Marketing and sales software giant HubSpot announced on Friday that it is investigating a cybersecurity incident following reports of customer account hacks. The company, specializing in customer relationship management (CRM) and marketing automation software, identified the security breach on June…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
TeamViewer Internal Systems Accessed by APT Hackers
TeamViewer, a leading provider of remote access software, announced that attackers had compromised its internal corporate IT environment. The company’s security team detected the breach, who noticed an “irregularity” in their internal systems, prompting an immediate response. Swift Response and…
Snowblind Abuses Android seccomp Sandbox To Bypass Security Mechanisms
A new Android banking trojan named Snowblind was discovered that exploits the Linux kernel feature seccomp, traditionally used for security, which installs a seccomp filter to intercept system calls and bypasses anti-tampering mechanisms in apps, even those with strong obfuscation…
U.S. Department of Justice Announced $10 Million Reward For Russian Hacker
The U.S. Department of Justice has announced a $10 million reward for information leading to the arrest of Amin Timovich Stigal (Амин Тимович Стигал), a 22-year-old Russian citizen charged with conspiracy to hack into and destroy computer systems and data.…
Chinese Hacker Groups Using Off-The-Shelf Tools To Deploy Ransomware
Cyberespionage actors are increasingly using ransomware as a final attack stage for financial gain, disruption, or to cover their tracks, as the report details previously undisclosed attacks by a suspected Chinese APT group, ChamelGang, who used CatB ransomware against a…
Former IT Employee Stolen 1 Million Geisinger Patient’s Personal Data
Geisinger Health System discovered a data breach involving the personal information of over one million patients. The breach was traced back to a former employee of Nuance Communications Inc., an external vendor providing IT services to Geisinger. The ex-employee accessed…
Poc Exploit Released for Fortra Filecatalyst SQL Injection Vulnerability
A Proof-of-Concept (PoC) exploit has been released for a critical SQL Injection vulnerability in Fortra FileCatalyst Workflow. This vulnerability could potentially allow attackers to modify application data. This vulnerability, CVE-2024-5276, affects all versions of Fortra FileCatalyst Workflow from 5.1.6 Build…
Xeno RAT Attacking Users Via GitHub Repository And .gg Domains
Threat actors use RATs because they provide attackers with persistent access to compromised systems, enabling long-term espionage and exploitation. North Korean hackers and other actors who target the gaming community are using free malware on GitHub called XenoRAT. Hunt’s research…
1-Click Exploit In Kakaotalk’s Android App Allows Arbitrary Code Execution
KakaoTalk is an Android application that is predominantly installed and used by over 100 million people. It is a widely popular application in South Korea that has payment, ride-hailing services, shopping, email etc., But the end-to-end encryption is not enabled…
New Medusa RAT Attacking Android Devices to Steal SMS & Screen Controls
A new variant of the Medusa malware family was discovered disguised as a “4K Sports” app, which exhibits changes in command structure and capabilities compared to previous versions. Researchers believe these changes are aimed at improving efficiency and strengthening the…
Hackers Attacking Linux Cloud Servers To Gain Complete Control
Malware storage, distribution, and command and control (C2) operations are increasingly being used to leverage cloud services for recent cybersecurity threats. But, this complicates the detection process and all the prevention efforts. Security researchers at FortiGuard Labs have recently observed…
Google Announced Chrome Enterprise Core Features for IT, Security Teams
Google has unveiled new features for Chrome Enterprise Core, formerly known as Chrome Browser Cloud Management. As organizations increasingly rely on cloud computing, hybrid work models, and Bring Your Device (BYOD) policies, the need for robust browser management has never…
Multiple TP-Link Omada Vulnerabilities Let Attackers Execute Remote Code
Multiple vulnerabilities have been identified in the TP-Link Omada system, a software-defined networking solution widely used by small to medium-sized businesses. These vulnerabilities, if exploited, could allow attackers to execute remote code, leading to severe security breaches. The affected devices…
BSNL Data Breach Exposes Millions of Users to Fraud and Security Risks
