Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform

CISA Added Fortinet & Ivanti Vulnerabilities that Exploited in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action…

Network Penetration Testing Checklist – 2024

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and…

Hackers Breached Japan Aerospace Company’s President Account

Hackers have infiltrated the Japan Aerospace Exploration Agency (JAXA), compromising the accounts of several high-ranking officials, including President Hiroshi Yamakawa. This alarming incident is part of a series of cyberattacks targeting JAXA since June 2023, raising concerns about the security…

Dark Angels Ransomware Attacking Windows And Linux/ESXi Systems

The sophisticated ransomware group Dark Angels, active since 2022, targets large companies for substantial ransom payments by employing third-party ransomware payloads like Babuk, RTM Locker, and RagnarLocker to encrypt files on Windows and Linux systems.  It employs ransomware in a…

CISA Alerted Users to Remain Vigil on Natural Disasters Scam

As hurricanes and other natural disasters feel their presence, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning urging individuals to be on high alert for potential malicious cyber activities. The agency highlights the increased risk of fraudulent…

CISA Warns of Microsoft Zero-Day Vulnerabilities Exploited in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has warned regarding two critical zero-day vulnerabilities affecting Microsoft Windows products. These vulnerabilities, identified as CVE-2024-43572 and CVE-2024-43573, pose significant security risks and have been reportedly exploited in the wild. CVE-2024-43572: Microsoft Windows…

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network on October 5th, leading to significant disruptions in its services. The company disclosed the breach after conducting an internal investigation. The investigation revealed that the unauthorized…

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the Common Unix Printing System (CUPS), explicitly targeting CVE-2024-47176. This vulnerability and others in the chain pose significant risks as it can allow remote code execution on…

Comcast Cyber Attack Impacts 237,000+ Users Personal Data

Comcast Cable Communications LLC has reported that over 237,000 users’ data has been compromised. The breach, which occurred on February 14, 2024, was discovered on July 17, 2024, and has raised concerns about the company’s cybersecurity measures. Details of the…

American Water Works Cyber Attack Impacts IT Systems

American Water Works Company, Inc., a leading provider of water and wastewater services, announced that it had detected unauthorized activity within its computer networks. The company confirmed that this activity was the result of a cybersecurity incident. Upon discovery, American…

Google Blocked Malicious Sideloading Apps for Indian Users

Google has launched a pilot program to block malicious sideloading apps. This initiative is part of Google’s ongoing efforts to protect users from financial fraud and cybercrime, which have risen globally, particularly in India. Cybercrime continues to be a significant…

Chinese Group Hacked US Court Wiretap Systems

Chinese hackers have infiltrated the networks of major U.S. broadband providers, gaining access to systems used for court-authorized wiretapping. According to a Reuters report, the attack targeted the networks of Verizon Communications, AT&T, and Lumen Technologies. The breach raises severe…

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from…

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed “perfctl,” actively targeting millions of Linux servers worldwide. This malicious software exploits over 20,000 types of server misconfigurations, posing a significant threat to any Linux server connected to the internet. The malware’s…

ANY.RUN Upgrades Threat Intelligence to Identify Emerging Threats

ANY.RUN announced an upgrade to its Threat Intelligence Portal, enhancing its capabilities to identify and analyze emerging cyber threats. This upgrade underscores ANY.RUN’s commitment to providing comprehensive threat intelligence solutions, empowering users to navigate the ever evolving landscape of cyber…

Tor Browser 13.5.6 Released – What’s New!

The Tor Project has announced the release of Tor Browser 13.5.6, which is now available for download from its official website and distribution directory. This latest version includes significant updates that focus on enhancing security and user experience across all…

CISA Warns of Four Vulnerabilities that Exploited Actively in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about four critical vulnerabilities currently being exploited in the wild. These vulnerabilities affect various products, from routers to software platforms, posing significant risks to users worldwide. The vulnerabilities have been identified…

North Korean Hackers Attempted To Steal Sensitive Military Data

Diehl Defence anti-aircraft missiles from Baden-Württemberg are successfully intercepting Russian attacks on Kyiv, according to Mayor Vitali Klitschko. The German-supplied technology has achieved a 100% hit rate in defending the Ukrainian capital. The German government plans to install Diehl missile…

