Malware Routed Via News Websites And Social Media
A Russian influence campaign, DoppelGänger, leverages fake news websites (typosquatted and independent) to spread disinformation, undermining support for Ukraine. Structura and SDA are running the…
Category: GBHackers
Vulnerabilities in Honeywell VirtualUOC – Execute Remote Code
Team82 has uncovered multiple critical vulnerabilities in Honeywell’s ControlEdge Virtual Unit Operations Center (UOC). These vulnerabilities within the EpicMo protocol implementation could potentially allow attackers…
Grandoreiro Malware Hijacks Outlook Client to Send Phishing Emails
X-Force identified a phishing campaign targeting Latin American users since March 2024, where emails impersonate legitimate entities like tax and utility services, urging recipients to…
Critical Memory Corruption In Cloud Logging Infrastructure
Fluent Bit, a widely used open-source data collector and processor, has been found to have a major memory loss flaw. Companies utilizing Fluent Bit in…
PoC Exploit Released for QNAP QTS zero-day RCE Flaw
Researchers have shown a proof-of-concept (PoC) attack for a zero-day remote code execution (RCE) flaw in the QTS operating system from QNAP. Users of QNAP’s…
Financial Organizations Need To Disclose Data Breach
The U.S. Securities and Exchange Commission (SEC) has made changes to Regulation S-P that require financial companies to report data leaks within 30 days. This…
Switchable Backdoor Attack Against Pre-trained Models
In the big data era, pre-training large vision transformer (ViT) models on massive datasets has become prevalent for enhanced performance on downstream tasks. Visual prompting…
Git Vulnerability Let Attackers Execute Remote Code
A critical remote code execution vulnerability has been discovered in the git clone which was assigned with CVE-2024-32002 and the severity has been given as…
Akira Ransomware Elevates Privilege To Exfiltrate NTDS.dit File
In a recent encounter, the Akira ransomware group exploited a novel privilege escalation technique, where the attackers infiltrated the victim’s virtual environment to steal the…
2 Chinese Nationals Arrested for Steal $73M+ Via Cryptocurrency
Two Chinese people have been arrested on suspicion of being involved in a complex cryptocurrency trading scam that stole more than $73 million from people.…
PoC Exploit Published for 0-day Vulnerability in Google Chrome
A proof-of-concept (PoC) exploit for a critical zero-day vulnerability (CVE-2024-4947) in Google Chrome has been made public. The potential for exploitation of this vulnerability, which…
Kinsing Malware Attacking Apache Tomcat Servers To Deploy Miners
Kinsing malware, known for exploiting vulnerabilities on Linux cloud servers to deploy backdoors and cryptominers, has recently expanded its target to include Apache Tomcat servers. …