Bharat Sanchar Nigam Limited (BSNL), India’s state-owned telecommunications provider, has suffered a major data breach orchestrated by a threat actor known as “kiberphant0m”. The cyberattack has compromised over 278GB of sensitive data, putting millions of users at risk of SIM…
OilRig Hackers Attacking Individuals And Organizations In The Middle East
OilRig is an Iranian-linked cyber espionage group that has been active since 2015, and this group is known for its sophisticated spear-phishing campaigns and advanced infiltration techniques. This group conducts a multitude of cyber attacks against various sectors, and among…
P2Pinfect Redis Server with New Ransomware Payload
Cybersecurity researchers have identified a new ransomware payload associated with the P2Pinfect malware, primarily targeting Redis servers. This sophisticated malware, previously known for its peer-to-peer (P2P) botnet capabilities, has now evolved to include ransomware and crypto-mining functionalities. This article delves…
Ollama AI Platform Flaw Let Attackers Execute Remote Code
Hackers attack AI infrastructure platforms since these systems contain a multitude of valuable data, algorithms that are sophisticated in nature, and significant computational resources. So, compromising such platforms provides hackers with access to proprietary models and sensitive information, and…
New North Korean Actor Distributing Malicious npm Packages To Compromise Organizations
Early in 2024, North Korean threat actors persisted in using the public npm registry to disseminate malicious packages that were similar to those that Jade Sleet had previously used. Initially thought to be an extension of Sleet’s activity, further investigation…
Threat Actor Claims 0Day Sandbox Escape RCE in Chrome Browser
A threat actor has claimed to have discovered a zero-day vulnerability in the widely-used Google Chrome browser. The claim was made public via a tweet from the account MonThreat, which has previously been associated with credible cybersecurity disclosures. Details of…
Microsoft Announced Copilot for Security TI in Defender XDR
Microsoft has announced the general availability of Copilot for Security threat intelligence embedded experience in the Defender XDR portal. This AI-powered tool aims to revolutionize the way organizations access, operate on, and integrate Microsoft’s threat intelligence data. Enhancing Threat Intelligence…
Critical Vulnerability in MOVEit Transfer Let Hackers Gain Files Access
A critical security vulnerability, CVE-2024-5806, has been identified in MOVEit Transfer, a widely used managed file transfer software. The vulnerability poses significant risks to organizations relying on the software for secure data transfers. The vulnerability is rooted in improper validation of user-supplied input during the authentication process. It can…
Beware Of Shorten URLs With Word Files That Install Remcos RAT
A new method of distributing the Remcos Remote Access Trojan (RAT) has been identified. This malware, known for providing attackers complete control over infected systems, is being spread through malicious Word documents containing shortened URLs. These URLs lead to the…
Top 10 Best Penetration Testing Companies & Services in 2024
Penetration Testing Companies are pillars of information security; nothing is more important than ensuring your systems and data are safe from unauthorized access. Many organizations have a flawed security culture, with employees motivated to protect their information rather than the…
Hackers Use Windows XSS Flaw To Execute Arbitrary Command In MMC Console
Attackers are leveraging a new infection technique called GrimResource that exploits MSC files. By crafting malicious MSC files, they can achieve full code execution within the context of mmc.exe (Microsoft Management Console) upon a user click. It offers several advantages…
New Webkit Vulnerabilities Let Attackers Exploit PS4 And PS5 Playstations
Webkit vulnerabilities in PS4 and PS5 refer to bugs found in the Webkit engine used by their web browsers. These bugs, discovered in browsers like Safari and Chrome, can also exist in PS4 and PS5 because they share the same…
Hackers Exploit Multiple WordPress Plugins to Hack Websites & Create Rogue Admin Accounts
Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins. The initial discovery was made when the team found that the Social Warfare plugin had been injected with malicious code on June 22nd, 2024. This discovery was…
Hackers Attacking Windows IIS Server to Upload Web Shells
Windows IIS Servers often host critical web applications and services that provide a gateway to sensitive data and systems due to which hackers attack Windows IIS servers. A South Korean medical establishment’s Windows IIS server with a Picture Archiving and…
WikiLeaks Founder Julian Assange Released in Stunning Deal with U.S.
