Two Chinese people have been arrested on suspicion of being involved in a complex cryptocurrency trading scam that stole more than $73 million from people. In the Central District of California, the accusation was made public. It charges Daren Li,…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
PoC Exploit Published for 0-day Vulnerability in Google Chrome
A proof-of-concept (PoC) exploit for a critical zero-day vulnerability (CVE-2024-4947) in Google Chrome has been made public. The potential for exploitation of this vulnerability, which impacts the V8 JavaScript engine, has generated considerable apprehension among members of the cybersecurity community.…
Kinsing Malware Attacking Apache Tomcat Servers To Deploy Cryptominers
Kinsing malware, known for exploiting vulnerabilities on Linux cloud servers to deploy backdoors and cryptominers, has recently expanded its target to include Apache Tomcat servers. The malware utilizes novel techniques to evade detection by hiding itself within seemingly innocuous system…
Sonicwall SSL-VPN exploit Advertised on the Dark web
The dark web has seen the release of a new vulnerability that targets SonicWALL SSL-VPN devices. Recently, the exploit, which lets people enter private networks without permission, was sold on a well-known dark web market. The news was first shared…
Hackers Exploiting Docusign With Phishing Attack To Steal Credentials
Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost attack method. Phishing attacks can be easily scaled to target a large number of individuals, increasing the likelihood of success.…
ViperSoftX Malware Uses Deep Learning Model To Execute Commands
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts text from images, and the malware scans these extracted strings for phrases related to passwords or cryptocurrency wallets. If a…
New Linux Backdoor Attacking Linux Users Via Installation Packages
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target for gaining unauthorized access or spreading malware. Besides this, its open-source nature allows threat actors to study the code and…
Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS) based VPN solutions, like SSLVPN and WebVPN, should be replaced with safer options. Bad people are still taking advantage of…
Santander Data Breach: Hackers Accessed Company Database
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and Chile. Concerns have been made about data security and privacy following the breach, which was found to have started with…
U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and severance of North Korean IT workers working around the world. This plan, which was announced on Thursday, is meant to…
Russian APT Hackers Attacking Critical Infrastructure
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals, as APT groups conduct espionage to gather valuable political and economic information. The Russian government may recruit financially motivated groups,…
Millions Of IoT Devices Vulnerable To Attacks Leads To Full Takeover
Researchers discovered four significant vulnerabilities in the ThroughTek Kalay Platform, which powers 100 million IoT-enabled devices. Notably, ThroughTek Kalay’s influence emphasizes the importance of protecting homes, companies, and integrators alike with its widespread presence in security cameras and other devices.…
Apple Has Terminated 370 Million+ Developer & Customer Accounts
The App Store will close over 370 million developer and customer accounts in 2023. Apple takes this move to fight fraud and provide a safe and dependable platform for consumers and developers. Apple has led app distribution since 2008, setting…
QakBot Malware Exploiting Windows zero-Day To Gain System Privileges
In April 2024, security researchers revisited CVE-2023-36033, a Windows DWM Core Library elevation of privilege vulnerability that was previously discovered and exploited in the wild. As part of their investigation into exploit samples and potential attack vectors, they stumbled upon…
Vmware Workstation & Fusion Flaws Let Attackers Execute Arbitrary Code
Multiple security flaws affecting VMware Workstation and Fusion have been addressed by upgrades published by VMware. If these vulnerabilities are successfully exploited, attackers may be able to obtain privileged data from the device, execute arbitrary code, and cause a denial…
VirusTotal’s Crowdsourced AI Initiative to Analyze Macros With Word & Excel Files
VirusTotal has announced a major change to its Crowdsourced AI project: it has added a new AI model that can examine strange macros in Microsoft Office files. This model, created by Dr. Ran Dubin from Ariel University and the ByteDefend…
Nissan Data Breach – 53,000+ Employees Data Stolen
Nissan says that the personal information of more than 53,000 workers has been stolen. The huge automaker is now taking proactive steps to help those who have been affected and limit the damage that could occur from the stolen data.…
Nissan Data breach – 53,000+ Employees Data Stolen
Nissan says that the personal information of more than 53,000 workers has been stolen. The huge automaker is now taking proactive steps to help those who have been affected and limit the damage that could occur from the stolen data.…
PoC Exploit Released For D-LINK RCE Zero-Day Vulnerability
Two critical vulnerabilities have been discovered in D-Link DIR-X4860 routers which were associated with Authentication bypass due to HNAP port and remote code execution. Moreover, exploiting these vulnerabilities together could lead to a complete compromise of the vulnerable device. However,…
Wireshark 4.2.5 Released: What’s New!
