Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

A new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack. This vulnerability enables a novel distributed denial of service (DDoS) attack technique. This vulnerability was assigned with CVE-2023-44487 and a severity…

Read more →

Microsoft Windows Hello Fingerprint authentication was evaluated for security over its fingerprint sensors embedded in laptops. This led to the discovery of multiple vulnerabilities that would allow a threat actor to bypass the Windows Hello Authentication completely. The research was…

Read more →

Microsoft 365 Apps is a suite of productivity tools that includes the following apps and services offered by Microsoft through a subscription service:- Hackers often target these applications because they are widely used in business environments, providing a large potential…

Read more →

In the fast-paced world of cryptocurrency, the ever-looming threat of Rug Pulls has once again taken center stage.  Check Point’s Threat Intel Blockchain system, a vigilant guardian of the blockchain realm, recently uncovered a meticulously executed scheme that swindled nearly…

Read more →

Two ongoing efforts, Contagious Interview and Wagemole, have been identified to target job-seeking activities connected to North Korean Hackers and state-sponsored threat actors. Threat actors use the interview process in “Contagious Interview” to trick developers into installing malware by posing…

Read more →

Poloniex is a popular cryptocurrency exchange platform headquartered in the United States that provides a diverse range of digital assets for trading. The platform was established in January 2014 by Tristan D’Agosta, with a vision to make cryptocurrency trading easier…

Read more →

DarkGate, a sophisticated Malware-as-a-Service (MaaS) offered by the enigmatic RastaFarEye persona, has surged in prominence. The malware is known for abusing Microsoft Teams and MSI files to compromise target systems.  This Sekoia report delves into its ominous capabilities, examining its…

Read more →

Researchers discovered a new campaign delivering DarkGate and PikaBot that employs strategies similar to those employed in QakBot phishing attempts. This operation sends out a large number of emails to a variety of industries, and because the malware transmitted has…

Read more →

Former COO of the Atlanta-based cybersecurity company Securolytics, Vikas Singla, launched a series of cyberattacks on the non-profit healthcare organization Gwinnett Medical Center (GMC), which has locations in Lawrenceville and Duluth, Georgia. GMC suffered a financial loss of $817,804.12 as…

Read more →

Embarking on a journey into the realm of cyber threats, Microsoft recently uncovered a series of mobile banking trojan campaigns meticulously designed to exploit unsuspecting users in India.  This expose delves into the sophisticated strategies employed by cybercriminals utilizing social…

Read more →

The Andariel group has been identified in recent reports as distributing malware through asset management programs. This group has been previously discovered to be in a relationship with the Lazarus group. The Andariel group is known to launch supply chain,…

Read more →

In a pivotal decision on November 15, 2023, the Federal Communications Commission (FCC) orchestrated a formidable defensive strategy against insidious scams targeting consumers’ cell phone accounts.  This comprehensive report delves into the intricacies of the newly adopted rules, designed to…

Read more →

In a pivotal decision on November 15, 2023, the Federal Communications Commission (FCC) orchestrated a formidable defensive strategy against insidious scams targeting consumers’ cell phone accounts.  This comprehensive report delves into the intricacies of the newly adopted rules, designed to…

Read more →

A ransomware attack targeted Yamaha Motor Co., Ltd., resulting in a partial disclosure of the personal information maintained by the company. Notably, a third party gained unauthorized access to one of the servers run by Yamaha Motor Philippines, Inc. (YMPH),…

Read more →

Threat intelligence (TI) is critical to organizations’ cybersecurity infrastructure, allowing them to keep track of the evolving threat landscape and ensure timely detection. However, TI Solutions’ information frequently lacks the specifics required for thorough security measures. One way to address…

Read more →

Cyberattacks pose a significant risk, and prevention alone isn’t enough, so timely detection is crucial. That’s why most organizations use SIEM (Security Information and Event Management) systems to centrally collect and analyze security events with expert-written rules for detecting intrusions.…

