Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Attackers are employing evasion techniques to bypass detection and extend dwell time on compromised systems. This is achieved by targeting unmonitored devices, leveraging legitimate tools, and exploiting zero-day vulnerabilities.  While defenders are improving detection speed (dwell time decreased from 16…

Read more →

Cisco has released critical security updates to address multiple vulnerabilities in its Adaptive Security Appliance (ASA) devices and Firepower Threat Defense (FTD) software, collectively known as the “ArcaneDoor” vulnerabilities. If exploited, these vulnerabilities could allow a cyber threat actor to…

Read more →

Cybersecurity experts at Seqrite Labs have reported a surge in cyberattacks against Indian government entities. These attacks have been attributed to Pakistani Advanced Persistent Threat (APT) groups, which have been intensifying their malicious activities. Attack Methods The recent campaigns uncovered…

Read more →

In a joint advisory released by cybersecurity agencies across Canada, Australia, and the United Kingdom, IT professionals and managers in government and critical sectors are alerted to sophisticated cyber-attacks targeting CISCO ASA VPN devices. Background on the Cyber Threat The…

Read more →

Security researchers at Cisco Talos have uncovered a sophisticated cyber espionage campaign dubbed “ArcaneDoor” conducted by a state-sponsored threat actor tracked as UAT4356 (STORM-1849). This campaign targeted government networks globally by exploiting multiple zero-day vulnerabilities in Cisco’s Adaptive Security Appliance…

Read more →

AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns. Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders. Zscaler’s Phishing Report 2024 is based…

Read more →

This campaign is observed to be targeting multiple countries, including the U.S., Nigeria, Germany, Egypt, the U.K., Poland, the Philippines, Norway, and Japan. The threat actor behind this ongoing campaign has been identified as “CoralRaider, ” whose Tactics, Techniques, and…

Read more →

The widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code execution, Arbitrary code injection, and Prototype Pollution. These vulnerabilities have been assigned with CVE-2024-21508, CVE-2024-21509, and CVE-2024-21511. The severity of these vulnerabilities ranges from 6.5 (Medium)…

Read more →

A new type of Remote Access Trojan (RAT) named Spyroid has been identified. This malicious software is specifically designed to infiltrate Android systems, stealing confidential data and compromising user privacy. What is Spyroid RAT? Spyroid RAT is a sophisticated malware…

Read more →

Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites sending user data to a controversial Chinese advertising technology vendor, Yeahmobi. This discovery raises significant concerns about privacy and the integrity of data handling by public…

Read more →

Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members aiming to undermine affiliate confidence. In response, LockBit publicly exposed an affiliate payment dispute, potentially causing further affiliate migration.  The behavior of a major RaaS group…

Read more →

IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure software market player. This potential acquisition is part of IBM’s transformation into a hybrid cloud and AI-focused enterprise. Potential Acquisition Details Sources close to the matter…

Read more →

The United States Justice Department has announced big rewards for information leading to the capture of four Iranian nationals. These individuals are accused of conducting a sophisticated multi-year cyber campaign against American companies. The announcement underscores the gravity of cyber…

Read more →

When cyber attacks strike, it’s rarely a single computer that suffers. Nowadays, cybercriminals set their sights on corporate networks, aiming to infiltrate and compromise multiple systems. But how do these bad actors manage to breach large networks? It all starts…

Read more →

Oracle Virtualbox was identified and reported as having a critical vulnerability associated with Privilege Escalation and Arbitrary File Move/Delete. This vulnerability was assigned with CVE-2024-21111, and the severity was 7.8 (High).  However, Oracle has acted swiftly upon the report and…

Read more →

To combat the misuse of commercial spyware, the United States Department of State has announced visa restrictions on 13 individuals linked to developing and selling these invasive technologies. This decision underscores a broader initiative by the U.S. government to address…

Read more →

The Volkswagen Group has fallen victim to a sophisticated hacking incident, with over 19,000 sensitive documents stolen. Investigations point towards a possible involvement of Chinese hackers, raising concerns over international cyber espionage and the security of global automotive giants. The…

Read more →

A SIM Swap Scam or SIM Cloning Scam exploits a vulnerability in a two-factor authentication (2FA) system that relies on SMS messages for verification codes, where attackers aim to gain control of the victim’s mobile phone number by convincing the…

Read more →

Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool. This flaw, if exploited, could allow attackers to execute arbitrary code remotely, posing a significant threat to systems using this software. The vulnerability has been…

