A new critical vulnerability has been discovered in two of the Rust standard libraries, which could allow a threat actor to execute shell commands on vulnerable versions. This vulnerability has been assigned CVE-2024-24576, and its severity has been given as…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
New SharePoint Technique Lets Hackers Bypass Security Measures
Two new techniques uncovered in SharePoint enable malicious actors to bypass traditional security measures and exfiltrate sensitive data without triggering standard detection mechanisms. Illicit file downloads can be disguised as harmless activities, making it difficult for cybersecurity defenses to detect…
How to Use Cyber Threat Intelligence? 4 TI Categories to Learn SOC/DFIR Team
Cyber Threat Intelligence (CTI) is a process that actively gathers and analyzes information on potential cyber threats, including Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) used by attackers, along with their goals and capabilities. The ultimate goal…
How to Use Cyber Threat Intelligence ? 4 TI Categories to Learn SOC/DFIR Team
Cyber Threat Intelligence (CTI) is a process that actively gathers and analyzes information on potential cyber threats, including Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) used by attackers, along with their goals and capabilities. The ultimate goal…
Ahoi Attacks – New Attack Breaking VMs With Malicious Interrupts
Ahoy, which is often associated with communicating to ships, has now been playfully adopted in pirate language. We coin ‘Ahoi,’ an anagram of ‘Iago,’ to pay tribute to research on interface attacks with TEEs. Confidential computing, also referred to as…
Hackers Using ScrubCrypt ‘AV Evasion Tool’ To Exploit Oracle WebLogic Servers
Hackers exploit Oracle WebLogic Servers, knowing that they are extensively used in enterprises. Threat actors can use security vulnerabilities present in the WebLogic servers to gain unauthorized access to sensitive data and install backdoors that open avenues for further exploitation.…
Thousands Of Internet-Exposed Ivanti VPN Appliances Vulnerable To RCE Attacks
In a recent cybersecurity revelation, Ivanti, a leading provider of enterprise-grade secure access solutions, has been found to have significant vulnerabilities in its VPN appliances. The most critical of these, identified as CVE-2024-21894, is a heap overflow vulnerability that could…
Google Adds V8 Sandbox To Chrome To Fight Against Browser Attacks
A Sandbox is a protective medium that blocks the entire system from any application accessing vulnerable resources. Restrictive environments for web content in browsers called sandboxes reduce the impact that can be caused by browser-based attacks such as malicious programs…
Cyber Attack on Consulting Firm Exposes DOJ Data of 341,000 People
Greylock McKinnon Associates, a prominent consulting firm, has reported a cyber attack that exposed personal data belonging to 341,000 individuals, including sensitive information from the Department of Justice (DOJ). Greylock McKinnon Associates, located at 75 Park Plaza, Boston, MA, discovered…
Targus Hacked: Attackers Gain Access to File Servers
Targus International, LLC and its affiliates fell victim to a sophisticated cyberattack. The company, an indirect subsidiary of B. Riley Financial, Inc., announced that an unauthorized entity breached its file systems, prompting an immediate and robust response to mitigate the…