Read more →

Multiple critical flaws in the infrastructure supporting AI models have been uncovered by researchers, which raise the risk of server takeover, theft of sensitive information, model poisoning, and unauthorized access. Affected are platforms that are essential for hosting and deploying large language models, including Ray,…

Read more →

For half a decade, NordPass has delved into the realm of password habits, uncovering familiar tunes that persist.  However, this year’s narrative is layered with intriguing patterns, particularly within distinct platform categories.  Amidst the discourse on passkeys, a question lingers:…

Read more →

The sequence of events sounds like it was taken straight from a movie script. Five software programmers were working late into the night, chatting on their phones while they worked. During the wee hours of October 9, between 1:00 am…

Read more →

In a chilling revelation, the cybercrime economy is projected to soar to $10.5 trillion by 2025, driven by financially motivated bad actors orchestrating dark enterprises.  Uncover the intricate web of these malicious activities and the alarming surge in cyber threats.…

Read more →

Kubernetes security is safeguarding your Kubernetes clusters, the applications they host, and the infrastructure they rely on from threats. As a container orchestration platform, Kubernetes is incredibly powerful but presents a broad attack surface for potential adversaries. Kubernetes security encompasses…

Read more →

Fortinet notifies users of a critical OS command injection vulnerability in the FortiSIEM report server that might enable an unauthenticated, remote attacker to execute malicious commands via crafted API requests. FortiSIEM is Fortinet’s security information and event management (SIEM) solution,…

Read more →

In an alarming development, Denmark faced its most extensive cyber attack in May 2023, targeting crucial components of its energy infrastructure.  A total of 22 companies fell victim to a meticulously coordinated attack, breaching their industrial control systems and prompting…

Read more →

In a momentous development in cybersecurity, Thomas Kennedy McCormick, alias “fubar,” a resident of Cambridge, Massachusetts, has been sentenced to 18 months imprisonment for masterminding a racketeering conspiracy within the infamous Darkode hacking forum. The intricate web of cybercrime unraveled…

Read more →

Alphv Ransomware gang filed an SEC complaint against MeridianLink for not disclosing a data breach. BlackCat, also known as ALPHV, BlackCat operates on the ransomware as a service (RaaS) model, with developers offering the malware for use by affiliates and…

Read more →

The biggest manufacturer of automobiles, Toyota, has discovered unauthorized activity on systems in a few of its Europe & African services. The ‘Medusa ransomware gang allegedly took data from Toyota Financial Services.’ The group offered the business ten days to…

Read more →

The popular video messaging platform Zoom has discovered multiple vulnerabilities affecting Zoom Clients. These vulnerabilities might allow an unauthorized user to carry out denial-of-service, privilege escalation, and information disclosure attacks. To receive the most recent security updates and bug fixes, Zoom…

Read more →

ManageEngine, one of the most widely used IT infrastructure management platforms that offers more than 60 Enterprise IT management tools, has been discovered with an Information Disclosure vulnerability which is tracked as CVE-2023-6105. This vulnerability affects multiple ManageEngine products, including…

Read more →

Wireshark, a leading network packet analyzer, has released version 4.2.0, which brings bug fixes, protocol updates, major API changes, codec support, and several new features. It is still a widely used and popular tool for network protocol analysis. Network administrators and security experts use packet…

Read more →

Samsung Electronics (U.K.) Limited has announced a cybersecurity incident, corroborating the exposure of customer data that originated in July 2019.  The disclosure comes as the tech behemoth contends with the repercussions of illicit access to personal information. Sequence of the…

Read more →

A critical CPU vulnerability can pose a significant threat by allowing:- Exploitation of such vulnerabilities can lead to widespread cyberattacks and significant disruptions. Recently, Google noted a rise in CPU vulnerabilities this year, as August disclosures reveal the following vulnerabilities…

Read more →

Researchers have discovered a new phishing campaign that targets Middle Eastern and North African Government Entities to deliver a new initial access downloader termed “IronWind.” This downloader is followed by additional payload stages, which downloads a shellcode.  Most campaigns were…

