Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Russia Sentenced Hydra Dark Web Market Developer for Life Time

A Russian court has sentenced Stanislav Moiseyev, believed to be the founder of the notorious Hydra darknet marketplace, to life imprisonment. The Moscow Regional Court delivered the verdict on charges related to organized crime and drug trafficking, concluding a significant…

HPE IceWall Flaw Let Attackers cause Unauthorized Data Modification

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin addressing a critical vulnerability in its IceWall product line. Identified as CVE-2024-11856, this flaw could allow attackers to remotely modify data without authorization. This flaw is capable of enabling unauthorized…

Beware Of Malicious PyPI Packages That Inject infostealer Malware

Recent research uncovered a novel crypto-jacking attack targeting the Python Package Index (PyPI), where malicious actors uploaded a legitimate-seeming cryptocurrency client package, “aiocpa,” to gradually build a user base.  Subsequently, a malicious update was pushed, compromising user wallets. By utilizing…

Linux 6.13-rc1 Released: What’s New!

In a recent announcement, Linus Torvalds, the creator of Linux, officially released the first release candidate (RC1) for Linux kernel version 6.13. This release marks the end of the merge window, and for the first time in recent memory, the…

MediaTek Processor Vulnerabilities Let Attackers Escalate Privileges

Several vulnerabilities affecting MediaTek processors have been identified, potentially allowing attackers to escalate privileges on affected devices. These vulnerabilities span multiple components, including video decoding, telephony, power management, and modem functionalities, posing significant risks to users worldwide. Overview of Vulnerabilities…

Ransomware Developer Mikhail Matveev Arrested in Russia

Russian authorities have arrested Mikhail Matveev, a notorious Russian hacker linked to multiple ransomware attacks worldwide. Matveev, who was also known by online aliases such as Wazawaka, Uhodiransomwar, m1x, and Boriselcin, was detained in Kaliningrad, Russia, following an investigation into…

New Phishing Attack Targeting Corporate Internet Banking Users

A sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users. This attack, which has rapidly gained attention nationwide, involves fraudsters impersonating bank representatives to deceive victims into providing sensitive banking information. The attack begins with a phone…

Uniswap Labs to Offer $15.5 Million Bounty for Bug Hunters

Uniswap Labs has launched a $15.5 million bug bounty program to ensure the security of its latest protocol, Uniswap v4. This substantial bounty is the largest ever offered in the history of the DeFi sector. Uniswap v4 represents the latest…

UK Healthcare Provider Hit by Cyberattack, Services Affected

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack, leading to the declaration of a major incident. The cyberattack has affected the hospital’s IT systems, necessitating a shift from digital to paper-based processes in certain…

Zyxel Firewall Vulnerability Actively Exploited in Attacks

Zyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products. This follows a detailed report by cybersecurity firm Sekoia highlighting vulnerabilities previously disclosed in Zyxel’s systems. The company has responded swiftly to these potential threats,…

APT-C-60 Attacking HR Department With Weaponized Resumes

APT-C-60 launched a phishing attack in August 2024, targeting domestic organizations with malicious emails disguised as job applications. These emails, sent to recruitment departments, contained malware designed to compromise systems and potentially steal sensitive data.  The attack leverages a targeted…

Helldown Ransomware Attacking Windows And Linux Servers Evading Detection

Helldown Ransomware, a sophisticated cyber threat, actively targets critical industries worldwide by leveraging advanced cross-platform capabilities, including Windows and Linux, to encrypt files and exploit system vulnerabilities.  Its modular design and anti-detection techniques enable continuous evolution and persistent attacks, which…

New Skimmer Malware Steals Credit Card Data From Checkout Pages

A JavaScript-based malware targeting Magento eCommerce websites has been identified, which is designed to skim payment card details and activates exclusively on checkout pages.  The malware dynamically generates a fraudulent credit card form or directly extracts sensitive payment information, where…

Researchers Detailed New Exfiltration Techniques Used By Ransomware Groups

Ransomware groups and state-sponsored actors increasingly exploit data exfiltration to maximize extortion and intelligence gains by leveraging a mix of custom and legitimate tools to steal sensitive data, including financial, personal, and classified information.  To mitigate risks, organizations must implement…

Shut Down Phishing Attacks -Detection & Prevention Checklist

In today’s interconnected world, where digital communication and transactions dominate, phishing attacks have become an ever-present threat. By masquerading as trustworthy entities, phishing attacks deceive users and organizations into divulging sensitive information, such as passwords, financial data, and personal details.…

New Windows 11 Vulnerability Lets Attackers Elevate Privileges

A new vulnerability has been discovered in Windows 11, specifically affecting the 23H2 version. This vulnerability is identified in the ksthunk.sys driver, allows attackers to exploit an integer overflow in the CKSAutomationThunk::ThunkEnableEventIrp function to escalate their privileges on the system. Technical Details The flaw…

“Bootkitty” – A First Ever UEFI Bootkit Attack Linux Systems

Cybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems. This discovery, named ‘Bootkitty’, marks a new chapter in UEFI threats, which have predominantly targeted Windows systems until now. The UEFI (Unified Extensible Firmware Interface) threat landscape…

