Google has unveiled kvmCTF, a new vulnerability reward program (VRP) explicitly targeting the Kernel-based Virtual Machine (KVM) hypervisor. This initiative, first announced in October 2023, underscores Google’s commitment to enhancing the security of foundational technologies like Linux and KVM, which…
Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
CapraRAT Mimics As Popular Android Apps Attacking Android Users
Transparent Tribe (aka APT36) has been active since 2016, focusing on social engineering strategies to target Indian government and military personnel. The CapraTube campaign of Transparent Tribe (aka APT36) was revealed in September 2023, in which threat actors employed weaponized…
Hackers Using Dropbox And Google Docs To Deliver Orcinius Malware
A new Orcinius Trojan has been discovered, employing VBA Stomping to hide its infection. The multi-stage trojan uses Dropbox and Google Docs to stay updated and deliver second-stage payloads. Typically, VBA stomping removes the VBA source code in a Microsoft…
Rapid7 to Acquire Noetic Cyber to Enhance Attack Surface Visibility
Rapid7, Inc., a leader in extended risk and threat detection, has announced a definitive agreement to acquire Noetic Cyber, a pioneering company in cyber asset surface management (CAASM). This strategic move aims to bolster Rapid7’s existing cybersecurity solutions by integrating…
Grasshopper Hackers Mimic As Penetration Testing Service To Deploy Malware
Hackers often mimic penetration testing services to disguise their malicious activities as legitimate security assessments. By imitating authorized security testing, attackers can exploit the trust and access typically granted to legitimate penetration testers, allowing them to move more freely within…
Water Sigbin Exploiting Oracle WebLogic Server Flaw
Water Sigbin (8220 Gang) exploits vulnerabilities (CVE-2017-3506, CVE-2023-21839) in Oracle WebLogic servers to deliver cryptocurrency miners using PowerShell scripts. They use a multi-stage loading technique with a .Net Reactor protecting the payload to deploy the PureCrypter loader and XMRig miner,…
Cisco NX-OS Zero-Day Command Injection Vulnerability Let Hackers Gain Root Access
Cisco has disclosed a critical vulnerability in its widely-used NX-OS network operating system that could allow attackers to execute arbitrary commands with root privileges on affected devices. The company urges customers to upgrade to patched versions as soon as possible.…
regreSSHion – OpenSSH RCE Vulnerability Impacts 700K Linux Systems
The Qualys Threat Research Unit has identified a newly discovered vulnerability in OpenSSH, dubbed “regreSSHion” (CVE-2024-6387). This critical flaw, which allows unauthenticated remote code execution (RCE) as root, affects over 700,000 Linux systems exposed to the internet. The regreSSHion vulnerability…
TeamViewer Confirms that Russian Actors Behind the Recent Hack
TeamViewer has confirmed that the cyberattack on its systems was orchestrated by Russian threat actors, specifically the APT29 or Midnight Blizzard group. The attack, detected on June 26, 2024, was contained in TeamViewer’s internal corporate IT environment. Importantly, the company…
Threat Actor IntelBroker Claims Leak of Cognizant OIPA Database
The notorious threat actor known as IntelBroker has claimed responsibility for leaking a database belonging to Cognizant’s Oracle Insurance Policy Administration (OIPA) system. The announcement was made via Twitter on the dark web, sending shockwaves through the cybersecurity community and…