Read more →

Cybersecurity researchers at Talos have discovered that spammers are taking advantage of Google Forms quizzes to disseminate various types of online scams to unsuspecting victims. Since Google’s servers are where the emails are coming from, it could be simpler for…

Read more →

Researchers found that vulnerable MySQL servers are being deployed with the Ddostf DDoS bot, which is capable of launching Distributed Denial of Service (DDoS) attacks. Ddostf, which was first identified around 2016, is well-known for supporting both Windows and Linux platforms…

Read more →

SystemBC (aka Coroxy or DroxiDat) is a multifunctional malware known as Proxy, Bot, Backdoor, and RAT, adapting to attackers’ needs.  Since 2018, this multifunctional malware has been active, and it remains popular in underground markets, with consistent annual incidents. Cybersecurity…

Read more →

There have been several cases of GPT model-based detection for various attacks from system logs. However, there has been no dedicated framework for detecting APTs as they use a low and slow approach to compromise the systems. Security researchers have…

Read more →

Payment Card Industry Data Security Standard or PCI DSS 4.0 was released in May 2022 by the PCI Security Standards Council (PCI SSC). After using PCI DSS 3.2.1 for several years, PCI DSS 4.0 is the latest security standard version…

Read more →

Recently, hackers have used the Ethereum network’s CREATE2 opcode to bypass wallet security alarms in certain wallets.  Using Create2’s pre-calculation feature, the Drainers can produce unique addresses for every malicious signature. After the victim signs the malicious signature, these addresses are deployed.…

Read more →

Dark forums and Telegram channels have become great places for threat actors to sell critical vulnerabilities and exploits. These vulnerabilities and exploits were associated with the Elevation of Privilege, Authentication Bypass, SQL Injection, and Remote Code Execution in products like…

Read more →

A class-action lawsuit had been filed against Intel due to a critical “Downfall” vulnerability in Intel CPUs, a defect that Intel was aware of since 2018 but neglected to report. According to Intel, the only way to “fix” it is to apply…

Read more →

A notorious phishing service that supplied cybercriminals with phishing kits, scam pages, and stolen credentials has been disrupted by a joint operation involving Malaysian, Australian, and U.S. authorities.  BulletProftLink, also known as a phishing-as-a-service (PhaaS) platform, had been operating for…

Read more →

A notorious phishing service that supplied cybercriminals with phishing kits, scam pages, and stolen credentials has been disrupted by a joint operation involving Malaysian, Australian, and U.S. authorities.  BulletProftLink, also known as a phishing-as-a-service (PhaaS) platform, had been operating for…

Read more →

Researchers detected IMPERIAL KITTEN, an adversary with ties to Iran, conducting strategic web compromise (SWC) operations with a focus on transportation, logistics, and technology firms. The adversary, who has been operating since at least 2017, has been reported to have…

Read more →

Managing a diverse range of devices, including desktops, mobile devices, and Internet of Things (IoT) devices, is an essential aspect of modern businesses. To efficiently handle these devices, a set of best Unified Endpoint Management Tools (UEM) technologies provide an…

Read more →

After being apprehended by the US government, a Serbian citizen confessed to placing multiple orders on the Monopoly drugs market, which operates on the darknet. The individual in question has admitted to engaging in the illicit purchase of drugs through…

Read more →

Cambodian government entities were discovered to be targeted and compromised by Chinese APT actors. The threat actors are using the infrastructure to masquerade as a cloud backup service. The infrastructure also exhibits several malicious nature and persistent connections. China has…

Read more →

In an age where online threats loom large, safeguarding our personal and professional accounts has never been more critical.  With hackers tirelessly attempting to breach security barriers, the need for robust identity verification methods has become paramount.  In response to…

Read more →

IBM has recently announced the launch of its Cloud-Native SIEM solution, which is designed to enhance the scale, speed, and flexibility of security teams. With this new offering, organizations can benefit from improved threat detection and response capabilities, empowering them…