Europol Dismantled Major Illegal IPTV Streaming Network Providers

In a major crackdown on illegal streaming, law enforcement authorities across Europe, supported by Europol and Eurojust, have successfully dismantled one of the largest illegal streaming networks operating both within and outside the EU. The extensive operation targeted a network…

Matrix, A Single Actor Orchestrate Global DDOS Attack Campaign

Cybersecurity researchers have uncovered a widespread Distributed Denial-of-Service (DDoS) campaign attributed to a threat actor using the alias “Matrix.” This campaign, characterized by its global scale and the actor’s low technical sophistication, highlights the evolving landscape of cyber threats where…

Why the MITRE ATT&CK Evaluation Is Essential for Security Leaders

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed choices about which solutions and strategies they employ to protect their organizations. The “MITRE Engenuity ATT&CK Evaluations: Enterprise” stands out as an essential resource for cybersecurity decision-makers…

ProjectSend Authentication Vulnerability Exploited in the Wild

ProjectSend, an open-source file-sharing web application, has become a target of active exploitation following the recent assignment of CVE-2024-11680 on November 25, 2024. Despite the availability of a patch for more than a year, adoption rates remain alarmingly low, leaving…

NVIDIA UFM Vulnerability Leads to Privilege Escalation & Data Tampering

NVIDIA has released a critical security update addressing a significant vulnerability in its Unified Fabric Manager (UFM) products. This flaw, identified as CVE-2024-0130, poses a high-severity risk to users, with a CVSS v3.1 base score of 8.8. The vulnerability could allow attackers…

Junior School Student Indicted for Infecting Computers With Malware

Fukui Prefectural Police have indicted a 15-year-old junior high school student from Saitama Prefecture for allegedly creating and distributing malware. The young suspect, who was only 14 at the time of the incidents, faces charges under Japan’s Unauthorized Access Prevention…

Critical Gitlab Vulnerability Let Attackers Escalate Privileges

GitLab, a widely used platform for DevOps lifecycle management, has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address multiple vulnerabilities, including a high-severity issue that could allow attackers to escalate privileges via…

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical security fixes. This latest release enhances privacy, developer tools, and enterprise functionality while introducing several new features and updates. Here’s everything you need to know! One…

Beware Of SpyLoan Apps Exploits Social Engineering To Steal User Data

SpyLoan apps, a type of PUP, are rapidly increasing, exploiting social engineering to deceive users into granting excessive permissions, where these apps, installed millions of times, exfiltrate sensitive data to C2 servers via encrypted HTTP requests.  Primarily targeting South America,…

Researchers Detailed Tools Used By Hacktivists Fueling Ransomware Attacks

CyberVolk, a politically motivated hacktivist group, has leveraged readily available ransomware builders like AzzaSec, Diamond, LockBit, and Chaos to launch DDoS and ransomware attacks against targets opposing Russian interests.  The highly skilled members of the group modify and improve these…

Blue Yonder Ransomware Attack Impacts Starbucks & Multiple Supermarkets

A ransomware attack on Blue Yonder, a leading supply chain management software provider, has created ripples across global retail and manufacturing sectors, affecting major players like Starbucks and prominent UK supermarket chains. The breach, which occurred on November 21, underscores…

CISA Details Red Team Assessment Including TTPs & Network Defense

The Cybersecurity and Infrastructure Security Agency (CISA) recently detailed findings from a Red Team Assessment (RTA) conducted on a critical infrastructure organization in the United States. The assessment, carried out over three months, simulated real-world cyberattacks to evaluate the organization’s…

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute malicious JavaScript and send crafted requests to interconnected Microsoft applications like Outlook, OneDrive, and Copilot. The exploit leveraged the trust placed in Bing’s root domain…

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including sophisticated fraud schemes such as “pig butchering.” This move is part of Meta’s ongoing effort to combat organized criminal networks that exploit social media platforms…

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2024-11477, has been attributed to an integer underflow in the Zstandard decompression implementation, which could…

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft’s Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based cybercriminal Abanoub Nady, known online as “MRxC0DER.”  Nady developed and sold “do-it-yourself” phishing kits under the fraudulent “ONNX” brand, enabling cybercriminals to easily launch large-scale…

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions.  Initial access is…

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection and analysis by infiltrating systems primarily via USB drives, utilizing the TOR network for covert communication with its C2 servers.  The malware’s multi-layered structure and…

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report from Censys reveals that over 145,000 industrial control system (ICS) devices are exposed to the internet. Among these, thousands of human-machine interfaces (HMIs) — which…

DOJ Asks Google to Sell $20 Billion Worth Chrome to End Monopoly

In a dramatic escalation of its antitrust lawsuit against Google, the U.S. Department of Justice (DOJ) has proposed sweeping changes to the tech giant’s operations, including the forced sale of its Chrome browser and potentially its Android operating system. The…

US Seizes PopeyeTools Cybercrime Platform & Arrested Admins

The U.S. Department of Justice (DOJ) announced the seizure of the illicit PopeyeTools platform, a notorious online marketplace for stolen credit cards and cybercrime tools. Alongside the takedown, authorities unsealed criminal charges against three alleged administrators: Abdul Ghaffar (25) and…

