Tag: gbhackers
-
Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications
Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications A seemingly benign health app, “BMI CalculationVsn,” was found on the Amazon App Store, which secretly collected sensitive user data, including installed app package… Go to gbhackers.com
-
Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide
Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide The Lazarus Group has recently employed a sophisticated attack, dubbed “Operation DreamJob,” to target employees in critical sectors like nuclear energy, which involves distributing… Go to gbhackers.com
-
New Python NodeStealer Attacking Facebook Business To Steal Login Credentials
New Python NodeStealer Attacking Facebook Business To Steal Login Credentials NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets Facebook Ads Manager accounts, stealing sensitive financial and business… Go to gbhackers.com
-
Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access
Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors using the online persona “CyberAv3ngers.” These… Go to gbhackers.com
-
DigiEver IoT Devices Exploited To Deliver Mirai-based Malware
DigiEver IoT Devices Exploited To Deliver Mirai-based Malware A new Mirai-based botnet, “Hail Cock Botnet,” has been exploiting vulnerable IoT devices, including DigiEver DVRs and TP-Link devices with CVE-2023-1389.The botnet, active since… Go to gbhackers.com
-
Threat Actors Selling Nunu Stealer On Hacker Forums
Threat Actors Selling Nunu Stealer On Hacker Forums A new malware variant called Nunu Stealer is making headlines after being advertised on underground hacker forums and Telegram channels.Priced at $100 per month, this malicious… Go to gbhackers.com
-
Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution
Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution A critical vulnerability has been identified in Siemens’ User Management Component (UMC), which could allow unauthenticated remote attackers to execute arbitrary code.The flaw,… Go to gbhackers.com
-
Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access
Windows 11 Privilege Escalation Vulnerability Lets Attackers Execute Code to Gain Access Microsoft has swiftly addressed a critical security vulnerability affecting Windows 11 (version 23H2), which could allow local attackers to escalate privileges to the SYSTEM… Go to gbhackers.com
-
Foxit PDF Editor Vulnerabilities Allows Remote Code Execution
Foxit PDF Editor Vulnerabilities Allows Remote Code Execution Foxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF Reader and Foxit PDF Editor.The updates—Foxit PDF Reader 2024.4… Go to gbhackers.com
-
NetWalker Ransomware Operator Sentenced to 20 Years in Prison
NetWalker Ransomware Operator Sentenced to 20 Years in Prison A Romanian man has been sentenced to 20 years in prison for his involvement in the notorious NetWalker ransomware attacks.The sentencing, which took… Go to gbhackers.com
-
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support… Go to gbhackers.com
-
CISA Proposes National Cyber Incident Response Plan
CISA Proposes National Cyber Incident Response Plan The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed update to the National Cyber Incident Response Plan (NCIRP), inviting public feedback on… Go to gbhackers.com
-
Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure
Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure In a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada, the United Kingdom, and Israel have issued an urgent warning… Go to gbhackers.com
-
Next.js Vulnerability Let Attackers Bypass Authentication
Next.js Vulnerability Let Attackers Bypass Authentication A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows attackers to bypass authentication under specific circumstances.The issue, cataloged… Go to gbhackers.com
-
CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies
CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01: Implementing Secure… Go to gbhackers.com
-
Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely
Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing two critical vulnerabilities affecting its FortiManager and FortiWLM products.The vulnerabilities,… Go to gbhackers.com
-
Careto – A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal…
Careto – A legendary Threat Group Targets Windows By Deploy Microphone Recorder And Steal… Recent research has linked a series of cyberattacks to The Mask group, as one notable attack targeted a Latin American organization in 2022, where… Go to gbhackers.com
-
Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks
Earth Koshchei Employs RDP Relay, Rogue RDP server in Server Attacks A new cyber campaign by the advanced persistent threat (APT) group Earth Koshchei has brought rogue Remote Desktop Protocol (RDP) attacks to the forefront… Go to gbhackers.com
-
RiseLoader Attack Windows By Employed A VMProtect To Drop Multiple Malware Families
