Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories on October 15, 2024. These advisories provide essential information about current security issues, vulnerabilities, and potential exploits affecting ICS. The advisories focus on vulnerabilities in…

Read more →

The Cerberus Android banking trojan, which gained notoriety in 2019 for its ability to target financial and social media apps, has continued to evolve and spread through various forks and variants.  Recent research has uncovered a new campaign, dubbed ErrorFather,…

Read more →

The Horus Protector crypter is being used to distribute various malware families, including AgentTesla, Remcos, Snake, NjRat, and others, whose primarily spread through archive files containing VBE scripts, which are encoded VBS scripts.  Once executed, these scripts decode and execute…

Read more →

A group of hackers reportedly sells sensitive data stolen from Cisco Systems, Inc. The breach, allegedly carried out by a collective known as IntelBroker in collaboration with EnergyWeaponUser and zjj, has raised significant concerns across the tech industry. Details of…

Read more →

A critical vulnerability in Fortinet’s FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in the wild. This format string flaw vulnerability has raised significant concerns due to its potential for remote code execution. The flaw allows attackers to control format…

Read more →

Splunk has disclosed multiple vulnerabilities affecting its Enterprise product, which could allow attackers to execute remote code. These vulnerabilities, primarily affecting Windows installations, highlight the critical need for organizations to update and secure their systems promptly. Overview of the Security…

Read more →

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further investigation, where researchers have identified 40 variants, 16 droppers, and 22 active Command and Control servers associated with this threat.  These variants employ advanced techniques like…

Read more →

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies and connecting to various IP addresses. It establishes multiple backdoor connections and monitors user activity through Windows UI element hooks, which poses a significant security risk…

Read more →

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on critical infrastructure in the UAE and wider Gulf region.  The group employs sophisticated techniques to gain unauthorized access and exfiltrate sensitive data, such as using a…

Read more →

A critical security vulnerability has been discovered in the popular Java framework pac4j. The vulnerability specifically affects versions before 4.0 of the pac4j-core module. This vulnerability, identified as CVE-2023-25581, exposes systems to potential remote code execution (RCE) attacks due to…

Read more →

Scammers use sophisticated AI technology to impersonate tech giants like Google, aiming to take over unsuspecting users’ Gmail accounts. A recent incident highlights these fraudsters’ cunning tactics, underscoring the need for heightened vigilance. The Initial Contact: A Suspicious Notification The…

Read more →

A security vulnerability in Zendesk, a widely used customer service tool, has been uncovered. This flaw allowed attackers to access support tickets from any company using Zendesk, posing significant risks to sensitive information. Zendesk initially dismissed the vulnerability, which involved…

Read more →

18 individuals and entities have been charged with widespread fraud and manipulation within the cryptocurrency markets. The charges, unsealed in Boston, target leaders of four cryptocurrency companies, four financial services firms known as “market makers,” and various employees. This case…

Read more →

Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication on cryptocurrency exchanges, which is designed specifically for NAF (New Account Fraud) attacks and can create verified but synthetic accounts by mimicking facial recognition authentication. By…

Read more →

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported…

Read more →

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide. The flaw, identified as CVE-2024-43047, is a use-after-free vulnerability resulting from memory corruption in the DSP Services while maintaining memory maps of HLOS memory. Vulnerability in Qualcomm…

Read more →

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a host of bug fixes and updates to enhance user experience and functionality. Hosted by the Wireshark Foundation, this tool is indispensable for troubleshooting, analysis, development, and…

Read more →

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability was found in Foxit PDF Reader, a widely used alternative to Adobe Acrobat.  Given the memory corruption vulnerability, attackers could execute arbitrary code on the machine…

Read more →

VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow attackers to gain root access. The vulnerabilities, identified as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, affect both VMware NSX and VMware Cloud Foundation. According to the Broadcom report,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action…

Read more →

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and…

Read more →

Hackers have infiltrated the Japan Aerospace Exploration Agency (JAXA), compromising the accounts of several high-ranking officials, including President Hiroshi Yamakawa. This alarming incident is part of a series of cyberattacks targeting JAXA since June 2023, raising concerns about the security…

Read more →

The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial ransom payments by employing third-party ransomware payloads like Babuk, RTM Locker, and RagnarLocker to encrypt files on Windows and Linux systems.  It employs ransomware in a…

