Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Ensuring adherence to GDPR, the ANY RUN sandbox service employs TLS 1.3 for data in transit and AES-256 for data at rest; it is hosted in Germany and provides supplementary tools, predominantly for enterprise plans, to empower users with greater…

Read more →

A critical vulnerability in CrushFTP, identified as CVE-2024-4040, has been actively exploited in the wild. It allows attackers to perform unauthenticated remote code execution on vulnerable servers. This severe security flaw affects versions of CrushFTP before 10.7.1 and 11.1.0, enabling…

Read more →

Hackers have been found exploiting Google search ads to distribute malware through MSI (Microsoft Installer) packages. This campaign, involving the malware loader known as FakeBat, targets unsuspecting users by masquerading as legitimate software downloads. The Infection Chain: From Ad to…

Read more →

Veeam Service Provider console has been discovered with two critical vulnerabilities that were associated with Remote Code Execution. A CVE for these vulnerabilities is yet to be assigned. These vulnerabilities exist in version 7.x and version 8.x of the Veeam…

Read more →

A new critical vulnerability has been discovered in PDF.js, which could allow a threat actor to execute arbitrary code when opening a malicious PDF. PDF.js allows browsers to render PDF files without any plugins or external software.  This vulnerability affects…

Read more →

Hackers are now using steganography techniques to distribute the notorious Remote Access Trojan (RAT) known as RemcosRAT. This method, which involves hiding malicious code within seemingly innocuous image files, marks a concerning evolution in malware delivery tactics. The Initial Breach:…

Read more →

Juniper Threat Labs has reported active exploitation attempts targeting vulnerabilities in Ivanti Pulse Secure VPN appliances. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited to deliver the Mirai botnet, among other malware, posing a significant threat to network…

Read more →

Google has announced an update to its two-factor authentication (2FA) process, also known as 2-step Verification (2SV), aimed at simplifying the setup and making it easier for users to secure their accounts. The changes rolled out on Monday, May 6,…

Read more →

In collaboration with US and Australian authorities, the UK’s National Crime Agency (NCA) has unmasked and sanctioned the leader of the notorious LockBit ransomware group, once considered the world’s most harmful cybercrime operation. Russian national Dmitry Khoroshev, who went by…

Read more →

Hackers target LNK (Windows shortcut) files to disseminate malware because they can embed malicious code that automatically executes when the shortcut is clicked.  LNK files appear harmless but can stealthily trigger malware downloads or other malicious actions, making them an…

Read more →

A significant update for Trend Micro’s Antivirus One software has been released. The update addresses a critical vulnerability that may have enabled attackers to inject malicious code.  The vulnerability, called custom dynamic library injection vulnerability CVE-2024-34456, may enable an attacker…

Read more →

In a cybersecurity update, Samsung announced the patching of 25 vulnerabilities in its mobile devices, aiming to fortify them against potential code execution and privilege escalation attacks. This move is part of Samsung’s ongoing efforts to enhance the security of…

Read more →

In a groundbreaking discovery, cybersecurity experts at Leviathan Security Group have unveiled a new type of cyberattack dubbed “TunnelVision,” which poses a threat to the security of Virtual Private Networks (VPNs).  This sophisticated attack method allows cybercriminals to bypass the…

Read more →

A security vulnerability has been identified in Citrix NetScaler ADC and Gateway appliances, allowing remote attackers to access sensitive data without authentication. This flaw, identified as an out-of-bounds memory read issue, affects versions up to 13.1-50.23 of the software and…

Read more →

APT42, a group linked to the Iranian government, is using social engineering tactics such as impersonating journalists and event organizers to trick NGOs, media, academia, legal firms, and activists into providing credentials to access their cloud environments. They exfiltrate data…

Read more →

Several new variants of Atomic macOS Stealer, or AMOS have been observed that are intended to exfiltrate sensitive data from affected Macs.  AMOS is transmitted by Trojan horses, which frequently pose as allegedly pirated or “cracked” versions of apps. It…

Read more →

The Best SIEM tools for you will depend on your specific requirements, budget, and organizational needs. There are several popular and highly regarded SIEM (Security Information and Event Management) tools available in the market What is SIEM? A security information…

Read more →

Cybercriminals target American Express cardholders through deceptive emails that mimic official communications from the financial services giant. The scam attempts to trick users into divulging sensitive personal and financial information. How the Scam Works According to a recent tweet from…

Read more →

In today’s digital age, civil society is facing a serious threat in the form of invasive malware and surveillance technology that has the potential to cause irreparable harm. These malicious tools can infiltrate systems and compromise sensitive information, posing a…

