Strelastealer malware has been found to be distributed in large-scale campaigns that have currently impacted over 100 organizations across the U.S. and EU. The malware was first discovered in 2022 and is capable of stealing a victim’s email login information…
Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Beware of New ‘HelloFire’ Ransomware Actor Mimic as a Pentester
A new threat is the emergence of a ransomware encryptor dubbed ‘HelloFire.’ This new player in the cybercrime arena is employing deceptive tactics to disguise its malicious intent as legitimate penetration testing activities. Here’s what you need to know about…
Linux Admins Beware! Fake PuTTY Client that Installs Rhadamanthys stealer
A malvertising campaign has been discovered deploying a fake PuTTY client to deliver the Rhadamanthys stealer, a dangerous malware. This campaign cleverly exploits the trust in the widely used SSH and Telnet client, PuTTY, by presenting a counterfeit website through…
Linux Admins Beware! Fake PuTTY Client that Rhadamanthys stealer
A malvertising campaign has been discovered deploying a fake PuTTY client to deliver the Rhadamanthys stealer, a dangerous malware. This campaign cleverly exploits the trust in the widely used SSH and Telnet client, PuTTY, by presenting a counterfeit website through…
Hackers Claiming Unauthorized Access to the Fortinet Devices of Many Companies
Hackers have claimed unauthorized access to Fortinet devices across various companies. This breach highlights cybercriminals’ persistent threat to corporate security infrastructures and the importance of robust cybersecurity measures. Overview of the Breach A tweet from a dark-themed webpage has surfaced,…
Hackers Transform the Raspberry Pi into an Online Anonymity Tool
A new tool, GEOBOX, was advertised on the Dark Web that utilizes Raspberry Pi devices for fraud and anonymization, allowing users to spoof GPS locations, emulate network settings, mimic Wi-Fi access points, and bypass anti-fraud filters. Criminals were using multiple…
Sign1 Malware Hijacked 39,000 WordPress Websites
A client’s website was experiencing random pop-ups as server side scanner logs revealed a JavaScript injection related to Sign1, which is a malware campaign that targets websites and has infected over 2,500 websites in the past two months and uses…
Hackers Deploy STRRAT & VCURMS Malware on Windows Via GitHub
A new phishing campaign targets users with emails containing a button to “verify payment information.” Clicking the button triggers the download of a malicious JAR file (disguised as an invoice) that leverages a PowerShell command to download two additional JARs. …
Microsoft Xbox Gaming Services Flaw Let Attackers Gain SYSTEM Privileges
A new elevation of privilege vulnerability has been discovered in the Xbox Gaming services that allow a threat actor to elevate their privileges to that of a SYSTEM. This particular vulnerability has been assigned CVE-2024-28916, and its severity has been…
GoFetch Side-Channel Attack Impact Apple CPUs: Attackers Steal Secret Keys
Researchers have unveiled a new class of microarchitectural side-channel attacks that pose a severe threat to the security of Apple CPUs. The attack, GoFetch, exploits the Data Memory-dependent Prefetchers (DMPs) in modern processors to extract secret cryptographic keys from constant-time…