued patches for multiple products affected by a critical vulnerability in the RADIUS protocol. The vulnerability, identified as CVE-2024-3596, was disclosed by security researchers on July 7, 2024. This flaw allows an on-path attacker to forge responses using…
French Govt Investigating Recent Malware Attack that Compromised 3,000 Machines
The French government has investigated a malware attack that compromised approximately 3,000 machines within the country. The attack, part of a more extensive botnet operation affecting millions globally, has raised serious concerns about cybersecurity as France prepares to host the…
OpenAI Launches SearchGPT Prototype
San Francisco, CA – OpenAI has announced the launch of SearchGPT, a groundbreaking prototype designed to revolutionize how users search for information online. This innovative tool combines the advanced capabilities of OpenAI’s AI models with real-time web data to provide…
Play & LockBit Ransomware Join Hands to Launch Cyber Attacks
Play Ransomware and LockBit Ransomware have reportedly allied to enhance their capabilities in launching cyber attacks. This collaboration, which involves a significant financial transaction and training exchange, has raised alarms among cybersecurity experts and organizations worldwide. Financial Transaction and Training…
Threat Actors Claiming Leak of IOC list with 250M Data, CrowdStrike Responded
A hacktivist entity known as USDoD has asserted that it has leaked CrowdStrike’s “entire threat actor list” and claims to possess the company’s “entire IOC [indicators of compromise] list,” which purportedly contains over 250 million data points. Details of the…
Google Chrome Warns of Malicious Files While Downloading
Google Chrome has introduced a revamped download experience with comprehensive warnings about potentially malicious files. This update is part of Chrome’s ongoing effort to keep users secure while interacting with downloaded content. Last year, Google Chrome unveiled a redesigned downloads…
Microsoft’s Windows Hello for Business Flaw Let Attackers Bypass Authentication
Researchers have uncovered a vulnerability in Microsoft’s Windows Hello for Business (WHfB) that allows attackers to bypass its robust authentication mechanism. This flaw, which downgrades the authentication process to a less secure method, has raised concerns about the security of…
LummaC2 Malware Using Steam Gaming Platform as C2 Server
Cybersecurity experts have uncovered a sophisticated variant of the LummaC2 malware that leverages the popular Steam gaming platform as a Command-and-Control (C2) server. This new tactic marks a significant evolution in the malware’s distribution and operational mechanisms, posing a heightened…
Ukraine Hackers Hit Major Russian banks with DDoS attacks
Several prominent Russian bank clients experienced issues with their mobile apps and websites. According to Downdetector, complaints began to surge around 09:30 Moscow time. The affected banks included Gazprombank, Alfa-Bank, VTB, and Rosbank. By midday, Post Bank clients also reported…
ShadowRoot Ransomware Attacking Organizations With Weaponized PDF Documents
A rudimentary ransomware targets Turkish businesses through phishing emails with “.ru” domain sender addresses. Clicking a PDF attachment’s link triggers downloading a malicious executable from a compromised GitHub account. The executable encrypts crucial files with the “.shadowroot” extension, highlighting a…
BlueStacks Emulator For Windows Flaw Exposes Millions Of Gamers To Attack
A significant vulnerability was discovered in BlueStacks, the world’s fastest Android emulator and cloud gaming platform. When used against a victim, this gives attackers complete access to the machine. The American technology business BlueStacks, also known as BlueStacks by now.gg,…
Chinese Hackers Using Shared Framework To Create Multi-Platform Malware
Shared frameworks are often prone to hackers’ abuses as they have been built into various applications, which offer a range of systems that can be exploited at the same time. By attacking shared framework vulnerabilities, hackers can get into many…
Beware Of Malicious Python Packages That Steal Users Sensitive Data
Malicious Python packages uploaded by “dsfsdfds” to PyPI infiltrated user systems by exfiltrating sensitive data to a Telegram bot likely linked to Iraqi cybercriminals. Active since 2022 and containing more than 90,000 Arabic messages, it has functioned as both a…
250 Million Hamster Kombat Players Targeted Via Android And Windows Malware
Despite having simple gameplay, the new Telegram clicker game Hamster Kombat has become very well-liked among gamers who use cryptocurrencies because of the potential rewards of a brand-new cryptocoin that the developers intend to launch. The game’s success has spawned…
BreachForumsV1 Database Leaked: Private messages, Emails & IP Exposed
BreachForumsV1, a notorious online platform for facilitating illegal activities, has reportedly suffered a massive data breach. According to a recent post on X by DailyDarkWeb, the database of BreachForumsV1 has been leaked, exposing a treasure trove of sensitive information. The…
Google Chrome 127 Released with a fix for 24 Security Vulnerabilities
Google has unveiled the latest version of its Chrome browser, Chrome 127, which is now available on the Stable channel. The update, identified as version 127.0.6533.72/73 for Windows and Mac, and 127.0.6533.72 for Linux, will be rolled out over the…
Researchers Detail on How Defenders Eliminate Detection Gaps in AWS Environments
As enterprises increasingly migrate their workloads to cloud infrastructure, the need for robust security measures becomes more pressing. Unlike traditional data centers, cloud environments offer business agility at a reduced cost, making them attractive targets for cybercriminals. Defending cloud infrastructure,…
