Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

In a presentation at the POC 2024 conference, cybersecurity expert Andrey Konovalov revealed a novel method for covertly disabling the LED indicator of the ThinkPad X230’s webcam, highlighting ongoing vulnerabilities in USB-connected devices. Like many laptops, the ThinkPad X230 has…

Read more →

A sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users. This attack, which has rapidly gained attention nationwide, involves fraudsters impersonating bank representatives to deceive victims into providing sensitive banking information. The attack begins with a phone…

Read more →

Uniswap Labs has launched a $15.5 million bug bounty program to ensure the security of its latest protocol, Uniswap v4. This substantial bounty is the largest ever offered in the history of the DeFi sector. Uniswap v4 represents the latest…

Read more →

A publicly exposed database has left the sensitive information of hundreds of thousands of individuals vulnerable to potential misuse. Not protected by passwords or encryption, the database contained 644,869 PDF files, totaling 713.1 GB, exposing a treasure trove of personal…

Read more →

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack, leading to the declaration of a major incident. The cyberattack has affected the hospital’s IT systems, necessitating a shift from digital to paper-based processes in certain…

Read more →

Zyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products. This follows a detailed report by cybersecurity firm Sekoia highlighting vulnerabilities previously disclosed in Zyxel’s systems. The company has responded swiftly to these potential threats,…

Read more →

APT-C-60 launched a phishing attack in August 2024, targeting domestic organizations with malicious emails disguised as job applications. These emails, sent to recruitment departments, contained malware designed to compromise systems and potentially steal sensitive data.  The attack leverages a targeted…

Read more →

Helldown Ransomware, a sophisticated cyber threat, actively targets critical industries worldwide by leveraging advanced cross-platform capabilities, including Windows and Linux, to encrypt files and exploit system vulnerabilities.  Its modular design and anti-detection techniques enable continuous evolution and persistent attacks, which…

Read more →

UNC2465, a financially motivated threat actor, leverages the SMOKEDHAM backdoor to gain initial access to target networks, which are often delivered via phishing emails, trojanized software, or supply chain attacks, enabling persistence and lateral movement.  Once in the network, UNC2465…

Read more →

A JavaScript-based malware targeting Magento eCommerce websites has been identified, which is designed to skim payment card details and activates exclusively on checkout pages.  The malware dynamically generates a fraudulent credit card form or directly extracts sensitive payment information, where…

Read more →

Ransomware groups and state-sponsored actors increasingly exploit data exfiltration to maximize extortion and intelligence gains by leveraging a mix of custom and legitimate tools to steal sensitive data, including financial, personal, and classified information.  To mitigate risks, organizations must implement…

Read more →

A series of vulnerabilities have been identified, posing significant risks to the system’s security. These vulnerabilities could allow attackers to trigger denial of service (DoS) attacks and execute script injections, as highlighted in recent advisories. Denial of Service Vulnerability in…

Read more →

In today’s interconnected world, where digital communication and transactions dominate, phishing attacks have become an ever-present threat. By masquerading as trustworthy entities, phishing attacks deceive users and organizations into divulging sensitive information, such as passwords, financial data, and personal details.…

Read more →

A new vulnerability has been discovered in Windows 11, specifically affecting the 23H2 version. This vulnerability is identified in the ksthunk.sys driver, allows attackers to exploit an integer overflow in the CKSAutomationThunk::ThunkEnableEventIrp function to escalate their privileges on the system. Technical Details The flaw…

Read more →

Microsoft has re-released the November 2024 Security Update (SU) with enhancements to rectify problems encountered with transport rules. Originally rolled out on November 12, 2024, as part of its ongoing security update efforts, the initial SU (referred to as Nov…

Read more →

Cybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems. This discovery, named ‘Bootkitty’, marks a new chapter in UEFI threats, which have predominantly targeted Windows systems until now. The UEFI (Unified Extensible Firmware Interface) threat landscape…

Read more →

In a major crackdown on illegal streaming, law enforcement authorities across Europe, supported by Europol and Eurojust, have successfully dismantled one of the largest illegal streaming networks operating both within and outside the EU. The extensive operation targeted a network…

Read more →

Cybersecurity researchers have uncovered a widespread Distributed Denial-of-Service (DDoS) campaign attributed to a threat actor using the alias “Matrix.” This campaign, characterized by its global scale and the actor’s low technical sophistication, highlights the evolving landscape of cyber threats where…

Read more →

Microsoft has recently released patches addressing multiple vulnerabilities that could enable attackers to elevate privileges across various Microsoft products. The patches are part of Microsoft’s continuous efforts to enhance security and protect its users from threats. The Microsoft Security Response…