Read more →

Google has rolled out a new update for its Chrome browser, addressing several high-severity security vulnerabilities. The Stable channel has been updated to version 129.0.6668.100/.101 for Windows and Mac and 129.0.6668.100 for Linux. Users will be able to access this…

Read more →

As hurricanes and other natural disasters feel their presence, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging individuals to be on high alert for potential malicious cyber activities. The agency highlights the increased risk of fraudulent…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has warned regarding two critical zero-day vulnerabilities affecting Microsoft Windows products. These vulnerabilities, identified as CVE-2024-43572 and CVE-2024-43573, pose significant security risks and have been reportedly exploited in the wild. CVE-2024-43572: Microsoft Windows…

Read more →

The attackers exploited the EternalBlue vulnerability to gain initial access to the observatory farm, creating a hidden administrative share and executing a malicious batch file named p.bat.  This batch file performed various malicious actions like creating and executing malicious executables,…

Read more →

Recent discoveries in the automotive cybersecurity landscape have unveiled a series of critical zero-day vulnerabilities that could allow attackers to gain full control over vehicle systems. These vulnerabilities, highlighted in a presentation by security researcher Amit Geynis of PlaxidityX, underscore…

Read more →

The Awaken Likho APT group launched a new campaign in June of 2024 with the intention of targeting Russian government agencies and businesses by targeting them. The group has abandoned its previous use of the UltraVNC module for remote access…

Read more →

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network on October 5th, leading to significant disruptions in its services. The company disclosed the breach after conducting an internal investigation. The investigation revealed that the unauthorized…

Read more →

A new open-source scanner has been released to detect a critical vulnerability in the Common Unix Printing System (CUPS), explicitly targeting CVE-2024-47176. This vulnerability and others in the chain pose significant risks as it can allow remote code execution on…

Read more →

Comcast Cable Communications LLC has reported that over 237,000 users’ data has been compromised. The breach, which occurred on February 14, 2024, was discovered on July 17, 2024, and has raised concerns about the company’s cybersecurity measures. Details of the…

Read more →

American Water Works Company, Inc., a leading provider of water and wastewater services, announced that it had detected unauthorized activity within its computer networks. The company confirmed that this activity was the result of a cybersecurity incident. Upon discovery, American…

Read more →

Google has launched a pilot program to block malicious sideloading apps. This initiative is part of Google’s ongoing efforts to protect users from financial fraud and cybercrime, which have risen globally, particularly in India. Cybercrime continues to be a significant…

Read more →

A critical security vulnerability has been identified in the Cacti network monitoring tool that could allow attackers to execute remote code on affected systems. The vulnerability, detailed in the recent release of Cacti version 1.2.28, highlights the need for system…

Read more →

The researcher investigated the potential security risks associated with debugging dump files in Visual Studio by focusing on vulnerabilities that could be exploited without relying on memory corruption or specific PDB file components.  After analyzing various libraries used during debug…

Read more →

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star Blizzard, a notorious Russian hacking group. This collaborative effort marks a significant step in safeguarding global democratic processes from cyber threats. Unsealing the Operation The United…

Read more →

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to systems used for court-authorized wiretapping. According to a Reuters report, the attack targeted the networks of Verizon Communications, AT&T, and Lumen Technologies. The breach raises severe…

Read more →

A critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to remote code execution attacks. This vulnerability, with a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on affected…

Read more →

A new ransomware campaign targeting individuals and organizations in the UK and the US has been identified. The attack, known as the “Prince Ransomware,” utilizes a phishing scam that impersonates the British postal carrier Royal Mail. This campaign highlights the…

Read more →

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from…

Read more →

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of domains a Russian hacking group linked to the Federal Security Service (FSB) uses. This collaborative effort is critical in countering cyber threats targeting democratic institutions worldwide.…

Read more →

Researchers have uncovered a sophisticated Linux malware, dubbed “perfctl,” actively targeting millions of Linux servers worldwide. This malicious software exploits over 20,000 types of server misconfigurations, posing a significant threat to any Linux server connected to the internet. The malware’s…

Read more →

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000 fine following a significant data breach last year. The breach involved the accidental release of the personal details of 9,400 officers and staff. Despite representations to…

Read more →

ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify and analyze emerging cyber threats. This upgrade underscores ANY.RUN’s commitment to providing comprehensive threat intelligence solutions, empowering users to navigate the ever evolving landscape of cyber…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog. This vulnerability, CVE-2024-29824, affects Ivanti Endpoint Manager (EPM) and has become a target for cybercriminals using public exploits in…

