-
Some router models have identified a security vulnerability that allows attackers to bypass authentication. To exploit this vulnerability, an attacker must know the WiFi password or have an Ethernet connection to a device on the victimβs network.Β Firmware updates that address this vulnerability are available for the following routers: RAX35 (version 1.0.6.106), RAX38 (version 1.0.6.106), [β¦] The post NETGEAR buffer Overflow Vulnerability Let Attackers Bypass Authentication appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage. This makes them attractive targets for data theft and ransomware attacks for the threat actors.Β Besides this, the vulnerabilities in CrushFTP servers can be exploited to gain unauthorized access to networks or distribute malware to connected systems. [β¦] The post 5000+ CrushFTP Servers Hacked Using Zero-Day Exploit appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Hackers have leveraged an old Microsoft Office vulnerability, CVE-2017-8570, to deploy the notorious Cobalt Strike Beacon, targeting systems in Ukraine. It has been closely monitoring the situation and has successfully detected all stages of the attack. CVE-2017-8570: The Initial Vector The attack begins with the exploitation of CVE-2017-8570, a vulnerability first identified in 2017. This [β¦] The post Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
The widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code execution, Arbitrary code injection, and Prototype Pollution. These vulnerabilities have been assigned with CVE-2024-21508, CVE-2024-21509, and CVE-2024-21511. The severity of these vulnerabilities ranges from 6.5 (Medium) to 9.8 (Critical). While only one of these vulnerabilities has been patched, the other two [β¦] The post Multiple MySQL2 Flaw Let Attackers Arbitrary Code Remotely appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members aiming to undermine affiliate confidence. In response, LockBit publicly exposed an affiliate payment dispute, potentially causing further affiliate migration.Β The behavior of a major RaaS group is puzzling, as the financial loss from the dispute seems insignificant compared to the reputational [β¦] The post Ransomware Victims Who Opt To Pay Ransom Hits Record Low appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Oracle Virtualbox was identified and reported as having a critical vulnerability associated with Privilege Escalation and Arbitrary File Move/Delete. This vulnerability was assigned with CVE-2024-21111, and the severity was 7.8 (High).Β However, Oracle has acted swiftly upon the report and has patched the vulnerability accordingly. Following that, Oracle also released a security advisory to address [β¦] The post PoC Exploit Released For Critical Oracle VirtualBox Vulnerability appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
A new vulnerability has been unearthed, allowing attackers to gain rootkit-like abilities on Windows systems without requiring administrative privileges. Dubbed βMagicDot,β this vulnerability exploits the DOS-to-NT path conversion process within the Windows operating system. Here, we delve into the technical details of the vulnerability, the attack methods, the rootkit-like abilities it confers, and the mitigation [β¦] The post Windows MagicDot Path Flaw Lets Attackers Gain Rootkit-Like Abilities appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent vulnerabilities.Β Prior studies often oversimplify the problem into binary classification tasks, which poses challenges for deep learning models to effectively learn diverse vulnerability characteristics.Β To address this, the following cybersecurity analysts introduced FGVulDet, a fine-grained vulnerability detector that employs multiple classifiers [β¦] The post FGVulDet β New Vulnerability Detector to Analyze Source Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
The Palo Alto Networks PAN-OS software has a criticalΒ command injection vulnerability that allows an unauthorized attacker to run arbitrary code on the firewall with root access.Β The vulnerability is identified as CVE-2024-3400, with a CVSS score of 10.0. Operation MidnightEclipse has been coined to describe its exploit. Palo Alto Networks confirmed targeted attacks using this [β¦] The post Operation MidnightEclipse: Hackers Actively Exploiting Palo Alto Networks Zero-Day Flaw appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security…
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Ahmed exploited a vulnerability in a decentralized cryptocurrency exchangeβs smart contract by injecting fabricated pricing data, which triggered the generation of inflated fees totaling $9 million, which he subsequently withdrew in cryptocurrency.Β Following the theft, Ahmed attempted to extort the exchange, proposing the return of a portion of the stolen funds ($7.5 million) on the [β¦] The post Ex-Security Engineer Jailed For Hacking Decentralized Cryptocurrency Exchanges appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