Read more →

The Damselfly Advanced Persistent Threat (APT) group, also known as APT42, has been actively utilizing custom backdoor variants, NiceCurl and TameCat, to infiltrate Windows machines. These backdoors are primarily delivered through spear-phishing campaigns, marking a significant escalation in the capabilities…

Read more →

Julius “Zeekill” Kivimäki, once Europe’s most wanted teenage hacker, has been arrested. Kivimäki, known for his involvement with the notorious Lizard Squad, was apprehended after a series of cybercrimes that shocked the continent. A Decade of Cyber Terror Julius Kivimäki’s cybercrime career began in his early teens and quickly escalated to high-profile attacks. As…

Read more →

Linksys routers were discovered with two vulnerabilities: CVE-2024-33788 and CVE-2024-33789. These vulnerabilities were associated with Command Injection on Linksys routers. The severity of these vulnerabilities is yet to be categorized. However, a proof-of-concept has been published for these two vulnerabilities.…

Read more →

A security flaw has been identified in Tinyproxy, a lightweight HTTP/HTTPS proxy daemon widely used in small network environments. The vulnerability, cataloged under CVE-2023-49606, allows remote attackers to execute arbitrary code on the host machine. This flaw poses a critical…

Read more →

Vincent Cannady, a professional who used to work as a consultant in the cybersecurity field, has been taken into custody for allegedly trying to extort a sum of money that could go up to $1.5 million from an IT company…

Read more →

Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges.  Clicking initiates a malicious redirect, exposing users to scams or malware exploiting user familiarity with CAPTCHAs, bypassing suspicion, and…

Read more →

Apache ActiveMQ is a Java based communication management tool for communicating with multiple components in a server. It is an open-source widely used messaging service that can be used to send messages between two or more applications. However, Apache ActiveMQ…

Read more →

An emerging threat leverages Microsoft’s Graph API to facilitate command-and-control (C&C) communications through Microsoft cloud services.  Recently, security analysts at Symantec discovered a previously undocumented malware called BirdyClient or OneDriveBirdyClient. This malware targeted an organization in Ukraine. It abused Microsoft…

Read more →

In the latest edition of Verizon’s Data Breach Investigations Report (DBIR) for 2024, a concerning trend has been highlighted, a significant 68% of data breaches are now occurring due to social engineering attacks. This revelation underscores the increasing sophistication and…

Read more →

The United States government has issued a stark warning about a new wave of social engineering attacks orchestrated by North Korean hackers. The Department of State, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have jointly…

Read more →

APT actors and cybercriminals both exploit proxy anonymization layers and VPN nodes to mask their malicious activities, while Pawn Storm, a well-known APT group, infiltrated a cybercriminal botnet of compromised Ubiquiti EdgeRouters in 2022 and used it for espionage.  The…

Read more →

Cisco has disclosed multiple vulnerabilities in its IP Phone firmware that could severely impact users by allowing unauthenticated, remote attackers to perform denial of service (DoS) attacks, gain unauthorized access, and view sensitive information. These vulnerabilities affect several Cisco IP…

Read more →

Security researchers at FortiGuard Labs discovered a new botnet in April that exploits a weakness in D-Link devices. Dubbed “Goldoon,” this botnet has been observed exploiting a nearly decade-old security flaw, CVE-2015-2051, to gain unauthorized control over affected routers and…

Read more →

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at…

Read more →

Cuttlefish is a new malware platform that has been identified to be active since at least July 2023. This malware platform specifically targets networking equipment like enterprise-grade small office/home office routers. The latest campaign is discovered to be ongoing from…

Read more →

Hackers use deep fake AI photos to impersonate individuals online, allowing them to deceive, manipulate, or gain unauthorized access to sensitive information or systems.  Cybersecurity researchers at InfoBlox recently discovered GoldFamily, an evolved GoldDigger trojan targeting iOS devices to steal…

Read more →

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at…

Read more →

While facilitating remote work, remote desktop software presents security challenges for IT teams due to the use of various tools and ports. The multitude of ports makes it difficult to monitor for malicious traffic.  Weak credentials and software vulnerabilities are…

Read more →

Multiple vulnerabilities have been discovered in ArubaOS that affect HPE Aruba Networking devices, including Mobility Conductor, Mobility Controllers WLAN Gateways, and SD-WAN Gateways managed by Aruba Central. These vulnerabilities are linked to Unauthenticated Buffer Overflow (CVE-2024-26305, CVE-2024-26304, CVE-2024-33511, CVE-2024-33512 and…

Read more →

A group of hackers has claimed responsibility for infiltrating several servers belonging to the United Arab Emirates government. The announcement was made through a tweet, which has sparked widespread concern and discussions about cybersecurity measures within government infrastructures. Document Integrate…