Read more →

A critical vulnerability has been discovered in Cisco’s Nexus Dashboard Fabric Controller (NDFC), potentially allowing hackers to execute arbitrary commands on affected systems. This flaw, identified as CVE-2024-20432, was first published on October 2, 2024. Its CVSS score of 9.9…

Read more →

The Tor Project has announced the release of Tor Browser 13.5.6, which is now available for download from its official website and distribution directory. This latest version includes significant updates that focus on enhancing security and user experience across all…

Read more →

A recently discovered vulnerability in Bluetooth technology has raised significant security concerns. This flaw could allow hackers to intercept passcodes during the device pairing process, affecting a wide range of Bluetooth devices and potentially having far-reaching implications for users worldwide.…

Read more →

The need for advanced tools that can effectively simulate real-world threats is paramount. Enter GhostStrike, a sophisticated cybersecurity tool explicitly designed for Red Team operations. With its array of features aimed at evading detection and performing process hollowing on Windows…

Read more →

Google Workspace has announced new password policies that will impact how users and third-party apps access Google services. The changes, aimed at eliminating less secure sign-in methods, will be implemented in stages throughout 2024. Here’s what you need to know…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently being exploited in the wild. These vulnerabilities affect various products, from routers to software platforms, posing significant risks to users worldwide. The vulnerabilities have been identified…

Read more →

In a new campaign that is aimed at users who speak Russian, the modular remote access tool (RAT) known as DCRat has been utilized.  Delivered through HTML smuggling, a technique not previously seen with DCRat, the malware leverages its typical…

Read more →

The newly emerged Gorilla Botnet has exhibited unprecedented activity, launching over 300,000 DDoS attacks against targets in over 100 countries between September 4 and 27.  The botnet, a modified version of Mirai, supports multiple CPU architectures and employs advanced techniques…

Read more →

Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according to Mayor Vitali Klitschko. The German-supplied technology has achieved a 100% hit rate in defending the Ukrainian capital. The German government plans to install Diehl missile…

Read more →

Simon Kaura, a Nigerian national deported from the United Kingdom, was sentenced in a U.S. federal court for his involvement in a global conspiracy to sell stolen financial information on the dark web. The sentencing marks a crucial victory in…

Read more →

Cybersecurity experts have uncovered a significant connection between hacktivist groups BlackJack and Twelve through overlapping tactics, techniques, and procedures (TTPs). This discovery illuminates the sophisticated methods employed by these groups and raises questions about their potential collaboration or shared objectives.…

Read more →

The Israeli army reportedly hacked into the control tower of Beirut’s Rafic Hariri International Airport. The incident involved issuing threats against an Iranian civilian aircraft attempting to land, according to official sources cited by Anadolu Agency. Lebanese Response to Israeli…

Read more →

Cybercriminals have shifted their focus to mobile devices, targeting users with a malicious crypto drainer app disguised as the legitimate WalletConnect protocol, which remained undetected for over five months and was downloaded 10,000 times, exploited the name of the well-known…

Read more →

Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which leverage NLP and ML are increasingly being used by businesses to enhance productivity and revenue. While they offer personalized experiences and valuable data insights, they also…

Read more →

The LummaC2 obfuscator employs a novel control flow protection scheme designed specifically for its stealer component, which is part of a broader set of transformations, making it difficult for analysts to reverse engineer the binary.  It introduces obfuscated code that…

Read more →

Phishing attackers employed an HTML smuggling technique to deliver a malicious payload, as the attack chain started with a phishing email mimicking an American Express notification, leading to a series of redirects.  The final redirect pointed to a Cloudflare R2…

Read more →

Hackers are increasingly exploiting third-party email infrastructures to send spam emails. This tactic complicates the detection and prevention of spam and threatens the integrity of legitimate email communications. By leveraging vulnerabilities in various online platforms, cybercriminals can masquerade as legitimate…

Read more →

Cybersecurity researchers have uncovered a significant vulnerability in Kia vehicles that allowed hackers to remotely control key functions using nothing more than a car’s license plate. This breach, discovered on June 11, 2024, exposed the potential for unauthorized access to…

