Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Officers have made two arrests in connection with using a “text message blaster,” believed to have been used to send thousands of smishing messages posing as banks and other official organizations. These messages targeted unsuspecting members of the public. Unprecedented…

Read more →

VPN apps for Android increase privacy and security over the internet since connection data is encrypted, consequently making it impossible for hackers or other parties to access communication data.  They also help unblock region-restricted content through IP address hiding, support…

Read more →

A proof-of-concept (PoC) exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager. The vulnerability, identified as CVE-2024-29849, has a CVSS score of 9.8, indicating its high severity. This article delves into the details of…

Read more →

Ransomware is used by hackers to abuse victims’ data, locking it until a ransom is paid. This method of cyber attack is profitable as it takes advantage of data’s proximity and vitality to individuals and companies, so they have no…

Read more →

DuckDuckGo has unveiled a new feature, AI Chat, which offers users an anonymous way to access popular AI chatbots. This innovative service includes models like OpenAI’s GPT 3.5 Turbo, Anthropic’s Claude 3 Haiku, and two open-source models, Meta Llama 3…

Read more →

Researchers detected an attack involving a fake KMSPico activator tool, which delivered Vidar Stealer through several events. The attack leveraged Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload via the shellcode. The…

Read more →

Due to the growing popularity of Apple devices, cybercriminals are increasingly targeting iOS and macOS with malware. The App Store is no longer secure, and iCloud is a new target, as Apple’s allowance of third-party app stores in Europe is…

Read more →

Sticky Werewolf, a cyber threat group, has shifted its targeting strategy from sending phishing emails with download links to malicious files to using archive attachments containing LNK files, which act as shortcuts to malicious executables hosted on WebDAV servers.  When…

Read more →

Apache RocketMQ platform is a widely used messaging system that handles high volumes of data and critical operations, often attracting hackers.  Exploiting the vulnerabilities in RocketMQ allows attackers to disrupt communications, access sensitive information, and potentially gain control over the…

Read more →

The North Korean state-sponsored group known as Kimsuky has launched a sophisticated cyber-espionage campaign targeting a prominent weapons manufacturer in Western Europe. This attack released on LinkedIn, discovered on May 16, 2024, underscores the growing threat state-sponsored cyber actors pose…

Read more →

Hacktivist groups are increasingly targeting critical infrastructure’s Operational Technology (OT) systems, motivated by geopolitical issues that, unlike traditional website defacements, can disrupt essential services and endanger public safety.   The success of high-profile attacks on Industrial control systems (ICS) by groups…

Read more →

The government computer emergency response team of Ukraine, CERT-UA, in direct cooperation with the Cyber Security Center of the Armed Forces of Ukraine (CCB), has detected and investigated the activity of the UAC-0020 (Vermin) group, aimed at the Defense Forces…

Read more →

ReversingLabs researchers recently uncovered a malicious open-source package named xFileSyncerx on the Python Package Index (PyPI). This package, which had been downloaded nearly 300 times, contained separate malicious “wiper” components. Initially, it raised concerns about being an open-source supply chain…

Read more →

Tenable® Holdings, Inc., a leading Exposure Management company, has announced a definitive agreement to acquire Eureka Security, Inc., a prominent provider of data security posture management (DSPM) for cloud environments. This strategic acquisition aims to bolster Tenable’s cloud security capabilities,…

Read more →

It is difficult to secure cloud accounts from threat actors who exploit multi-factor authentication (MFA) settings. Threat actors usually alter compromised users’ MFA attributes by bypassing the requirements, disabling MFA for others, or enrolling rogue devices in the system. They…

Read more →

A new ransomware variant dubbed ‘Fog’ has been spotted targeting US businesses in the education and recreation sectors. Forensic data revealed that threat actors accessed victim environments using compromised VPN credentials. Notably, two different VPN gateway providers were used for…

