Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine hosts by using new binaries chkstart (remote access with payload execution), exeremo (lateral movement through SSH), and vurld (Go downloader for malware retrieval) and a persistence…

Hidden Backdoor in D-Link Routers Let Attacker Login as Admin

A critical vulnerability has been discovered in several models of D-Link wireless routers, allowing unauthenticated attackers to gain administrative access to the devices. The CVE-2024-6045 vulnerability has a CVSS score of 8.8, indicating a high severity level. CVE-2024-6045 – Vulnerability…

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection for Amazon Simple Storage Service (Amazon S3). This new feature expands GuardDuty Malware Protection to detect malicious file uploads to selected S3 buckets, enhancing the security…

Beware WARMCOOKIE Backdoor Knocking Your Inbox

WARMCOOKIE is a new Windows backdoor that is deployed by a phishing effort with a recruiting theme dubbed REF6127. The WARMCOOKIE backdoor can be used to take screenshots of the target computer, deliver additional payloads, and fingerprint a system. “This…

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group. The group has been exploiting a known vulnerability (CVE-2017-11882) in the Microsoft Office equation editor (EQNEDT32.EXE) to distribute a keylogger, posing significant user risks worldwide. The Vulnerability:…

CISA Warns of Scammers Impersonating as CISA Employees

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a surge in impersonation scams. These scams often involve fraudsters pretending to be government employees, using their names and titles to deceive unsuspecting victims. Recently, CISA has become…

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088. With a CVSS score of 8.8, this flaw affects Microsoft Windows and allows local attackers to escalate their privileges on affected installations. CVE-2024-30088 -Vulnerability Details The vulnerability resides in the implementation of the NtQueryInformationToken function within Microsoft Windows. This function is…

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote Code Execution (RCE) flaw in Microsoft Message Queuing (MSMQ) services. The flaw, designated CVE-2024-30080, poses a significant threat to global cybersecurity. It could allow malicious actors…

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for administration. Both protocols are vulnerable to brute-force attacks if solid passwords and access controls are not implemented. Exposed SSH ports (default 22) are scanned by attackers…

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and later) exposed access tokens to malicious content within GitHub pull requests, allowing attackers to steal tokens and potentially compromise linked accounts, even with two-factor authentication enabled. …

Firefox 127 Released With patch for 15 Vulnerabilities

Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been rated as high impact. This update is crucial for users to ensure their browsing experience remains secure. Below is a detailed breakdown of the vulnerabilities fixed…

Charon Android Botnet Made a Comeback With New Weapons

The notorious Charon Android Botnet has resurfaced with enhanced capabilities, according to a threat actor’s announcement on a popular cybercrime forum. The botnet, an edited version of the infamous Ermac, has undergone significant improvements, making it a formidable threat in…

Cleveland City Closes Offices Following Attack on IT Systems

Cleveland City Hall and Erieview offices will remain closed for a second consecutive day, June 11, as officials continue investigating a significant “cyber event” that has disrupted city operations. A recent tweet from the City of Cleveland shared that the City Hall and Erieview are closed today June 10, except…

Remcos RAT Distributed As UUEncoding (UUE) File To Steal Logins

Researchers identified a campaign distributing Remcos RAT, a Remote Access Trojan, where the attack uses phishing emails disguised as legitimate business communication, such as import/export or quotations.  The emails contain a UUEncoded (UUE) file compressed with Power Archiver, which likely…

Chinese Hackers using New Noodle RAT to Attack Linux Servers

Cybersecurity experts have identified a new type of malware called “Noodle RAT,” which Chinese-speaking hacker groups use to target Linux servers. Although this malware has been active since 2016, it has only recently been properly classified, shedding light on its…

Hackers Weaponizing MSC Files In Targeted Attack Campaign

Hackers utilize MSC or Microsoft Management Console files in themed attack campaigns as these files contain commands and scripts that enable them to perform different administrative tasks on the target system.  By mimicking legitimate files, MSC files can evade various…

Free Android VPNs Suffering Encryption Failures, New Report

VPN apps for Android increase privacy and security over the internet since connection data is encrypted, consequently making it impossible for hackers or other parties to access communication data.  They also help unblock region-restricted content through IP address hiding, support…

Duckduckgo Launches Anonymous AI Chatbots

DuckDuckGo has unveiled a new feature, AI Chat, which offers users an anonymous way to access popular AI chatbots. This innovative service includes models like OpenAI’s GPT 3.5 Turbo, Anthropic’s Claude 3 Haiku, and two open-source models, Meta Llama 3…

Muhstik Malware Attacking Apache RocketMQ To Execute Remote Code

Apache RocketMQ platform is a widely used messaging system that handles high volumes of data and critical operations, often attracting hackers.  Exploiting the vulnerabilities in RocketMQ allows attackers to disrupt communications, access sensitive information, and potentially gain control over the…

North Korean Kimsuky Attacking Arms Manufacturer In Europe

The North Korean state-sponsored group known as Kimsuky has launched a sophisticated cyber-espionage campaign targeting a prominent weapons manufacturer in Western Europe. This attack released on LinkedIn, discovered on May 16, 2024, underscores the growing threat state-sponsored cyber actors pose…

Hacktivist Groups Attacking Industrial Control Systems To Disrupt Services

Hacktivist groups are increasingly targeting critical infrastructure’s Operational Technology (OT) systems, motivated by geopolitical issues that, unlike traditional website defacements, can disrupt essential services and endanger public safety.   The success of high-profile attacks on Industrial control systems (ICS) by groups…