Wireshark, the world’s foremost and widely used network protocol analyzer, has recently released version 4.2.5, which brings a host of new features and improvements. This latest update promises to enhance the user experience and provide even more powerful tools for…
Hackers Attacking Foxit PDF Reader Users To steal Sensitive Data
Researchers identified a PDF exploit targeting Foxit Reader users that uses a design flaw that presents security warnings with a default “OK” option, potentially tricking users into executing malicious code. The exploit is actively being used and bypasses typical detection…
Adobe Patches Multiple Code Execution Flaws in a Wide Range of Products
Adobe has addressed several critical code execution flaws across a broad spectrum of its products. This move underscores the company’s commitment to software security and protecting its user base against potential cyber threats. Free Webinar on Live API Attack Simulation: Book…
QakBot Malware Exploiting Windows Zero-Day To Gain System Privileges
Hackers exploit the Windows zero-day vulnerabilities, as they offer great advantages. This means that no patches or defenses exist for zero-day vulnerabilities as software vendors are unaware of them, consequently, hackers have a certain period to start their attacks before…
New Google Chrome Zero-day Exploited in the Wild, Patch Now!
Google has issued an urgent security update for its Chrome browser after discovering a zero-day vulnerability that is currently being exploited by attackers. The vulnerability, tracked as CVE-2024-4761, affects the V8 JavaScript engine and could potentially allow attackers to execute arbitrary code on the user’s computer. Google has responded quickly with a patch, urging all users to update their browsers immediately to…
FortiOS & FortiProxy SSL-VPN Flaw Allows IP Spoofing via Malicious Packets
A critical vulnerability has been discovered in Fortinet’s FortiOS SSL-VPN and FortiProxy SSL-VPN. The flaw, identified as FG-IR-23-225, allows attackers to spoof IP addresses and bypass security controls by sending specially crafted packets. It affects multiple versions of FortiOS and…
Tornado Cash Developer Jailed for Laundering Billions of Dollars
A court has sentenced the developer of the cryptocurrency mixing service Tornado Cash to over five years in prison. The developer was found guilty of designing and operating a platform that laundered billions of dollars, including proceeds from high-profile cybercrimes.…
Beware Of New Social Engineering Attack That Delivers Black Basta Ransomware
Hackers exploit social engineering, which avoids technical security systems, by manipulating the psychology and behavior of a human being. Social engineering techniques, such as baiting emails or pretexting phone calls, manipulate victims into providing confidential information or performing actions that…
Tor Browser 13.0.15 Released: What’s New!