Read more →

Mandiant identified a UNC1151 information campaign targeting Ukraine, Lithuania, Latvia, and Poland with disinformation, as CRIL linked a recent malicious XLS campaign to UNC1151.  The attackers used spam emails with Excel documents containing VBA macros that dropped LNK and DLL…

Read more →

A cybercriminal group is selling and distributing a sophisticated phishing kit called “V3B” through Phishing-as-a-Service (PhaaS) and self-hosting methods, which targets EU banking customers and is designed to steal login credentials and one-time codes (OTPs) through social engineering tactics.  Launched…

Read more →

A malicious Python package named “crytic-compilers” was identified on PyPI. Masquerading as a legitimate library for intelligent contract compilation, it mimicked the name and versioning scheme of the real “crytic-compile” tool.  The imposter package infiltrated popular development environments by appearing…

Read more →

The Parrot Security team has officially announced the release of Parrot OS 6.1, the latest version of their popular Linux distribution tailored for security professionals, ethical hackers, and privacy enthusiasts. This new release brings a range of enhancements, updated tools,…

Read more →

Apple has refused to pay Kaspersky Lab a reward for discovering critical vulnerabilities in iOS that allowed attackers to install spyware on any iPhone. According to RTVI, the vulnerabilities were reported to Apple in 2023, and under the Apple Security…

Read more →

Buffalo, N.Y. — U.S. Attorney Trini E. Ross announced today that Wul Isaac Chol, 27, of Buffalo, NY, pleaded guilty before the U.S. District Judge John L. Sinatra, Jr. to possessing 15 or more unauthorized access devices intending to defraud.…

Read more →

The Kali Linux team has announced the release of Kali Linux 2024.2, the latest version of their popular penetration testing and security auditing Linux distribution. Kali Linux is one of the most powerful Debian-based Linux distributions, developed and maintained by…

Read more →

Sophos Managed Detection and Response (MDR) has uncovered a sophisticated, long-running cyberespionage campaign dubbed “Crimson Palace,” attributed to Chinese state-sponsored actors. The operation targeted a high-profile government organization in Southeast Asia, with activities spanning from early 2022 to April 2024.…

Read more →

Phishing attackers are distributing malicious HTML files as email attachments, containing code designed to exploit users by prompting them to directly paste and execute the code, which leverages social engineering, as users are tricked into running the malicious code themselves…

Read more →

Last week, a security researcher sent me 122GB of data scraped out of thousands of Telegram channels. It contained 1.7k files with 2B lines and 361M unique email addresses, of which 151M had never been seen in Have I Been…

Read more →

Attackers are using malicious Excel files with VBA macros to deploy DLLs and ultimately install Cobalt Strike on compromised Windows machines, which use obfuscation and target specific processes to avoid detection by antivirus software.  The attacks appear to target Ukrainian…

Read more →

Generative AI systems comprise several components and models geared to enhancing human interactions with the system.  However, while being as realistic and useful as possible, these models are protected by defense layers against generating misuse or inappropriate content against the…

Read more →

Hackers use packers maliciously to make their code difficult to recognize, as most antivirus programs are coded to be able to recognize these packers.  The packers initialize and encrypt the original malware payload into a new form, which is hard…

Read more →

Cybersecurity experts have discovered that the widely used messaging application Signal is being exploited to deliver DarkCrystal RAT malware to high-profile targets, including government officials, military personnel, and representatives of defense enterprises in Ukraine. The Infection Process According to a…

Read more →

 The former command senior chief of the littoral combat ship Manchester’s gold crew, Senior Chief Grisel Marrero, has been convicted at a court-martial for installing an unauthorized Wi-Fi system aboard the ship and subsequently lying about it to her superiors.…

Read more →

Hackers have multiple reasons for abusing malicious npm packages, as they can first use popular open-source libraries as a medium for distributing malware or backdoors without the users’ knowledge. Secondly, allow threat actors to penetrate into developers’ and agencies’ networks…