RiseLoader Attack Windows By Employed A VMProtect To Drop Multiple Malware Families RiseLoader, a new malware family discovered in October 2024, leverages a custom TCP-based binary protocol similar to RisePro for downloading and executing second-stage payloads. Despite… Go to gbhackers.com
-
1-Click RCE Attack In Kerio Control UTM Allow Attackers Gain Firewall Root Access Remotely
1-Click RCE Attack In Kerio Control UTM Allow Attackers Gain Firewall Root Access Remotely GFI Software’s Kerio Control, a popular UTM solution, was found to be vulnerable to multiple HTTP Response Splitting vulnerabilities, which affecting versions 9.2.5 through… Go to gbhackers.com
-
Azure Data Factory And Apache Airflow Integration Flaws Let Attackers Gain Write Access
Azure Data Factory And Apache Airflow Integration Flaws Let Attackers Gain Write Access Researchers have uncovered vulnerabilities in Microsoft Azure Data Factory’s integration with Apache Airflow, which could potentially allow attackers to gain unauthorized access and control… Go to gbhackers.com
-
Beware of Malicious Ads on Captcha Pages that Deliver Password Stealers
Beware of Malicious Ads on Captcha Pages that Deliver Password Stealers Malicious actors have taken cybercrime to new heights by exploiting captcha verification pages, a typically harmless security feature, to launch large-scale malware distribution campaigns…. Go to gbhackers.com
-
Hitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely
Hitachi Authentication Bypass Vulnerability Allows Attackers to Hack the System Remotely Critical Authentication Bypass Vulnerability Identified in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer.A severe vulnerability has been discovered in Hitachi’s Infrastructure Analytics Advisor… Go to gbhackers.com
-
ConnectOnCall Data Breach, 900,000 Customers Data Exposed
ConnectOnCall Data Breach, 900,000 Customers Data Exposed The healthcare communication platform ConnectOnCall, operated by ConnectOnCall.com, LLC, has confirmed a significant data breach that compromised the personal information of 900,000 patients and… Go to gbhackers.com
-
Kali Linux 2024.4 Released – What’s New!
Kali Linux 2024.4 Released – What’s New! Kali Linux has unveiled its final release for 2024, version Kali Linux 2024.4, packed with notable updates, including new tools and enhancements.This highly… Go to gbhackers.com
-
CISA Warns of Adobe & Windows Kernel Driver Vulnerabilities Exploited in Attacks
CISA Warns of Adobe & Windows Kernel Driver Vulnerabilities Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog.These vulnerabilities,… Go to gbhackers.com
-
“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords
“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every second, nearly double the rate from just a year ago.This… Go to gbhackers.com
-
Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit
Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks from pprof endpoints, and potential code execution threats, which could… Go to gbhackers.com
-
Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins
Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins Researchers discovered multiple vulnerabilities in Ruijie Networks’ cloud-connected devices. By exploiting these vulnerabilities, attackers can remotely compromise access points, gain unauthorized access to internal… Go to gbhackers.com
-
New Android Banking Malware Attacking Indian Banks To Steal Login Credentials
New Android Banking Malware Attacking Indian Banks To Steal Login Credentials Researchers have discovered a new Android banking trojan targeting Indian users, and this malware disguises itself as essential utility services to trick users into… Go to gbhackers.com
-
Nigerian National Extradited to Nebraska for Wire Fraud Charges
Nigerian National Extradited to Nebraska for Wire Fraud Charges United States Attorney Susan Lehr announced the extradition of Abiola Kayode, 37, from Nigeria to the District of Nebraska.The extradition follows a Conspiracy to… Go to gbhackers.com
-
Dell Security Update, Patch for Multiple Critical Vulnerabilities
Dell Security Update, Patch for Multiple Critical Vulnerabilities Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose affected systems to exploitation by malicious actors.Customers are strongly… Go to gbhackers.com
-
CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities
CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities across Siemens’ industrial products.Released on December 12, 2024, these advisories… Go to gbhackers.com
-
FBI Seizes Rydox Marketplace, Arrests Key Administrators
FBI Seizes Rydox Marketplace, Arrests Key Administrators The Federal Bureau of Investigation (FBI) announced the seizure of Rydox, an illicit online marketplace that facilitated the buying and selling of stolen personal… Go to gbhackers.com
-
MITRE ATT&CK Evaluation Results 2024 – Cynet Became a Leader With 100% Detection &…
MITRE ATT&CK Evaluation Results 2024 – Cynet Became a Leader With 100% Detection &… Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running.To… Go to gbhackers.com
-