Read more →

A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks. Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw…

Read more →

The ongoing tension between privacy rights and public safety, Europol, along with European Police Chiefs, has issued a call for tech giants to provide lawful access to encrypted communications. This development comes as major social media platforms, including those owned…

Read more →

A significant vulnerability has been identified in Citrix’s monitoring tool, uberAgent. If exploited, this flaw could allow attackers to escalate their privileges within the system, posing a serious risk to organizations using affected software versions. CVE-2024-3902 – Privilege escalation vulnerability…

Read more →

APT29, a Russian threat group, targeted German political parties with a new backdoor called WINELOADER using spear-phishing emails containing malicious links to ZIP files hosted on compromised websites. The ZIP files deployed an HTA that initiated a multi-stage infection chain,…

Read more →

Hackers often target PyPI packages to exploit vulnerabilities and inject malicious code into widely used Python libraries. Recently, cybersecurity researchers at FortiGuard Labs identified a malicious PyPI package attacking Discord users to steal credentials. The malicious PyPI package that was…

Read more →

Anonymous claims a successful cyberattack against the Israeli Defence Force (IDF), gaining access to 20 gigabytes of data, which allegedly includes over 233,000 military documents in various formats, like PDFs, Word files, and presentations.  The IDF considers the authenticity of…

Read more →

A new vulnerability has been unearthed, allowing attackers to gain rootkit-like abilities on Windows systems without requiring administrative privileges. Dubbed “MagicDot,” this vulnerability exploits the DOS-to-NT path conversion process within the Windows operating system. Here, we delve into the technical…

Read more →

A new exploit targeting VMware ESXi Shell Service has been discovered and is circulating on various hacking forums. This vulnerability poses a significant risk to organizations using VMware for their virtual environments, potentially allowing unauthorized access and control over virtual…

Read more →

A zero-day exploit targeting the popular messaging app WhatsApp has been advertised on underground hacker forums. The exploit has raised serious concerns regarding the safety of users on Android and iOS platforms. This exploit is reported to have the potential…

Read more →

CrushFTP is a file transfer server that supports secure protocols, offers easier configuration, and offers powerful monitoring tools. It also provides a web interface that allows users to transfer files using a web browser.  A critical vulnerability associated with FileSystem…

Read more →

Cybersecurity experts from SafeBreach have revealed a series of vulnerabilities that could allow attackers to remotely delete files on a computer using Windows Defender, potentially leading to data loss and system instability. Tomer Bar and Shmuel Cohen, seasoned security researchers…

Read more →

With the tightening grip of Chinese regulatory measures on foreign digital services, Apple Inc. has removed several major messaging apps, including WhatsApp and Threads by Meta Platforms, from its App Store in China. This decision follows direct orders from the…

Read more →

The notorious cybercrime group previously known as Hellokity has reemerged under a new alias, “HelloGookie.” This development was reported by the cybersecurity watchdog MonThreat via their Twitter account. Hellokity, known for its high-profile cyber-attacks, has been a significant player in…

Read more →

The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing approximately USD 42 million in ransom payments. This information comes from a detailed joint Cybersecurity Advisory issued by the FBI and the Cybersecurity and Infrastructure Security Agency…

Read more →

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale on a notorious hacker forum. This exploit, which has not yet been assigned a Common Vulnerabilities and Exposures (CVE) reference, is said to be capable of…

Read more →

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified as CVE-2024-3400. This zero-day flaw, found in the GlobalProtect Gateway, is currently under active exploitation by attackers. CVE-2024-3400 allows attackers to execute arbitrary OS commands on…

Read more →

As Russia’s invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS, APT44) cyber threat group remains highly active and increasingly integrated with Russian conventional military operations in support of Moscow’s war aims.  However, Sandworm’s disruptive operations now…

Read more →

IT employees in the automotive industry are often targeted by hackers because they have access to sensitive information such as customer data, intellectual property, and critical systems. The connected technologies’ dependence on the automotive industry and the value of their…

Read more →

A new banker, SoumniBot, has recently been identified. It targets Korean users and is incredible by using an unusual method to evade investigation and detection, notably obfuscating the Android manifest. In addition to its unique obfuscation, SoumniBot stands out for…

Read more →

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer base. The breach, first reported by the online security platform Have I Been Pwned, has compromised the sensitive personal information of thousands of customers. The breach…

