A new flaw has been discovered in DNSSEC, which, when exploited by threat actors, could result in the unavailability of technologies such as web browsing, email, and instant messaging. This new class of attacks has been termed “KeyTrap” by researchers. …
Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Microsoft Patch Tuesday 2024: 73 Security Flaws, Including Two 0-Days Patched
As part of its February 2024 Patch Tuesday updates, Microsoft has published patches to address 73 security flaws, including two zero-day vulnerabilities that have been actively exploited. Five of the 73 vulnerabilities are classified as ‘Critical’, 65 as ‘Important’, and…
New HijackLoader Malware Uses Advanced Techniques to Avoid Detection
Threat actors exploit HijackLoader because it is a powerful tool for injecting malicious code into legitimate processes, enabling stealthy execution of payloads. This technique helps them to evade detection by leveraging trusted applications to carry out malicious activities. This scenario…
How to Analyze the MITRE Engenuity ATT&CK® Evaluations: Enterprise
Thorough, independent tests are vital as cybersecurity leaders and their teams evaluate vendors’ abilities to guard against increasingly sophisticated threats to their organizations. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluations: Enterprise. This evaluation…
13 Security Flaws in Adobe Acrobat & Reader Allows Remote Code Execution
A critical security update for both Windows and macOS is available for Adobe Acrobat and Reader. Per Adobe, this update fixes serious vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory leaks. Document Live Account Takeover Attack…
ZLoader Now Attack 64-bit Windows: Live Analyse With ANY.RUN Sandbox
ZLoader is a banking Trojan malware that steals sensitive financial information from infected systems. Threat actors exploit this malware to conduct a multitude of illicit activities. This malware is often distributed through phishing emails or malicious websites, allowing the threat…
Alert! 333% Surge in Hunter-Killer Malware that Bypasses Network Security Controls
Hunter-Killer is a sophisticated type of malware primarily designed to actively seek out and neutralize other malware present on a system. It operates by identifying and removing competing threats that potentially pose a serious risk to the security and privacy…
DarkGate Malware opens RaaS For Financially Motivated Hackers
Following the FBI’s shutdown of Qakbot infrastructure in August 2023, security analysts at EclecticIQ observed a surge in the use of the DarkGate loader. EclecticIQ believes DarkGate is primarily in the hands of financially motivated groups like TA577 and Ducktail…
Fileless Revenge RAT Abuses Legitimate Tools to Hide Malicious Activity
Threat actors are distributing Revenge RAT malware, developed using legitimate tools like “smtp-validator” and “Email to SMS.” When executed, the malware runs a malicious file and a legitimate tool, making it difficult for users to know there is malicious activity.…
New Azure Hacking Campaign Steals Senior Executive Accounts
An ongoing campaign of cloud account takeover has affected hundreds of user accounts, including those of senior executives, and impacted dozens of Microsoft Azure environments. Threat actors attack users with customized phishing lures inside shared documents as part of this…