WikiLeaks founder Julian Assange has been released from prison after reaching a deal with the U.S. government. The agreement, announced early today, ends the long-standing legal battle between Assange and the U.S. authorities. Terms of the Deal Assange, 52, was…
Four Members of FIN9 Hackers Charged for Attacking U.S. Companies
Four Vietnamese nationals have been charged for their involvement in a series of computer intrusions that caused over $71 million in losses to U.S. companies. The indictment, unsealed today, names Ta Van Tai, aka “Quynh Hoa,” aka “Bich Thuy;” Nguyen…
BREAKING: NHS England’s Synnovis Hit by Massive Cyber Attack
In a shocking development, the NHS has revealed that it was the victim of a major cyber attack targeting Synnovis. Synnovis, formerly Viapath, is a London-based provider of pathology services. It is a partnership between Guy’s and St Thomas’ NHS…
LockBit Ransomware Group Claims Hack of US Federal Reserve
The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve, allegedly compromising 33 terabytes of sensitive data. The announcement was made on Twitter via the group’s Dark Web Intelligence, sending shockwaves through financial and governmental sectors.…
Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader
A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB bootloader that allows for local privilege escalation (LPE). This alarming development has raised significant concerns within the cybersecurity community. A recent tweet from Dark Web Intelligence…
Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data
A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying reports, which affects tens of thousands of organizations and grants access to employee, customer, and potentially confidential data. By exploiting this vulnerability, attackers can extract information…
Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements
Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay $11.3 million to resolve allegations of failing to meet cybersecurity requirements. Guidehouse Inc., headquartered in McLean, Virginia, will pay $7.6 million, while Nan McKay and Associates,…
New RAT Malware SneakyChef & SugarGhost Attack Windows Systems
Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef. This operation leverages the SugarGh0st RAT and other malware to target government agencies, research institutions, and various organizations worldwide. The campaign began in early August 2023…
Chinese Winnti Group Intensifies Financially Motivated Attacks
Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential of monetizing the stolen data, ransoms, and fraudulent activities. The digital revolution of businesses has invented more openings to exploit financial transactions and access sensitive financial…
PrestaShop Website Under Injection Attack Via Facebook Module
A critical vulnerability has been discovered in the “Facebook” module (pkfacebook) from Promokit.eu for PrestaShop. The vulnerability, CVE-2024-36680, allows a guest to perform SQL injection attacks on affected module versions. CVE-2024-36680 – Vulnerability Details The vulnerability stems from the Ajax…
Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features
A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart from typical Distributed Denial of Service (DDoS) botnets. Discovered by the XLab Cyber Threat Insight Analysis (CTIA) system on May 20, 2024, Zergeca has already demonstrated…
Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information
A recent rise in data breaches from illegal Chinese OTT platforms exposes that user information, including names and financial details, is vulnerable to exploitation by criminals. The leaked information can be used for phishing attacks, financial fraud, and even harassment,…
Hackers Attacking Vaults, Buckets, And Secrets To Steal Data
Hackers target vaults, buckets, and secrets to access some of the most classified and valuable information, including API keys, logins, and other useful data kept within these storage solutions. These storage solutions’ centralized and often inadequately protected nature makes them…
Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code
Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to execute arbitrary code on the server. An attacker can exploit these vulnerabilities by sending a specially crafted email to an administrator. When the administrator views the…
Chinese UNC3886 Actors Exploiting VMware, Fortinet 0-days For Spying
In 2021, UNC3886, a suspected China nexus cyber espionage actor, was found to be targeting strategic organizations on a large scale, utilizing multiple vulnerabilities in FortiOS and VMware to install backdoors on the infected machines. Fortinet and VMware have released…
New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document
Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as an executable disguised as a Word document attached to phishing emails. It uses evasion techniques to avoid detection and analysis. Then it downloads a malicious payload…
Hackers Weaponizing Windows Shortcut Files for Phishing
LNK files, a shortcut file type in Windows OS, provide easy access to programs, folders, or websites. Created automatically during shortcut creation or manually by users, LNK files contain the target location and other information useful for threat intelligence. It…
Hackers Exploit Progressive Web Apps to Steal Passwords
In a concerning development for cybersecurity, hackers are increasingly leveraging Progressive Web Apps (PWAs) to execute sophisticated phishing attacks aimed at stealing user credentials. This emerging threat has been highlighted by security researcher mr.d0x, who has detailed the technique in…
Threat Actor Claims Breach of Jollibee Fast-Food Gaint