Read more →

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity. This groundbreaking product, described as Cisco’s most consequential security solution, introduces a cloud-native, AI-powered approach to securing highly distributed, AI-scale data centers. Integrated directly into the network’s…

Read more →

Malware commonly encrypts its traffic (stolen data sent to a command-and-control server) and internal strings (like URLs and configurations) to prevent security systems from recognizing malicious content.  Cryptography fundamentals, classical ciphers, bitwise operations, XOR functions, and XOR cipher detection and…

Read more →

Authorities have dismantled LabHost, a notorious cybercrime platform that facilitated widespread phishing attacks across the globe. The crackdown on LabHost, which was founded in the UK in 2021, marks a significant victory against cybercriminal networks that have long exploited digital…

Read more →

Armis, a leading cybersecurity company, has acquired Silk Security, an AI-powered vulnerability detection firm. The acquisition comes when organizations grapple with a surge of security findings, with no scalable and automated way to prioritize and operationalize remediation. Ineffective processes and…

Read more →

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent vulnerabilities.  Prior studies often oversimplify the problem into binary classification tasks, which poses challenges for deep learning models to effectively learn diverse vulnerability characteristics.  To address…

Read more →

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber ransomware targeting Linux systems. This strain of the notorious malware has been observed exploiting a recent vulnerability in the Atlassian Confluence application to gain a foothold…

Read more →

DMARC is targeted by hackers as this serves to act as a preventative measure against email spoofing and phishing attempts.  They compromise DMARC (Domain-based Message Authentication Reporting and Conformance) so that they can evade email authentication protocols, consequently enabling them…

Read more →

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the wild, posing a threat to unsuspecting users. The L00KUPRU ransomware is known to encrypt user files, appending the .L00KUPRU extension to the affected files. The attackers…

Read more →

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities across multiple Oracle products. This comprehensive update fixes critical flaws that could allow remote code execution, data manipulation, and unauthorized access to systems. Affected Products and…

Read more →

Hackers use brute-force attacks since it is an uncomplicated technique to break passwords or get into systems without permission.  By systematically trying various combinations of usernames and passwords, attackers can exploit weak credentials. Brute-force attacks are automated and scalable, enabling…

Read more →

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections. The attack, designed to mimic the Outlook login panel, successfully tricking users into revealing their login credentials. Security researcher @doc_guard first reported the attack on Twitter,…

Read more →

The Palo Alto Networks PAN-OS software has a critical command injection vulnerability that allows an unauthorized attacker to run arbitrary code on the firewall with root access.  The vulnerability is identified as CVE-2024-3400, with a CVSS score of 10.0. Operation MidnightEclipse…

Read more →

The Tor Project has released a new version of the Tor Browser, their secure and private web browsing tool. Tor Browser 13.0.14 includes several critical security updates and bug fixes. Key Updates in Tor Browser 13.0.14 The latest release of…

Read more →

Over the weekend, Iran launched missile and drone attacks on Israel, retaliating for a suspected Israeli strike on its Damascus consulate that killed 13 people last week. This escalation arises from the ongoing Israel-Iran rivalry and Israel-Palestine conflict.  Cyber activities…

Read more →

Hackers exfiltrate data first before encrypting it to increase their bargaining power during ransom negotiations.  Threats of public exposure of private information accelerate up the urgency for victims to pay a ransom immediately. Secureworks Counter Threat Unit researchers are tracking…

Read more →

Security researchers have uncovered a new strain of Android malware that masquerades as the popular Google Chrome browser to steal sensitive banking information from unsuspecting users. The malware, dubbed “Mamont Spy Banker,” has been found to target Android devices highly…

Read more →

Hackers target Apple device users because they are perceived to be of higher social classes. This leads to targets who are richer than others and who can possibly provide more money to the hackers in one way or another. Besides…

Read more →

In today’s digital landscape, email security has become a critical concern for businesses of all sizes. As cyber threats continue to evolve, it’s essential for Managed Service Providers (MSPs) to equip their clients with the necessary tools and knowledge to…

Read more →

Ahmed exploited a vulnerability in a decentralized cryptocurrency exchange’s smart contract by injecting fabricated pricing data, which triggered the generation of inflated fees totaling $9 million, which he subsequently withdrew in cryptocurrency.  Following the theft, Ahmed attempted to extort the…