Read more →

Burp Suite 2023.10.3.4 is the name of the newest version of Burp Suite, which was just published by the PortSwigger developers. The Burp Suite is a cybersecurity tool that is used for evaluating the security of online applications. It performs…

Read more →

In a recent development, cybersecurity experts have identified a significant shift in the tactics employed by Sapphire Sleet, a notorious threat actor known for cryptocurrency theft through social engineering.  Microsoft’s threat intelligence team has been closely monitoring Sapphire Sleet, a…

Read more →

In a recent development, cybersecurity experts have identified a significant shift in the tactics employed by Sapphire Sleet, a notorious threat actor known for cryptocurrency theft through social engineering.  Microsoft’s threat intelligence team has been closely monitoring Sapphire Sleet, a…

Read more →

SysAid On-Prem software has been reported with a 0-day vulnerability determined during an incident response investigation. According to Microsoft, attackers are exploiting this zero-day vulnerability to infiltrate corporate servers, to steal sensitive data and deploy the notorious Clop ransomware. This…

Read more →

In a recent and alarming development, the notorious Russia-linked threat actor Sandworm executed a sophisticated cyber-physical attack targeting a critical infrastructure organization in Ukraine.  The incident, responded to by cybersecurity firm Mandiant, unfolded as a multi-event assault, showcasing a novel…

Read more →

A new malware variant is distributed by BlueNordoff APT group, a financially motivated threat group targeting cryptocurrency exchanges, venture capital firms, and banks. This new campaign has similar characteristics to their RustBucket campaign. BlueNoroff was first discovered in early 2014…

Read more →

Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities. The publicly available Proof of Concepts (POCs) for these vulnerabilities were rapidly circulated in cybercrime forums. Over 20,000 “Netscaler” instances and 1,000 “Big IP”…

Read more →

Trusted Computing Group’s Trust Platform Module 2.0 reference library specification has been discovered with two buffer overflow vulnerabilities that threat actors can exploit to access read-only sensitive data or overwrite normally protected data, which is only available to the TPM.…

Read more →

Hackers target Remote Desktop Protocol (RDP) via malware because it provides them with remote access to a victim’s computer or network, allowing them to:- Cybersecurity researchers at IBM X-Force affirmed recently that in place of conventional frameworks like CobaltStrike, the…

Read more →

WhatsApp has begun to roll out the ‘Protect IP Address in Calls’ feature, which conceals your IP address during calls. Upon using this feature, all your calls will be relayed through WhatsApp’s servers, protecting your IP address and preventing other…

Read more →

Hackers actively target Confluence flaws because it is a widely used collaboration and documentation platform, making it a valuable target for gaining unauthorized access to sensitive information or spreading malware.  Exploiting vulnerabilities in Confluence can lead to:-  These things make…

Read more →

CISOs rely on information about security from across the organization, particularly from the various IT departments. Unfortunately, the information being fed to CISOs about cybersecurity risk is incomplete. There is a blind spot present—a gaping hole. Data about the security…

Read more →

Ransomware attacks are on the rise, causing organizations to lose millions of dollars, restricting them from accessing their data, and possibly disclosing personal information. According to the FBI Private Industry Notification, ransomware attackers have recently been taking advantage of flaws in…

Read more →

Android has fixed 37 vulnerabilities that were impacting its devices with the release of its November 2023 security updates. Most of the flaws included information disclosure, elevation of privilege, denial of service, and remote code execution. These updates address major…

Read more →

Cybersecurity researchers link attackers to the Iranian-backed APT group “Agonizing Serpens,” which has upgraded its capabilities and uses various tools to bypass security measures. Hackers target and steal sensitive data for various reasons, including: They may sell the stolen data…

Read more →

Two critical OS command injection flaws have been discovered in multiple QNAP products, which include QTS, Multimedia Console, Media Streaming add-on, QuTS Hero, and QuTScloud.  These vulnerabilities existed in the QTS operating system and applications on network-attached storage (NAS) devices,…

Read more →

In the ever-evolving digital world, organizations must safeguard their networks and sensitive data against sophisticated cyber threats. Have you ever heard NDR in relation to cybersecurity? Whether you have or not, do you know what is network detection and response?.…