Read more →

Hackers have multiple reasons for abusing malicious npm packages, as they can first use popular open-source libraries as a medium for distributing malware or backdoors without the users’ knowledge. Secondly, allow threat actors to penetrate into developers’ and agencies’ networks…

Read more →

The ransomware landscape is rapidly diversifying in 2024, with a surge in new extortion groups as established attackers continue to target large companies. A record number of smaller groups are emerging—22 in just five months compared to 22 in a…

Read more →

Russia is intensifying disinformation campaigns against France, President Macron, the IOC, and the 2024 Paris Olympics, blending decades-old tactics with AI, as the Microsoft Threat Analysis Center (MTAC) identifies two primary goals: tarnishing the IOC’s reputation and fostering expectations of…

Read more →

Zyxel has released patches addressing critical command injection and remote code execution vulnerabilities in two of its NAS products, NAS326 and NAS542, which have reached end-of-vulnerability support. Users are strongly advised to install these patches to ensure optimal protection. What…

Read more →

Over the past year, the ransomware actor known as “Underground” has been less active than other groups, yet they remain a threat in the cybersecurity landscape. Despite their reduced activity, Underground continues to target industries of various sizes, causing substantial…

Read more →

Hackers take advantage of Word documents as weapons due to their widespread use and trust. This is facilitated by the ease with which users can be deceived into opening them.  These documents may have macros or exploits that are dangerous…

Read more →

The Oracle WebLogic Server vulnerabilities enable hackers to access unauthorized systems that are used for business data and applications.  This can enable threat actors to bring in external programs and complete system control, consequently assuming admin privileges. The end result…

Read more →

Hugging Face, a leading AI and machine learning platform, has reported unauthorized access to its Spaces platform, explicitly targeting Spaces secrets. This breach has raised concerns about the security of sensitive information and the potential impact on users. Unauthorized Access…

Read more →

A critical security vulnerability has been discovered in the wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, a popular plugin used by WordPress websites to create dynamic tables and charts. The vulnerability, CVE-2024-3820, allows attackers to perform…

Read more →

Threat actors have claimed responsibility for a data breach involving Heineken employees. The news broke through a post on the social media platform tweeted by the account DarkWebInformer, which specializes in monitoring and reporting on dark web activities. Details of…

Read more →

ELLIO, a provider of real-time, highly accurate intelligence for filtering of unwanted network traffic and cybernoise, and ntop, a provider of open-source and commercial high-speed traffic monitoring applications, have announced a partnership to enhance visibility into malicious traffic originating from…

Read more →

DDoS-as-a-Service botnets are used by hackers to facilitate the most easily and cheaply launch of devastating distributed denial-of-service (DDoS) attacks. Purposely, these botnets are made up of hacked devices that can be rented or leased to cause service disruptions or…

Read more →

Attackers in South Korea are distributing malware disguised as cracked software, including RATs and crypto miners, and registering themselves with the Task Scheduler to ensure persistence.  Even after removing the initial malware, the Task Scheduler triggers PowerShell commands to download…

Read more →

Ever since Russia’s invasion of Ukraine on February 24, 2022, there have been heavy tensions between the nations and worldwide. After this incident, Ukraine imposed an eviction and termination moratorium on utility services for unpaid debt, ending in January 2024.…

Read more →

Hackers target IT industries as they hold valuable data, possess critical infrastructure, and often have access to sensitive information from various sectors.  Compromising IT companies can provide hackers with high-impact opportunities for espionage, financial gain, and disruption of essential services.…

Read more →

In recent cyberattacks, hackers are actively exploiting stored cross-site scripting (XSS) vulnerabilities in various WordPress plugins. According to Fastly reports, these vulnerabilities, identified as CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000, are targeted due to inadequate input sanitization and output escaping, allowing attackers…

Read more →

VirusTotal, a leading online service for analyzing files and URLs for viruses, worms, trojans, and other malicious content, is celebrating its 20th anniversary. Since its inception in 2004, VirusTotal has become an indispensable tool for cybersecurity professionals and enthusiasts worldwide.…

