Microsoft has identified a North Korean threat actor, Citrine Sleet, exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution on cryptocurrency targets. The threat actor deployed the FudModule rootkit, previously attributed to Diamond Sleet, suggesting potential shared…
Tag: GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Head Mare Hacktivist Group Exploit WinRAR Vulnerability To Encrypt Windows And Linux
Head Mare, a Russian-focused hacktivist group, gained notoriety in 2023 by targeting organizations in Russia and Belarus as they employ phishing tactics to distribute WinRAR archives exploiting the CVE-2023-38831 vulnerability, gaining initial access to victims’ systems. Once inside, they steal…
Beware Of New Phishing Attack That Mimics ScreenConnect And Zoom
Zoom is a widely used videotelephony software used for virtual meetings, and its wide audience base attracts the hackers most. Cyble Research & Intelligence Labs (CRIL) has uncovered a sophisticated phishing operation targeting Zoom users. The scheme utilizes a fraudulent…
Chrome Vulnerability Let Attackers Execute Arbitrary Code Remotely
The stable channel for desktops has been updated to version 128.0.6613.119/.120 for Windows and Mac, and 128.0.6613.119 for Linux. This update will be gradually rolled out over the coming days and weeks. For those using the Extended Stable channel, version…
Researchers Detailed Russian Hacktivist/State Hackers Tactics
The People’s Cyber Army of Russia is a Russian hacktivist group known for its strategic use of DDoS attacks and other disruptive tactics. Operating as part of the broader Russian cyber warfare landscape, the group has been involved in several…
Ransomhub Attacked 210 Victims Since Feb 2024, CISA Released Advisory For Defenders
The FBI, CISA, MS-ISAC, and HHS have released a joint advisory detailing known RansomHub ransomware indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). RansomHub, a ransomware-as-a-service variant, has been active since February 2024, targeting various critical infrastructure sectors,…
Iranian Hackers Using Multi-Stage Malware To Attack Govt And Defense Sectors Via LinkedIn
Microsoft has identified a new Iranian state-sponsored threat actor, Peach Sandstorm, deploying a custom multi-stage backdoor named Tickler. This backdoor has been used to target various sectors, including satellite, communications equipment, oil and gas, and government, in the United States…
Operation Oxidovy, Threat Actors Targeting Government And Military Officials
The recent campaign targeting the Czech Republic involves a malicious ZIP file that contains a decoy LNK file and a batch script. The LNK runs the batch script, which spawns a decoy PDF document and renames a masqueraded PDF file…
CloudSOC – An OpenSource Project for SOC & Security Analysts
Security Operations Centers (SOCs) and security analysts are under immense pressure to stay ahead of potential attacks. Enter CloudSOC, an open-source project designed to empower SOC teams and security analysts by providing a modern architecture that leverages open-source tools for…
Operation DevilTiger, APT Hackers 0-Day Exploitation Tactics Exposed
The APT-Q-12 group, also known as Pseudo Hunter, is a Northeast Asian threat actor linked to Darkhotel, which primarily targets East Asian countries, including China, North Korea, Japan, and South Korea. They employ sophisticated techniques to infiltrate systems and steal…