GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

In an attack campaign dubbed “Operation Digital Eye,” a suspected China-nexus threat actor has been observed targeting business-to-business IT service providers in Southern Europe.  The attack operation lasted roughly three weeks, from late June to mid-July 2024. The intrusions could have allowed the attackers to gain a strategic foothold and compromise downstream entities.  In particular, […]

The post Visual Studio Tunnels Abused For Stealthy Remote Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SAP has issued Security Note 3536965 to address multiple high-severity vulnerabilities in the Adobe Document Services of SAP NetWeaver AS for JAVA. These vulnerabilities, identified as CVE-2024-47578, CVE-2024-47579, and CVE-2024-47580, allow attackers to manipulate or upload malicious PDF files, potentially compromising internal systems and exposing sensitive data. Details of the Vulnerabilities CVE-2024-47578: Server-Side Request Forgery (SSRF) This flaw allows attackers with administrative privileges to send specially crafted […]

The post Critical SAP Vulnerabilities Let Attackers Upload Malicious PDF Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Dell Technologies has issued a security advisory, DSA-2024-439, to alert users of a critical vulnerability in its Dell Power Manager software. The vulnerability, identified as CVE-2024-49600, could allow malicious attackers to execute arbitrary code and gain elevated privileges on the affected systems. Users are urged to update immediately to mitigate potential risks. The vulnerability has been […]

The post Dell Warns of Critical Code Execution Vulnerability in Power Manager appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have unveiled an advanced technique to uncover hackers’ operational infrastructure using passive DNS data. This groundbreaking method sheds light on how attackers establish and maintain their networks to perpetrate malicious activities while remaining resilient to detection. By leveraging passive DNS analysis, experts have made significant strides in identifying threats before they wreak havoc, […]

The post Researchers Uncovered Hackers Infrastructre Using Passive DNS Technique appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Let’s Encrypt has officially announced its timeline to phase out support for the Online Certificate Status Protocol (OCSP). The nonprofit Certificate Authority (CA) plans to fully transition to Certificate Revocation Lists (CRLs) by mid-2025, citing privacy concerns and efficiency gains as primary reasons for the change. Phased Timeline for Transition Let’s Encrypt rolled out a […]

The post Let’s Encrypt to End Support for Online Certificate Status Protocol (OCSP) appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals online take advantage of well-known events to register malicious domains with keywords related to the event, with the intention of tricking users through phishing and other fraudulent schemes.  The analysis examines event-related abuse trends across domain registrations, DNS and URL traffic, active domains, verdict change requests, and domain textual patterns, with specific examples from […]

The post Hackers Attacking Global Sporting Championships Via Fake Domains To Steal Logins appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated crypto-stealing malware, Realst, has been targeting Web3 professionals, as the threat actors behind this campaign have employed AI-generated content to create fake companies, such as “Meetio,” to appear legitimate.  By tricking victims into participating in video calls, cybercriminals can convince them to download a malicious meeting application from a compromised website.  Once installed, […]

The post New Meeten Malware Attacking macOS And Windows Users To Steal Logins appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Apache ActiveMQ server is vulnerable to remote code execution (CVE-2023-46604), where attackers can exploit this vulnerability by manipulating serialized class types in the OpenWire protocol to load malicious class configurations from external sources.  Successful exploitation allows attackers to execute arbitrary code on the vulnerable server, leading to potential system compromise, which has been actively […]

The post Mauri Ransomware Leverages Apache ActiveMQ Vulnerability to Deploy CoinMiners appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers analyzed a malicious Android sample created using Spynote RAT, targeting high-value assets in Southern Asia, which, likely deployed by an unknown threat actor, aims to compromise sensitive information.  Although the target’s precise location and nature have not been disclosed, its high-value nature suggests that advanced persistent threat (APT) groups may be interested in it.  […]

The post Hackers Target Android Users via WhatsApp to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

An international cybercrime network responsible for stealing millions of euros across at least ten European countries has been dismantled in a joint operation by the Rotterdam Police Cybercrime Team and the Belgian police. The sophisticated criminal group employed phishing schemes and bank helpdesk fraud to exploit vulnerable victims, with call centers set up in luxury […]

