Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Marketing and sales software giant HubSpot announced on Friday that it is investigating a cybersecurity incident following reports of customer account hacks. The company, specializing in customer relationship management (CRM) and marketing automation software, identified the security breach on June…

Read more →

TeamViewer, a leading provider of remote access software, announced that attackers had compromised its internal corporate IT environment. The company’s security team detected the breach, who noticed an “irregularity” in their internal systems, prompting an immediate response. Swift Response and…

Read more →

A new Android banking trojan named Snowblind was discovered that exploits the Linux kernel feature seccomp, traditionally used for security, which installs a seccomp filter to intercept system calls and bypasses anti-tampering mechanisms in apps, even those with strong obfuscation…

Read more →

The U.S. Department of Justice has announced a $10 million reward for information leading to the arrest of Amin Timovich Stigal (Амин Тимович Стигал), a 22-year-old Russian citizen charged with conspiracy to hack into and destroy computer systems and data.…

Read more →

Cyberespionage actors are increasingly using ransomware as a final attack stage for financial gain, disruption, or to cover their tracks, as the report details previously undisclosed attacks by a suspected Chinese APT group, ChamelGang, who used CatB ransomware against a…

Read more →

Geisinger Health System discovered a data breach involving the personal information of over one million patients. The breach was traced back to a former employee of Nuance Communications Inc., an external vendor providing IT services to Geisinger. The ex-employee accessed…

Read more →

A Proof-of-Concept (PoC) exploit has been released for a critical SQL Injection vulnerability in Fortra FileCatalyst Workflow. This vulnerability could potentially allow attackers to modify application data. This vulnerability, CVE-2024-5276, affects all versions of Fortra FileCatalyst Workflow from 5.1.6 Build…

Read more →

Threat actors use RATs because they provide attackers with persistent access to compromised systems, enabling long-term espionage and exploitation. North Korean hackers and other actors who target the gaming community are using free malware on GitHub called XenoRAT. Hunt’s research…

Read more →

KakaoTalk is an Android application that is predominantly installed and used by over 100 million people. It is a widely popular application in South Korea that has payment, ride-hailing services, shopping, email etc., But the end-to-end encryption is not enabled…

Read more →

A new variant of the Medusa malware family was discovered disguised as a “4K Sports” app, which exhibits changes in command structure and capabilities compared to previous versions.  Researchers believe these changes are aimed at improving efficiency and strengthening the…

Read more →

Malware storage, distribution, and command and control (C2) operations are increasingly being used to leverage cloud services for recent cybersecurity threats.  But, this complicates the detection process and all the prevention efforts.  Security researchers at FortiGuard Labs have recently observed…

Read more →

Google has unveiled new features for Chrome Enterprise Core, formerly known as Chrome Browser Cloud Management. As organizations increasingly rely on cloud computing, hybrid work models, and Bring Your Device (BYOD) policies, the need for robust browser management has never…

Read more →

Multiple vulnerabilities have been identified in the TP-Link Omada system, a software-defined networking solution widely used by small to medium-sized businesses. These vulnerabilities, if exploited, could allow attackers to execute remote code, leading to severe security breaches. The affected devices…

Read more →

Bharat Sanchar Nigam Limited (BSNL), India’s state-owned telecommunications provider, has suffered a major data breach orchestrated by a threat actor known as “kiberphant0m”. The cyberattack has compromised over 278GB of sensitive data, putting millions of users at risk of SIM…

Read more →

OilRig is an Iranian-linked cyber espionage group that has been active since 2015, and this group is known for its sophisticated spear-phishing campaigns and advanced infiltration techniques.  This group conducts a multitude of cyber attacks against various sectors, and among…

Read more →

Cybersecurity researchers have identified a new ransomware payload associated with the P2Pinfect malware, primarily targeting Redis servers. This sophisticated malware, previously known for its peer-to-peer (P2P) botnet capabilities, has now evolved to include ransomware and crypto-mining functionalities. This article delves…

Read more →

⁤Hackers attack AI infrastructure platforms since these systems contain a multitude of valuable data, algorithms that are sophisticated in nature, and significant computational resources. ⁤ ⁤So, compromising such platforms provides hackers with access to proprietary models and sensitive information, and…

Read more →

Early in 2024, North Korean threat actors persisted in using the public npm registry to disseminate malicious packages that were similar to those that Jade Sleet had previously used.  Initially thought to be an extension of Sleet’s activity, further investigation…

