An international coalition led by the U.S. Department of Justice has dismantled the infrastructure behind the notorious RedLine and META infostealers. These malware variants have plagued millions of computers worldwide, stealing sensitive information and facilitating further cybercriminal activities. Operation Magnus…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Chinese Hackers Scanning Canadian IT Systems for Vulnerabilities
The Canadian Centre for Cyber Security (Cyber Centre), a Communications Security Establishment Canada (CSE) division, has warned Canadian organizations about an ongoing cyber threat. The Cyber Centre reports that a sophisticated state-sponsored threat actor from the People’s Republic of China…
SMB Force-Authentication Vulnerability Impacts All OPA Versions For Windows
Open Policy Agent (OPA) recently patched a critical vulnerability that could have exposed NTLM credentials of the OPA server’s local user account to remote attackers, which was present in both the OPA CLI and Go SDK. By exploiting this flaw,…
ClickFix Malware Infect Website Visitors Via Hacked WordPress Websites
Researchers have identified a new variant of the ClickFix fake browser update malware distributed through malicious WordPress plugins. These plugins, disguised as legitimate tools, inject malicious JavaScript code into compromised websites, tricking users into installing malware. The malware uses blockchain…
Hardcoded Creds in Popular Apps Put Millions of Android and iOS Users at Risk
Recent analysis has revealed a concerning trend in mobile app security: Many popular apps store hardcoded and unencrypted cloud service credentials directly within their codebases. It poses a significant security risk as anyone accessing the app’s binary or source code…
Latrodectus Employs New anti-Debugging And Sandbox Evasion Techniques
Latrodectus, a new malware loader, has rapidly evolved since its discovery, potentially replacing IcedID. It includes a command to download IcedID and has undergone multiple iterations, likely to evade detection. Extracting configurations from these versions is crucial for effective threat…
New ChatGPT-4o Jailbreak Technique Enabling to Write Exploit Codes
Researcher Marco Figueroa has uncovered a method to bypass the built-in safeguards of ChatGPT-4o and similar AI models, enabling them to generate exploit code. This discovery highlights a significant vulnerability in AI security measures, prompting urgent discussions about the future…
Nintendo Warns of Phishing Attack Mimics Company Email Address
Nintendo has cautioned its users about a sophisticated phishing attack that involves emails mimicking official Nintendo communication. These emails, appearing to come from addresses, are being sent by third parties and are not legitimate communications from the company. Details of…
Vulnerabilities in Realtek SD Card Reader Driver Impacts Dell, Lenovo, & Others Laptops
Multiple vulnerabilities have been discovered in the Realtek SD card reader driver, RtsPer.sys, affecting a wide range of laptops from major manufacturers like Dell and Lenovo. These vulnerabilities have been present for years, allowing non-privileged users to exploit the system…
Critical WhatsUp Gold Authentication Flaw Exposes Organizations to Cyber Attack
WhatsUp Gold, a popular network monitoring software, has identified a significant security vulnerability that could potentially expose numerous organizations to cyber attacks. The flaw, which affects versions released before 2024.0.0, involves multiple critical vulnerabilities that could allow attackers to gain…
Four Evil Ransomware Operators Sentenced For Hacking Enterprises
The St. Petersburg Garrison Military Court has sentenced four individuals involved in a notorious ransomware operation. Artem Zayets, Aleksey Malozemov, Daniil Puzyrevsky, and Ruslan Khansvyarov have been found guilty of illegally circulating means of payment. Puzyrevsky and Khansvyarov were also…
Windows 11 CLFS Driver Vulnerability Let Attackers Escalate Privileges – PoC Exploit Released
A critical security vulnerability has been identified in the Common Log File System (CLFS) driver of Windows 11, allowing local users to gain elevated privileges. The Common Log File System (CLFS) is a Windows service for efficient, reliable logging, used…
10 Best Linux Distributions In 2024
The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, along with Windows and macOS. Here we have provided you with the top 10 best Linux distros in 2024 for all professionals. Hence Linux…
AWS CDK Vulnerabilities Let Takeover S3 Bucket
A significant security vulnerability was uncovered in the AWS Cloud Development Kit (CDK), an open-source framework widely used by developers to define cloud infrastructure using familiar programming languages. This vulnerability could allow attackers to gain unauthorized access to S3 buckets,…
NVIDIA Patch Multiple GPU Display Driver for Windows & Linux
NVIDIA has issued essential security updates for its GPU Display Driver, addressing multiple vulnerabilities affecting Windows and Linux systems. Users are urged to download and install these updates promptly via the NVIDIA Driver Downloads page or the NVIDIA Licensing Portal…
GitLab Patches HTML Injection Flaw Leads to XSS Attacks
GitLab has announced the release of critical security updates for its Community Edition (CE) and Enterprise Edition (EE). The updates address a high-severity HTML injection vulnerability that could lead to cross-site scripting (XSS) attacks. The patched versions, 17.5.1, 17.4.3, and…
Xerox Printers Vulnerable to Remote Code Execution Attacks
Multiple Xerox printer models, including EC80xx, AltaLink, VersaLink, and WorkCentre, have been identified as vulnerable to an authenticated remote code execution (RCE) attack. This vulnerability tracked as CVE-2024-6333, poses a significant risk, fully allowing attackers with administrative web credentials to…
Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw
Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software. The vulnerability could allow remote attackers to execute commands with root-level privileges. The flaw, CVE-2024-20329, affects devices running a vulnerable release of Cisco…
Google Patches Multiple Chrome Security Vulnerabilities
Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious actors could exploit. The update is now available on the Stable channel, with version 130.0.6723.69/.70 for Windows and Mac and version 130.0.6723.69 for Linux. The…
Threat Actors Allegedly Selling Database of 1,000 NHS Email Accounts
A database containing over 1,000 email accounts associated with the National Health Service (NHS) has reportedly been leaked and is being sold on a dark web forum. This breach, which includes sensitive information such as passwords and personal details, has…