Read more →

Russian hacktivists increasingly target small-scale operational technology (OT) systems across North America and Europe. These attacks, primarily focused on the Water and Wastewater Systems (WWS), Dams, Energy, and Food and Agriculture sectors, pose significant threats to critical infrastructure. The Cybersecurity…

Read more →

Cybersecurity experts have uncovered a series of sophisticated cyberattacks targeting poorly managed Microsoft SQL (MS-SQL) servers. The attackers, identified as the TargetCompany ransomware group, have been deploying the Mallox ransomware in a bid to encrypt systems and extort victims. This…

Read more →

Honeywell’s 2024 GARD USB Threat Report analyzes malware discovered on USB devices used in industrial settings, highlighting a significant increase in malware prevalence, with a 33% rise in detections compared to the prior year.  The malware poses a serious threat…

Read more →

A Ukrainian national, Yaroslav Vasinskyi, has been sentenced to 13 years and seven months in prison. Vasinskyi, known in the cyber underworld as Rabotnik, was also ordered to pay over $16 million in restitution for his role in orchestrating more…

Read more →

In a recent development that has caught the attention of IT administrators and users alike, Microsoft has acknowledged a significant issue affecting VPN connections on Windows devices. This problem has emerged following the installation of the April 2024 security update,…

Read more →

Panda Restaurant Group, Inc., a leading name in the fast-food industry, has confirmed a significant breach in its corporate data systems. The incident, which came to light on March 10, 2024, has potentially compromised the personal information of an undisclosed…

Read more →

In the ever-evolving cybersecurity landscape, Google is continually striving to protect user data from malicious actors. In a recent blog post, the tech giant revealed a novel method to detect browser data theft using Windows Event Logs. This approach aims…

Read more →

In a startling revelation, nearly 20% of Docker Hub repositories have been identified as conduits for malware and phishing scams, underscoring the sophisticated tactics employed by cybercriminals to exploit the platform’s credibility. The investigation unveiled that attackers had been operating…

Read more →

Kubernetes (K8s) is an open-source container orchestration platform designed to automate application container deployment, scaling, and running.  Containers are isolated software packages that are lightweight and contain everything required for running an app.  In Kubernetes, a “sidecar” refers to an…

Read more →

Microsoft’s Azure platform is a highly acclaimed and widely recognized solution that organizations worldwide are leveraging. It is regarded as a game-changer in the industry and has emerged as a dependable and efficient platform that helps businesses achieve their goals…

Read more →

The first instance of Redline using such a method is in a new variant of Redline Stealer malware that McAfee has discovered uses Lua bytecode to obfuscate its malicious code.  The malware was discovered on a legitimate Microsoft repository (vcpkg)…

Read more →

A threat actor reportedly sells a database containing 49 million user records from Dell, one of the world’s leading technology companies. This significant security breach encompasses a wide range of personal and corporate information, potentially exposing millions of Dell customers…

Read more →

A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide the framework to create that experience for both users and developers. Here’s what these principles mean in practice: With those…

Read more →

A new RAT malware has been discovered to be targeting Android devices. This malware is capable of executing additional commands compared to other RAT malware. This malware can also perform phishing attacks by disguising itself as legitimate applications like Snapchat,…

Read more →

BlackBerry reported a new iOS LightSpy malware, but Huntress researchers found it to be a macOS variant targeting Intel or Apple Silicon with Rosetta 2-enabled devices.  This caused media confusion, as Apple’s recent spyware alert likely referred to Pegasus spyware,…

Read more →

Kaiser Permanente, one of the largest healthcare providers in the United States, was the victim of a cyber attack that compromised the personal information of approximately 13.4 million users. This incident, which involved unauthorized access to the systems of City…

Read more →

A serious concern has arisen for iPhone users in the European Union as a newly discovered flaw in Apple’s Safari browser has the potential to expose them to tracking and malicious activities. The vulnerability lies in the fact that third-party…

Read more →

Researchers have uncovered a novel infection chain associated with the DarkGate malware. This Remote Access Trojan (RAT), developed using Borland Delphi, has been marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum since at least 2018. The DarkGate…

Read more →

Gemini 1.5 Pro is the latest version of the Gemini AI malware analysis platform, which is set to transform the cybersecurity industry. With its innovative features, it enables security teams to detect, investigate, and respond to malware threats with unprecedented…

Read more →

In the world of cloud computing, Amazon Web Services (AWS) is a giant that offers a wide range of services that cater to various needs, from storage to computation. Among these services, AWS S3 (Simple Storage Service) is a trendy…