Read more →

eSentire’s Threat Response Unit (TRU) uncovered a sophisticated malware campaign involving fake browser updates. This campaign has been responsible for delivering two dangerous malware variants:BitRAT and Lumma Stealer. The attackers use fake update mechanisms to trick users into downloading malicious…

Read more →

A new vulnerability related to authentication bypass was discovered in the Progress Telerik Report server. The CVE for this vulnerability has been assigned CVE-2024-4358, and its severity has been given as 9.8 (Critical). This vulnerability exists in Telerik Report Server…

Read more →

CryptoChameleon, a phishing tool detected in February 2024, was developed by someone anonymous and is used by threat actors to collect personal data such as usernames and passwords of mobile phone users. A thorough investigation has exposed many CryptoChameleon fast-flux…

Read more →

A critical vulnerability has been discovered in Spring Cloud Data Flow, a microservices-based platform for streaming and batch data processing in Cloud Foundry and Kubernetes. The flaw, identified in the Skipper server component, allows attackers to compromise the server by…

Read more →

Okta, a leading identity and access management company, has warned about credential stuffing attacks targeting its Customer Identity Cloud (CIC). The company has identified that threat actors are exploiting the cross-origin authentication feature within CIC. As part of its Okta…

Read more →

In a shocking revelation, a threat actor has allegedly leaked sensitive data belonging to Shell, one of the world’s leading energy companies. According to a tweet from Data Web Informer, the May 2024 data was posted on a popular hacking…

Read more →

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes. The widespread use of GitHub and the diverse range of codebases hosted on the platform make it an attractive target for threat actors seeking valuable information…

Read more →

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting malware through harmful sites, and flooding DNS servers with fake requests such as DDoS. DNS is everywhere and is a basic part of internet communication, making…

Read more →

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS) attacks are actively exploited by hackers.  Sometimes, DDoS attacks are used as a distraction from other criminal activities, for extortion, to gain a competitive advantage, or…

Read more →

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege escalation. This vulnerability has been assigned with CVE-2024-27842 and the severity is yet to be categorized. This vulnerability exists in the Universal Disk Format (UDF) filesystem…

Read more →

GNOME desktop manager was equipped with a new feature which allowed remote users to create graphical sessions on the system by configuring the system daemon. This daemon runs as a dedicated “gnome-remote-desktop” and also provides a D-bus interface on the…

Read more →

Today marks a significant milestone for Malcat users with the release of version 0.9.6, introducing Kesakode, a remote hash lookup service. This innovative tool is tightly integrated into Malcat’s UI and is designed to match known functions, strings, and constant…

Read more →

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface. This vulnerability could potentially allow authenticated, remote attackers to conduct SQL injection attacks on affected systems. This vulnerability, tracked as CVE-2024-20360, poses significant risks,…

Read more →

Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting WooCommerce online stores to steal credit card information. This alarming trend highlights the persistent threat cybercriminals pose and the need for robust security measures in the…

Read more →

Google has released a patch for a zero-day exploit in its Chrome browser. The vulnerability, identified as CVE-2024-5274, involves a confusion issue in the V8 JavaScript engine, which could allow attackers to execute arbitrary code on affected systems. CVE-2024-5274 –…

Read more →

State-sponsored hackers recently exploited vulnerabilities in MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). They used rogue virtual machines (VMs) to evade detection and maintain persistence in a cyberattack. The attack, attributed to a China-linked group tracked as UNC5221, underscores…

Read more →

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing ZIP and RAR attachments to distribute SMOKELOADER malware. The most recent attacks involve emails that carry Microsoft Access files and ZIP archives that, when opened, install…

Read more →

Hackers target military and government networks for varied reasons, primarily related to spying, which involves interference in the functioning of critical infrastructure.  This is mainly because these networks hold sensitive data and command systems that if tampered with can be…