A threat actor has claimed responsibility for breaching the systems of Jollibee Foods Corporation, the Philippines’ largest fast-food chain. Deepwebkonek, a company known for sharing information related to cyber threats and breaches, made the announcement via a post on the…
Threat Actors Claiming Breach of Accenture Employee Data
Threat actors have claimed responsibility for a significant data breach involving Accenture, one of the world’s leading consulting firms. The news broke on Twitter, with the account DarkWebInformer posting a detailed status update on the incident. According to the post,…
Diamorphine Rootkit Exploiting Linux Systems In The Wild
Threat actors exploit Linux systems because they are prevalent in organizations that host servers, databases, and other important resources. Exploiting vulnerabilities in Linux systems allows attackers to gain access to sensitive data, disrupt services, or deploy malware. Besides this, the…
Amtrak Data Breach: Hackers Accessed User’s Email Address
Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards accounts. The breach between May 15, 2024, and May 18, 2024, allowed unauthorized parties to access users’ accounts. The company believes the hackers obtained login credentials…
Chrome Security Update – Patch for 6 Vulnerabilities
Google has announced a new update for the Chrome browser, rolling out version 126.0.6478.114/115 for Windows and Mac and 126.0.6478.114 for Linux. This update, which will be distributed over the coming days and weeks, addresses several security vulnerabilities. Users are…
Hackers Weaponize Windows Installer (MSI) Files to Deliver Malware
Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by a threat actor group, Void Arachne. This group has targeted Chinese-speaking users by distributing malicious Windows Installer (MSI) files. The campaign leverages popular software and AI technologies to lure unsuspecting…
Hackers Using VPNs To Exploit Restrictions & Steal Mobile Data
Hackers are offering “free” mobile data access on Telegram channels by exploiting loopholes in telecom provider policies, which target users in Africa and Asia and involve sharing configuration files to mimic zero-rated traffic. The channels function as technical support hubs…
Stuxnet, The Malware That Propagates To Air-Gapped Networks
Stuxnet, a complex worm discovered in 2010, targeted Supervisory Control and Data Acquisition (SCADA) systems used in industrial facilities. By exploiting multiple vulnerabilities, including zero-days, it breached air-gapped networks (isolated systems) and disrupted Iranian nuclear centrifuges controlled by Siemens Step7…
New PhaaS Platform Lets Attackers Bypass Two-Factor Authentication
Several phishing campaign kits have been used widely by threat actors in the past. One popular PhaaS (Phishing-as-a-Platform) was Caffeine, which was first identified and reported by Mandiant researchers. MRxC0DER, an Arabic-speaking threat actor, developed and maintained the caffeine kit.…
Threat Actors Claiming Breach of AMD Source Code on Hacking Forums
A threat actor named ” IntelBroker ” claims to have breached AMD in June 2024 and is now selling the allegedly stolen data on hacking forums. The compromised information reportedly includes sensitive data such as future AMD product plans, specification…
Beware of Nevermore Actor Promoting Ransomware Builder
A prominent figure from the dark web, known by the alias “Nevermore,” has been found promoting a sophisticated ransomware builder. This alarming development has raised concerns among cybersecurity experts and law enforcement agencies worldwide. The Rise of Nevermore Nevermore, a…
Beware Of Fake Microsoft Teams Website That Installs Oyster Malware
Fake websites of authoritative and popular companies claiming to be genuine sites make users believe that the site belongs to that specific company and is safe to use. Besides this, hackers can more easily lure victims into entering sensitive information…
Singapore Police Arrested Two Individuals Involved in Hacking Android Devices
The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for their suspected involvement in malware-enabled scams targeting Singaporeans since June 2023. The suspects will be charged in court today. The SPF, in collaboration with the Hong…
CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response
On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by conducting the federal government’s inaugural tabletop exercise focused on artificial intelligence (AI) security incidents. This groundbreaking event, led by the Joint Cyber Defense Collaborative (JCDC), brought…
Europol Taken Down 13 Websites Linked to Terrorist Operations
Europol and law enforcement agencies from ten countries have taken down 13 websites linked to terrorist operations. The joint operation, known as Operation HOPPER II, targeted online platforms used by religious and politically motivated terrorist organizations to spread propaganda and…
New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems
Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data. ARM’s Memory Tagging Extension (MTE) aims to mitigate by tagging memory and checking tags on access. The following researchers found speculative execution attacks can leak MTE…
Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users
A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage campaign named Operation Celestial Force, targeting Indian entities. Since 2018, they have used GravityRAT malware, initially for Windows and later for Android, which has been deployed…
Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany
The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric’s systems in Germany. The announcement was made via a post on the social media platform Twitter by the account MonThreat, which is known for tracking cyber threats…
Hackers Employing New Techniques To Attack Docker API
Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine hosts by using new binaries chkstart (remote access with payload execution), exeremo (lateral movement through SSH), and vurld (Go downloader for malware retrieval) and a persistence…
Hidden Backdoor in D-Link Routers Let Attacker Login as Admin
A critical vulnerability has been discovered in several models of D-Link wireless routers, allowing unauthenticated attackers to gain administrative access to the devices. The CVE-2024-6045 vulnerability has a CVSS score of 8.8, indicating a high severity level. CVE-2024-6045 – Vulnerability…
FBI Arrested U.K. Hacker Linked to Scattered Spider Hacking Group
A 22-year-old British man was apprehended by authorities in Palma de Mallorca, Spain. The arrest, carried out by the United States Federal Bureau of Investigation (FBI) in collaboration with the Spanish Police, marks a breakthrough in the fight against cybercrime.…
Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users
Hackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt services, or manipulate outcomes in their favor. By compromising the ML models, hackers can degrade the system performance, cause financial…
Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database
A threat actor has claimed responsibility for leaking the personal data of 5 million Ecuadorian citizens. The announcement was made via a post on social media tweets from the DarkWebInformer account. The breach has raised significant concerns about data security…
Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers
Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes. Resecurity researchers have recently revealed that the Smishing Triad group has launched a fresh smishing campaign targeting Pakistani mobile users. The gang members send harmful messages…
SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files
SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a threat actor to read sensitive files on the host machine. This vulnerability existed in the SolarWinds Serv-U File Transfer solution and was assigned with CVE-2024-28995 –…
Ascension Hack Caused By an Employee Who Downloaded a Malicious File
Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery efforts following a recent cybersecurity breach. With the assistance of third-party cybersecurity experts, the company has identified that attackers accessed files from a small number of…
AWS Announced Malware Detection Tool For S3 Buckets
Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection for Amazon Simple Storage Service (Amazon S3). This new feature expands GuardDuty Malware Protection to detect malicious file uploads to selected S3 buckets, enhancing the security…
Beware WARMCOOKIE Backdoor Knocking Your Inbox
WARMCOOKIE is a new Windows backdoor that is deployed by a phishing effort with a recruiting theme dubbed REF6127. The WARMCOOKIE backdoor can be used to take screenshots of the target computer, deliver additional payloads, and fingerprint a system. “This…
0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads
A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code View Function. Summernote is a JavaScript library that helps you create WYSIWYG editors online. An attacker can insert harmful executable…
Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger
Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group. The group has been exploiting a known vulnerability (CVE-2017-11882) in the Microsoft Office equation editor (EQNEDT32.EXE) to distribute a keylogger, posing significant user risks worldwide. The Vulnerability:…
Ivanti EPM SQL Injection Flaw Let Attackers Execute Remote Code
In May 24, 2024, Zero-Day Initiative released a security advisory for Ivanti EPM which was associated with SQL injection Remote code execution vulnerability. This vulnerability was assigned with CVE-2024-29824 and the severity was given as 9.6 (Critical). Though ZDI did…
CISA Warns of Scammers Impersonating as CISA Employees
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge in impersonation scams. These scams often involve fraudsters pretending to be government employees, using their names and titles to deceive unsuspecting victims. Recently, CISA has become…
Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges
Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088. With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations. CVE-2024-30088 -Vulnerability Details The vulnerability resides in the implementation of the NtQueryInformationToken function within Microsoft Windows. This function is…
256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw
Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote Code Execution (RCE) flaw in Microsoft Message Queuing (MSMQ) services. The flaw, designated CVE-2024-30080, poses a significant threat to global cybersecurity. It could allow malicious actors…
Indian National Jailed For Hacked Servers Of Company That Fired Him
An Indian national was sentenced to two years and eight months in jail for unauthorized access to his former employer’s computer systems, resulting in substantial financial losses. Background of the Incident Kandula Nagaraju, a 39-year-old Indian national, was employed by…
Hackers Exploiting Linux SSH Services to Deploy Malware
SSH and RDP provide remote access to server machines (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if solid passwords and access controls are not implemented. Exposed SSH ports (default 22) are scanned by attackers…
Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access
Hackers go for Apple due to its massive user base along with rich customers, including business people and managers who use those devices with some important information. Even with these security measures in place, Apple is a likely target since…