Read more →

A threat actor has claimed to have discovered a zero-day vulnerability in the widely-used Google Chrome browser. The claim was made public via a tweet from the account MonThreat, which has previously been associated with credible cybersecurity disclosures. Details of…

Read more →

Microsoft has announced the general availability of Copilot for Security threat intelligence embedded experience in the Defender XDR portal. This AI-powered tool aims to revolutionize the way organizations access, operate on, and integrate Microsoft’s threat intelligence data. Enhancing Threat Intelligence…

Read more →

A critical security vulnerability, CVE-2024-5806, has been identified in MOVEit Transfer, a widely used managed file transfer software. The vulnerability poses significant risks to organizations relying on the software for secure data transfers. The vulnerability is rooted in improper validation of user-supplied input during the authentication process. It can…

Read more →

A new method of distributing the Remcos Remote Access Trojan (RAT) has been identified. This malware, known for providing attackers complete control over infected systems, is being spread through malicious Word documents containing shortened URLs. These URLs lead to the…

Read more →

Penetration Testing Companies are pillars of information security; nothing is more important than ensuring your systems and data are safe from unauthorized access. Many organizations have a flawed security culture, with employees motivated to protect their information rather than the…

Read more →

Attackers are leveraging a new infection technique called GrimResource that exploits MSC files. By crafting malicious MSC files, they can achieve full code execution within the context of mmc.exe (Microsoft Management Console) upon a user click.  It offers several advantages…

Read more →

Webkit vulnerabilities in PS4 and PS5 refer to bugs found in the Webkit engine used by their web browsers. These bugs, discovered in browsers like Safari and Chrome, can also exist in PS4 and PS5 because they share the same…

Read more →

Wordfence Threat Intelligence team identified a significant security breach involving multiple WordPress plugins.  The initial discovery was made when the team found that the Social Warfare plugin had been injected with malicious code on June 22nd, 2024. This discovery was…

Read more →

Windows IIS Servers often host critical web applications and services that provide a gateway to sensitive data and systems due to which hackers attack Windows IIS servers. A South Korean medical establishment’s Windows IIS server with a Picture Archiving and…

Read more →

WikiLeaks founder Julian Assange has been released from prison after reaching a deal with the U.S. government. The agreement, announced early today, ends the long-standing legal battle between Assange and the U.S. authorities. Terms of the Deal Assange, 52, was…

Read more →

Four Vietnamese nationals have been charged for their involvement in a series of computer intrusions that caused over $71 million in losses to U.S. companies. The indictment, unsealed today, names Ta Van Tai, aka “Quynh Hoa,” aka “Bich Thuy;” Nguyen…

Read more →

In a shocking development, the NHS has revealed that it was the victim of a major cyber attack targeting Synnovis. Synnovis, formerly Viapath, is a London-based provider of pathology services. It is a partnership between Guy’s and St Thomas’ NHS…

Read more →

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve, allegedly compromising 33 terabytes of sensitive data. The announcement was made on Twitter via the group’s Dark Web Intelligence, sending shockwaves through financial and governmental sectors.…

Read more →

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB bootloader that allows for local privilege escalation (LPE). This alarming development has raised significant concerns within the cybersecurity community. A recent tweet from Dark Web Intelligence…

Read more →

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying reports, which affects tens of thousands of organizations and grants access to employee, customer, and potentially confidential data.  By exploiting this vulnerability, attackers can extract information…

Read more →

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay $11.3 million to resolve allegations of failing to meet cybersecurity requirements. Guidehouse Inc., headquartered in McLean, Virginia, will pay $7.6 million, while Nan McKay and Associates,…

Read more →

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef. This operation leverages the SugarGh0st RAT and other malware to target government agencies, research institutions, and various organizations worldwide. The campaign began in early August 2023…

Read more →

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential of monetizing the stolen data, ransoms, and fraudulent activities. The digital revolution of businesses has invented more openings to exploit financial transactions and access sensitive financial…

Read more →

A critical vulnerability has been discovered in the “Facebook” module (pkfacebook) from Promokit.eu for PrestaShop. The vulnerability, CVE-2024-36680, allows a guest to perform SQL injection attacks on affected module versions. CVE-2024-36680 – Vulnerability Details The vulnerability stems from the Ajax…

Read more →

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart from typical Distributed Denial of Service (DDoS) botnets. Discovered by the XLab Cyber Threat Insight Analysis (CTIA) system on May 20, 2024, Zergeca has already demonstrated…

