Incident Response Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

TWELVE Threat Attacks Windows To Encrypt Then Deleting Victims’ Data

Gurubaran — Thu, 26 Sep 2024 08:48:31 +0000

The threat actor, formed in 2023, specializes in ransomware attacks targeting Russian government organizations. It encrypts and deletes victim data, exfiltrates sensitive information, and aims to inflict maximum damage on critical assets. The threat actor likely scans IP address ranges in Russia to identify VPN servers and applications accessible from the internet that could serve […]

The post TWELVE Threat Attacks Windows To Encrypt Then Deleting Victims’ Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ToddyCat APT Abuses SMB, Exploits IKEEXT A Exchange RCE To Deploy ICMP Backdoor

Tushar Subhra — Wed, 04 Sep 2024 11:30:36 +0000

ToddyCat is an APT group that has been active since December 2020, and primarily it targets the government and military entities in Europe and Asia. The group is known for its sophisticated cyber-espionage tactics and has been involved in multiple high-profile attacks. Cybersecurity researchers at Kaspersky Lab identified that ToddyCat APT group has been abusing […]

The post ToddyCat APT Abuses SMB, Exploits IKEEXT A Exchange RCE To Deploy ICMP Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

PKfail, Critical Firmware Supply-Chain Issue Let Attackers Bypass Secure Boot

Tushar Subhra — Mon, 29 Jul 2024 08:44:59 +0000

Hackers often attack secure boot during the boot process to execute unauthorized code, which gives them the ability to bypass a system’s security measures. By compromising Secure Boot, they can install rootkits and malware at a low level, gaining persistent control over the system and evading traditional security defenses. The Binarly Research Team discovered a […]

The post PKfail, Critical Firmware Supply-Chain Issue Let Attackers Bypass Secure Boot appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

HardBit Ransomware Using Passphrase Protection To Evade Detection

Tushar Subhra — Tue, 16 Jul 2024 11:45:53 +0000

In 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware doesn’t use leak sites or double extortion. Their tactics include data theft, encryption, and ransom requests with threats of other attacks. Cybersecurity researchers at Cybereason identified that HardBit ransomware has been actively using Passphrase protection to evade security measures. HardBit Ransomware […]

The post HardBit Ransomware Using Passphrase Protection To Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chinese APT40 Is Ready To Exploit New Vulnerabilities Within Hours Of Release

Tushar Subhra — Wed, 10 Jul 2024 12:29:18 +0000

Multiple international cybersecurity agencies jointly warn of a PRC state-sponsored cyber group, linked to the Ministry of State Security and known by various names like APT40, Leviathan. The group, based in Hainan Province, has targeted organizations globally, including in Australia and the US. The Australian authorities recently released an advisory that provides case studies of […]

The post Chinese APT40 Is Ready To Exploit New Vulnerabilities Within Hours Of Release appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Tushar Subhra — Fri, 21 Jun 2024 07:58:37 +0000

Hackers target vaults, buckets, and secrets to access some of the most classified and valuable information, including API keys, logins, and other useful data kept within these storage solutions. These storage solutions’ centralized and often inadequately protected nature makes them exceptional targets for the threat actors. Cybersecurity analysts at DATADOG Security Labs discovered that hackers […]

The post Hackers Attacking Vaults, Buckets, And Secrets To Steal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

Eswar — Fri, 14 Jun 2024 10:56:41 +0000

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a threat actor to read sensitive files on the host machine. This vulnerability existed in the SolarWinds Serv-U File Transfer solution and was assigned with CVE-2024-28995 – 8.6 (High). This vulnerability affected multiple SolarWinds Serv-products in both Windows and Linux platforms. However, […]

The post SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cyber Attack Defenders Up For Battle: Huge Uptick In Timely Detections

Gurubaran — Thu, 25 Apr 2024 08:25:52 +0000

Attackers are employing evasion techniques to bypass detection and extend dwell time on compromised systems. This is achieved by targeting unmonitored devices, leveraging legitimate tools, and exploiting zero-day vulnerabilities. While defenders are improving detection speed (dwell time decreased from 16 to 10 days), this is partly due to faster ransomware identification and adversary-in-the-middle and social […]

The post Cyber Attack Defenders Up For Battle: Huge Uptick In Timely Detections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Windows MagicDot Path Flaw Lets Attackers Gain Rootkit-Like Abilities

Gurubaran — Mon, 22 Apr 2024 11:07:18 +0000

A new vulnerability has been unearthed, allowing attackers to gain rootkit-like abilities on Windows systems without requiring administrative privileges. Dubbed “MagicDot,” this vulnerability exploits the DOS-to-NT path conversion process within the Windows operating system. Here, we delve into the technical details of the vulnerability, the attack methods, the rootkit-like abilities it confers, and the mitigation […]

The post Windows MagicDot Path Flaw Lets Attackers Gain Rootkit-Like Abilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

FIN7 Hackers Attacking IT Employees Of Automotive Industry

Tushar Subhra — Thu, 18 Apr 2024 13:53:13 +0000

IT employees in the automotive industry are often targeted by hackers because they have access to sensitive information such as customer data, intellectual property, and critical systems. The connected technologies’ dependence on the automotive industry and the value of their data make them attractive targets for threat actors. BlackBerry analysts recently discovered that the FIN7 […]

The post FIN7 Hackers Attacking IT Employees Of Automotive Industry appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.