Read more →

The original threat actor behind the Octo malware family has released a new variant, Octo2, with enhanced stability for remote action capabilities to facilitate Device Takeover attacks.  This new variant targets European countries and employs sophisticated obfuscation techniques, including the…

Read more →

The RansomHub ransomware group tracked as Water Bakunawa, employs targeted spear-phishing to exploit the Zerologon vulnerability, allowing them to gain unauthorized access to networks, affecting various industries and critical infrastructure sectors, demanding ransom payments for data release.  The group’s recent…

Read more →

Runtime environments offer a flexible way to customize Automation Account Runbooks with specific packages. While base system-generated environments can’t be directly modified, they can be indirectly changed by adding packages to the old experience and then switching to the new…

Read more →

The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations. It encrypts and deletes victim data, exfiltrates sensitive information, and aims to inflict maximum damage on critical assets. The threat actor likely scans IP address ranges…

Read more →

North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue for their regime, evading sanctions and funding WMD programs by exploiting privileged access to enable cyber intrusions.  Facilitators, often non-North Koreans, assist these workers by laundering…

Read more →

Researchers observed two distinct instances where users were inadvertently led to malicious websites after conducting Google searches for video streaming services. These victims were redirected to malicious URLs that employed a deceptive tactic while attempting to access sports or movie…

Read more →

Kryptina RaaS, a free and open-source RaaS platform for Linux, initially struggled to attract attention. Still, after a Mallox affiliate’s staging server was leaked in May 2024, Kryptina’s modified version, branded Mallox v1.0, gained prominence.  The research examines the data…

Read more →

TeamTNT is targeting CentOS VPS clouds with SSH brute force attacks. It has uploaded a malicious script that disables security, deletes logs, and modifies system files to kill existing miners, remove Docker containers, and redirect DNS to Google servers. The…

Read more →

C2 frameworks, crucial for post-exploitation operations, offer open-source alternatives to Cobalt Strike. They streamline the management of compromised systems, enable efficient collaboration, and evade detection by providing customizable behaviors. It is a toolset attackers use to control and manage compromised…

Read more →

Microsoft has identified a new attack vector employed by the financially motivated threat actor Vanilla Tempest. This actor has been observed leveraging the INC ransomware to target healthcare organizations within the United States.  Specifically, Vanilla Tempest is exploiting vulnerabilities in…

Read more →

In the past four weeks, a significant increase in malware distribution attempts via fake Captcha campaigns has been observed, targeting over 1.4 million users. Lumma Stealer, a hazardous malware designed for data theft, is the primary payload being distributed.  Cybercriminals…

Read more →

Researchers are tracking a Russian threat actor deploying domains involved in crypto scams targeting the US Presidential Election and tech brands. The scams offer double crypto returns for deposits and are designed to deceive users into sending coins to attacker-controlled…

Read more →

Arc’s Boosts feature lets users customize websites with CSS and JavaScript. While JavaScript Boosts are not shareable to protect security, they are synced across devices for personal use. Misconfigured Firebase ACLs enabled unauthorized users to modify the creatorID of Boosts,…

Read more →

The Five Eyes agencies recently released a joint cybersecurity advisory detailing a new botnet, Flax Typhoon, linked to Chinese state-sponsored actors. The advisory highlights the actors’ use of compromised routers and IoT devices to establish a vast botnet capable of…

Read more →

Cybersecurity researchers from BitSight TRACE have uncovered multiple 0-day vulnerabilities in Automated Tank Gauge (ATG) systems, which are integral to managing fuel storage tanks across various critical infrastructures. These vulnerabilities in six ATG systems from five vendors pose significant threats…

Read more →

MoneyGram, a leading global money transfer service, has confirmed that it was the victim of a cyberattack, following a significant network outage that disrupted customer services worldwide. The company initially reported an issue with connectivity across several of its systems,…

Read more →

Franklin County, Kansas, has fallen victim to a ransomware attack that compromised the sensitive data of nearly 30,000 residents. The breach occurred on May 19, 2024, and was not discovered until August 29, 2024. According to a report submitted by…

Read more →

Cisco disclosed a critical vulnerability identified as CVE-2024-20439, affecting its Smart Licensing Utility. An independent researcher discovered this vulnerability through reverse engineering. It involves a hardcoded static password that could allow attackers to gain unauthorized access and control over affected…

Read more →

Researchers have uncovered a massive data breach at MC2 Data, a prominent background check firm. The breach has exposed sensitive information of over 100 million US citizens, raising serious concerns about data privacy and security. Background Check Firms Under Scrutiny…