Tor Project has announced the release of Tor Browser 13.0.15. Available now on the Tor Browser download page and through their distribution directory, this new version introduces a series of significant updates and bug fixes that promise to improve the…
Cybersecurity Expert Jailed For Hacking 400K Smart Homes, Selling Videos
Hackers target smart homes due to the increased interconnected devices with often insufficient security measures. Smart homes provide a wealth of personal and sensitive information, including access to security cameras, smart locks, and personal data stored on connected devices. Cybersecurity…
IT Teams Beware! Weaponized WinSCP & PuTTY Delivers Ransomware
Attackers launched a campaign distributing trojanized installers for WinSCP and PuTTY in early March 2024, as clicking malicious ads after searching for the software leads to downloads containing a renamed pythonw.exe that loads a malicious DLL. The DLL side-loads a…
Dell Hack: Attacker Steals Customer Phone Numbers & Service Reports
In a concerning development for Dell Technologies, a threat actor known as Menelik has reportedly accessed and scraped sensitive customer data from a Dell support portal. This latest security breach, which follows a previous incident involving the theft of physical…
New Botnet Sending Millions of Weaponized Emails with LockBit Black Ransomware
The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) has detected a formidable new cyber threat. Dubbed LockBit Black, this ransomware campaign is leveraging a botnet to distribute millions of weaponized emails, posing a significant risk to individuals and organizations.…
Hackers Abuse DNS Tunneling For Covert Communication & Firewall Bypass
As a sneaky scheme, hackers use DNS tunneling to bypass traditional security measures. By wrapping malicious data inside DNS queries and responses, they can smuggle out sensitive information or talk to command and control servers without getting caught. DNS tunneling…
Threat Actor Selling INC Ransomware Code for $300,000
A notorious threat actor has decided to sell the INC Ransomware code for an unbelievable $300,000. As a result of this change, the number of cyber threats has significantly increased, putting many more businesses at risk of damaging hacks. A…
Zscaler Concludes Investigation: Only Test Servers Compromised
In a recent development, Zscaler Inc., a prominent cybersecurity firm, has concluded its investigation into a potential data breach initially reported last week. The company confirmed that the breach was confined to an isolated test environment on a single server…
Hackers Abuse GoTo Meeting Tool to Deploy Remcos RAT
In a sophisticated cyberattack campaign, hackers are using the online meeting platform GoToMeeting to distribute a Remote Access Trojan known as Remcos. This alarming development underscores cybercriminals’ evolving tactics of leveraging trusted software to breach security defenses and gain unauthorized…
Apple iTunes for Windows Flaw Let Attackers Execute Malicious Code
iTunes has been found to have an arbitrary code execution vulnerability that might allow attackers to execute malicious code. To fix this vulnerability, Apple has issued a security advisory. It also stated that until an investigation is complete and updates…
GPT-4o Released: Faster Model Available for Free to All Users
OpenAI, the top lab for researching artificial intelligence, just released GPT-4o, its newest advance in AI technology. In the field of generative AI, this newest and most advanced model is a big step forward because it can work with voice,…
MITRE Releases EMB3D Cybersecurity Threat Model for Embedded Devices
In collaboration with Red Balloon Security, Narf Industries, and Niyo Little Thunder Pearson (ONEGas, Inc.), MITER has unveiled EMB3D, a comprehensive threat model designed to address the growing cybersecurity risks faced by embedded devices in critical infrastructure sectors. Embedded devices,…
Tycoon 2FA Attacking Microsoft 365 AND Google Users To Bypass MFA
Tycoon 2FA, a recently emerged Phishing-as-a-Service (PhaaS) platform, targets Microsoft 365 and Gmail accounts, which leverage an Adversary-in-the-Middle (AitM) technique to steal user session cookies, bypassing multi-factor authentication (MFA) protections. By acting as an intermediary between the user and the…
Scattered Spider Attacking Finance & Insurance Industries WorldWide
Hackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own. These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual property. When their…
Critical Cacti Vulnerability Let Attackers Execute Remote Code
Cacti, the widely utilized network monitoring tool, has recently issued a critical security update to address a series of vulnerabilities, with the most severe being CVE-2024-25641. This particular vulnerability has been assigned a high severity rating with a CVSS score…
Nmap 7.95 released – What’s New!
