A Proof-of-Concept (PoC) has been released for a significant vulnerability discovered in SolarWinds Web Help Desk, exposing encrypted passwords and other sensitive data. This vulnerability arises from the predictable encryption keys used in the application and the misuse of AES-GCM…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
“Eleven11bot” Botnet Compromises 30,000 Webcams in Massive Attack
Cybersecurity experts have uncovered a massive Distributed Denial-of-Service (DDoS) botnet known as “Eleven11bot.” This new threat, discovered by Nokia’s Deepfield Emergency Response Team (ERT), shared in LinkedIn, has compromised a staggering 30,000 network devices, predominantly webcams and Network Video Recorders…
Hackers Compromise Windows Systems Using 5000+ Malicious Packages
A recent analysis by FortiGuard Labs has revealed a significant increase in malicious software packages, with over 5,000 identified since November 2024. These packages employ sophisticated techniques to evade detection and exploit system vulnerabilities, posing a substantial threat to Windows…
CISA Added 3 Ivanti Endpoint Manager Bugs to Wildly Exploited Vulnerabilities Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with the addition of three high-risk security flaws affecting Ivanti Endpoint Manager (EPM). These vulnerabilities, which involve absolute path traversal issues, have been observed being…
Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials
North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded…
Apache Pinot Vulnerability Allows Attackers to Bypass Authentication
A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for real-time analytics, has been publicly disclosed. The flaw, identified as CVE-2024-56325, allows remote attackers to bypass authentication on vulnerable installations, posing a critical threat to affected systems.…
SideWinder APT Deploys New Tools in Attacks on Military & Government Entities
The SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly targeting military and government entities across various regions. This group, known for its aggressive expansion beyond traditional targets, has recently updated its toolset to include sophisticated…
SAP Security Update Released to Fix Multiple Vulnerabilities
SAP announced 21 new Security Notes and updates to 3 previously released notes on its latest Security Patch Day. This release addresses critical vulnerabilities within SAP products, underscoring the company’s commitment to safeguarding enterprise software. SAP strongly recommends customers prioritize…
Critical Veritas Vulnerability Allows Attackers to Execute Malicious Code
A critical vulnerability has been discovered in Veritas’ Arctera InfoScale product, a solution widely used for disaster recovery and high availability scenarios. The issue lies in the insecure deserialization of untrusted data in the .NET remoting endpoint, allowing attackers to…
Latest Chrome Update Addresses Multiple High-Risk Security Issues
Google has released a critical update for its Chrome browser, advancing the stable channel to version 134.0.6998.88 for Windows, Mac, and Linux, and 134.0.6998.89 for Windows and Mac on the Extended Stable channel. This update includes several high-priority security fixes…