Read more →

Zero Trust Maturity measures the extent to which an organization has adopted and implemented the Zero Trust security model.  It calculates how fully a company has adopted Zero Trust’s foundational concepts, such as stringent authentication of each user, device, and…

Read more →

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining attacks in the cloud. Unlike on-premises infrastructure, whereby it is difficult to scale up resources, cloud environments enable attackers to deploy resources for cryptomining rapidly, making…

Read more →

Gift cards are attractive to hackers since they provide quick monetization for stolen data or compromised systems. Reselling gift cards is simple, and they can also be converted into money, which makes them a comparatively risk-free means of ensuring threat…

Read more →

A new practical and powerful Denial of service attack has been discovered that exploits DNS queries and responses. This new attack has been termed “DNSBomb,” which transforms different security mechanisms employed by DNS, including reliability enhancement, security protection, timeout, query…

Read more →

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users. These packages, found on the Python Package Index (PyPI) and NPM, have been meticulously analyzed to uncover their malicious intent and sophisticated attack mechanisms. GuardDog: The Sentinel…

Read more →

Phishing attacks have evolved into increasingly sophisticated schemes to trick users into revealing their personal information. One such method that has gained prominence involves phishing emails masquerading as PDF viewer login pages. These deceptive emails lure unsuspecting users into entering their email addresses and passwords, compromising their online security. Forcepoint X-Labs has recently observed many phishing emails targeting various government departments in the Asia-Pacific (APAC)…

Read more →

Law enforcement agencies have successfully dismantled several dark web marketplaces offering illicit goods. Dubbed “Operation SpecTor,” this coordinated crackdown marks a significant victory in the ongoing battle against cybercrime and illegal online activities. This news was shared on the Dark…

Read more →

A new study by researchers at the University of Maryland has uncovered a privacy vulnerability in Apple’s Wi-Fi Positioning System (WPS) that allows attackers to track users’ locations and movements globally. The findings raise serious concerns about the potential for…

Read more →

A consumer-grade spyware app named pcTattletale has been discovered running on the check-in systems of at least three Wyndham hotels across the United States. This alarming discovery was made by TechCrunch, which reported that the app stealthily captured screenshots of…

Read more →

OpenText, a leader in information management solutions, has announced the acquisition of Pillr technology, a cloud-native, multi-tenant Managed Detection and Response (MDR) platform designed for Managed Service Providers (MSPs). This strategic move aims to improve OpenText’s cybersecurity capabilities, enabling it…

Read more →

Microsoft has shifted its scripting options for web development and task automation. The company is replacing VBScript with more advanced alternatives such as JavaScript and PowerShell to provide users with the most modern and efficient tools. This article explores what…

Read more →

Hackers exploit ransomware as it enables them to extort money from victims by encrypting their data and demanding a ransom for its release.  While this method is highly lucrative and often difficult to trace back to the perpetrators. Sentinel One…

Read more →

Hackers exploit the Microsoft Build Engine because it can execute code and build applications.  This engine provides an easy means for them to send harmful payloads using legitimate software development tools.  Moreover, inside corporate environments, Build Engine’s trusted nature enables…

Read more →

A new strain of malware known as Stealerium has been identified. It targets Wi-Fi networks and Microsoft Outlook to steal login credentials. This sophisticated malware poses a significant threat to individual users and organizations, highlighting the need for heightened vigilance…

Read more →

A group of hackers has claimed to have accessed the database of Qatar National Bank (QNB), one of the largest financial institutions in the Middle East. The announcement was made via a post on Twitter by the account MonThreat. ANYRUN…

Read more →

A phishing email with a malicious zip attachment initiates the attack. The zip contains a single executable disguised as an Excel file using Left-To-Right Override characters (LTRO).  LTRO makes the filename appears to have a harmless .xlsx extension (e.g., RFQ-101432620247flexe.xlsx)…