Nmap’s version 7.95 emerges as a testament to the relentless efforts of its development team, spearheaded by the renowned Gordon Fyodor Lyon. The update showcases the remarkable processing of over 6,500 new OS and service detection fingerprints, underscoring the tool’s…
Microsoft Edge Zero-Day Vulnerability Exploited in the Wild
A zero-day vulnerability in Microsoft Edge, which has been tagged as CVE-2024-4671, has been aggressively exploited by evil organizations, according to reports. This security flaw originates from the Chromium engine that underpins the browser. Chromium is also the foundation for…
Passwordless Authentication Standard FIDO2 Flaw Let Attackers Launch MITM Attacks
FIDO2 (Fast Identity Online) is a passwordless authentication method developed by FIDO Alliance to prevent Man-in-the-Middle (MiTM) attacks, Phishing attacks, and session hijacking attacks. This FIDO2 authentication works using a physical or embedded key. However, this secure passwordless authentication method…
Apache OFBiz RCE Flaw Let Attackers Execute Malicious Code Remotely
Many businesses use enterprise resource planning (ERP) systems like Apache OFBiz. However, it has been found to have significant security holes that let attackers run harmful code from afar without being verified. Businesses that depend on Apache OFBiz for budgeting,…
Ohio Lottery Hacked: 500,000+ Customers Data Exposed
A major cybersecurity breach happened at the Ohio Lottery, letting people into its private systems without permission. The breach wasn’t found until April 5, 2024, so the information of about 538,959 people was out in the open for months. People’s…
Hackers Exploiting Vulnerabilities 50% Faster, Within 4.76 Days
Cybersecurity researchers are sounding the alarm that hackers are exploiting software vulnerabilities faster than ever before. A new report from Fortinet found that in the second half of 2023, the average time between a vulnerability being disclosed and actively exploited…
Hackers Moving To AI But Lacking Behind The Defenders In Adoption Rates
Hackers were actively exploiting the generative AI for cyber attacks; not only that, even threat actors are also exploring new ways to exploit other advanced LLMs like ChatGPT. They could leverage Large Language Models (LLMs) and generative AI for several…
PoC Released for Critical PuTTY Private Key Recovery Vulnerability
Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY SSH and Telnet client. The flaw, CVE-2024-31497, allows attackers to recover private keys generated with the NIST P-521 elliptic curve in PuTTY versions…
HackCar – Attack AND Defense Playground For Automotive System
Modern cars have microcontrollers that use the Controller Area Network (CAN) to perform safety and luxury functions. However, vehicle hijacking can occur through message injection attacks because the CAN network lacks the security of drive-by-wire systems such as speed control,…
DDoS Attack Size Increased by 233.33%, UDP-Based are Popular
The latest Nexusguard DDoS Trend Report for 2024 has unveiled a significant escalation in the size of Distributed Denial of Service (DDoS) attacks throughout 2023, with an average increase of 233.33% compared to the previous year. Despite a 54.74% drop…
New LLMjacking Used Stolen Cloud Credentials to Attack Cloud LLM Servers
Researchers have identified a new form of cyberattack termed “LLMjacking,” which exploits stolen cloud credentials to hijack cloud-hosted large language models (LLMs). This sophisticated attack leads to substantial financial losses and poses significant risks to data security. LLMjacking involves attackers…
HijackLoader Malware Attack Windows Via Weaponized PNG Image
In a recent cybersecurity breakthrough, researchers have unveiled significant updates to the HijackLoader malware, a sophisticated modular loader notorious for delivering a variety of malicious payloads. The malware has been updated to deploy threats such as Amadey, Lumma Stealer, Racoon…
North Korean Hackers Abusing Facebook & MS Management Console
The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and system management tools to conduct espionage activities. This revelation highlights the evolving tactics of cyber adversaries and the increasing complexity…
Google Chrome Zero-day Exploited in the Wild, Patch Now
Google has urgently updated its Chrome browser across all platforms after a critical vulnerability, identified as CVE-2024-4671, was found being actively exploited. Users are strongly advised to update their browsers immediately to prevent potential security breaches. CVE-2024-4671: Details and Impact…
Stack Overflow Users Delete Posts in Protest Over OpenAI Partnership
Several Stack Overflow users have begun deleting their contributions from the platform, a move that has sparked widespread debate within the developer community. This action follows a newly announced partnership between Stack Overflow and OpenAI, detailed in a press release…