BadRAM Attack Breaches AMD Secure VMs with $10 Device
BadRAM Attack Breaches AMD Secure VMs with $10 Device Researchers have uncovered a vulnerability that allows attackers to compromise AMD’s Secure Encrypted Virtualization (SEV) technology using a $10 device.This breakthrough exposes a… Go to gbhackers.com
-
GitLab Security Update, Patch for Critical Vulnerabilities
GitLab Security Update, Patch for Critical Vulnerabilities GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE).The newly released versions 17.6.2, 17.5.4, and… Go to gbhackers.com
-
Splunk RCE Vulnerability Let Attackers Execute Remote Code
Splunk RCE Vulnerability Let Attackers Execute Remote Code Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability.This flaw, identified as CVE-2024-53247, affects several versions… Go to gbhackers.com
-
Europol Shutsdown 27 DDoS Service Provider Platforms
Europol Shutsdown 27 DDoS Service Provider Platforms In a major international operation codenamed “PowerOFF,” Europol, collaborating with law enforcement agencies across 15 countries, has taken down 27 illegal platforms facilitating Distributed… Go to gbhackers.com
-
Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication
Reserachers Uncovered Zloader DNS Tunneling Tactics For Stealthy C2 Communication Zloader, a sophisticated Trojan, has recently evolved with features that enhance its stealth and destructive potential, as the latest version, 2.9.4.0, introduces a custom… Go to gbhackers.com
-
Chrome Security Update, Patch For Multiple Vulnerabilities
Chrome Security Update, Patch For Multiple Vulnerabilities Google has released a new update on the Stable channel for its Chrome browser, addressing a series of security vulnerabilities.The update has been… Go to gbhackers.com
-
Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access
Ivanti CSA Vulnerabilities Let Attackers Gain Admin Access Ivanti has issued critical software updates to address several severe vulnerabilities in its Cloud Services Application (CSA).These vulnerabilities tracked as CVE-2024-11639, CVE-2024-11772, and… Go to gbhackers.com
-
WPForms Vulnerability Let Users Issues Subscription Payments
WPForms Vulnerability Let Users Issues Subscription Payments A critical security vulnerability, tracked as CVE-2024-11205, was recently discovered in the popular WordPress plugin, WPForms, which boasts over 6 million active installations globally.This flaw,… Go to gbhackers.com
-
Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day
Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day In its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical vulnerabilities… Go to gbhackers.com
-
RedLine Malware Weaponizing Pirated Corporate Softwares To Steal Logins
RedLine Malware Weaponizing Pirated Corporate Softwares To Steal Logins Attackers are distributing a malicious .NET-based HPDxLIB activator disguised as a new version, which is signed with a self-signed certificate, and targets entrepreneurs automating… Go to gbhackers.com
-
Dell Warns of Critical Code Execution Vulnerability in Power Manager
Dell Warns of Critical Code Execution Vulnerability in Power Manager Dell Technologies has issued a security advisory, DSA-2024-439, to alert users of a critical vulnerability in its Dell Power Manager software.The vulnerability, identified… Go to gbhackers.com
-
Researchers Uncovered Hackers Infrastructre Using Passive DNS Technique
Researchers Uncovered Hackers Infrastructre Using Passive DNS Technique Cybersecurity researchers have unveiled an advanced technique to uncover hackers’ operational infrastructure using passive DNS data.This groundbreaking method sheds light on how attackers establish… Go to gbhackers.com
-
Let’s Encrypt to End Support for Online Certificate Status Protocol (OCSP)
Let’s Encrypt to End Support for Online Certificate Status Protocol (OCSP) Let’s Encrypt has officially announced its timeline to phase out support for the Online Certificate Status Protocol (OCSP).The nonprofit Certificate Authority (CA) plans… Go to gbhackers.com
-
Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins
Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins Cybercriminals online take advantage of well-known events to register malicious domains with keywords related to the event, with the intention of tricking users through… Go to gbhackers.com
-
New Meeten Malware Attacking macOS And Windows Users To Steal Logins
New Meeten Malware Attacking macOS And Windows Users To Steal Logins A sophisticated crypto-stealing malware, Realst, has been targeting Web3 professionals, as the threat actors behind this campaign have employed AI-generated content to create fake… Go to gbhackers.com
-
QNAP High Severity Vulnerabilities Let Remote attackers to Compromise System
QNAP High Severity Vulnerabilities Let Remote attackers to Compromise System QNAP Systems, Inc. has identified multiple high-severity vulnerabilities in its operating systems, potentially allowing attackers to compromise systems and execute malicious activities.These issues… Go to gbhackers.com