JetBrains Warns of GitHub Plugin that Exposes Access Tokens
A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and later) exposed access tokens to malicious content within GitHub pull requests, allowing attackers to steal tokens and potentially compromise linked accounts, even with two-factor authentication enabled. …
Firefox 127 Released With patch for 15 Vulnerabilities
Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been rated as high impact. This update is crucial for users to ensure their browsing experience remains secure. Below is a detailed breakdown of the vulnerabilities fixed…
Charon Android Botnet Made a Comeback With New Weapons
The notorious Charon Android Botnet has resurfaced with enhanced capabilities, according to a threat actor’s announcement on a popular cybercrime forum. The botnet, an edited version of the infamous Ermac, has undergone significant improvements, making it a formidable threat in…
Pure Storage Data Breach Following Snowflake Hack: LDAP Usernames, Email Addresses Exposed
Pure Storage has confirmed that a third party temporarily gained unauthorized access to a Snowflake data analytics workspace. This workspace contained telemetry information used by Pure Storage to provide proactive customer support services. The exposed data includes company names, LDAP…
Microsoft Urges Windows Admins to Patch Microsoft Message Queuing RCE Flaw
Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing) and the Windows Wi-Fi Driver. The CVE for these vulnerabilities has been assigned with CVE-2024-30080 and CVE-2024-30078. The severity for these vulnerabilities was given as 9.8…
Cleveland City Closes Offices Following Attack on IT Systems
Cleveland City Hall and Erieview offices will remain closed for a second consecutive day, June 11, as officials continue investigating a significant “cyber event” that has disrupted city operations. A recent tweet from the City of Cleveland shared that the City Hall and Erieview are closed today June 10, except…
Microsoft Urges Windows Admins to Patch Microsoft Message Queuing RCE flaw
Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing) and the Windows Wi-Fi Driver. The CVE for these vulnerabilities has been assigned with CVE-2024-30080 and CVE-2024-30078. The severity for these vulnerabilities was given as 9.8…
SSLoad Malware Employs MSI Installer To Kick-Start Delivery Chain
Malware distributors use MSI installers as Windows OS already trusts them to run with administrative rights by bypassing security controls. For this reason, MSI files are a convenient means of spreading ransomware, spyware, and other malware that can be passed…
Remcos RAT Distributed As UUEncoding (UUE) File To Steal Logins
Researchers identified a campaign distributing Remcos RAT, a Remote Access Trojan, where the attack uses phishing emails disguised as legitimate business communication, such as import/export or quotations. The emails contain a UUEncoded (UUE) file compressed with Power Archiver, which likely…
Chinese Hackers using New Noodle RAT to Attack Linux Servers
Cybersecurity experts have identified a new type of malware called “Noodle RAT,” which Chinese-speaking hacker groups use to target Linux servers. Although this malware has been active since 2016, it has only recently been properly classified, shedding light on its…
Arm Warns Of Mali GPU Kernel Driver Flaws Exploited In The Wild
The Mali GPU driver is a widely used Graphical Processing Unit for multiple devices, including Android and Linux. A new vulnerability has been discovered in the Mali GPU Kernel driver. It allows an authenticated, low-privileged user to gain access to…
Hackers Weaponizing MSC Files In Targeted Attack Campaign
Hackers utilize MSC or Microsoft Management Console files in themed attack campaigns as these files contain commands and scripts that enable them to perform different administrative tasks on the target system. By mimicking legitimate files, MSC files can evade various…
Hackers Used Homemade Mobile Antenna To Send Thousands Of Smishing Text
Officers have made two arrests in connection with using a “text message blaster,” believed to have been used to send thousands of smishing messages posing as banks and other official organizations. These messages targeted unsuspecting members of the public. Unprecedented…
Free Android VPNs Suffering Encryption Failures, New Report
VPN apps for Android increase privacy and security over the internet since connection data is encrypted, consequently making it impossible for hackers or other parties to access communication data. They also help unblock region-restricted content through IP address hiding, support…
Poc Exploit Released For Veeam Authentication Bypass Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager. The vulnerability, identified as CVE-2024-29849, has a CVSS score of 9.8, indicating its high severity. This article delves into the details of…
ALPHV Ransomware Deployment Started With RDP Access And ScreenConnect Installations
Ransomware is used by hackers to abuse victims’ data, locking it until a ransom is paid. This method of cyber attack is profitable as it takes advantage of data’s proximity and vitality to individuals and companies, so they have no…
Duckduckgo Launches Anonymous AI Chatbots
DuckDuckGo has unveiled a new feature, AI Chat, which offers users an anonymous way to access popular AI chatbots. This innovative service includes models like OpenAI’s GPT 3.5 Turbo, Anthropic’s Claude 3 Haiku, and two open-source models, Meta Llama 3…
Beware of Fake KMSPico Activators that Deliver Vidar Stealer Malware
Researchers detected an attack involving a fake KMSPico activator tool, which delivered Vidar Stealer through several events. The attack leveraged Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload via the shellcode. The…