Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Citrix released a security bulletin (CTX691485) detailing two critical vulnerabilities in the Citrix Workspace app for Windows. These vulnerabilities, identified as CVE-2024-7889 and CVE-2024-7890, pose significant security risks. They allow local privilege escalation that could enable attackers to gain SYSTEM-level…

Read more →

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign Excel file that exploits CVE-2017-0199. By exploiting this vulnerability in Microsoft Office, attackers are able to embed malicious code within the file using OLE objects.  It…

Read more →

A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers. The flaw designated CVE-2024-45195, allows for unauthenticated remote code execution (RCE), posing a threat to organizations relying on OFBiz for their operations. CVE-2024-45195 – Vulnerability Details…

Read more →

Docker has addressed critical vulnerabilities in Docker Desktop that could allow attackers to execute remote code. These vulnerabilities, identified as CVE-2024-8695 and CVE-2024-8696, highlight the ongoing risks associated with software extensions and the importance of timely updates. CVE-2024-8695: Crafted Extension…

Read more →

Fortinet, a leading cybersecurity firm, has confirmed a data breach involving a third-party cloud service after a hacker, known by the alias “Fortibitch,” claimed to have stolen 440GB of data. The breach primarily affects a small number of Fortinet’s Asia-Pacific…

Read more →

In a strategic move to bolster its cybersecurity capabilities, Mastercard has announced an agreement to acquire Recorded Future, a leading global threat intelligence company, for $2.65 billion. This acquisition, from Insight Partners, aims to enhance Mastercard’s existing suite of services…

Read more →

RCE attacks on WhatsUp Gold exploited the Active Monitor PowerShell Script to execute malicious code, as the vulnerabilities CVE-2024-6670 and CVE-2024-6671, patched on August 16, were leveraged to execute remote access tools and gain persistence. Despite the availability of patches,…

Read more →

Exploiting memory corruption vulnerabilities in server-side software often requires knowledge of the binary and environment, which limits the attack surface, especially for unknown binaries and load-balanced environments.  Successful exploitation is challenging due to the difficulty of preparing the heap and…

Read more →

The Iranian threat actor APT34, also known as GreenBug, has recently launched a new campaign targeting Iraqi government entities by employing a custom toolset, including a novel IIS backdoor and DNS tunneling protocol.  The malware used in this campaign shares…

Read more →

CosmicBeetle, a threat actor specializing in ransomware, has recently replaced its old ransomware, Scarab, with ScRansom, a custom-built ransomware that continues to evolve.  The threat actor has been actively targeting SMBs worldwide, exploiting vulnerabilities to gain access to their systems…

Read more →

Cody Thomas developed Apfell, an open-source macOS post-exploitation framework, in 2018 and evolved into Mythic, a cross-platform framework that addresses the limitations of existing tools.  Mythic provides a unified interface for managing agents written in various languages for different platforms,…

Read more →

SCATTERED SPIDER, a ransomware group, leverages cloud infrastructure and social engineering to target insurance and financial institutions by using stolen credentials, SIM swaps, and cloud-native tools to gain and maintain access, impersonating employees to deceive victims.  Their partnership with BlackCat…

Read more →

Phishing remains a significant concern for both individuals and organizations. Recent findings from ThreatLabz have highlighted the alarming prevalence of phishing attacks targeting major brands, with Google, Microsoft, and Amazon emerging as the top three most impersonated companies. This article…

Read more →

Researchers discovered flaws in the Autel MaxiCharger EV charger that make it potential to execute arbitrary code on the device by just placing it within Bluetooth range. The vulnerabilities tracked as CVE-2024-23958, CVE-2024-23959, and CVE-2024-23967 were identified during Pwn2Own Automotive…

Read more →

CAMO, or Commercial Applications, Malicious Operations, highlights attackers’ increasing reliance on legitimate IT tools to bypass security defenses, which can be used for various malicious activities like ransomware distribution, network scanning, lateral movement, and C2 establishment. It can mislead security…

Read more →

Siemens ProductCERT has disclosed a critical vulnerability in its Industrial Edge Management systems. The vulnerability, identified as CVE-2024-45032, poses a significant risk by allowing unauthenticated remote attackers to impersonate other devices within the system. This flaw has been rated with…