-
Qlik Sense for Windows Vulnerability Allows Remote Code Execution
Qlik Sense for Windows Vulnerability Allows Remote Code Execution Qlik has identified critical vulnerabilities in its Qlik Sense Enterprise for Windows software that could lead to remote code execution (RCE) if exploited. Security… Go to gbhackers.com
-
Hackers Use Artificial Intelligence to Create Sophisticated Social Engineering Attacks
Hackers Use Artificial Intelligence to Create Sophisticated Social Engineering Attacks The Federal Bureau of Investigation (FBI) has issued a warning about a growing trend in cybercrime, hackers leveraging generative artificial intelligence (AI) to develop… Go to gbhackers.com
-
DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory
DaMAgeCard Attack – New SD Card Attack Lets Hackers Directly Access System Memory Security researchers have identified a significant vulnerability dubbed “DaMAgeCard Attack” in the new SD Express card standard that could allow attackers to directly access… Go to gbhackers.com
-
Deloitte Denies Breach, Claims Only Single System Affected
Deloitte Denies Breach, Claims Only Single System Affected Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish the data it had stolen earlier this week.However, despite the… Go to gbhackers.com
-
Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware
Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using spearphishing emails with malicious HTML attachments to deliver GammaLoad malware. To… Go to gbhackers.com
-
Top Five Industries Most Frequently Targeted by Phishing Attacks
Top Five Industries Most Frequently Targeted by Phishing Attacks Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top five industries targeted by subject-customized emails, which often leverage personal… Go to gbhackers.com
-
Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication
Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to the Pakistani group Storm-0156, which allows Secret Blizzard to access… Go to gbhackers.com
-
Rockwell Automation Warns of Multiple Code Execution Vulnerabilities in Arena
Rockwell Automation Warns of Multiple Code Execution Vulnerabilities in Arena Rockwell Automation has issued a critical security advisory addressing multiple remote code execution (RCE) vulnerabilities discovered in its Arena® software.These vulnerabilities, reported by the… Go to gbhackers.com
-
Django Security Update, Patch for DoS & SQL Injection Vulnerability
Django Security Update, Patch for DoS & SQL Injection Vulnerability The Django team has issued critical security updates for versions 5.1.4, 5.0.10, and 4.2.17.These updates address two vulnerabilities: a potential denial-of-service (DoS) attack… Go to gbhackers.com
-
Europol Dismantled 50+ Servers Used For Fake Online Shopping Websites
Europol Dismantled 50+ Servers Used For Fake Online Shopping Websites Europol, in collaboration with law enforcement across Europe, has taken down a sophisticated cybercriminal network responsible for large-scale online fraud.Over 50 servers were… Go to gbhackers.com
-
Multiple ICS Advisories Released by CISA Detailing Exploits & Vulnerabilities
Multiple ICS Advisories Released by CISA Detailing Exploits & Vulnerabilities The Cybersecurity and Infrastructure Security Agency (CISA) has released two advisories highlighting significant security vulnerabilities in Industrial Control Systems (ICS) software and hardware.These… Go to gbhackers.com
-
Researchers Released hrtng IDA Pro Plugin for Malware Analyst to Make Reverse Engineering Easy
Researchers Released hrtng IDA Pro Plugin for Malware Analyst to Make Reverse Engineering Easy The Global Research and Analysis Team (GReAT) has announced the release of hrtng, a cutting-edge plugin for IDA Pro, one of the most prominent tools for… Go to gbhackers.com
-
HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks
HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to solve Capture The Flag (CTF) challenges without human intervention. It utilizes… Go to gbhackers.com
-
Fuji Electric Indonesia Hit by Ransomware Attack
Fuji Electric Indonesia Hit by Ransomware Attack Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and raising concerns about data security and business continuity.The attack was… Go to gbhackers.com
-
Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges
Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges A critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK version 4.3.46.This vulnerability arises from the use of a… Go to gbhackers.com
-
ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF
ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the ChatGPT Next Web, popularly known as NextChat.This vulnerability has raised… Go to gbhackers.com
-
I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks
I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks I-O DATA DEVICE, INC. has announced that several critical vulnerabilities in their UD-LT1 and UD-LT1/EX routers are being actively exploited.These vulnerabilities pose significant… Go to gbhackers.com