The post Authorities Dismantled Hackers Who Stolen Millions Using AirBnB appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Gamaredon, a persistent threat actor since 2013, targets the government, defense, diplomacy, and media sectors of their victims, primarily through cyberattacks, to gain sensitive information and disrupt operations. It continues to employ sophisticated tactics, leveraging malicious LNK and XHTML files alongside intricate phishing schemes to carry out cyberattacks. Phishing emails with four distinct attack payloads […]

The post APT-C-53 Weaponizing LNK Files To Deploy Malware Into Target Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kurita America Inc. (KAI), the North American subsidiary of Tokyo-based Kurita Water Industries Ltd., has confirmed it was the victim of a ransomware attack that compromised multiple servers and potentially leaked sensitive data. The attack was detected on Friday, November 29, 2024, and has raised concerns worldwide among customers and business partners. Incident Overview KAI’s security […]

The post U.S. Subsidiary of a Japanese water Treatment Company Hit By Ransomware Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers have uncovered that Large Language Models (LLMs) can generate and manipulate ANSI escape codes, potentially creating new security vulnerabilities in terminal-based applications. ANSI escape sequences are a standardized set of control characters used by terminal emulators to manipulate the appearance and behavior of text displays. They enable features such as text color changes, cursor movement, blinking text, and more. Terminal emulators interpret these sequences […]

The post Hackers Can Hijack Your Terminal Via Prompt Injection using LLM-powered Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has officially launched Vanir, an open-source security patch validation tool designed to streamline and automate the process of ensuring software security patches are integrated effectively. The announcement was made following Vanir’s initial preview during the Android Bootcamp earlier this year in April. This powerful tool aims to bolster the security of the Android ecosystem by […]

The post Google Announces Vanir, A Open-Source Security Patch Validation Tool appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed transaction-relay jamming vulnerability has raised concerns about the security of Bitcoin nodes, particularly in the context of time-sensitive contracting protocols like the Lightning Network. This attack exploits the transaction selection, announcement, and propagation mechanisms of Bitcoin’s base-layer full nodes, potentially enabling attackers to disrupt transactions and steal funds from Lightning channels. Transaction-Relay […]

The post New Transaction-Relay Jamming Vulnerability Let Attackers Exploits Bitcoin Nodes appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Raspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its game with the launch of the Raspberry Pi 500 alongside an official Raspberry Pi Monitor. This much-anticipated release offers enthusiasts and learners a complete desktop setup priced at just $190, continuing Raspberry Pi’s mission to make computing accessible to everyone. Raspberry Pi 500 The Raspberry […]

The post Raspberry Pi 500 & Monitor, Complete Desktop Setup at $190 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Qlik has identified critical vulnerabilities in its Qlik Sense Enterprise for Windows software that could lead to remote code execution (RCE) if exploited. Security patches have been released to mitigate these risks and ensure system integrity. The vulnerabilities, discovered during Qlik’s internal security testing, pose a significant threat to systems running Qlik Sense Enterprise for […]

The post Qlik Sense for Windows Vulnerability Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

QNAP Systems, Inc. has identified multiple high-severity vulnerabilities in its operating systems, potentially allowing attackers to compromise systems and execute malicious activities. These issues affect several versions of QNAP’s QTS and QuTS hero operating systems. Users are urged to update their devices immediately to mitigate security risks. Below is an overview of the identified vulnerabilities: […]

The post QNAP High Severity Vulnerabilities Let Remote attackers to Compromise System appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Imagine this: It’s a typical Tuesday morning in a bustling hospital. Doctors make their rounds, nurses attend to patients, and the hum of medical equipment creates a familiar backdrop. Suddenly, screens go dark, vital systems freeze, and a chilling message appears: “Your data has been encrypted. Pay ransom to restore access.” This isn’t a scene […]

The post Healthcare Security Strategies for 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Federal Bureau of Investigation (FBI) has issued a warning about a growing trend in cybercrime, hackers leveraging generative artificial intelligence (AI) to develop highly sophisticated social engineering attacks. With advancements in AI technology, cybercriminals are crafting fraud schemes that are more convincing, scalable, and difficult to detect than ever before. Generative AI, a technology […]

The post Hackers Use Artificial Intelligence to Create Sophisticated Social Engineering Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.