Read more →

Recent research has revealed a new Android malware targeting mnemonic keys, a crucial component for cryptocurrency wallet recovery. Disguised as legitimate apps, this malware scans devices for images containing mnemonic phrases. Once installed, it covertly steals personal data like text…

Read more →

RansomHub has recently employed a novel attack method utilizing TDSSKiller and LaZagne, where TDSSKiller, traditionally used to disable EDR systems, was deployed to compromise network defenses.  Subsequently, LaZagne was used to harvest credentials from compromised systems, which is unprecedented in…

Read more →

Adobe has issued a crucial security update for its Acrobat and Reader software on Windows and macOS platforms. This update, identified as APSB24-70, addresses multiple vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update was…

Read more →

Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a modified version of the open-source network scanning tool NBTscan over the past decade.  NBTscan, designed for network discovery and forensics, sends NetBIOS status queries to IP…

Read more →

In August 2024, researchers detected a malicious Google Chrome browser infection that led to the distribution of LummaC2 stealer malware that utilized a drive-by download of a ZIP archive containing an MSI app packaging file, which, when executed, installed the…

Read more →

The air-gap data protection method isolates local networks from the internet to mitigate cyber threats and protect sensitive data, which is commonly used by organizations dealing with confidential information such as personal, financial, medical, legal, and biometric data.  By eliminating…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three critical vulnerabilities currently being exploited in the wild. These vulnerabilities affect a range of widely used software and systems, posing significant risks to organizations and individuals…

Read more →

The Zengo X Research Team has uncovered a critical flaw in WhatsApp’s “View Once” feature, designed to enhance user privacy by allowing media to be viewed only once before disappearing. This flaw, now exploited in the wild, raises significant concerns…

Read more →

Charles Darwin School in Biggin Hill, London, has been forced to close its doors following a sophisticated ransomware attack temporarily. The incident has left students and parents uncertain as the school works to restore its systems and secure sensitive data.…

Read more →

Threat actors have allegedly leaked sensitive data from Capgemini, a global leader in consulting, technology services, and digital transformation. The claims surfaced on the dark web, raising alarms about the potential impact on the company’s operations and client confidentiality. According…

Read more →

SonicWall disclosed a critical remote code execution vulnerability (CVE-2024-40766) in SonicOS on August 22nd, 2024. While no active exploitation was initially confirmed, the advisory was updated on September 6th to indicate potential active attacks.  The vulnerability, affecting both management access…

Read more →

As the new school year begins, students are gearing up for new classes and friendships and diving back into the digital world of video games. However, this virtual playground is not as safe as it seems. Cybercriminals are increasingly targeting…

Read more →

Critical vulnerabilities have been identified, potentially exposing systems to arbitrary command execution. These vulnerabilities, cataloged under the Common Vulnerabilities and Exposures (CVE) system, highlight significant security risks that demand immediate attention. Overview of Vulnerabilities IBM’s webMethods Integration Server, a widely…

Read more →

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and Queue Manager container images. These vulnerabilities, including denial of service and privilege escalation, could allow attackers to bypass security restrictions and disrupt operations. Summary of Vulnerabilities…

Read more →

Recent research indicates that the Predator spyware, once thought to be inactive due to US sanctions, has resurfaced with enhanced evasion techniques.  Despite efforts to curb its use, Predator continues to be employed in countries like the DRC and Angola,…

Read more →

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions and judicial-related matters.  By leveraging trust and fear, respectively, these attacks often involve malicious links or file attachments that lead to malware infections, which include common…

Read more →

SonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management access and SSLVPN. The flaw, identified as CVE-2024-40766, is actively exploited in the wild. It potentially allows unauthorized access to resources and, under certain conditions, causes…

Read more →

The Fog Ransomware group, known for targeting education and recreation sectors, has expanded its scope to attack financial services organizations, where the attackers exploited compromised VPN credentials to deploy the ransomware, targeting both Windows and Linux endpoints.  It has detected…

Read more →

NoiseAttack is a new method of secretly attacking deep learning models. It uses triggers made from White Gaussian Noise to create several targeted classes in the model, rather than just one, like most current methods.  This approach also helps avoid…