Dell Hacked – Attackers Stolen 49 Million Customers Personal Information
Dell Technologies recently disclosed a data breach involving a company portal that contained limited customer information related to purchases. The breach exposed customer names, physical addresses, and detailed order information, including service tags, item descriptions, order dates, and warranty details.…
Warning! Google Chrome Zero-day Vulnerability Exploited in Wild
Google released a critical security update for its Chrome web browser to address attackers exploiting a high-severity vulnerability. The update brings Chrome to version 124.0.6367.201 for Windows, Mac, and Linux users on the Stable release channel. The vulnerability, tracked as…
Researchers Hacked Apple Infrastructure Using SQL Injection
Researchers found several points of entry for potential attackers, one of which was Apple’s Book Travel portal, where they took advantage of a significant SQL injection vulnerability. Experimenting with the Masa/Mura CMS revealed the attack surface, primarily the one available…
Researchers Hacked into Apple Infrastructure Using SQL Injection
Researchers found several points of entry for potential attackers, one of which was Apple’s Book Travel portal, where they took advantage of a significant SQL injection vulnerability. Experimenting with the Masa/Mura CMS revealed the attack surface, primarily the one available…
Threat Actors Accessed Cancer Patients’ Data left Open by Testing Lab
Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years. The California-based firm, which has performed over 500,000 blood tests, is notifying an…
Threat Actors Accessed Cancer patients’ Data left Open by Testing Lab
Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years. The California-based firm, which has performed over 500,000 blood tests, is notifying an…
Cyber Attack On Data Center Cooling Systems Leads To Disruption
Critical operational elements such as data storage, processing, backups, and recovery heavily rely on Australian industrial organizations’ data centers. These facilities support various business functions, including productivity tools, transaction-intensive applications, big-data processing systems, and artificial intelligence (AI). The importance of…
SocGholish Attacks Enterprises Via Fake Browser Updates
Enterprises are being targeted by the malware known as SocGholish through deceptive browser update prompts. This malware, notorious for its stealth and the complexity of its delivery mechanisms, has been identified in a series of incidents involving fake browser updates…
Alert! Hackers Running Thousands of Fake Webshops : 850,000+ Cards Stolen
A sprawling cybercrime network, “BogusBazaar,” has stolen credit card details from over 850,000 online shoppers, mainly in Western Europe and the United States, by operating tens of thousands of fraudulent e-commerce websites. Security researchers estimate that since 2021, the hackers…
F5’s Next Central Manager Vulnerabilities Let Hackers Take Full Device Control Remotely
In a significant cybersecurity development, researchers have uncovered critical vulnerabilities in F5’s Next Central Manager, which could potentially allow attackers to gain full administrative control over the device. This alarming security flaw also creates hidden rogue accounts on any managed…
Polish Government Under Sophisticated Cyber Attack From APT28 Hacker Group
The Polish computer emergency response team CERT.pl has issued a warning about an ongoing cyberattack campaign by the notorious APT28 hacking group, also known as Fancy Bear or Sofacy. The campaign is targeting various Polish government institutions with a new…
Bangladesh IT Provider Database Compromise: 95k Email Addresses Leaked
Tappware, a prominent IT service provider, faced a breach when approximately 50GB of its database was leaked on a hacker forum. This database contained 2.3 million rows of data, including sensitive personal information such as names, addresses, and phone numbers…
How Does ANY RUN Sandbox Protect Enterprise Users By Utilizing Advanced Tools
Ensuring adherence to GDPR, the ANY RUN sandbox service employs TLS 1.3 for data in transit and AES-256 for data at rest; it is hosted in Germany and provides supplementary tools, predominantly for enterprise plans, to empower users with greater…
CrushFTP Vulnerability Exploited in Wild to Execute Remote Code
A critical vulnerability in CrushFTP, identified as CVE-2024-4040, has been actively exploited in the wild. It allows attackers to perform unauthenticated remote code execution on vulnerable servers. This severe security flaw affects versions of CrushFTP before 10.7.1 and 11.1.0, enabling…
Hackers Abuse Google Search Ads to Deliver MSI-Packed Malware