300+ Times Downloaded Package from PyPI Contains Wiper Components

ReversingLabs researchers recently uncovered a malicious open-source package named xFileSyncerx on the Python Package Index (PyPI). This package, which had been downloaded nearly 300 times, contained separate malicious “wiper” components. Initially, it raised concerns about being an open-source supply chain…

Microsoft Details On Using KQL To Hunt For MFA Manipulations

It is difficult to secure cloud accounts from threat actors who exploit multi-factor authentication (MFA) settings. Threat actors usually alter compromised users’ MFA attributes by bypassing the requirements, disabling MFA for others, or enrolling rogue devices in the system. They…

Parrot Security OS 6.1 Released – What’s New

The Parrot Security team has officially announced the release of Parrot OS 6.1, the latest version of their popular Linux distribution tailored for security professionals, ethical hackers, and privacy enthusiasts. This new release brings a range of enhancements, updated tools,…

Kali Linux 2024.2 Released With New Hacking Tools

The Kali Linux team has announced the release of Kali Linux 2024.2, the latest version of their popular penetration testing and security auditing Linux distribution. Kali Linux is one of the most powerful Debian-based Linux distributions, developed and maintained by…

Chinese Hackers Attacking Government Organization In Southeast Asia

Sophos Managed Detection and Response (MDR) has uncovered a sophisticated, long-running cyberespionage campaign dubbed “Crimson Palace,” attributed to Chinese state-sponsored actors. The operation targeted a high-profile government organization in Southeast Asia, with activities spanning from early 2022 to April 2024.…

Threat Actors Weaponize Excel Files To Attack Windows Machines

Attackers are using malicious Excel files with VBA macros to deploy DLLs and ultimately install Cobalt Strike on compromised Windows machines, which use obfuscation and target specific processes to avoid detection by antivirus software.  The attacks appear to target Ukrainian…

Microsoft Details AI Jailbreaks And How They Can Be Mitigated

Generative AI systems comprise several components and models geared to enhancing human interactions with the system.  However, while being as realistic and useful as possible, these models are protected by defense layers against generating misuse or inappropriate content against the…

Ransomware Group Creation Touched Yearly All Time High

The ransomware landscape is rapidly diversifying in 2024, with a surge in new extortion groups as established attackers continue to target large companies. A record number of smaller groups are emerging—22 in just five months compared to 22 in a…

Russian Hackers In Attempt To Distrupt The 2024 Paris Olympic Games

Russia is intensifying disinformation campaigns against France, President Macron, the IOC, and the 2024 Paris Olympics, blending decades-old tactics with AI, as the Microsoft Threat Analysis Center (MTAC) identifies two primary goals: tarnishing the IOC’s reputation and fostering expectations of…

Hugging Face Hack: Spaces Secrets Exposed

Hugging Face, a leading AI and machine learning platform, has reported unauthorized access to its Spaces platform, explicitly targeting Spaces secrets. This breach has raised concerns about the security of sensitive information and the potential impact on users. Unauthorized Access…

Threat Actors Claiming Breach Of Heineken Employees Data

Threat actors have claimed responsibility for a data breach involving Heineken employees. The news broke through a post on the social media platform tweeted by the account DarkWebInformer, which specializes in monitoring and reporting on dark web activities. Details of…

Hackers Weaponizing MS Office-Cracked Versions to Deliver Malware

Attackers in South Korea are distributing malware disguised as cracked software, including RATs and crypto miners, and registering themselves with the Task Scheduler to ensure persistence.  Even after removing the initial malware, the Task Scheduler triggers PowerShell commands to download…

Hackers Exploiting Stored XSS Vulnerabilities in WordPress Plugins

In recent cyberattacks, hackers are actively exploiting stored cross-site scripting (XSS) vulnerabilities in various WordPress plugins. According to Fastly reports, these vulnerabilities, identified as CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000, are targeted due to inadequate input sanitization and output escaping, allowing attackers…

VirusTotal Celebrates 20th Anniversary, What’s Next?

VirusTotal, a leading online service for analyzing files and URLs for viruses, worms, trojans, and other malicious content, is celebrating its 20th anniversary. Since its inception in 2004, VirusTotal has become an indispensable tool for cybersecurity professionals and enthusiasts worldwide.…

Beware of Fake Browser Updates That Deliver Bitrat & Lumma Stealer

eSentire’s Threat Response Unit (TRU) uncovered a sophisticated malware campaign involving fake browser updates. This campaign has been responsible for delivering two dangerous malware variants:BitRAT and Lumma Stealer. The attackers use fake update mechanisms to trick users into downloading malicious…

Spring Cloud Data Flow Let Attackers Compromise The Server

A critical vulnerability has been discovered in Spring Cloud Data Flow, a microservices-based platform for streaming and batch data processing in Cloud Foundry and Kubernetes. The flaw, identified in the Skipper server component, allows attackers to compromise the server by…

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface. This vulnerability could potentially allow authenticated, remote attackers to conduct SQL injection attacks on affected systems. This vulnerability, tracked as CVE-2024-20360, poses significant risks,…

Hackers Exploit WordPress Plugin to Steal Credit Card Data

Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting WooCommerce online stores to steal credit card information. This alarming trend highlights the persistent threat cybercriminals pose and the need for robust security measures in the…

Hackers Created Rogue VMs in Recent MITRE’s Cyber Attack

State-sponsored hackers recently exploited vulnerabilities in MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). They used rogue virtual machines (VMs) to evade detection and maintain persistence in a cyberattack. The attack, attributed to a China-linked group tracked as UNC5221, underscores…