Read more →

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients’ personal data. The company, known for its advanced digital imaging solutions, reported that the incident occurred between September 4, 2023, and September 30, 2023. During this…

Read more →

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a troubling scenario client-specific secrets were leaked from Atlassian’s code repository tool, Bitbucket, and exploited by threat actors to gain unauthorized access to AWS accounts. This revelation…

Read more →

The widely used team workspace corporate wiki Confluence has been discovered to have a critical remote code execution vulnerability. This vulnerability has been assigned with CVE-2024-21683 with a severity of 8.3 (High).  This vulnerability affects multiple versions of Confluence Data…

Read more →

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident involving its IT network. The breach, first identified in January 2024, affected the University’s Microsoft Office 365 environment, including email accounts and SharePoint files. The earliest…

Read more →

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers from digital impersonation fraud, released its inaugural 2024 State of Website Impersonation Scams report. Notably, Memcyco’s research indicates that the majority of companies do not have…

Read more →

North Korean hacking groups are suspected of hijacking the personal email accounts of high-ranking military officials. The Defense Ministry confirmed that a joint investigation is underway, involving both the police and military police. A dedicated task force has been established…

Read more →

Microsoft has been prioritizing security in Windows, as they introduced Secured-Core PCs to protect from hardware to cloud attacks and expanded passwordless offerings with passkeys for better identity protection.  Passkeys are protected by Windows Hello technology, and to further enhance…

Read more →

A new critical vulnerability has been discovered in Fluent Bit’s built-in HTTP server, which has been termed “Linguistic Lumberjack” (CVE-2024-4323). Exploiting this vulnerability can also lead to a denial of service, information disclosure, or remote code execution. Its severity has…

Read more →

A Russian influence campaign, DoppelGänger, leverages fake news websites (typosquatted and independent) to spread disinformation, undermining support for Ukraine. Structura and SDA are running the campaign, which started in May 2022 and targets France, Germany, and other countries.  Inauthentic social…

Read more →

Team82 has uncovered multiple critical vulnerabilities in Honeywell’s ControlEdge Virtual Unit Operations Center (UOC). These vulnerabilities within the EpicMo protocol implementation could potentially allow attackers to execute remote code without authentication. Honeywell has since addressed these issues, but the discovery…

Read more →

X-Force identified a phishing campaign targeting Latin American users since March 2024, where emails impersonate legitimate entities like tax and utility services, urging recipients to click links for invoices or account statements.  Clicking the link redirects users in specific countries…

Read more →

Fluent Bit, a widely used open-source data collector and processor, has been found to have a major memory loss flaw. Many big cloud providers use Fluent Bit for their logging because it is easy to use and can be scaled…

Read more →

Researchers have shown a proof-of-concept (PoC) attack for a zero-day remote code execution (RCE) flaw in the QTS operating system from QNAP. Users of QNAP’s Network-Attached Storage (NAS) devices, which are common in both small and big business settings, are…

Read more →

A critical remote code execution vulnerability has been discovered in the git clone which was assigned with CVE-2024-32002 and the severity has been given as 9.0 (Critical). This particular vulnerability existed in the clone command that is widely used.  Git…

Read more →

In the big data era, pre-training large vision transformer (ViT) models on massive datasets has become prevalent for enhanced performance on downstream tasks.  Visual prompting (VP), introducing learnable task-specific parameters while freezing the pre-trained backbone, offers an efficient adaptation alternative…

Read more →

In a recent encounter, the Akira ransomware group exploited a novel privilege escalation technique, where the attackers infiltrated the victim’s virtual environment to steal the NTDS.dit file, a critical file containing domain user accounts and passwords stored on domain controllers. …

Read more →

The U.S. Securities and Exchange Commission (SEC) has made changes to Regulation S-P that require financial companies to report data leaks within 30 days. This is a big step toward protecting consumers. This new rule, which goes into force on…

Read more →