Read more →

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices about which solutions and strategies they employ to protect their organizations. The “MITRE Engenuity ATT&CK Evaluations: Enterprise” stands out as an essential resource for cybersecurity decision-makers…

Read more →

The xattr command in Unix-like systems allows for the embedding of hidden metadata within files, similar to Windows ADS, known as Rustyattr, which is being exploited by threat actors like Lazarus Group to stealthily conceal malicious payloads within seemingly benign…

Read more →

ProjectSend, an open-source file-sharing web application, has become a target of active exploitation following the recent assignment of CVE-2024-11680 on November 25, 2024. Despite the availability of a patch for more than a year, adoption rates remain alarmingly low, leaving…

Read more →

NVIDIA has released a critical security update addressing a significant vulnerability in its Unified Fabric Manager (UFM) products. This flaw, identified as CVE-2024-0130, poses a high-severity risk to users, with a CVSS v3.1 base score of 8.8. The vulnerability could allow attackers…

Read more →

Fukui Prefectural Police have indicted a 15-year-old junior high school student from Saitama Prefecture for allegedly creating and distributing malware. The young suspect, who was only 14 at the time of the incidents, faces charges under Japan’s Unauthorized Access Prevention…

Read more →

GitLab, a widely used platform for DevOps lifecycle management, has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address multiple vulnerabilities, including a high-severity issue that could allow attackers to escalate privileges via…

Read more →

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical security fixes. This latest release enhances privacy, developer tools, and enterprise functionality while introducing several new features and updates. Here’s everything you need to know! One…

Read more →

In a new wave of cyberattacks, the Russia-aligned hacking group “RomCom” has been found exploiting critical zero-day vulnerabilities in Microsoft Windows and Mozilla Firefox products. Security researchers at ESET uncovered the alarming attack chain, which uses the vulnerabilities to deploy…

Read more →

Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and government entities since 2023.  They employ advanced techniques, including exploiting vulnerabilities, lateral movement, and deploying multiple backdoors like GHOSTSPIDER, SNAPPYBEE, and MASOL RAT, which have…

Read more →

A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which is installed on over 200,000 websites. The vulnerability, which includes two distinct flaws (CVE-2024-10542 and CVE-2024-10781), could allow attackers to install and activate arbitrary plugins…

Read more →

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users into granting excessive permissions, where these apps, installed millions of times, exfiltrate sensitive data to C2 servers via encrypted HTTP requests.  Primarily targeting South America,…

Read more →

CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond, LockBit, and Chaos to launch DDoS and ransomware attacks against targets opposing Russian interests.  The highly skilled members of the group modify and improve these…

Read more →

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created ripples across global retail and manufacturing sectors, affecting major players like Starbucks and prominent UK supermarket chains. The breach, which occurred on November 21, underscores…

Read more →

Several high-severity vulnerabilities have been identified in Android and Google Pixel devices, exposing millions of users to potential security risks. These flaws, categorized under various CVEs (Common Vulnerabilities and Exposures), range from privilege escalation to data theft and unauthorized access…

Read more →

IBM has issued a security bulletin warning customers about a vulnerability in its Workload Scheduler software that allows user credentials to be stored in plain text. This issue, identified as CVE-2024-49351, could enable local users to access sensitive information such…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment (RTA) conducted on a critical infrastructure organization in the United States. The assessment, carried out over three months, simulated real-world cyberattacks to evaluate the organization’s…

Read more →

Dell Technologies has released a security update for its Wyse Management Suite (WMS) to address multiple vulnerabilities that could allow malicious users to compromise affected systems. Wyse Management Suite is a flexible hybrid cloud solution that empowers IT admin to securely…

Read more →

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced techniques, whereas recent variants focus on stealing Facebook Ads Manager budget details, potentially enabling malicious ad campaigns.  Now they pilfer credit card information alongside browser…

Read more →

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims to fake login pages hosted on Weebly, targeting telecommunications and financial sectors in late October 2024. Financially motivated threat actors exploit Weebly’s ease of use…

Read more →

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute malicious JavaScript and send crafted requests to interconnected Microsoft applications like Outlook, OneDrive, and Copilot. The exploit leveraged the trust placed in Bing’s root domain…

Read more →

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including sophisticated fraud schemes such as “pig butchering.” This move is part of Meta’s ongoing effort to combat organized criminal networks that exploit social media platforms…

Read more →

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content management solution. The vulnerability, rated with a CVSS v3.1 Base Score of 9.8 (Critical), could allow attackers to execute arbitrary code on affected servers. This…

Read more →

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2024-11477, has been attributed to an integer underflow in the Zstandard decompression implementation, which could…