Read more →

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group, and it has been active since 2011. This APT group primarily targets government institutions, military agencies, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and…

Read more →

A series of vulnerabilities affecting Apache OFBiz has come to light, raising significant cybersecurity concerns. These vulnerabilities, identified as Common Vulnerabilities and Exposures (CVEs), enable unauthenticated remote code execution on both Linux and Windows platforms. This article delves into the…

Read more →

Russian military hackers, identified as Unit 29155, have been actively targeting critical infrastructure in the United States and globally. This unit, known for its sophisticated cyber operations, has been linked to attacks aimed at disrupting and compromising vital sectors. The…

Read more →

FIN7 (aka Carbon Spider, ELBRUS, Sangria Tempest) is a Russian APT group that is primarily known for targeting the U.S. retail, restaurant, and hospitality sectors since mid-2015.  In their attacks, the FIN7 group primarily uses several tactics and techniques like…

Read more →

The Lazarus Group is one of the most notorious hacker groups linked to the North Korean government. The group is known for its cyberattacks and has been active since 2010.  However, Group-IB cyber security researchers recently discovered that Lazarus was actively…

Read more →

Earth Lusca is a suspected China-based cyber espionage group active since at least April 2019. Besides this, hackers often target Windows and Linux machines primarily due to their widespread use and potential for financial gain. Trend Micro security experts recently…

Read more →

Web3 and DeFi have been appealing to many threat actors, and there has been a significant boost in heists that have become larger than any they have experienced in more traditional finance. Mandiant’s investigation into the 2016 Bangladesh Bank heist…

Read more →

Multiple critical vulnerabilities have been identified in Veeam Backup & Replication, a widely-used data protection and disaster recovery solution. These vulnerabilities, discovered during internal testing, pose serious risks, including remote code execution (RCE), privilege escalation, and data interception. The issues…

Read more →

The Tor Project has unveiled Tor Browser 13.5.3, a significant update that brings crucial security enhancements and usability improvements. This latest version is now available for download from the official Tor Browser website and distribution directory. Important security updates to…

Read more →

Cisco has issued a security advisory (Advisory ID: cisco-sa-cslu-7gHMzWmw) regarding critical vulnerabilities in the Cisco Smart Licensing Utility. These vulnerabilities could allow unauthenticated, remote attackers to gain administrative control over affected systems. The advisory was first published on September 4,…

Read more →

Emansrepo, a Python infostealer, is distributed via phishing emails containing fake purchase orders and invoices, where the attacker initially sent a phishing email with an HTML file redirecting to the Emansrepo download link.  In recent months, the attack flow has…

Read more →

Secure elements consist mainly of tiny microcontrollers, which provide service by generating and storing secrets and performing cryptographic operations. Thomas Roche of NinjaLab finds a major security flaw in the crypto library of Infineon Technologies affecting a diverse range of…

Read more →

ToddyCat is an APT group that has been active since December 2020, and primarily it targets the government and military entities in Europe and Asia.  The group is known for its sophisticated cyber-espionage tactics and has been involved in multiple…

Read more →

Halliburton Company has confirmed that a cyber attack led to unauthorized access and data theft from its systems. The incident, which came to light on August 21, 2024, has prompted the company to initiate a comprehensive cybersecurity response plan. Immediate…

Read more →

Microsoft released several patches for multiple vulnerabilities during the Patch Tuesday for August 2024. One of the vulnerabilities listed by Microsoft was the CVE-2024-38106. This vulnerability is associated with Windows Kernel Privilege Escalation affecting multiple Microsoft Windows OSes including Windows…

Read more →

Google has released a patch addressing a critical zero-day vulnerability that has been actively exploited. This vulnerability, CVE-2024-32896, is a privilege escalation flaw within the Android Framework component. The patch, part of the Android Security Bulletin for September 2024, underscores…

Read more →

The FBI has issued a stark warning to cryptocurrency companies, highlighting increased sophisticated cyberattacks orchestrated by North Korean hackers. These attacks, primarily targeting employees within the decentralized finance (DeFi) and cryptocurrency sectors, are part of a broader strategy to steal…