Read more →

The popular open-source platform Grafana, widely used for monitoring and observability, has been found to contain a severe SQL injection vulnerability. This flaw allows attackers with valid user credentials to execute arbitrary SQL commands, potentially leading to data leakage and…

Read more →

Cybersecurity experts have meticulously traced the timeline of a sophisticated ransomware attack that spanned 29 days from the initial breach to the deployment of Dagon Locker ransomware. This case study not only illuminates cybercriminals’ efficiency and persistence but also underscores…

Read more →

A large botnet-as-a-service network originating from China was discovered, which comprises numerous domains, over 20 active Telegram groups, and utilizes other domestic communication channels.  The infrastructure that supports this botnet, located in China, raises concerns about the potential for large-scale,…

Read more →

Microsoft released multiple product security patches on their April 2024 Patch Tuesday updates. One of the vulnerabilities addressed was CVE-2024-26218, associated with the Windows Kernel Privilege Escalation vulnerability, which had a severity of 7.8 (High).  This vulnerability relates to a…

Read more →

A new ransomware named KageNoHitobito has been targeting Windows users across various countries. It encrypts their data and demands a ransom through sophisticated means. This article delves into the mechanics of the KageNoHitobito ransomware and its attack methodology and provides…

Read more →

Hackers often focus on flaws in Microsoft products since they are commonly employed in various institutions and personal computers, which means they have a bigger area to attack.  This is because these systems could be used as an entry point…

Read more →

A new family of mobile malware known as “Brokewell” has been found to have a wide range of device takeover capabilities.  This seriously threatens the banking sector by giving attackers remote access to all the resources made available via mobile…

Read more →

Okta has issued a warning about the increasing prevalence of credential-stuffing attacks. These attacks, which leverage stolen user credentials to gain unauthorized access to accounts, are facilitated by the widespread use of residential proxy services. This alarming trend underscores the…

Read more →

A recent malware campaign used a VBA macro in a Word document to download and execute a 64-bit Rust binary. This binary employs fileless injection techniques to load a malicious AgentTesla payload into its memory space.  The malware leverages CLR…

Read more →

Some router models have identified a security vulnerability that allows attackers to bypass authentication. To exploit this vulnerability, an attacker must know the WiFi password or have an Ethernet connection to a device on the victim’s network.  Firmware updates that…

Read more →

Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage. This makes them attractive targets for data theft and ransomware attacks for the threat actors.  Besides this, the vulnerabilities in CrushFTP servers…

Read more →

DDoS attacks are a significant and growing risk that can overpower websites, crash servers, and block out authorized users with never-ending waves of offensive traffic. More than 13 million DDoS attacks were recorded in 2023 alone, which reveals the real…

Read more →

Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine. It has been closely monitoring the situation and has successfully detected all stages of the attack. CVE-2017-8570: The Initial Vector…

Read more →

In a historic move, Microsoft has made the source code for MS-DOS 4.0, one of the most influential operating systems of all time, publicly available on GitHub. This decision marks a significant milestone in the company’s commitment to open-source software…

Read more →

A new attack campaign has been discovered to be employed by the FROZEN#SHADOW, which utilized SSLoad malware for its operations and Cobalt Strike Implants to pivot and take over the entire network. In addition, the threat actors also used Remote…

Read more →

Hackers exploit PowerShell, a built-in scripting tool on Windows (and sometimes Linux), to launch various attacks. PowerShell scripts can download malware, bypass antivirus, steal data, and grant remote access.   The scripts are attractive to attackers because they are easy to…

Read more →

A new cybersecurity threat has emerged as a zero-click remote code execution (RCE) exploit targeting Apple’s iMessage service is reportedly being circulated on various hacker forums. This exploit, which allows hackers to take control of an iPhone without any interaction…

Read more →

Hackers exploit LOCKBIT Builder due to its versatility in creating customized ransomware payloads which enable them to tailor attacks to specific targets and evade detection by security measures. DragonForce Ransomware emerged in November 2023, employing double extortion tactics – data…

Read more →

A critical flaw has been identified in the popular online code editor, JudgeO. If exploited, this vulnerability could allow attackers to execute arbitrary code with root-level privileges, posing a significant threat to systems and data integrity. Is Your Network Under…

Read more →

Attackers are employing evasion techniques to bypass detection and extend dwell time on compromised systems. This is achieved by targeting unmonitored devices, leveraging legitimate tools, and exploiting zero-day vulnerabilities.  While defenders are improving detection speed (dwell time decreased from 16…

