THREATS Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform https://gbhackers.com/category/threatsattacks/ GBhackers Offering Exclusive Cyber Security News Coverage, New Research papers & Technology Updates. Tue, 05 Nov 2024 10:30:17 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://gbhackers.com/wp-content/uploads/2024/09/cropped-gbh-32x32.png THREATS Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform https://gbhackers.com/category/threatsattacks/ 32 32 Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints https://gbhackers.com/hackers-av-edr-bypass-cybercrime/ https://gbhackers.com/hackers-av-edr-bypass-cybercrime/#respond Tue, 05 Nov 2024 10:30:16 +0000 https://gbhackers.com/?p=114492 Researchers uncovered two previously unknown endpoints with older Cortex XDR agents that used to test an AV/EDR bypass tool were compromised, granting unauthorized access. The threat actor utilized a bypass tool, likely purchased from cybercrime forums, to compromise the system. Subsequent analysis of recovered files and digital footprints revealed the identity of one of the […]

The post Hackers Using AV/EDR Bypass Tool From Cybercrime Forums To Bypass Endpoints appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/hackers-av-edr-bypass-cybercrime/feed/ 0
Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks https://gbhackers.com/chinese-password-attacks-microsoft/ https://gbhackers.com/chinese-password-attacks-microsoft/#respond Mon, 04 Nov 2024 12:34:58 +0000 https://gbhackers.com/?p=114397 Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to launch highly evasive password spray attacks, successfully stealing credentials from multiple Microsoft customers.  The stolen credentials are then leveraged by threat actors like Storm-0940 to gain unauthorized access to systems. Storm-0940 has been an active threat actor since 2021 and […]

The post Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/chinese-password-attacks-microsoft/feed/ 0
Russia, Iran, And China Influence U.S. Elections, Microsoft Warns https://gbhackers.com/foreign-influence-us-elections/ https://gbhackers.com/foreign-influence-us-elections/#respond Mon, 04 Nov 2024 12:02:03 +0000 https://gbhackers.com/?p=114066 The researchers have observed consistent efforts by Russia, Iran, and China to exert foreign influence on democratic processes in the United States.  Recent U.S. government actions have exposed Iranian cyberattacks on the Trump-Vance campaign and the dissemination of stolen Trump campaign materials to Biden campaign associates and media outlets. Foreign entities can spread misleading information […]

The post Russia, Iran, And China Influence U.S. Elections, Microsoft Warns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/foreign-influence-us-elections/feed/ 0
Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication https://gbhackers.com/prokyc-bypasses-2fa/ https://gbhackers.com/prokyc-bypasses-2fa/#respond Fri, 11 Oct 2024 13:34:03 +0000 https://gbhackers.com/?p=113385 Threat actors are leveraging a newly discovered deepfake tool, ProKYC, to bypass two-factor authentication on cryptocurrency exchanges, which is designed specifically for NAF (New Account Fraud) attacks and can create verified but synthetic accounts by mimicking facial recognition authentication. By overcoming these security measures, threat actors can engage in money laundering, create mule accounts, and […]

The post Threat Actor ProKYC Selling Tools To Bypass Two-Factor Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/prokyc-bypasses-2fa/feed/ 0
DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials https://gbhackers.com/dcrat-html-smuggling-credential-theft/ https://gbhackers.com/dcrat-html-smuggling-credential-theft/#respond Mon, 30 Sep 2024 14:45:00 +0000 https://gbhackers.com/?p=112859 In a new campaign that is aimed at users who speak Russian, the modular remote access tool (RAT) known as DCRat has been utilized.  Delivered through HTML smuggling, a technique not previously seen with DCRat, the malware leverages its typical RAT capabilities to execute shell commands, log keystrokes, exfiltrate files, and steal credentials, which marks […]

The post DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/dcrat-html-smuggling-credential-theft/feed/ 0
Creating An AI Honeypot To Engage With Attackers Sophisticatedly https://gbhackers.com/ai-honeypot-engagement/ https://gbhackers.com/ai-honeypot-engagement/#respond Tue, 17 Sep 2024 08:36:11 +0000 https://gbhackers.com/?p=111974 Honeypots, decoy systems, detect and analyze malicious activity by coming in various forms and can be deployed on cloud platforms to provide insights into attacker behavior, enhancing security. The study proposes to create an interactive honeypot system using a Large Language Model (LLM) to mimic Linux server behavior. By fine-tuning the LLM with a dataset […]

The post Creating An AI Honeypot To Engage With Attackers Sophisticatedly appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/ai-honeypot-engagement/feed/ 0
Crimson Palace Returns With New Hacking Tolls And Tactics https://gbhackers.com/crimson-palace-hacking-tools-tactics/ https://gbhackers.com/crimson-palace-hacking-tools-tactics/#respond Mon, 16 Sep 2024 07:37:29 +0000 https://gbhackers.com/?p=111873 Cluster Bravo, despite its brief initial activity, subsequently targeted 11 organizations in the same region, as researchers found that these attackers used compromised environments within the same vertical for malware staging.  Cluster Charlie, after being disrupted, returned with new techniques, including using the HUI loader to inject Cobalt Strike beacons into mstsc.exe.  They employed open-source […]

The post Crimson Palace Returns With New Hacking Tolls And Tactics appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/crimson-palace-hacking-tools-tactics/feed/ 0
Threat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS Tunneling https://gbhackers.com/iis-backdoor-dns-tunneling/ https://gbhackers.com/iis-backdoor-dns-tunneling/#respond Thu, 12 Sep 2024 12:35:33 +0000 https://gbhackers.com/?p=111730 The Iranian threat actor APT34, also known as GreenBug, has recently launched a new campaign targeting Iraqi government entities by employing a custom toolset, including a novel IIS backdoor and DNS tunneling protocol.  The malware used in this campaign shares similarities with previously reported APT34 malware families, such as Karkoff, Saitama, and IIS Group 2.  […]

The post Threat Actors Using New Malware Toolkit That Involves IIS Backdoor, DNS Tunneling appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/iis-backdoor-dns-tunneling/feed/ 0
Chinese Hackers Using Open Source Tools To Launch Cyber Attacks https://gbhackers.com/chinese-hackers-open-source-attacks/ https://gbhackers.com/chinese-hackers-open-source-attacks/#respond Tue, 10 Sep 2024 14:14:10 +0000 https://gbhackers.com/?p=110816 Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a modified version of the open-source network scanning tool NBTscan over the past decade.  NBTscan, designed for network discovery and forensics, sends NetBIOS status queries to IP addresses within a specified range.  By analyzing the responses, it extracts valuable information like IP […]

The post Chinese Hackers Using Open Source Tools To Launch Cyber Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/chinese-hackers-open-source-attacks/feed/ 0
Growth of Web3 Fuled New Opportunities for Threat Actors to Attack Finance Sectors https://gbhackers.com/web3-fuled-new-opportunities/ https://gbhackers.com/web3-fuled-new-opportunities/#respond Thu, 05 Sep 2024 10:04:49 +0000 https://gbhackers.com/?p=110196 Web3 and DeFi have been appealing to many threat actors, and there has been a significant boost in heists that have become larger than any they have experienced in more traditional finance. Mandiant’s investigation into the 2016 Bangladesh Bank heist revealed that the North Korean hackers managed to steal $81 million, which highlights the scale […]

The post Growth of Web3 Fuled New Opportunities for Threat Actors to Attack Finance Sectors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

]]>
https://gbhackers.com/web3-fuled-new-opportunities/feed/ 0