Read more →

A new malicious software named “Fury Stealer” has been detected, posing a significant threat to online security. The malware, created by an unidentified threat actor, is designed to steal sensitive information, including login passwords, from unsuspecting victims. Cybersecurity analyst MonThreat…

Read more →

The D-Link DAP-2310 Wireless Access Point (WAP) has been identified as vulnerable to remote code execution (RCE). Dark Wolf Solutions discovered this vulnerability, which seriously threatens users by allowing attackers to gain unauthorized remote access. This guide delves into the…

Read more →

Cyble Research & Intelligence Labs has recently found information about a new type of malware-as-a-service (MaaS) called ‘ManticoraLoader’ in some underground forums. Since August 8, 2024, on forums and Telegram, this MaaS service has been offered by the threat group…

Read more →

The FTC has ordered Verkada to implement a comprehensive information security program to address its lax security practices that allowed a hacker to compromise customer security cameras.  Verkada will pay a $2.95 million fine for violating the CAN-SPAM Act by…

Read more →

Microsoft identified a new custom multi-stage backdoor, “Tickler,” deployed by the Iranian state-sponsored threat actor Peach Sandstorm between April and July 2024.  Targeting sectors like satellite, communications equipment, oil and gas, and government, Tickler has been used to gather intelligence.…

Read more →

Microsoft has identified a North Korean threat actor, Citrine Sleet, exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution on cryptocurrency targets.  The threat actor deployed the FudModule rootkit, previously attributed to Diamond Sleet, suggesting potential shared…

Read more →

Head Mare, a Russian-focused hacktivist group, gained notoriety in 2023 by targeting organizations in Russia and Belarus as they employ phishing tactics to distribute WinRAR archives exploiting the CVE-2023-38831 vulnerability, gaining initial access to victims’ systems.  Once inside, they steal…

Read more →

Zoom is a widely used videotelephony software used for virtual meetings, and its wide audience base attracts the hackers most. Cyble Research & Intelligence Labs (CRIL) has uncovered a sophisticated phishing operation targeting Zoom users.  The scheme utilizes a fraudulent…

Read more →

The stable channel for desktops has been updated to version 128.0.6613.119/.120 for Windows and Mac, and 128.0.6613.119 for Linux. This update will be gradually rolled out over the coming days and weeks. For those using the Extended Stable channel, version…

Read more →

The People’s Cyber Army of Russia is a Russian hacktivist group known for its strategic use of DDoS attacks and other disruptive tactics.  Operating as part of the broader Russian cyber warfare landscape, the group has been involved in several…

Read more →

The FBI, CISA, MS-ISAC, and HHS have released a joint advisory detailing known RansomHub ransomware indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).  RansomHub, a ransomware-as-a-service variant, has been active since February 2024, targeting various critical infrastructure sectors,…

Read more →

Microsoft has identified a new Iranian state-sponsored threat actor, Peach Sandstorm, deploying a custom multi-stage backdoor named Tickler.  This backdoor has been used to target various sectors, including satellite, communications equipment, oil and gas, and government, in the United States…

Read more →

The recent campaign targeting the Czech Republic involves a malicious ZIP file that contains a decoy LNK file and a batch script. The LNK runs the batch script, which spawns a decoy PDF document and renames a masqueraded PDF file…

Read more →

Security Operations Centers (SOCs) and security analysts are under immense pressure to stay ahead of potential attacks. Enter CloudSOC, an open-source project designed to empower SOC teams and security analysts by providing a modern architecture that leverages open-source tools for…

Read more →

The APT-Q-12 group, also known as Pseudo Hunter, is a Northeast Asian threat actor linked to Darkhotel, which primarily targets East Asian countries, including China, North Korea, Japan, and South Korea.  They employ sophisticated techniques to infiltrate systems and steal…

Read more →

Hackers usually shift their attention towards Atlassian due to flaws in its software, especially in products like Confluence, which put organizations’ private data at risk. There are many exploits accessible over the Internet, and the ease of the attack vector…

Read more →

BlackByte, a Ransomware-as-a-Service (RaaS) group that surfaced about mid-2021 appears to have traces of Conti’s evolution. It uses productive sophistication such as bypassing security measures through the use of kernel-level exploited drivers, inducing self-replicating ransomware with worm features, and leveraging…

Read more →