Read more →

Attackers are employing evasion techniques to bypass detection and extend dwell time on compromised systems. This is achieved by targeting unmonitored devices, leveraging legitimate tools, and exploiting zero-day vulnerabilities.  While defenders are improving detection speed (dwell time decreased from 16…

Read more →

Cisco has released critical security updates to address multiple vulnerabilities in its Adaptive Security Appliance (ASA) devices and Firepower Threat Defense (FTD) software, collectively known as the “ArcaneDoor” vulnerabilities. If exploited, these vulnerabilities could allow a cyber threat actor to…

Read more →

Cybersecurity experts at Seqrite Labs have reported a surge in cyberattacks against Indian government entities. These attacks have been attributed to Pakistani Advanced Persistent Threat (APT) groups, which have been intensifying their malicious activities. Attack Methods The recent campaigns uncovered…

Read more →

In a joint advisory released by cybersecurity agencies across Canada, Australia, and the United Kingdom, IT professionals and managers in government and critical sectors are alerted to sophisticated cyber-attacks targeting CISCO ASA VPN devices. Background on the Cyber Threat The…

Read more →

Security researchers at Cisco Talos have uncovered a sophisticated cyber espionage campaign dubbed “ArcaneDoor” conducted by a state-sponsored threat actor tracked as UAT4356 (STORM-1849). This campaign targeted government networks globally by exploiting multiple zero-day vulnerabilities in Cisco’s Adaptive Security Appliance…

Read more →

AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns. Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders. Zscaler’s Phishing Report 2024 is based…

Read more →

This campaign is observed to be targeting multiple countries, including the U.S., Nigeria, Germany, Egypt, the U.K., Poland, the Philippines, Norway, and Japan. The threat actor behind this ongoing campaign has been identified as “CoralRaider, ” whose Tactics, Techniques, and…

Read more →

The widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code execution, Arbitrary code injection, and Prototype Pollution. These vulnerabilities have been assigned with CVE-2024-21508, CVE-2024-21509, and CVE-2024-21511. The severity of these vulnerabilities ranges from 6.5 (Medium)…

Read more →

A new type of Remote Access Trojan (RAT) named Spyroid has been identified. This malicious software is specifically designed to infiltrate Android systems, stealing confidential data and compromising user privacy. What is Spyroid RAT? Spyroid RAT is a sophisticated malware…

Read more →

Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites sending user data to a controversial Chinese advertising technology vendor, Yeahmobi. This discovery raises significant concerns about privacy and the integrity of data handling by public…

Read more →

Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members aiming to undermine affiliate confidence. In response, LockBit publicly exposed an affiliate payment dispute, potentially causing further affiliate migration.  The behavior of a major RaaS group…

Read more →

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure software market player. This potential acquisition is part of IBM’s transformation into a hybrid cloud and AI-focused enterprise. Potential Acquisition Details Sources close to the matter…

Read more →

The United States Justice Department has announced big rewards for information leading to the capture of four Iranian nationals. These individuals are accused of conducting a sophisticated multi-year cyber campaign against American companies. The announcement underscores the gravity of cyber…

Read more →

When cyber attacks strike, it’s rarely a single computer that suffers. Nowadays, cybercriminals set their sights on corporate networks, aiming to infiltrate and compromise multiple systems. But how do these bad actors manage to breach large networks? It all starts…

Read more →

Oracle Virtualbox was identified and reported as having a critical vulnerability associated with Privilege Escalation and Arbitrary File Move/Delete. This vulnerability was assigned with CVE-2024-21111, and the severity was 7.8 (High).  However, Oracle has acted swiftly upon the report and…

Read more →

To combat the misuse of commercial spyware, the United States Department of State has announced visa restrictions on 13 individuals linked to developing and selling these invasive technologies. This decision underscores a broader initiative by the U.S. government to address…

Read more →

The Volkswagen Group has fallen victim to a sophisticated hacking incident, with over 19,000 sensitive documents stolen. Investigations point towards a possible involvement of Chinese hackers, raising concerns over international cyber espionage and the security of global automotive giants. The…

Read more →

A SIM Swap Scam or SIM Cloning Scam exploits a vulnerability in a two-factor authentication (2FA) system that relies on SMS messages for verification codes, where attackers aim to gain control of the victim’s mobile phone number by convincing the…

Read more →

Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool. This flaw, if exploited, could allow attackers to execute arbitrary code remotely, posing a significant threat to systems using this software. The vulnerability has been…

Read more →

A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks. Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw…

Read more →

The ongoing tension between privacy rights and public safety, Europol, along with European Police Chiefs, has issued a call for tech giants to provide lawful access to encrypted communications. This development comes as major social media platforms, including those owned…

Read more →