FortiClient VPN Flaw Enables Undetected Brute-Force Attacks

A design flaw in the logging mechanism of Fortinet’s VPN servers has been uncovered, allowing attackers to conduct brute-force attacks without detection. This vulnerability, disclosed by cybersecurity researchers at Pentera, highlights a critical gap in Fortinet’s ability to log successful…

Helldown Ransomware Attacking VMware ESXi And Linux Servers

Helldown, a new ransomware group, actively exploits vulnerabilities to breach networks, as since August 2024, they have compromised 28 victims, leaking their data on a dedicated website.  The ransomware group IS has updated its data leak site, removing three victims,…

5 Hackers Charged for Attacking Companies via Phishing Text Messages

Federal authorities have unsealed charges against five individuals accused of orchestrating sophisticated phishing schemes that targeted employees of companies across the United States. The alleged hackers reportedly stole confidential company data and millions of dollars in cryptocurrency by exploiting stolen…

Researchers Detailed FrostyGoop Malware Attacking ICS Devices

FrostyGoop, a newly discovered OT-centric malware that exploited Modbus TCP to disrupt critical infrastructure in Ukraine, capable of both internal and external attacks, targets industrial control systems (ICS) devices.  By sending malicious Modbus commands, FrostyGoop can cause physical damage to…

Phobos Ransomware Admin as Part of International Hacking Operation

The U.S. Department of Justice unsealed criminal charges today against Evgenii Ptitsyn, a 42-year-old Russian national accused of being a key figure in the notorious Phobos ransomware syndicate. Ptitsyn was extradited from South Korea and made his initial appearance in the…

Apache Kafka Vulnerability Let Attackers Escalate Privileges

A newly identified vulnerability tracked as CVE-2024-31141, has been discovered in Apache Kafka Clients that could allow attackers to escalate privileges and gain unauthorized filesystem read access. This vulnerability, rated as Moderate in severity, affects multiple versions of Apache Kafka Clients and has raised concerns…

Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

Zohocorp, the company behind ManageEngine, has released a security update addressing a critical SQL injection vulnerability in its ADAudit Plus software. The flaw, identified as CVE-2024-49574, affects all builds of ADAudit Plus before version 8123 and has been classified as high severity.…

Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability

Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions. These vulnerabilities, identified as CVE-2024-5082 and CVE-2024-5083, could potentially allow attackers to exploit the system through remote code execution (RCE)…

GeoVision 0-Day Vulnerability Exploited in the Wild

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices, which the manufacturer no longer supports. The vulnerability, now designated as CVE-2024-11120, has been assigned a high-severity CVSS score of 9.8 and used by a sophisticated…

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers in Europe and the USA during the Black Friday shopping season.  The campaign leveraged the legitimate payment processor Stripe to steal victims’ Cardholder Data (CHD)…

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022 by employing sophisticated social engineering techniques to infiltrate target networks, often leveraging advanced malware to compromise systems undetected.  Once inside, Black Basta extorts victims with…

Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building web applications. The vulnerability allows unauthorized access by exploiting improperly validated inputs, potentially leading to privilege escalation, data tampering, or full system compromise. Given Laravel’s…

CISA Warns of Actors Exploiting Two Palo Alto Networks Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, CVE-2024-9463 and CVE-2024-9465, are reportedly actively exploited by malicious cyber…

4M+ WordPress Websites to Attacks, Following Plugin Vulnerability

A critical vulnerability has been discovered in the popular “Really Simple Security” WordPress plugin, formerly known as “Really Simple SSL,” putting over 4 million websites at risk. The flaw, identified as CVE-2024-10924, exposes websites using the plugin to potential remote attacks,…

Google to Issue CVEs for Critical Cloud Vulnerabilities

Google Cloud has announced a significant step forward in its commitment to transparency and security by stating it will begin issuing Common Vulnerabilities and Exposures (CVEs) for critical vulnerabilities found in its cloud services. This move, which underscores Google’s dedication…

Windows 0-Day Exploited in Wild with Single Right Click

A newly discovered zero-day vulnerability, CVE-2024-43451, has been actively exploited in the wild, targeting Windows systems across various versions. This critical vulnerability, uncovered by the ClearSky Cyber Security team in June 2024, has been linked to attacks aimed specifically at Ukrainian…

Fortinet Patches Critical Flaws That Affected Multiple Products

Fortinet, a leading cybersecurity provider, has issued patches for several critical vulnerabilities impacting multiple products, including FortiAnalyzer, FortiClient, FortiManager, and FortiOS. These vulnerabilities could allow attackers to perform unauthorized operations, escalate privileges, or hijack user sessions. Below are detailed descriptions…

China-Nexus Actors Hijack Websites to Deliver Cobalt Strike malware

A Chinese state-sponsored threat group, identified as TAG-112, has been discovered hijacking Tibetan community websites to deliver Cobalt Strike malware, according to a recent investigation by Recorded Future’s Insikt Group. According to a report from Recorded Future, the investigation revealed…