Hacktivist Groups Operating Together! Connection Ober TTPs Uncovered

Cybersecurity experts have uncovered a significant connection between hacktivist groups BlackJack and Twelve through overlapping tactics, techniques, and procedures (TTPs). This discovery illuminates the sophisticated methods employed by these groups and raises questions about their potential collaboration or shared objectives.…

Israeli Army Hacked Beirut Airport to Threaten Civilians

The Israeli army reportedly hacked into the control tower of Beirut’s Rafic Hariri International Airport. The incident involved issuing threats against an Iranian civilian aircraft attempting to land, according to official sources cited by Anadolu Agency. Lebanese Response to Israeli…

Hackers Attacking AI Agents To Hijacking Customer Sessions

Conversational AI platforms, powered by chatbots, are witnessing a surge in malicious attacks, which leverage NLP and ML are increasingly being used by businesses to enhance productivity and revenue. While they offer personalized experiences and valuable data insights, they also…

Hackers Abusing Third-Party Email Infrastructure to Send Spam Mails

Hackers are increasingly exploiting third-party email infrastructures to send spam emails. This tactic complicates the detection and prevention of spam and threatens the integrity of legitimate email communications. By leveraging vulnerabilities in various online platforms, cybercriminals can masquerade as legitimate…

Hacking Kia Cars Remotely with a License Plate

Cybersecurity researchers have uncovered a significant vulnerability in Kia vehicles that allowed hackers to remotely control key functions using nothing more than a car’s license plate. This breach, discovered on June 11, 2024, exposed the potential for unauthorized access to…

Octo2 Android Malware Attacking To Steal Banking Credentials

The original threat actor behind the Octo malware family has released a new variant, Octo2, with enhanced stability for remote action capabilities to facilitate Device Takeover attacks.  This new variant targets European countries and employs sophisticated obfuscation techniques, including the…

TeamTNT Hackers Attacking VPS Servers Running CentOS

TeamTNT is targeting CentOS VPS clouds with SSH brute force attacks. It has uploaded a malicious script that disables security, deletes logs, and modifies system files to kill existing miners, remove Docker containers, and redirect DNS to Google servers. The…

Russian Hackers Registering Domains Targeting US Tech Brands

Researchers are tracking a Russian threat actor deploying domains involved in crypto scams targeting the US Presidential Election and tech brands. The scams offer double crypto returns for deposits and are designed to deceive users into sending coins to attacker-controlled…

MoneyGram Confirms Cyberattack Following Outage

MoneyGram, a leading global money transfer service, has confirmed that it was the victim of a cyberattack, following a significant network outage that disrupted customer services worldwide. The company initially reported an issue with connectivity across several of its systems,…

MC2 Data leak Exposes 100 million+ US Citizens Data

Researchers have uncovered a massive data breach at MC2 Data, a prominent background check firm. The breach has exposed sensitive information of over 100 million US citizens, raising serious concerns about data privacy and security. Background Check Firms Under Scrutiny…

Hackers Mimic as Company’s HR to Trick Employees

Hackers are now impersonating company Human Resources (HR) departments to deceive employees into revealing sensitive information. This latest phishing tactic highlights the increasing sophistication of cyber threats, leveraging trust and urgency to exploit corporate environments. In this article, we dissect…

FreeBSD RCE Vulnerability Let Attackers Execute Malicious Code

FreeBSD has disclosed a critical remote code execution (RCE) vulnerability affecting its bhyve hypervisor. This vulnerability, CVE-2024-41721, could allow attackers to execute malicious code on the host system. The advisory, which was announced on September 19, 2024, credits Synacktiv with…

macOS Sequoia Update Breaks Multiple Security Tools

Apple’s latest operating system update, macOS 15, also known as Sequoia, has disrupted the functionality of several prominent security tools. Users and developers have taken to social media and Mac-focused Slack channels to express their frustration over the issues caused…

CISA Releases Six Advisories for Industrial Control Systems

The Cybersecurity and Infrastructure Security Agency (CISA) has issued six advisories concerning vulnerabilities: These advisories highlight critical industrial control system vulnerabilities. Rockwell Automation’s RSLogix 5 and RSLogix 500 software Rockwell Automation’s RSLogix 5 and RSLogix 500 software are vulnerable due…