Read more →

Hackers are now impersonating company Human Resources (HR) departments to deceive employees into revealing sensitive information. This latest phishing tactic highlights the increasing sophistication of cyber threats, leveraging trust and urgency to exploit corporate environments. In this article, we dissect…

Read more →

FreeBSD has disclosed a critical remote code execution (RCE) vulnerability affecting its bhyve hypervisor. This vulnerability, CVE-2024-41721, could allow attackers to execute malicious code on the host system. The advisory, which was announced on September 19, 2024, credits Synacktiv with…

Read more →

Apple’s latest operating system update, macOS 15, also known as Sequoia, has disrupted the functionality of several prominent security tools. Users and developers have taken to social media and Mac-focused Slack channels to express their frustration over the issues caused…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued six advisories concerning vulnerabilities: These advisories highlight critical industrial control system vulnerabilities. Rockwell Automation’s RSLogix 5 and RSLogix 500 software Rockwell Automation’s RSLogix 5 and RSLogix 500 software are vulnerable due…

Read more →

A hacking group has allegedly claimed responsibility for breaching the Dell employee database. The claim was made public on a well-known hacking forum, where the group asserted that they had accessed sensitive information belonging to approximately 10,800 Dell employees and…

Read more →

Hertz, a well-known car rental company, has inadvertently exposed over 60,000 insurance claim reports. This breach has raised serious concerns about the company’s data security practices and left customers questioning the safety of their personal information. Discovery of the Breach…

Read more →

GitLab has issued an urgent call to action for organizations using its platform to patch a critical authentication bypass vulnerability. This security flaw, CVE-2024-45409, affects instances configured with SAML-based authentication. The vulnerability could potentially allow unauthorized access to sensitive data.…

Read more →

SambaSpy Attacking Windows Users With Weaponized PDF FilesResearchers discovered a targeted cybercrime campaign in May 2024 that exclusively focused on Italian victims, which was unusual as attackers typically aim for broader targets to increase profits.  However, this campaign implemented checks…

Read more →

Recent intelligence indicates a new technique employed by stealers to trick victims into entering credentials directly into a browser, enabling subsequent theft from the browser’s credential store. This method, used in conjunction with StealC malware, was first observed in August…

Read more →

Researchers identified an attack campaign targeting poorly secured Linux SSH servers, where the attack leverages Supershell, a cross-platform reverse shell backdoor written in Go, granting attackers remote control of compromised systems.  Following the initial infection, attackers are suspected to have…

Read more →

Researchers discovered a large, Chinese state-sponsored IoT botnet, “Raptor Train,” that compromised over 200,000 SOHO and IoT devices. Operated by Flax Typhoon, the botnet leveraged a sophisticated control system, “Sparrow,” to manage its extensive network.  The botnet posed a significant…

Read more →

A new method of attack has emerged that leverages WebDAV technology to host malicious files. This approach, which facilitates the distribution of the Emmenhtal loader—also known as PeakLight—has been under scrutiny since December 2023. The loader is notorious for its…

Read more →

A proof-of-concept (PoC) exploit has been released for a critical zero-day vulnerability identified as CVE-2024-7965, affecting Google’s Chrome browser. This vulnerability explicitly targets the V8 JavaScript engine and is exclusive to ARM64 architectures. The release of this PoC has raised…

Read more →

A threat actor on a well-known dark web forum has allegedly claimed responsibility for a significant data breach involving the Indian financial institution, Federal Bank. The breach reportedly exposes sensitive information of hundreds of thousands of customers, raising serious concerns…

Read more →

The anonymity of the Tor network has been scrutinized in a recent investigation by German law enforcement agencies. Despite these revelations, the Tor Project maintains that its network remains secure for users. This article delves into the details of the…

Read more →

Authorities have successfully dismantled “Ghost,” an encrypted communication platform allegedly used by cybercriminals worldwide. The operation, led by the Australian Federal Police (AFP) and involving international law enforcement agencies, marks a major victory in the ongoing battle against transnational crime…

Read more →

Cybersecurity firm Dr.Web faced a targeted cyber attack on its infrastructure on September 14. The incident prompted the company to disconnect its servers as a precautionary measure. Despite the disruption, no users protected by Dr.Web’s systems were affected. Dr.Web specialists…

Read more →