Ransomware attackers are increasingly exfiltrating data using tools like MEGAsync and Rclone. Shellbags analysis by modePUSH reveals their navigation of directories and file shares to find sensitive data. Despite exfiltrating large amounts of data, attackers prioritize valuable and protected information.…
Category: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Exploiting Windows MiniFilter to Bypass EDR Protection
Windows Minifilter drivers are a type of file system filter driver that operates within the Windows operating system to manage and modify I/O operations without direct access to the file system. They utilize the Filter Manager, which simplifies their development…
Microsoft Windows Kernel Vulnerability Exploited in the Wild
Microsoft has confirmed the exploitation of a Windows Kernel vulnerability, identified as CVE-2024-37985, in the wild. This vulnerability, first released on July 9, 2024, and last updated on September 17, 2024, poses a significant risk due to its potential for…
UNC2970 Hackers Attacking Job Seekers Using Weaponized PDF Reader
UNC2970, a North Korean cyber espionage group, used customized SumatraPDF trojans to deliver MISTPEN backdoors to victims through phishing emails pretending to be job recruiters. The group targeted the energy and aerospace industries, copying job descriptions and engaging with victims…
Discord Announces End-to-End Encryption for Audio & Video Chats
Discord has introduced end-to-end encryption (E2EE) for audio and video chats. Known as the DAVE protocol, this new feature aims to provide users with a more secure communication experience without compromising the platform’s renowned quality and performance. A Commitment to…
Threat Actor Allegedly Selling Bharat Petroleum Database
A threat actor has allegedly put up for sale a database belonging to Bharat Petroleum Corporation Limited (BPCL). This alarming news was first reported by DarkWebInformer on X, raising significant cybersecurity concerns for the corporation and its stakeholders. Details of…
VMware vCenter Server Vulnerability Let Attackers Escalate Privileges
VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its vCenter Server and VMware Cloud Foundation products. CVE-2024-38812 and CVE-2024-38813 vulnerabilities could allow attackers to execute remote code and escalate privileges. CVE-2024-38812: Heap-Overflow Vulnerability The first…
Chrome 129 Released with Fix for Multiple Security Vulnerabilities
The Chrome team has officially announced the release of Chrome 129, which is now available on the stable channel for Windows, Mac, and Linux. This update, which will be gradually rolled out over the coming days and weeks, addresses several…
Hackers Exploiting Selenium Grid Tool To Deploy Exploit Kit & Proxyjacker
Two campaigns targeting Selenium Grid’s default lack of authentication are underway, as threat actors are exploiting this vulnerability to deploy malicious payloads, including exploit kits, cryptominers, and proxyjackers. Selenium Grid’s widespread use among developers, coupled with its default lack of…
CISA Warns of Windows MSHTML & Progress WhatsUp Gold Flaw Exploited Widely
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities affecting Microsoft Windows MSHTML and Progress WhatsUp Gold. These vulnerabilities, identified as CVE-2024-43461 and CVE-2024-6670, are reportedly being exploited widely, posing significant risks to…