Read more →

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user information, including names and financial details, is vulnerable to exploitation by criminals.  The leaked information can be used for phishing attacks, financial fraud, and even harassment,…

Read more →

Hackers target vaults, buckets, and secrets to access some of the most classified and valuable information, including API keys, logins, and other useful data kept within these storage solutions. These storage solutions’ centralized and often inadequately protected nature makes them…

Read more →

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to execute arbitrary code on the server. An attacker can exploit these vulnerabilities by sending a specially crafted email to an administrator.  When the administrator views the…

Read more →

In 2021, UNC3886, a suspected China nexus cyber espionage actor, was found to be targeting strategic organizations on a large scale, utilizing multiple vulnerabilities in FortiOS and VMware to install backdoors on the infected machines. Fortinet and VMware have released…

Read more →

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as an executable disguised as a Word document attached to phishing emails.  It uses evasion techniques to avoid detection and analysis. Then it downloads a malicious payload…

Read more →

LNK files, a shortcut file type in Windows OS, provide easy access to programs, folders, or websites. Created automatically during shortcut creation or manually by users, LNK files contain the target location and other information useful for threat intelligence.  It…

Read more →

In a concerning development for cybersecurity, hackers are increasingly leveraging Progressive Web Apps (PWAs) to execute sophisticated phishing attacks aimed at stealing user credentials. This emerging threat has been highlighted by security researcher mr.d0x, who has detailed the technique in…

Read more →

A threat actor has claimed responsibility for breaching the systems of Jollibee Foods Corporation, the Philippines’ largest fast-food chain. Deepwebkonek, a company known for sharing information related to cyber threats and breaches, made the announcement via a post on the…

Read more →

Threat actors have claimed responsibility for a significant data breach involving Accenture, one of the world’s leading consulting firms. The news broke on Twitter, with the account DarkWebInformer posting a detailed status update on the incident. According to the post,…

Read more →

Threat actors exploit Linux systems because they are prevalent in organizations that host servers, databases, and other important resources.  Exploiting vulnerabilities in Linux systems allows attackers to gain access to sensitive data, disrupt services, or deploy malware.  Besides this, the…

Read more →

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards accounts. The breach between May 15, 2024, and May 18, 2024, allowed unauthorized parties to access users’ accounts. The company believes the hackers obtained login credentials…

Read more →

Google has announced a new update for the Chrome browser, rolling out version 126.0.6478.114/115 for Windows and Mac and 126.0.6478.114 for Linux. This update, which will be distributed over the coming days and weeks, addresses several security vulnerabilities. Users are…

Read more →

Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by a threat actor group, Void Arachne. This group has targeted Chinese-speaking users by distributing malicious Windows Installer (MSI) files. The campaign leverages popular software and AI technologies to lure unsuspecting…

Read more →

Hackers are offering “free” mobile data access on Telegram channels by exploiting loopholes in telecom provider policies, which target users in Africa and Asia and involve sharing configuration files to mimic zero-rated traffic.  The channels function as technical support hubs…

Read more →

Stuxnet, a complex worm discovered in 2010, targeted Supervisory Control and Data Acquisition (SCADA) systems used in industrial facilities. By exploiting multiple vulnerabilities, including zero-days, it breached air-gapped networks (isolated systems) and disrupted Iranian nuclear centrifuges controlled by Siemens Step7…

Read more →

Several phishing campaign kits have been used widely by threat actors in the past. One popular PhaaS (Phishing-as-a-Platform) was Caffeine, which was first identified and reported by Mandiant researchers.  MRxC0DER, an Arabic-speaking threat actor, developed and maintained the caffeine kit.…

Read more →

A threat actor named ” IntelBroker ” claims to have breached AMD in June 2024 and is now selling the allegedly stolen data on hacking forums. The compromised information reportedly includes sensitive data such as future AMD product plans, specification…

Read more →

A prominent figure from the dark web, known by the alias “Nevermore,” has been found promoting a sophisticated ransomware builder. This alarming development has raised concerns among cybersecurity experts and law enforcement agencies worldwide. The Rise of Nevermore Nevermore, a…

Read more →

Fake websites of authoritative and popular companies claiming to be genuine sites make users believe that the site belongs to that specific company and is safe to use. Besides this, hackers can more easily lure victims into entering sensitive information…