Hackers have been found exploiting Google search ads to distribute malware through MSI (Microsoft Installer) packages. This campaign, involving the malware loader known as FakeBat, targets unsuspecting users by masquerading as legitimate software downloads. The Infection Chain: From Ad to…
Veeam RCE Flaws Let Hackers Gain Access To VSPC Servers
Veeam Service Provider console has been discovered with two critical vulnerabilities that were associated with Remote Code Execution. A CVE for these vulnerabilities is yet to be assigned. These vulnerabilities exist in version 7.x and version 8.x of the Veeam…
Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users
A new critical vulnerability has been discovered in PDF.js, which could allow a threat actor to execute arbitrary code when opening a malicious PDF. PDF.js allows browsers to render PDF files without any plugins or external software. This vulnerability affects…
Hackers Employing Steganography Methods to Deliver Notorious RemcosRAT
Hackers are now using steganography techniques to distribute the notorious Remote Access Trojan (RAT) known as RemcosRAT. This method, which involves hiding malicious code within seemingly innocuous image files, marks a concerning evolution in malware delivery tactics. The Initial Breach:…
Hackers Actively Exploiting Ivanti Pulse Secure Vulnerabilities
Juniper Threat Labs has reported active exploitation attempts targeting vulnerabilities in Ivanti Pulse Secure VPN appliances. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited to deliver the Mirai botnet, among other malware, posing a significant threat to network…
Google Simplifies Two-Factor Authentication Setup Process
Google has announced an update to its two-factor authentication (2FA) process, also known as 2-step Verification (2SV), aimed at simplifying the setup and making it easier for users to secure their accounts. The changes rolled out on Monday, May 6,…
NCA Unmasks and Sanctions Leader of Notorious LockBit Ransomware Group
In collaboration with US and Australian authorities, the UK’s National Crime Agency (NCA) has unmasked and sanctioned the leader of the notorious LockBit ransomware group, once considered the world’s most harmful cybercrime operation. Russian national Dmitry Khoroshev, who went by…
Weaponized Windows Shortcut Files Deploying Fileless RokRat Malware
Hackers target LNK (Windows shortcut) files to disseminate malware because they can embed malicious code that automatically executes when the shortcut is clicked. LNK files appear harmless but can stealthily trigger malware downloads or other malicious actions, making them an…
Trend Micro Antivirus One Let Attacker Inject Malicious Code Into Application
A significant update for Trend Micro’s Antivirus One software has been released. The update addresses a critical vulnerability that may have enabled attackers to inject malicious code. The vulnerability, called custom dynamic library injection vulnerability CVE-2024-34456, may enable an attacker…
Multiple Samsung Mobile Devices Flaw Let Attackers Execute Arbitrary Code
In a cybersecurity update, Samsung announced the patching of 25 vulnerabilities in its mobile devices, aiming to fortify them against potential code execution and privilege escalation attacks. This move is part of Samsung’s ongoing efforts to enhance the security of…
New TunnelVision Attack Lets Attackers Snoop on VPN Traffic
In a groundbreaking discovery, cybersecurity experts at Leviathan Security Group have unveiled a new type of cyberattack dubbed “TunnelVision,” which poses a threat to the security of Virtual Private Networks (VPNs). This sophisticated attack method allows cybercriminals to bypass the…
Citrix NetScaler ADC & Gateway Flaw Lets Attackers Obtain Sensitive Data Remotely
A security vulnerability has been identified in Citrix NetScaler ADC and Gateway appliances, allowing remote attackers to access sensitive data without authentication. This flaw, identified as an out-of-bounds memory read issue, affects versions up to 13.1-50.23 of the software and…
APT42 Hackers Posing As Event Organizers To Hijack Victim Network
APT42, a group linked to the Iranian government, is using social engineering tactics such as impersonating journalists and event organizers to trick NGOs, media, academia, legal firms, and activists into providing credentials to access their cloud environments. They exfiltrate data…
New Atomic Stealer Malware Copies Passwords & Wallets from Infected Macs
Several new variants of Atomic macOS Stealer, or AMOS have been observed that are intended to exfiltrate sensitive data from affected Macs. AMOS is transmitted by Trojan horses, which frequently pose as allegedly pirated or “cracked” versions of apps. It…
Best SIEM Tools List For SOC Team – 2024
The Best SIEM tools for you will depend on your specific requirements, budget, and organizational needs. There are several popular and highly regarded SIEM (Security Information and Event Management) tools available in the market What is SIEM? A security information…