Read more →

A massive data breach has sent shockwaves across the globe, as a database containing sensitive financial information for over 1.2 million credit cards has been leaked on the dark web. According to reports from cybersecurity watchers, the database was shared…

Read more →

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as “GruesomeLarch” (also known as APT28, Fancy Bear, or Forest Blizzard), has unveiled a novel attack technique dubbed the “Nearest Neighbor Attack.” Leveraging compromised Wi-Fi networks close…

Read more →

Microsoft’s Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based cybercriminal Abanoub Nady, known online as “MRxC0DER.”  Nady developed and sold “do-it-yourself” phishing kits under the fraudulent “ONNX” brand, enabling cybercriminals to easily launch large-scale…

Read more →

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services.  The group has deployed various backdoors, including Cobalt…

Read more →

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions.  Initial access is…

Read more →

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection and analysis by infiltrating systems primarily via USB drives, utilizing the TOR network for covert communication with its C2 servers.  The malware’s multi-layered structure and…

Read more →

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report from Censys reveals that over 145,000 industrial control system (ICS) devices are exposed to the internet. Among these, thousands of human-machine interfaces (HMIs) — which…

Read more →

In a dramatic escalation of its antitrust lawsuit against Google, the U.S. Department of Justice (DOJ) has proposed sweeping changes to the tech giant’s operations, including the forced sale of its Chrome browser and potentially its Android operating system. The…

Read more →

The U.S. Department of Justice (DOJ) announced the seizure of the illicit PopeyeTools platform, a notorious online marketplace for stolen credit cards and cybercrime tools. Alongside the takedown, authorities unsealed criminal charges against three alleged administrators: Abdul Ghaffar (25) and…

Read more →

In a breach that lawmakers are calling the most serious in U.S. history, Chinese hackers infiltrated the nation’s telecommunications systems, gaining the ability to listen to phone conversations and read text messages by exploiting outdated equipment and vulnerabilities in network…

Read more →

A design flaw in the logging mechanism of Fortinet’s VPN servers has been uncovered, allowing attackers to conduct brute-force attacks without detection. This vulnerability, disclosed by cybersecurity researchers at Pentera, highlights a critical gap in Fortinet’s ability to log successful…

Read more →

Helldown, a new ransomware group, actively exploits vulnerabilities to breach networks, as since August 2024, they have compromised 28 victims, leaking their data on a dedicated website.  The ransomware group IS has updated its data leak site, removing three victims,…

Read more →

Two malicious Python packages masquerading as tools for interacting with popular AI models ChatGPT and Claude were recently discovered on the Python Package Index (PyPI), the official repository for Python libraries. These packages reportedly remained undetected for over a year,…

Read more →

Federal authorities have unsealed charges against five individuals accused of orchestrating sophisticated phishing schemes that targeted employees of companies across the United States. The alleged hackers reportedly stole confidential company data and millions of dollars in cryptocurrency by exploiting stolen…

Read more →

FrostyGoop, a newly discovered OT-centric malware that exploited Modbus TCP to disrupt critical infrastructure in Ukraine, capable of both internal and external attacks, targets industrial control systems (ICS) devices.  By sending malicious Modbus commands, FrostyGoop can cause physical damage to…

Read more →

The U.S. Department of Justice unsealed criminal charges today against Evgenii Ptitsyn, a 42-year-old Russian national accused of being a key figure in the notorious Phobos ransomware syndicate. Ptitsyn was extradited from South Korea and made his initial appearance in the…

Read more →

A newly identified vulnerability tracked as CVE-2024-31141, has been discovered in Apache Kafka Clients that could allow attackers to escalate privileges and gain unauthorized filesystem read access. This vulnerability, rated as Moderate in severity, affects multiple versions of Apache Kafka Clients and has raised concerns…

Read more →

Maxar Space Systems, a leader in space technology and Earth intelligence solutions, has recently confirmed a significant data breach that exposed the personal information of both current and former employees. The breach, which took place in mid-October 2024, has raised…

Read more →

Zohocorp, the company behind ManageEngine, has released a security update addressing a critical SQL injection vulnerability in its ADAudit Plus software. The flaw, identified as CVE-2024-49574, affects all builds of ADAudit Plus before version 8123 and has been classified as high severity.…

Read more →

A critical new vulnerability has been discovered in Citrix’s Virtual Apps and Desktops solution, which is widely used to facilitate secure remote access to desktop applications now exploited in the wild. The vulnerability, which remains unpatched, was detailed last week…

Read more →

Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions. These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE)…

Read more →

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices, which the manufacturer no longer supports. The vulnerability, now designated as CVE-2024-11120, has been assigned a high-severity CVSS score of 9.8 and used by a sophisticated…

Read more →