Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to test an AV/EDR bypass tool were compromised, granting unauthorized access. The threat actor utilized a bypass tool, likely purchased from cybercrime forums, to compromise the system.…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Google Patched 40 Security Vulnerabilities Along With Two Zero-Days
Google has released a batch of security updates addressing 40 vulnerabilities, two of which are critical zero-day exploits. As reported in the November 2024 Android Security Bulletin, these updates are crucial for maintaining the integrity and safety of Android devices…
Threat Actor IntelBroker Claims Leak of Nokia’s Source Code
The threat actor known as IntelBroker, in collaboration with EnergyWeaponUser, has claimed responsibility for a significant data breach involving Nokia’s proprietary source code. The news, which has sent ripples through the tech industry, was shared on social media, highlighting the…
New Windows Zero-Day Vulnerability Let Attackers Steal Credentials From Victim’s Machine
A security researcher discovered a vulnerability in Windows theme files in the previous year, which allowed malicious actors to steal Windows users’ credentials. When a theme file specifies a network path for specific properties, like the brand image or wallpaper,…
Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to launch highly evasive password spray attacks, successfully stealing credentials from multiple Microsoft customers. The stolen credentials are then leveraged by threat actors like Storm-0940 to…
Sophisticated Phishing Attack Targeting Ukraine Military Sectors
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against critical Ukrainian infrastructure, including government agencies, key industries, and military entities. Phishing emails promoting integration with Amazon, Microsoft, and ZTA contained malicious .rdp files. Upon…
Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in various sectors. The attacks involve sending signed RDP configuration files to thousands of targets, aiming to compromise systems for intelligence gathering. The actor impersonates Microsoft…
Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese government entity in early 2023, which leverages three modules, CGM, CGN, and COL, to hijack web sessions and access cloud services like Google Drive, Gmail,…
SYS01 InfoStealer Malware Attacking Meta Business Page To Steal Logins
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to distribute the SYS01 InfoStealer through ElectronJs applications disguised as legitimate software like video editors, productivity tools, and streaming services. The campaign leverages nearly a hundred…
Singapore’s Government Directed ISPs To Block Access To Ten Inauthentic Websites
Singapore’s government has instructed internet service providers to block access to websites deemed “inauthentic,” which are believed to be part of hostile information campaigns potentially targeting Singapore. The government’s action is intended to combat the distribution of false information and…
Embargo Ransomware Actors Abuses Safe Mode To Disable Security Solutions
In July 2024, the ransomware group Embargo targeted US companies using the malicious loader MDeployer and EDR killer MS4Killer. MDeployer deployed MS4Killer, which disabled security products, before executing the Embargo ransomware. The ransomware encrypted files with a random six-letter extension…
Russian Hackers Attacking Ukraine Military With Malware Via Telegram
Researchers discovered a Russian-linked threat actor, UNC5812, utilizing a Telegram persona named “Civil Defense. ” This persona has been distributing Windows and Android malware disguised as legitimate software designed to aid potential conscripts in Ukraine. Once installed, these malicious apps…
A Massive Hacking Toolkit From “You Dun” Threat Group Developed To Lauch Massive Cyber Attack
The “You Dun” hacking group exploited vulnerable Zhiyuan OA software using SQL injection, leveraging tools like WebLogicScan, Vulmap, and Xray for reconnaissance. They further escalated privileges on compromised hosts with tools like traitor and CDK. Active Cobalt Strike server leaked,…
Russia, Iran, And China Influence U.S. Elections, Microsoft Warns
The researchers have observed consistent efforts by Russia, Iran, and China to exert foreign influence on democratic processes in the United States. Recent U.S. government actions have exposed Iranian cyberattacks on the Trump-Vance campaign and the dissemination of stolen Trump…
Okta Verify Agent for Windows Flaw Let Attackers Steal User Passwords
A newly discovered vulnerability in Okta’s Device Access features for Windows could allow attackers to steal user passwords on compromised devices. The flaw affecting the Okta Verify agent for Windows specifically concerns how the software interacts with OktaDeviceAccessPipe, a component…
MediaTek High Severity Vulnerabilities Let Attackers Escalate Privileges
In its recent MediaTek Product Security Bulletin, the chipmaker disclosed two high-severity security vulnerabilities that affect multiple devices, including smartphones, tablets, AIoT (Artificial Intelligence of Things), smart displays, and more. The vulnerabilities could allow attackers to escalate their privileges on…
Threat Actors Allegedly Claiming Leak of Dell Partner Portal Data
A well-known dark web forum threat actor allegedly claimed responsibility for leaking data from Dell’s enterprise partner portal. According to the claim, the leak exposes sensitive information of approximately 80,000 users, including user IDs and email addresses, primarily belonging to…
Securing Your SaaS Application Security
The rapid growth of cloud computing has made SaaS applications indispensable across industries. While they offer many advantages, they are also prime targets for cybercriminals who exploit security risks to steal data or disrupt services. As businesses increasingly focus on SaaS…
LightSpy iOS Malware Enhanced with 28 New Destructive Plugins
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices. The malware’s core binaries were even signed with the same certificate used in jailbreak kits, indicating deep integration. The C2 servers, active until October 26,…
New PySilon RAT Abusing Discord Platform to Maintain Persistence
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits the popular social platform Discord to maintain persistence on infected systems. Discord, known for its real-time communication features, has become a hub for various communities…