Pentagon IT Service Provider Hacked: U.S. Government Secrets Exposed
A massive breach in cybersecurity has occurred at Leidos Holdings Inc., which is a key provider of information technology services to the United States government. Hackers have released internal information, which has raised significant worries regarding the safety of sensitive…
Hackers Abusing Google Cloud For Phishing
Threat actors often attack cloud services for several illicit purposes. Google Cloud is targeted due to its extensive and powerful resources, which could be abused for a multitude of malicious activities. The vast amounts of data and computing power that…
Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals
Threat actors often attack dating apps to steal personal data, including sensitive data and location details, which can be used in identity theft, blackmailing people, or other malicious activities. Since these applications are a goldmine of personal experiences and chats,…
Two Russian Nationals Charged for Cyber Attacks against U.S. Critical Infrastructure
The United States has designated Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR), for their roles in cyber operations targeting U.S. critical infrastructure. Pankratova, the group’s leader, and…
Threat Actors Taking Advantage of CrowdStrike BSOD Bug to Deliver Malware
Threat actors have been found exploiting a recently discovered bug in CrowdStrike’s software that causes a Blue Screen of Death (BSOD) on affected systems. This vulnerability has given cybercriminals a unique opportunity to spread malware, posing significant risks to users…
NCA Shut’s Down the Most Popular “digitalstress” DDoS-for-hire Service
The National Crime Agency (NCA) has successfully infiltrated and dismantled one of the most notorious Distributed Denial of Service (DDoS) for hire services, digitalstress.su. This criminal marketplace, responsible for tens of thousands of attacks weekly worldwide, was taken down through…
Play Ransomware’s Linux Variant Attacking VMware ESXi Servers
A new Linux variant of Play ransomware targets VMware ESXi environments, which encrypts virtual machine files and appends the “.PLAY” extension by leveraging obfuscation techniques to bypass detection and is compressed with a Windows variant in a RAR archive. It…
SonicOS IPSec VPN Vulnerability Let Attackers Cause Dos Condition
SonicWall has disclosed a critical heap-based buffer overflow vulnerability in its SonicOS IPSec VPN. This flaw, identified as CVE-2024-40764, can potentially allow unauthenticated, remote attackers to cause a Denial of Service (DoS) condition. The vulnerability has been rated with a…
Hackers Registered 500k+ Domains Using Algorithms For Extensive Cyber Attack
Hackers often register new domains for phishing attacks, spreading malware, and other deceitful activities. Such domains are capable of pretending to be trusted entities, which helps to make individuals disclose their sensitive details or download harmful content. Cybersecurity researchers at…
Hackers Claim Breach of Daikin: 40 GB of Confidential Data Exposed
Daikin, the world’s largest air conditioner manufacturer, has become the latest target of the notorious Meow hacking group. The USA branch of Daikin has been listed as a victim, with hackers demanding a ransom of $40,000. The incident has raised…
Emojis Are To Express Emotions, But CyberCriminals For Attacks
There are 3,664 emojis that can be used to express emotions, ideas, or objects in digital communication. While seemingly harmless, criminals are increasingly exploiting emojis for covert communication in illegal activities. This allows them to conduct transactions and target victims…
Beware Of Fake Browser Updates That Installs Malicious BOINC Infrastructre
SocGholish malware, also known as FakeUpdates, has exhibited new behavior since July 4th, 2024, as the infection chain still begins with a compromised website prompting a fake browser update. Downloading the update triggers malicious code that fetches additional malware. Unlike…
Data Breach Increases by Over 1,000% Annually
The Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support identity crime victims, released its U.S. data breach findings for the second quarter (Q2) and the first half (H1) of 2024. The results are staggering, revealing…
UK Police Arrested 17-year-old Boy Responsible for MGM Resorts Hack
UK police have arrested a 17-year-old boy from Walsall in connection with a notorious cyber hacking group. This group has targeted significant organizations worldwide, including MGM Resorts in the United States, with sophisticated ransomware attacks. Arrest Made in Coordinated Effort…
Hackers Claiming Dettol Data Breach: 453,646 users Impacted
A significant data breach has been reported by a threat actor known as ‘Hana,’ who claims to have compromised the personal information of 453,646 users of Dettol India. The breach was announced via a post on the social media platform…
CrowdStrike Update Triggers Widespread Windows BSOD Crashes
A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users, leading to widespread reports of Blue Screen of Death (BSOD) errors. The issue, affecting multiple versions of the company’s sensor software, has prompted urgent investigations and…
CrowdStrike Update Triggers Widespread Windows Crashes
A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users, leading to widespread reports of Blue Screen of Death (BSOD) errors. The issue, affecting multiple versions of the company’s sensor software, has prompted urgent investigations and…
Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets
Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have drained billions from victims’ wallets. This operation, which brings together public and private sectors, has yielded promising results and offers a blueprint for future anti-fraud efforts.…
macOS Users Beware Of Weaponized Meeting App From North Korean Hackers
Meeting apps are often targeted and turned into weapons by hackers as they are largely employed for communication and collaboration, frequently carrying sensitive data and user groups that are wide. Such platforms gain trust among their users as of their…
TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs
Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and often have extensive community support, making them easy to modify and deploy. Besides this, open-source tools can be customized to evade detection, automate tasks, and leverage…
Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal
Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which link to a variety of systems via one breach. Compromising an ESXi server can bring the targeted services down. Additionally, valuable resources and data are stored…
MacOS Users Beware Of Weaponized Meeting App From North Korean Hackers
Meeting apps are often targeted and turned into weapons by hackers as they are largely employed for communication and collaboration, frequently carrying sensitive data and user groups that are wide. Such platforms gain trust among their users as of their…
Hackers Exploiting Legitimate RMM Tools With BugSleep Malware
Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has escalated its phishing campaigns in Middle East countries, specifically Israel. In their approach, they use already compromised email accounts to spread malicious content across various sectors.…
New TE.0 HTTP Request Smuggling Flaw Impacts Google Cloud Websites
HTTP Request Smuggling is a flaw in web security that is derived from variations in the way different web servers or intermediaries, such as load balancers and proxies handle HTTP request sequences. By creating malicious HTTP requests that exploit these…
Cybercriminals Exploit Attack on Donald Trump for Crypto Scams
Researchers at Bitdefender Labs remain ever-vigilant, informing users about the latest scams and internet perils that threaten their security and finances. The latest discovery involves cybercriminals exploiting an alleged assassination attempt on former US President Donald Trump to conduct extensive…
Volcano Demon Group Attacking Organizations With LukaLocker Ransomware
The Volcano Demon group has been discovered spreading a new ransomware called LukaLocker, which targets Idealease Inc., a truck leasing company. The malware targets several security, monitoring, and backup services, including antivirus software like Trend Micro, Malware Bytes, Sophos, and…
Resonance Launches Harmony to Monitor and Detect Threats to Web2 and Web3 Apps
Quick take: Resonance, a full-spectrum cybersecurity firm building security solutions for Web2 and Web3 apps has launched Harmony. The asset monitoring tool allows IT teams, organisations, startups and entrepreneurs to make strong detective and preventive measures accessible at any technical…
Beware! of New Phishing Tactics Mimic as HR Attacking Employees
Phishing attacks are becoming increasingly sophisticated, and the latest strategy targeting employees highlights this evolution. This new phishing attempt impersonates a company’s Human Resources (HR) department, presenting a significant threat to corporate security. In this article, we’ll dissect the recent…
MirrorFace Attacking Organizations Exploiting Vulnerabilities In Internet-Facing Assets
MirrorFace threat actors have been targeting media, political organizations, and academic institutions since 2022, shifting focus to manufacturers and research institutions in 2023. The attack method evolved from spear phishing to exploiting vulnerabilities in external assets, specifically in Array AG…
HardBit Ransomware Using Passphrase Protection To Evade Detection
In 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware doesn’t use leak sites or double extortion. Their tactics include data theft, encryption, and ransom requests with threats of other attacks. Cybersecurity researchers at Cybereason identified…
New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s
X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails from the internet[.]ru domain. PDF links trigger exe payload downloads, which encrypt files with the “.shadowroot” extension, which is actively compromising various global organizations, including healthcare…
New Poco RAT Weaponizing 7zip Files Using Google Drive
The hackers weaponize 7zip files to pass through security measures and deliver malware effectively. These archived files can hide malicious content, which makes it more difficult for antivirus programs to identify threats. In early 2024, Cofense researchers discovered a new…
Hacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics
Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the upcoming Paris Olympics. On June 23, 2024, a Russian hacktivist group known as the “People’s Cyber Army” (Народная Cyber Армия) and their allies, HackNeT, announced their…
Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code
A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as CVE-2024-6744. This flaw assigned a CVSS score of 9.8, poses a severe risk to organizations using this email security solution. CVE-2024-6744: A Critical Vulnerability According to…
GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data
A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to target military personnel in the Middle East by leveraging social engineering tactics and using military-themed lures to trick victims into downloading the malware. Based on a…