Beware of Phishing Attacks Targeting AmericanExpress Card Users
Cybercriminals target American Express cardholders through deceptive emails that mimic official communications from the financial services giant. The scam attempts to trick users into divulging sensitive personal and financial information. How the Scam Works According to a recent tweet from…
Indonesia Emerging As A Hub For Highly Invasive Spyware
In today’s digital age, civil society is facing a serious threat in the form of invasive malware and surveillance technology that has the potential to cause irreparable harm. These malicious tools can infiltrate systems and compromise sensitive information, posing a…
Hackers Use Custom Backdoor & Powershell Scripts to Attack Windows Machines
The Damselfly Advanced Persistent Threat (APT) group, also known as APT42, has been actively utilizing custom backdoor variants, NiceCurl and TameCat, to infiltrate Windows machines. These backdoors are primarily delivered through spear-phishing campaigns, marking a significant escalation in the capabilities…
Europe’s Most Wanted Teenage Hacker Arrested
Julius “Zeekill” Kivimäki, once Europe’s most wanted teenage hacker, has been arrested. Kivimäki, known for his involvement with the notorious Lizard Squad, was apprehended after a series of cybercrimes that shocked the continent. A Decade of Cyber Terror Julius Kivimäki’s cybercrime career began in his early teens and quickly escalated to high-profile attacks. As…
Linksys Router Flaw Let Attackers Perform Command Injection, PoC Released
Linksys routers were discovered with two vulnerabilities: CVE-2024-33788 and CVE-2024-33789. These vulnerabilities were associated with Command Injection on Linksys routers. The severity of these vulnerabilities is yet to be categorized. However, a proof-of-concept has been published for these two vulnerabilities.…
Tinyproxy Flaw Let Attackers Execute Remote Code
A security flaw has been identified in Tinyproxy, a lightweight HTTP/HTTPS proxy daemon widely used in small network environments. The vulnerability, cataloged under CVE-2023-49606, allows remote attackers to execute arbitrary code on the host machine. This flaw poses a critical…
Ex-Cybersecurity Consultant Jailed For Trading Confidential Data
Vincent Cannady, a professional who used to work as a consultant in the cybersecurity field, has been taken into custody for allegedly trying to extort a sum of money that could go up to $1.5 million from an IT company…
Mal.Metrica Malware Hijacks 17,000+ WordPress Sites
Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges. Clicking initiates a malicious redirect, exposing users to scams or malware exploiting user familiarity with CAPTCHAs, bypassing suspicion, and…
ApacheMQ Authentication Flaw Let Unauthorized Users Perform Multiple Actions
Apache ActiveMQ is a Java based communication management tool for communicating with multiple components in a server. It is an open-source widely used messaging service that can be used to send messages between two or more applications. However, Apache ActiveMQ…
Hackers Exploit Microsoft Graph API For C&C Communications
An emerging threat leverages Microsoft’s Graph API to facilitate command-and-control (C&C) communications through Microsoft cloud services. Recently, security analysts at Symantec discovered a previously undocumented malware called BirdyClient or OneDriveBirdyClient. This malware targeted an organization in Ukraine. It abused Microsoft…
68% of Data Breach Occurs Due to Social Engineering Attacks
In the latest edition of Verizon’s Data Breach Investigations Report (DBIR) for 2024, a concerning trend has been highlighted, a significant 68% of data breaches are now occurring due to social engineering attacks. This revelation underscores the increasing sophistication and…
U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers
The United States government has issued a stark warning about a new wave of social engineering attacks orchestrated by North Korean hackers. The Department of State, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have jointly…
Threat Actors Renting Out Compromised Routers To Other Criminals
APT actors and cybercriminals both exploit proxy anonymization layers and VPN nodes to mask their malicious activities, while Pawn Storm, a well-known APT group, infiltrated a cybercriminal botnet of compromised Ubiquiti EdgeRouters in 2022 and used it for espionage. The…
Cisco IP Phone Vulnerability Let Attackers Trigger DoS Attack
Cisco has disclosed multiple vulnerabilities in its IP Phone firmware that could severely impact users by allowing unauthenticated, remote attackers to perform denial of service (DoS) attacks, gain unauthorized access, and view sensitive information. These vulnerabilities affect several Cisco IP…