-
Progress WhatsUp Gold RCE Vulnerability – PoC Exploit Released
Progress WhatsUp Gold RCE Vulnerability – PoC Exploit Released A registry overwrite remote code execution (RCE) vulnerability has been identified in NmAPI.exe, part of the WhatsUp Gold network monitoring software.This vulnerability, present… Go to gbhackers.com
-
Google Chrome Security Update, Patch for High-severity Vulnerability
Google Chrome Security Update, Patch for High-severity Vulnerability Google has released a significant security update for its Chrome browser, aiming to address several vulnerabilities and enhance user safety.The Stable channel has… Go to gbhackers.com
-
MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts
MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts A critical vulnerability has been identified in the Mobile Security Framework (MobSF) that allows attackers to inject malicious scripts into the system.This vulnerability, CVE-2024-53999… Go to gbhackers.com
-
CISA Releases Advisory to Monitor Networks to Detect Malicious Cyber Actors
CISA Releases Advisory to Monitor Networks to Detect Malicious Cyber Actors The National Security Agency (NSA) has partnered with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and other entities… Go to gbhackers.com
-
PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts
PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated learning (FL) to improve the efficiency and privacy of training… Go to gbhackers.com
-
Salesforce Applications Vulnerability Could Allow Full Account Takeover
Salesforce Applications Vulnerability Could Allow Full Account Takeover A critical vulnerability has been discovered in Salesforce applications that could potentially allow a full account takeover.The vulnerability, uncovered during a penetration testing… Go to gbhackers.com
-
TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands
TP-Link HomeShield Function Vulnerability Let Attackers Inject Malicious Commands A significant vulnerability has been identified in TP-Link’s HomeShield function, affecting a range of their devices, including the Archer, Deco, and Tapo series routers…. Go to gbhackers.com
-
Russia Sentenced Hydra Dark Web Market Developer for Life Time
Russia Sentenced Hydra Dark Web Market Developer for Life Time A Russian court has sentenced Stanislav Moiseyev, believed to be the founder of the notorious Hydra darknet marketplace, to life imprisonment.The Moscow Regional… Go to gbhackers.com
-
ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications
ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated Windows RAT that, initially detected in 2023, employs advanced evasion… Go to gbhackers.com
-
Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection…
Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection… With Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure Sweet Security today announced the release of its unified Cloud… Go to gbhackers.com
-
Beware Of Malicious PyPI Packages That Inject infostealer Malware
Beware Of Malicious PyPI Packages That Inject infostealer Malware Recent research uncovered a novel crypto-jacking attack targeting the Python Package Index (PyPI), where malicious actors uploaded a legitimate-seeming cryptocurrency client package, “aiocpa,” to… Go to gbhackers.com
-
Linux 6.13-rc1 Released: What’s New!
Linux 6.13-rc1 Released: What’s New! In a recent announcement, Linus Torvalds, the creator of Linux, officially released the first release candidate (RC1) for Linux kernel version 6.13.This release… Go to gbhackers.com
-
Amazon GuardDuty Enhanced With AI/ML Threat Detection Capabilities for Cloud Security
Amazon GuardDuty Enhanced With AI/ML Threat Detection Capabilities for Cloud Security Amazon has taken a significant step forward to enhance the security of its cloud environment.The introduction of advanced AI/ML threat detection capabilities in… Go to gbhackers.com
-
Windows Server 2012 0-day Vulnerability Exposes Critical Security Flaw
Windows Server 2012 0-day Vulnerability Exposes Critical Security Flaw Cybersecurity researchers have identified a critical 0-day vulnerability in Windows Server 2012 and Server 2012 R2.This previously unknown security flaw allows attackers to… Go to gbhackers.com
-
Apple Safari JavaScriptCore Remote Code Execution Flaw Exploited in the Wild
Apple Safari JavaScriptCore Remote Code Execution Flaw Exploited in the Wild A critical vulnerability identified as CVE-2024-44308 has been actively exploited in the wild, affecting multiple versions of Apple Safari across iOS, visionOS, and macOS… Go to gbhackers.com
-
Ransomware Developer Mikhail Matveev Arrested in Russia
Ransomware Developer Mikhail Matveev Arrested in Russia Russian authorities have arrested Mikhail Matveev, a notorious Russian hacker linked to multiple ransomware attacks worldwide.Matveev, who was also known by online aliases such… Go to gbhackers.com
-
Hackers Can Secretly Access ThinkPad Webcams by Disabling LED Indicator Light