Read more →

A new exploit campaign has emerged, targeting organizations that utilize Fortinet’s FortiClient EMS. Dubbed “Connect:fun” by Forescout Research – Vedere Labs, this campaign leverages a critical vulnerability identified as CVE-2023-48788. The campaign has been active since at least 2022 and…

Read more →

Omni Hotels & Resorts has revealed that it was the target of a recent cyberattack, which resulted in the theft of customer information. The hospitality giant has been working closely with a leading cybersecurity response group to investigate the incident…

Read more →

TA558, a financially motivated threat actor identified in 2018, is targeting several countries but with utmost priority in Latin America. Over 320 attacks have been observed from this particular threat actor, which involve using various tools and malware and compromising…

Read more →

A group of cybercriminals known as “Blackjack” has launched a devastating attack on industrial control systems (ICS) worldwide. The group’s custom-built malware, dubbed “Fuxnet,” has successfully disabled 87,000 sensors across various critical infrastructure sectors, posing a grave threat to global…

Read more →

Cisco’s Duo Security, a leading multi-factor authentication (MFA) service, has suffered a significant data breach. The April 1, 2024, incident involved unauthorized access to telephony data used for MFA purposes. The breach was produced through a sophisticated phishing attack that…

Read more →

In a groundbreaking move, the U.S. Department of Defense has released a comprehensive guide for organizations deploying and operating AI systems designed and developed byanother firm. The report, titled “Deploying AI Systems Securely,” outlines a strategic framework to help defense…

Read more →

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent LockBit 3.0 ransomware for targeted attacks against organizations worldwide. This allows the threat actors to tailor the malware for maximum impact and effectiveness against specific targets.…

Read more →

A new remote code execution vulnerability has been identified to be affecting multiple Microsoft products including .NET, .NET Framework and Visual Studio. This vulnerability has been assigned CVE-2024-21409, and its severity has been given as 7.3 (High). This vulnerability is…

Read more →

The revival of the LightSpy malware campaign has been observed, focusing on Indian Apple device users. This sophisticated mobile spyware, suspected to have origins in China, is being used for espionage, targeting a select group of individuals, including journalists, activists,…

Read more →

The Web3 movement is going from strength to strength with every day that passes. Slowly but surely, it’s building a new iteration of the internet that promises to give power back to the people through the concept of decentralization and…

Read more →

A new malware known as LightSpy has been targeting Android and iOS users. This sophisticated surveillance tool raises alarms across the cybersecurity community due to its extensive capabilities to exfiltrate sensitive user data. LightSpy is a modular malware implant designed…

Read more →

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its GlobalProtect Gateway, identified as CVE-2024-3400. This flaw, rooted in the PAN-OS operating system, has already been exploited in a limited number of attacks, raising alarms across…

Read more →

The software supply chain is filled with various challenges, such as untracked security vulnerabilities in open-source components and inconsistent update uptake.  The lighttpd vulnerability was silently fixed in 2018 without any CVE assignment in a single instance of vulnerability detection.…

Read more →

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio deepfake technology. This incident underscores the urgent need for heightened cybersecurity awareness and the implementation of robust verification processes within organizations. The Rise of Deepfake Technology…

Read more →

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user privacy across the web. This innovative offering combines a VPN service with additional privacy features integrated into DuckDuckGo’s existing privacy-focused browser. A Closer Look at Privacy…

Read more →

In response to a recent data breach at Sisense, a provider of data analytics services, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) advised customers to reset their login credentials. Sisense’s AI and machine learning-driven analytics platform is used for data…

Read more →

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average number of cyber attacks per organization per week, reaching 1308. This marked a 5% increase from Q1 2023 and a 28% increase from the last quarter…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a breach in Microsoft’s corporate email system. The directive, ED 24-02, outlines the urgent steps required to mitigate the risks posed by Midnight Blizzard, a nation-state-sponsored cyber…

Read more →

Around 300,000 taxi passengers’ personal information was left exposed on the internet, causing concern in the UK and Ireland. Cybersecurity researcher Jeremiah Fowler discovered the breach involving Dublin-based taxi dispatch system provider iCabbi and subsequently reported it to vpnMentor. Fowler…

Read more →

Around 300,000 taxi passengers’ personal information was left exposed on the internet, causing concern in the UK and Ireland. Cybersecurity researcher Jeremiah Fowler discovered the breach involving Dublin-based taxi dispatch system provider iCabbi and subsequently reported it to vpnMentor. Fowler…