Read more →

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for their suspected involvement in malware-enabled scams targeting Singaporeans since June 2023. The suspects will be charged in court today. The SPF, in collaboration with the Hong…

Read more →

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by conducting the federal government’s inaugural tabletop exercise focused on artificial intelligence (AI) security incidents. This groundbreaking event, led by the Joint Cyber Defense Collaborative (JCDC), brought…

Read more →

Europol and law enforcement agencies from ten countries have taken down 13 websites linked to terrorist operations. The joint operation, known as Operation HOPPER II, targeted online platforms used by religious and politically motivated terrorist organizations to spread propaganda and…

Read more →

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data. ARM’s Memory Tagging Extension (MTE) aims to mitigate by tagging memory and checking tags on access.  The following researchers found speculative execution attacks can leak MTE…

Read more →

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage campaign named Operation Celestial Force, targeting Indian entities. Since 2018, they have used GravityRAT malware, initially for Windows and later for Android, which has been deployed…

Read more →

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric’s systems in Germany. The announcement was made via a post on the social media platform Twitter by the account MonThreat, which is known for tracking cyber threats…

Read more →

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine hosts by using new binaries chkstart (remote access with payload execution), exeremo (lateral movement through SSH), and vurld (Go downloader for malware retrieval) and a persistence…

Read more →

A critical vulnerability has been discovered in several models of D-Link wireless routers, allowing unauthenticated attackers to gain administrative access to the devices. The CVE-2024-6045 vulnerability has a CVSS score of 8.8, indicating a high severity level. CVE-2024-6045 – Vulnerability…

Read more →

A 22-year-old British man was apprehended by authorities in Palma de Mallorca, Spain. The arrest, carried out by the United States Federal Bureau of Investigation (FBI) in collaboration with the Spanish Police, marks a breakthrough in the fight against cybercrime.…

Read more →

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these systems to steal sensitive data, interrupt services, or manipulate outcomes in their favor. By compromising the ML models, hackers can degrade the system performance, cause financial…

Read more →

A threat actor has claimed responsibility for leaking the personal data of 5 million Ecuadorian citizens. The announcement was made via a post on social media tweets from the DarkWebInformer account. The breach has raised significant concerns about data security…

Read more →

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes. Resecurity researchers have recently revealed that the Smishing Triad group has launched a fresh smishing campaign targeting Pakistani mobile users. The gang members send harmful messages…

Read more →

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a threat actor to read sensitive files on the host machine. This vulnerability existed in the SolarWinds Serv-U File Transfer solution and was assigned with CVE-2024-28995 –…

Read more →

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery efforts following a recent cybersecurity breach. With the assistance of third-party cybersecurity experts, the company has identified that attackers accessed files from a small number of…

Read more →

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection for Amazon Simple Storage Service (Amazon S3). This new feature expands GuardDuty Malware Protection to detect malicious file uploads to selected S3 buckets, enhancing the security…

Read more →

WARMCOOKIE is a new Windows backdoor that is deployed by a phishing effort with a recruiting theme dubbed REF6127. The WARMCOOKIE backdoor can be used to take screenshots of the target computer, deliver additional payloads, and fingerprint a system. “This…

Read more →

A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code View Function. Summernote is a JavaScript library that helps you create WYSIWYG editors online. An attacker can insert harmful executable…

Read more →

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group. The group has been exploiting a known vulnerability (CVE-2017-11882) in the Microsoft Office equation editor (EQNEDT32.EXE) to distribute a keylogger, posing significant user risks worldwide. The Vulnerability:…

Read more →

In May 24, 2024, Zero-Day Initiative released a security advisory for Ivanti EPM which was associated with SQL injection Remote code execution vulnerability. This vulnerability was assigned with CVE-2024-29824 and the severity was given as 9.6 (Critical). Though ZDI did…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge in impersonation scams. These scams often involve fraudsters pretending to be government employees, using their names and titles to deceive unsuspecting victims. Recently, CISA has become…

Read more →

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088. With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations. CVE-2024-30088 -Vulnerability Details The vulnerability resides in the implementation of the NtQueryInformationToken function within Microsoft Windows. This function is…

Read more →

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote Code Execution (RCE) flaw in Microsoft Message Queuing (MSMQ) services. The flaw, designated CVE-2024-30080, poses a significant threat to global cybersecurity. It could allow malicious actors…

Read more →

An Indian national was sentenced to two years and eight months in jail for unauthorized access to his former employer’s computer systems, resulting in substantial financial losses. Background of the Incident Kandula Nagaraju, a 39-year-old Indian national, was employed by…