Hackers Can Secretly Access ThinkPad Webcams by Disabling LED Indicator Light In a presentation at the POC 2024 conference, cybersecurity expert Andrey Konovalov revealed a novel method for covertly disabling the LED indicator of the… Go to gbhackers.com
-
600,000+ Sensitive Records Exposed From Background Checks Service Provider
600,000+ Sensitive Records Exposed From Background Checks Service Provider A publicly exposed database has left the sensitive information of hundreds of thousands of individuals vulnerable to potential misuse.Not protected by passwords or encryption,… Go to gbhackers.com
-
New Phishing Attack Targeting Corporate Internet Banking Users
New Phishing Attack Targeting Corporate Internet Banking Users A sophisticated phishing scam has surfaced in Japan, targeting corporate internet banking users.This attack, which has rapidly gained attention nationwide, involves fraudsters impersonating… Go to gbhackers.com
-
Uniswap Labs to Offer $15.5 Million Bounty for Bug Hunters
Uniswap Labs to Offer $15.5 Million Bounty for Bug Hunters Uniswap Labs has launched a $15.5 million bug bounty program to ensure the security of its latest protocol, Uniswap v4.This substantial bounty is… Go to gbhackers.com
-
Zyxel Firewall Vulnerability Actively Exploited in Attacks
Zyxel Firewall Vulnerability Actively Exploited in Attacks Zyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products.This follows a detailed report by cybersecurity firm Sekoia… Go to gbhackers.com
-
UK Healthcare Provider Hit by Cyberattack, Services Affected
UK Healthcare Provider Hit by Cyberattack, Services Affected Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack, leading to the declaration of a major incident.The cyberattack has… Go to gbhackers.com
-
Researchers Detailed New Exfiltration Techniques Used By Ransomware Groups
Researchers Detailed New Exfiltration Techniques Used By Ransomware Groups Ransomware groups and state-sponsored actors increasingly exploit data exfiltration to maximize extortion and intelligence gains by leveraging a mix of custom and legitimate tools… Go to gbhackers.com
-
New Skimmer Malware Steals Credit Card Data From Checkout Pages
New Skimmer Malware Steals Credit Card Data From Checkout Pages A JavaScript-based malware targeting Magento eCommerce websites has been identified, which is designed to skim payment card details and activates exclusively on checkout pages. The… Go to gbhackers.com
-
SMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive & Dropbox
SMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive & Dropbox UNC2465, a financially motivated threat actor, leverages the SMOKEDHAM backdoor to gain initial access to target networks, which are often delivered via phishing emails,… Go to gbhackers.com
-
Critical Jenkins Vulnerability Let Attackers Trigger DoS & Inject Scripts
Critical Jenkins Vulnerability Let Attackers Trigger DoS & Inject Scripts A series of vulnerabilities have been identified, posing significant risks to the system’s security.These vulnerabilities could allow attackers to trigger denial of service… Go to gbhackers.com
-
Microsoft Re-Releasing Exchange Server Nov 2024 Security Update Fixing Transport Rules
Microsoft Re-Releasing Exchange Server Nov 2024 Security Update Fixing Transport Rules Microsoft has re-released the November 2024 Security Update (SU) with enhancements to rectify problems encountered with transport rules.Originally rolled out on November 12,… Go to gbhackers.com
-
New Windows 11 Vulnerability Lets Attackers Elevate Privileges
New Windows 11 Vulnerability Lets Attackers Elevate Privileges A new vulnerability has been discovered in Windows 11, specifically affecting the 23H2 version.This vulnerability is identified in the ksthunk.sys driver, allows attackers to exploit… Go to gbhackers.com
-
“Bootkitty” – A First Ever UEFI Bootkit Attack Linux Systems
“Bootkitty” – A First Ever UEFI Bootkit Attack Linux Systems Cybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems.This discovery, named ‘Bootkitty’, marks a new chapter in UEFI threats,… Go to gbhackers.com
-
Matrix, A Single Actor Orchestrate Global DDOS Attack Campaign
Matrix, A Single Actor Orchestrate Global DDOS Attack Campaign Cybersecurity researchers have uncovered a widespread Distributed Denial-of-Service (DDoS) campaign attributed to a threat actor using the alias “Matrix.”This campaign, characterized by its… Go to gbhackers.com
-
NVIDIA UFM Vulnerability Leads to Privilege Escalation & Data Tampering
NVIDIA UFM Vulnerability Leads to Privilege Escalation & Data Tampering NVIDIA has released a critical security update addressing a significant vulnerability in its Unified Fabric Manager (UFM) products.This flaw, identified as CVE-2024-0130, poses a… Go to gbhackers.com
-
Junior School Student Indicted for Infecting Computers With Malware
Junior School Student Indicted for Infecting Computers With Malware Fukui Prefectural Police have indicted a 15-year-old junior high school student from Saitama Prefecture for allegedly creating and distributing malware.The young suspect, who… Go to gbhackers.com