Read more →

TA547 has been targeting German organizations with an email campaign delivering the Rhadamanthys malware. Proofpoint has observed TA547 using Rhadamanthys, an information stealer that is utilized by multiple cybercriminal threat actors. The emails, which impersonated the German retail company Metro,…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its latest initiative: opening its advanced malware analysis system, Malware Next-Gen, to the public. Malware Next-Gen represents a paradigm shift in analyzing and countering cyber threats and malware. With scalability and…

Read more →

WebDAV incidents simulate an offensive attack employing a WebDAV server to distribute malware to a client PC. Attackers store malicious payloads and attract users into downloading and executing them. It then analyzes a real-world scenario involving AsyncRat/Purelogs malware to understand…

Read more →

In a sophisticated cyberattack campaign uncovered on April 10, 2024, cybercriminals are exploiting GitHub’s search functionality to distribute a particularly insidious form of malware, known as “Keyzetsu clipper,” targeting cryptocurrency wallets. This new wave of attacks highlights cybercriminals’ evolving tactics…

Read more →

Fortra’s Robot Schedule Enterprise Agent permits a low-privileged user to elevate privileges to the local system level.  The problem arises from the agent’s failure to adequately secure its service executable, which an attacker can exploit by swapping out the executable…

Read more →

Cybersecurity experts have uncovered a failed attempt by the notorious Russia-based Turla Advanced Persistent Threat (APT) group to infiltrate an Albanian organization. This incident is part of a broader cyber espionage campaign targeting European countries, with Poland also falling victim…

Read more →

A comprehensive four-year study of brute-force attacks against SSH servers has revealed an alarming increase in the frequency and sophistication of these cyber attacks on internet-connected systems. The research by scientists at the University of Utah provides unprecedented insight into…

Read more →

Law enforcement authorities successfully penetrated EncroChat, an encrypted chat program that is frequently used by criminals, in a ground-breaking operation that has shocked the world of organized crime. This operation led to the arrest of hundreds of individuals involved in…

Read more →

Cyber GRC software company Cypago has announced a new automation solution for artificial intelligence (AI) governance, risk management and compliance. This includes implementation of NIST AI RMF and ISO/IEC 42001, the newest AI security and governance frameworks. With more and…

Read more →

Attackers are now leveraging encrypted phishing emails that utilize Scalable Vector Graphics (SVG) files to execute malicious JavaScript code. The phishing campaign begins with an email masquerading as a notification for a new voice message. Recipients are prompted to click…

Read more →

Bitdefender, the cybersecurity firm, has unveiled a series of critical vulnerabilities in LG’s WebOS TVs, affecting over 91,000 devices worldwide. These flaws, identified as CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320, could allow attackers to gain unauthorized root access, posing risks to…

Read more →

On April Patch Tuesday, Microsoft fixed 149 bugs—one of the biggest security update releases in the company’s history.  Many of its software products, such as Microsoft Office and its SQL Server database package, have fixed vulnerabilities. The majority of vulnerabilities…

Read more →

Group Health Cooperative of South Central Wisconsin (GHC-SCW) has announced a significant breach in their cybersecurity, leading to unauthorized access and theft of personal information by ransomware actors. This incident has raised alarms about the security measures to protect sensitive…

Read more →

A new critical vulnerability has been discovered in two of the Rust standard libraries, which could allow a threat actor to execute shell commands on vulnerable versions. This vulnerability has been assigned CVE-2024-24576, and its severity has been given as…

Read more →

The cybersecurity community is again on high alert as the notorious botnet group RUBYCARP, known for its SSH brute force attacks, has resurfaced with new tools and tactics. The Sysdig Threat Research Team (Sysdig TRT) has been closely monitoring the…

Read more →

A new critical vulnerability has been discovered in two of the Rust standard libraries, which could allow a threat actor to execute shell commands on vulnerable versions. This vulnerability has been assigned CVE-2024-24576, and its severity has been given as…

Read more →

Two new techniques uncovered in SharePoint enable malicious actors to bypass traditional security measures and exfiltrate sensitive data without triggering standard detection mechanisms. Illicit file downloads can be disguised as harmless activities, making it difficult for cybersecurity defenses to detect…

Read more →

Cyber Threat Intelligence (CTI) is a process that actively gathers and analyzes information on potential cyber threats, including Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) used by attackers, along with their goals and capabilities.  The ultimate goal…

Read more →