Read more →

Veeam, a Global Leader in Data Protection, issued hotfixes to address four vulnerabilities affecting the Veeam ONE IT infrastructure monitoring and analytics platform. Two vulnerabilities are classified as ‘critical,’ while the other two are classified as ‘medium severity’ flaws. The critical flaws allow remote…

Read more →

Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as…

Read more →

Linux Privilege Escalation flaw is one of the highly critical flaws as it can allow an attacker to gain elevated privileges on a system, potentially leading to full control.  Hackers typically exploit these vulnerabilities by crafting malicious code or commands…

Read more →

Natalie Mottram, a 25-year-old intelligence analyst who worked for Cheshire Police and the North West Regional Organised Crime Unit (ROCU), has been given a prison sentence of three years and nine months for her role in a serious security breach. …

Read more →

Proxy services let users rent IP addresses and provide online anonymity by disguising their traffic as regular IP addresses while hiding the true source or origin. Bitsight researchers recently found a new malware sample distributed by the following two loaders:-…

Read more →

According to recent reports, Arabic-speaking Android users have been targeted with spyware by the “Arid Viper” threat actor, also known as APT-C-23, Desert Falcon, or TAG-63). This threat actor has been using counterfeit dating apps designed to exfiltrate data from…

Read more →

Sam Bankaman-Fried, the founder and CEO of the largest cryptocurrency exchange, has recently pleaded guilty to charges of fraud and money laundering. This news has sent shockwaves through the cryptocurrency community, as Bankaman-Fried was highly regarded and his exchange was…

Read more →

According to recent reports, Arabic-speaking Android users have been targeted with spyware by the “Arid Viper” threat actor, also known as APT-C-23, Desert Falcon, or TAG-63). This threat actor has been using counterfeit dating apps designed to exfiltrate data from…

Read more →

Kubernetes is a popular open-source platform for managing containerized workloads and services. It’s a system that simplifies a wide array of deployment, scaling, and operations tasks, but it’s not without its risks. Just as any other software or platform, Kubernetes…

Read more →

Social media platforms offer financially motivated threat actors opportunities for large-scale attacks by providing a vast user base to target with:-  These platforms allow attackers to exploit trust and personal information shared by users, making it easier to craft convincing…

Read more →

CVSS (Common Vulnerability Scoring System) is vital for supplier-consumer interaction, offering a numerical score to assess security vulnerabilities’ technical severity that helps in guiding the following entities:- CVSS scores interpret the following qualitative ratings for prioritizing vulnerability management and enhancing…

Read more →

Accenture, the global technology services and consulting giant, has announced the acquisition of Innotec Security, a leading cybersecurity-as-a-service provider based in Spain.  The deal, which was made public on November 2, 2023, is a strategic move by Accenture to enhance…

Read more →

A new wave of cyberattacks has been discovered by Netskope Threat Labs, involving the use of SharePoint as a delivery platform for the notorious DarkGate malware.  This alarming trend is driven by an attack campaign that exploits vulnerabilities in Microsoft…

Read more →

Multiple vulnerabilities have been discovered in the Cisco Services Engine associated with Arbitrary File Upload and Denial of Service assigned with CVEs CVE-2023-20195, CVE-2023-20196, and CVE-2023-20213. The severity for these vulnerabilities ranges between 4.3 (Medium) and 4.7 (Medium). These vulnerabilities…

Read more →

A lot of money is being spent to protect the enterprise against intrusion. Ransomware protection is currently in the spotlight – and with good reason. But organizations also invest heavily in technologies such as Zero Trust Network Access (ZTNA), Secure…

Read more →

A vulnerability of medium severity, identified as CVE-2023-20042, with a CVSS score of 6.8, was found in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defence (FTD) Software.  This vulnerability could potentially…

Read more →

Bank robbers of today are nothing like their counterparts of the past. Modern-day Bonnie and Clyde operate remotely, carrying out their operations from hundreds of miles away, simply using their laptops. On top of that, every year, the barrier of…

