Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

A critical security vulnerability has been identified in the Common Log File System (CLFS) driver of Windows 11, allowing local users to gain elevated privileges. The Common Log File System (CLFS) is a Windows service for efficient, reliable logging, used…

Read more →

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, along with Windows and macOS. Here we have provided you with the top 10 best Linux distros in 2024 for all professionals. Hence Linux…

Read more →

A significant security vulnerability was uncovered in the AWS Cloud Development Kit (CDK), an open-source framework widely used by developers to define cloud infrastructure using familiar programming languages. This vulnerability could allow attackers to gain unauthorized access to S3 buckets,…

Read more →

NVIDIA has issued essential security updates for its GPU Display Driver, addressing multiple vulnerabilities affecting Windows and Linux systems. Users are urged to download and install these updates promptly via the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal…

Read more →

GitLab has announced the release of critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address a high-severity HTML injection vulnerability that could lead to cross-site scripting (XSS) attacks. The patched versions, 17.5.1, 17.4.3, and…

Read more →

Multiple Xerox printer models, including EC80xx, AltaLink, VersaLink, and WorkCentre, have been identified as vulnerable to an authenticated remote code execution (RCE) attack. This vulnerability tracked as CVE-2024-6333, poses a significant risk, fully allowing attackers with administrative web credentials to…

Read more →

Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software. The vulnerability could allow remote attackers to execute commands with root-level privileges. The flaw, CVE-2024-20329, affects devices running a vulnerable release of Cisco…

Read more →

Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious actors could exploit. The update is now available on the Stable channel, with version 130.0.6723.69/.70 for Windows and Mac and version 130.0.6723.69 for Linux. The…

Read more →

A database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has…

Read more →

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records. The breach was first reported on a hacking forum and has raised significant alarm among users and cybersecurity experts. According to the post…

Read more →

Researchers from Avast have uncovered a vulnerability in the cryptographic schema of the Mallox ransomware, a particularly active variant between 2023 and early 2024. This flaw allows victims of this specific Mallox variant to decrypt their files without paying a…

Read more →

A recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could allow unauthorized users to gain root access. This security flaw, publicly disclosed on August 30, 2024, and last modified on September…

Read more →

Tor Browser 14.0 has been officially launched. It brings significant updates and new features to enhance user privacy and browsing experience. This release is built on Firefox ESR 128, integrating a year’s worth of updates and improvements from Firefox while…

Read more →

Callback phishing is a two-step attack involving phishing emails and phone calls. Victims are lured into calling a bogus number in the email, where attackers impersonate legitimate entities and trick victims into divulging sensitive information or downloading malware. The BazarCall…

Read more →

Vulnhuntr, a static code analyzer using large language models (LLMs), discovered over a dozen zero-day vulnerabilities in popular open-source AI projects on Github (over 10,000 stars) within hours.  These vulnerabilities include Local File Inclusion (LFI), Cross-Site Scripting (XSS), Server-Side Request…

Read more →

Recent campaigns targeting victims through social engineering tactics utilize LUMMA STEALER with GHOSTPULSE as its loader. By tricking victims into executing a series of Windows keyboard shortcuts, malicious JavaScript is executed, leading to the execution of a PowerShell script.  The…

Read more →

Researchers discovered vulnerabilities in the Chromium web browser that allowed malicious extensions to escape the sandbox and execute arbitrary code on the user’s system.  These vulnerabilities exploited the privileged nature of WebUI pages, which provide the user interface for Chromium’s…

Read more →

IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally exposed a server…

Read more →

Two pro-Russian threat actors launched a distributed denial-of-service (DDoS) attack campaign against Japanese organizations on October 14, 2024. The campaign targeted logistics, manufacturing, government, and political entities.  An attack leveraged various non-spoofed direct-path DDoS attack vectors, including well-known nuisance networks,…

Read more →

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint public service announcement (PSA) warning of sophisticated tactics foreign actors are employing to spread disinformation ahead of the 2024 U.S. general election.…

Read more →