Hackers Allegedly Claim Breach of Dell Employee Database

A hacking group has allegedly claimed responsibility for breaching the Dell employee database. The claim was made public on a well-known hacking forum, where the group asserted that they had accessed sensitive information belonging to approximately 10,800 Dell employees and…

Hertz Car Rental Platform Leaks 60,000 Insurance Claim Reports

Hertz, a well-known car rental company, has inadvertently exposed over 60,000 insurance claim reports. This breach has raised serious concerns about the company’s data security practices and left customers questioning the safety of their personal information. Discovery of the Breach…

SambaSpy Using Weaponized PDF Files to Attack Windows Users

SambaSpy Attacking Windows Users With Weaponized PDF FilesResearchers discovered a targeted cybercrime campaign in May 2024 that exclusively focused on Italian victims, which was unusual as attackers typically aim for broader targets to increase profits.  However, this campaign implemented checks…

Hackers Using Supershell Malware To Attack Linux SSH Servers

Researchers identified an attack campaign targeting poorly secured Linux SSH servers, where the attack leverages Supershell, a cross-platform reverse shell backdoor written in Go, granting attackers remote control of compromised systems.  Following the initial infection, attackers are suspected to have…

Authorities Seized Ghost Communication Platform Used by Cyber Criminals

Authorities have successfully dismantled “Ghost,” an encrypted communication platform allegedly used by cybercriminals worldwide. The operation, led by the Australian Federal Police (AFP) and involving international law enforcement agencies, marks a major victory in the ongoing battle against transnational crime…

Cyber Attack on Dr.Web Forces Servers Disconnection

Cybersecurity firm Dr.Web faced a targeted cyber attack on its infrastructure on September 14. The incident prompted the company to disconnect its servers as a precautionary measure. Despite the disruption, no users protected by Dr.Web’s systems were affected. Dr.Web specialists…

Ransomware Groups Abusing Azure Storage Explorer For Stealing Data

Ransomware attackers are increasingly exfiltrating data using tools like MEGAsync and Rclone. Shellbags analysis by modePUSH reveals their navigation of directories and file shares to find sensitive data. Despite exfiltrating large amounts of data, attackers prioritize valuable and protected information.…

Exploiting Windows MiniFilter to Bypass EDR Protection

Windows Minifilter drivers are a type of file system filter driver that operates within the Windows operating system to manage and modify I/O operations without direct access to the file system.  They utilize the Filter Manager, which simplifies their development…

Threat Actor Allegedly Selling Bharat Petroleum Database

A threat actor has allegedly put up for sale a database belonging to Bharat Petroleum Corporation Limited (BPCL). This alarming news was first reported by DarkWebInformer on X, raising significant cybersecurity concerns for the corporation and its stakeholders. Details of…

VMware vCenter Server Vulnerability Let Attackers Escalate Privileges

VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its vCenter Server and VMware Cloud Foundation products. CVE-2024-38812 and CVE-2024-38813 vulnerabilities could allow attackers to execute remote code and escalate privileges. CVE-2024-38812: Heap-Overflow Vulnerability The first…

CISA Warns of Windows MSHTML & Progress WhatsUp Gold Flaw Exploited Widely

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities affecting Microsoft Windows MSHTML and Progress WhatsUp Gold. These vulnerabilities, identified as CVE-2024-43461 and CVE-2024-6670, are reportedly being exploited widely, posing significant risks to…

Chinese Hackers Charged for Multi-Year Spear-Phishing Attacks

Song Wu, a Chinese national, has been indicted on charges of wire fraud and aggravated identity theft. The charges stem from his alleged involvement in a sophisticated spear-phishing campaign targeting sensitive U.S. research and technology. This case highlights ongoing concerns…

Windows MSHTML Zero-Day Vulnerability Exploited In The Wild

Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products, as ColdFusion received a critical patch to mitigate a code execution flaw rated at CVSS 9.8.  Other critical vulnerabilities were found in Photoshop, Illustrator, Premier Pro,…