Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A new Ransomware-as-a-Service (RaaS) platform known as DeathGrip has surfaced, offering sophisticated ransomware tools to aspiring cyber criminals. This service is being promoted through Telegram and various underground forums, providing a gateway for individuals with limited technical expertise to launch…

Read more →

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vulnerability in the pg_dump utility poses a significant security risk, especially when executed by superusers. CVE-2024-7348 – Vulnerability Details The flaw…

Read more →

A critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vulnerability in the pg_dump utility poses a significant security risk, especially when executed by superusers. CVE-2024-7348 – Vulnerability Details The flaw…

Read more →

A newly discovered phishing marketplace, ONNX Store, empowers cybercriminals to launch sophisticated attacks against Microsoft 365 and Office 365 environments. The platform provides tools to circumvent robust 2FA safeguards, enabling threat actors to compromise accounts with increased efficiency.  Corporate security…

Read more →

Evolution Mining Limited, a prominent global player in the gold mining industry, has reported a ransomware attack that impacted its IT systems. The company, which operates several mines across Australia and Canada, discovered the breach on August 8, 2024. This…

Read more →

Hackers attack AWS as it hosts a vast number of high-value targets, including sensitive data, business applications, and cloud resources for organizations worldwide. In February 2024, six AWS services were found to have some critical vulnerabilities. The services include CloudFormation,…

Read more →

Head Mare, a hacktivist group targeting Russia and Belarus, leverages phishing campaigns distributing WinRAR archives to exploit CVE-2023-38831 for initial access. By deploying LockBit and Babuk ransomware, they encrypt victim systems and publicly disclose stolen data.  The group shares similarities…

Read more →

The UK’s National Cyber Security Centre (NCSC) recently hosted an unprecedented conference at its London headquarters, bringing together international government partners, UK government officials, and industry leaders. The focus was on exploring the potential of cyber deception technologies and techniques…

Read more →

By reverse-engineering Quick Share’s proprietary communication protocol, researchers uncovered multiple vulnerabilities, including unauthorized file writes, forced Wi-Fi connections, directory traversal, and denial-of-service conditions.  These flaws were chained together to achieve remote code execution on Windows systems with Quick Share installed,…

Read more →

U.S. authorities have arrested two believed administrators of the notorious WWH-Club, an online marketplace for stolen credit card information. The arrests mark a major step in the ongoing battle against cybercrime and the illicit trade of unauthorized access devices. The…

Read more →

A sophisticated phishing campaign targeting Windows systems leverages multiple evasion techniques, including Python obfuscation, shellcode generation, and loading, to deploy a payload of malware.  This multi-stage attack, disguised as a customer service request, delivers malicious attachments that, once opened, install…

Read more →

Kimsuky, a North Korean APT group, employs targeted phishing campaigns, leveraging DMARC exploitation to conceal social engineering, infiltrate university networks, and steal research for the Reconnaissance General Bureau.  It aligns with North Korea’s goal of intelligence acquisition to advance its…

Read more →

Microsoft has released a report detailing Iran’s efforts to influence the upcoming 2024 US presidential election. The report highlights the increasing activity of groups linked to the Iranian government, aiming to sway voters and create controversy, particularly in key swing…

Read more →

The Apache HTTP Server relies on hundreds of independently developed modules to handle client requests, sharing a complex data structure for communication.  While modularity promotes specialization, the lack of standardized interfaces, coupled with the massive scale of the system, introduces…

Read more →

Threat actors often target and exploit security flaws in web browsers, as exploiting flaws in web browsers enables them to gain unauthorized access and perform several illicit activities. Not only that, threat actors also get a wide attack surface with…

Read more →

A new APT group, dubbed Actor240524, launched a spear-phishing campaign targeting Azerbaijani and Israeli diplomats on July 1, 2024, where the attackers employed a malicious Word document containing Azerbaijani-language content disguised as official documentation to lure victims.  The attack indicates…

Read more →

Mobile Device Management (MDM) is a device management solution for laptops, tablets, and smartphones used by organizations to enable them to control and protect their employees’ mobile devices. Moreover, MDM has been developed with various tools that administrators can use…

Read more →

Jenkins, an open source automation server, has been found to have two security issues, one of which is a critical flaw that, if exploited, might lead to remote code execution (RCE). An attacker may be able to read arbitrary files…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms over malicious cyber actors’ active exploitation of the Cisco Smart Install feature. This legacy feature, originally designed to simplify the deployment of new switches, is now being leveraged by hackers…

Read more →

Every software and operating system vendor has been implementing security measures to protect their products. This is due to the fact that threat actors require a lot of time to find a zero-days but require less time to find a…

Read more →