Read more →

The frequency of hackers exploiting macOS flaws varies over time, but Apple continuously releases security updates to patch vulnerabilities.  While macOS is generally considered more secure than some other operating systems but, it is not immune to exploitation, and hackers…

Read more →

Hackers can exploit Massive Domain Generator and URL Shortener services by creating large numbers of deceptive or malicious domains and using URL shorteners to hide the true destination of links.  This can be used for the following illicit purposes:-  Recently,…

Read more →

Hackers opt for DLL hijacking as a technique to exploit vulnerable applications because it allows them to load malicious code by tricking a legitimate application into loading a malicious DLL. This can give them unauthorized access and control over a…

Read more →

HWP documents are primarily associated with the Hangul Word Processor software used in South Korea.  Hackers may opt for HWP documents to target National Defense and Press Sectors because they exploit vulnerabilities in this specific file format and software, which…

Read more →

F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748.  This vulnerability is an authenticated SQL injection flaw that allows attackers with network access to execute arbitrary system commands.  F5 Networks…

Read more →

At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical). After the release of PoC, there seems to be…

Read more →

The NuGet package manager, which .NET developers widely use, has been under attack by a series of malicious activities, according to a report by cybersecurity firm ReversingLabs.  The report, which follows previous investigations on npm, PyPI, and RubyGems ecosystems, shows…

Read more →

Atlassian has been reported with a critical vulnerability in their Confluence Software, which several organizations have widely adopted. The CVE for this vulnerability has been assigned as CVE-2023-22518, and the severity has been given as 9.1 (Critical). Atlassian has addressed…

Read more →

Imagine walking into work one morning to find your company’s network completely crippled. Servers are down, workstations display ransomware notices, and critical data has been encrypted or deleted. Total operational paralysis. This is the potential aftermath of a devastating zero-day…

Read more →

Cybercriminals are resorting to unscrupulous tactics to deploy Bonanza malware by exploiting Google Search Ads. The hackers are taking advantage of the search engine’s advertising mechanism to spread the malicious software, putting unsuspecting users at risk of cyber attacks. This…

Read more →

A young man from Orlando, Florida, has been handed a 30-month prison sentence for his role in a cybercrime scheme that stole nearly $1 million in cryptocurrency from unsuspecting victims.  As part of a group of hackers, Jordan Dave Persad,…

Read more →

Proofpoint, an enterprise security company, has entered into a definitive agreement to acquire Tessian, a leading provider of email security solutions. The acquisition is aimed at enhancing the existing email security offerings of Proofpoint and preventing misdirected emails and data…

Read more →

ServiceNow has been alerted to a potential misconfiguration concern that might impact the security of its platform. The company is actively addressing the issue and working towards a resolution. The issue involves Access Control Lists (ACLs), which are used to…

Read more →

Role-Based Access Control (RBAC) is a security paradigm focused on assigning system access to users based on their organizational role. It’s a sophisticated approach of ensuring that only the right people can access the right information at the right time.…

Read more →

AhnLab Security Emergency Response Center (ASEC) has recently revealed a disturbing case of Remcos RAT, a malicious software that can remotely access and manipulate infected machines.  The attackers behind this malware used a clever email scam that pretended to be…

Read more →

F-Secure has recently implemented organizational changes in order to pursue strategic growth initiatives and meet its financial targets. These changes likely involve adjustments to the company’s structure, processes, and resources to ensure they are better aligned with their goals and…

Read more →

A new OAuth vulnerability has been discovered in three of the major extensions such as Grammarly, Vidio, and Bukalapak. These applications use the OAuth protocol for their authentication, which is vulnerable to an authentication token-stealing attack. OAuth is an authentication…

Read more →

XWorm is a RAT (Remote Access Trojan), a malware-as-a-service. It was first discovered in July 2022 and is known to have originated from the ex-USSR. The malware is capable of multiple things, such as stealing sensitive data and cryptocurrency, launching…

Read more →