Read more →

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if solid passwords and access controls are not implemented. Exposed SSH ports (default 22) are scanned by attackers…

Read more →

Hackers go for Apple due to its massive user base along with rich customers, including business people and managers who use those devices with some important information. Even with these security measures in place, Apple is a likely target since…

Read more →

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and later) exposed access tokens to malicious content within GitHub pull requests, allowing attackers to steal tokens and potentially compromise linked accounts, even with two-factor authentication enabled. …

Read more →

Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been rated as high impact. This update is crucial for users to ensure their browsing experience remains secure. Below is a detailed breakdown of the vulnerabilities fixed…

Read more →

The notorious Charon Android Botnet has resurfaced with enhanced capabilities, according to a threat actor’s announcement on a popular cybercrime forum. The botnet, an edited version of the infamous Ermac, has undergone significant improvements, making it a formidable threat in…

Read more →

Pure Storage has confirmed that a third party temporarily gained unauthorized access to a Snowflake data analytics workspace. This workspace contained telemetry information used by Pure Storage to provide proactive customer support services. The exposed data includes company names, LDAP…

Read more →

Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing) and the Windows Wi-Fi Driver. The CVE for these vulnerabilities has been assigned with CVE-2024-30080 and CVE-2024-30078.  The severity for these vulnerabilities was given as 9.8…

Read more →

Cleveland City Hall and Erieview offices will remain closed for a second consecutive day, June 11, as officials continue investigating a significant “cyber event” that has disrupted city operations. A recent tweet from the City of Cleveland shared that the City Hall and Erieview are closed today June 10, except…

Read more →

Microsoft has disclosed two Critical remote code execution vulnerabilities in MSMQ (Microsoft Message Queuing) and the Windows Wi-Fi Driver. The CVE for these vulnerabilities has been assigned with CVE-2024-30080 and CVE-2024-30078.  The severity for these vulnerabilities was given as 9.8…

Read more →

Malware distributors use MSI installers as Windows OS already trusts them to run with administrative rights by bypassing security controls. For this reason, MSI files are a convenient means of spreading ransomware, spyware, and other malware that can be passed…

Read more →

Researchers identified a campaign distributing Remcos RAT, a Remote Access Trojan, where the attack uses phishing emails disguised as legitimate business communication, such as import/export or quotations.  The emails contain a UUEncoded (UUE) file compressed with Power Archiver, which likely…

Read more →

Cybersecurity experts have identified a new type of malware called “Noodle RAT,” which Chinese-speaking hacker groups use to target Linux servers. Although this malware has been active since 2016, it has only recently been properly classified, shedding light on its…

Read more →

The Mali GPU driver is a widely used Graphical Processing Unit for multiple devices, including Android and Linux. A new vulnerability has been discovered in the Mali GPU Kernel driver. It allows an authenticated, low-privileged user to gain access to…

Read more →

Hackers utilize MSC or Microsoft Management Console files in themed attack campaigns as these files contain commands and scripts that enable them to perform different administrative tasks on the target system.  By mimicking legitimate files, MSC files can evade various…

Read more →

Officers have made two arrests in connection with using a “text message blaster,” believed to have been used to send thousands of smishing messages posing as banks and other official organizations. These messages targeted unsuspecting members of the public. Unprecedented…

Read more →

VPN apps for Android increase privacy and security over the internet since connection data is encrypted, consequently making it impossible for hackers or other parties to access communication data.  They also help unblock region-restricted content through IP address hiding, support…

Read more →

A proof-of-concept (PoC) exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager. The vulnerability, identified as CVE-2024-29849, has a CVSS score of 9.8, indicating its high severity. This article delves into the details of…

Read more →

Ransomware is used by hackers to abuse victims’ data, locking it until a ransom is paid. This method of cyber attack is profitable as it takes advantage of data’s proximity and vitality to individuals and companies, so they have no…

Read more →

DuckDuckGo has unveiled a new feature, AI Chat, which offers users an anonymous way to access popular AI chatbots. This innovative service includes models like OpenAI’s GPT 3.5 Turbo, Anthropic’s Claude 3 Haiku, and two open-source models, Meta Llama 3…

Read more →

Researchers detected an attack involving a fake KMSPico activator tool, which delivered Vidar Stealer through several events. The attack leveraged Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload via the shellcode. The…

Read more →