Category: GBHackers – Latest Cyber Security News | Hacker News

Software as a Service (SaaS) security refers to the measures and practices employed to protect SaaS solutions’ data, applications, and infrastructure. SaaS is a cloud computing model where software applications are hosted and delivered over the internet, rather than installed…

Read more →

Gamaredon, also known as Primitive Bear, Actinium, or Shuckworm, is a Russian Advanced Persistent Threat (APT) group active since at least 2013. It is a very aggressive threat group that employs prolonged attacks that are highly disguised and particularly aggressive. The…

Read more →

In recent times, it’s been observed that fake malware-loaded browser updates are gaining rapid growth in the threat landscape. Rapid7 researchers recently identified a Fake Browser Update lure that tricks users into running malicious binaries, using a new loader to…

Read more →

Hive0117 group has launched a new phishing campaign, which targets individuals working for significant industries in the energy, banking, transportation, and software security sectors with headquarters in Russia, Kazakhstan, Latvia, and Estonia. This group is known for disseminating the fileless…

Read more →

Notepad++ v8.5.7 has been released, which has several bug fixes and new features. There has also been Integrity and authenticity validation, added Security enhancement and fixed a memory leak while reading Utf8-16 files. Multiple vulnerabilities in Notepad++ relating to Heap…

Read more →

Recent reports indicate that threat actors have been using Microsoft Teams to deliver DarkGate Loader malware. The campaign originated from two compromised external Office 365 accounts identified to be “Akkaravit Tattamanas” (63090101@my.buu.ac.th) and “ABNER DAVID RIVERA ROJAS” (adriverar@unadvirtual.edu.co) DarkGate loader…

Read more →

In the evolving hospitality industry landscape, where vacation rental software has transitioned from luxury to necessity, a growing concern emerges regarding cybersecurity.  This software, while primarily simplifying booking, guest interactions, and property management, stores sensitive data such as credit card…

Read more →

Recent reports indicate that a new threat actor named “W3LL” has been discovered running a large phishing empire completely hidden until now. It was also found that this threat actor played a major role in compromising Microsoft 365 business email…

Read more →

Google’s Threat Analysis Group (TAG) has issued an update regarding an ongoing campaign by North Korean threat actors targeting security researchers.  This campaign, which first came to light in January 2021, involved using 0-day exploits to compromise the security of…

Read more →

A new sophisticated stealing campaign named  “Steal-It”  has been discovered that exfiltrates NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script. It is believed that the Steal-It campaign may be attributed to APT28 (aka Fancy Bear) based on its…

Read more →

Google’s Threat Analysis Group (TAG) has issued an update regarding an ongoing campaign by North Korean threat actors targeting security researchers.  This campaign, which first came to light in January 2021, involved using 0-day exploits to compromise the security of…

Read more →

Two Zero-Day flaws have been discovered on Apple Devices affecting macOS, iOS, and iPadOS. The vulnerabilities involve an arbitrary code execution and a buffer overflow. Reports indicate that these vulnerabilities are being actively exploited. This is considered a high-risk vulnerability…

Read more →

A single sign-on (SSO) implementation flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform might make it possible for a remote, unauthenticated attacker to forge credentials to access a vulnerable system. This “Critical” severity vulnerability has…

Read more →

A Global Ticketing Giant company, See Tickets, recently reported a data breach that exposed the payment card information of over 300,000 customers. See Tickets, owned by Vivendi Ticketing, revealed the latest breach in a complaint with Maine’s attorney general.  The ticketing business…

Read more →

Multiple vulnerabilities have been discovered in Aruba 9200 and 9000 Series Controllers and Gateways running ArubaOS. The vulnerabilities related to Buffer Overflow and Hardware Root of Trust bypass. Aruba has released a security advisory for addressing these vulnerabilities. At the…

Read more →

RaaS (Ransomware-as-a-service) is actively strengthening the ransomware attacks, but understanding their operations is restricted by illegality.  That’s why ransomware attacks have surged in scale and complexity over the past decade, driven by RaaS models like Conti (formerly Ryuk). However, the…

Read more →

Storm-0558, a threat actor based in China, has recently gained access to a Microsoft account consumer key. This has allowed them to infiltrate and compromise 25 organizations, including those within government agencies. Since May 15, 2023, they have been using…

Read more →

AhnLab Security Emergency Response Center (ASEC) has issued a warning about a significant security threat involving the distribution of malicious LNK files.  This threat, known as RedEyes (ScarCruft), has transitioned from CHM format to LNK format, posing new challenges for…

Read more →

On Tuesday, Synopsys addressed High and medium vulnerabilities CVE-2023-2453, and CVE-2023-4480 discovered in PHPFusion by the researchers. PHPFusion is an open-source content management system (CMS) designed for managing personal or commercial websites and is offered under the GNU Affero General…

Read more →

On Tuesday, Synopsys addressed High and medium vulnerabilities CVE-2023-2453, and CVE-2023-4480 discovered in PHPFusion by the researchers. PHPFusion is an open-source content management system (CMS) designed for managing personal or commercial websites and is offered under the GNU Affero General…

Read more →

The АРТ28 hacking group, suspected to have ties to Russian special services, has made an audacious attempt to breach the critical power infrastructure of Ukraine.  This latest cyberattack has raised alarms within the cybersecurity community and heightened concerns over the…

Read more →

The Raspberry Pi is a budget-friendly Linux computer system board that features GPIO pins for physical computing and IoT exploration. However, besides this, threat actors also abuse this board for several illicit purposes as well. Recent arrests in Lubbock involve…

Read more →

Flipper Zero Devices have been discovered with the capability to perform Denial of Service attacks on iPhones. Threat actors can probably spam the iPhones with so many pop-ups prompting about nearby AirTag, Apple TV, AirPods, and other Apple devices. Moreover,…

Read more →

MITRE has CISA (America’s cyber defense agency) unveiled a collection of plugins designed to extend the capabilities of Caldera into the Operational Technology (OT) environment.  MITRE Caldera is a cyber security platform designed to easily automate adversary emulation, assist manual…

Read more →

The usage of Blueshell malware spikes up by various threat actors to target Windows, Linux, and other operating systems across Korea and Thailand. Blueshell backdoor malware has been active since 2020 and written in GO language, believed to be created…

Read more →

Phylum analyzes source code and metadata for all registry-pushed packages. This year, in millions of packages they are aiming to examine nearly a billion files, as this will enable them to get unique insights into package behaviors across ecosystems. That’s…

Read more →

Cyber Security operations center is protecting organizations and the sensitive business data of customers. It ensures active monitoring of valuable assets of the business with visibility, alerting and investigating threats, and a holistic approach to managing risk. Analytics service can…

Read more →

The social network formerly known as Twitter, X, has released its latest data-gathering policy announcement. This includes collecting user information, such as educational history and biometric data. According to the policy, X may collect and use user biometric information for…

Read more →

In a recent development, NSFOCUS Security Labs has detected a fresh APT34 phishing attack.  During this operation, APT34, believed to originate from Iran and also known as OilRig or Helix Kitten, assumed the identity of a marketing services company named…

Read more →

Multiple vulnerabilities have been found in IBM Sterling Secure Proxy, mostly related to Denial of Service and Information Disclosure. It also consisted of a code execution vulnerability and an unidentified vulnerability. The severities of these vulnerabilities vary from 4.5 (Medium)…

Read more →

VMware Aria Operations for Network was discovered with an Authentication Bypass vulnerability previously, which had a critical severity. VMware has released patches for fixing this vulnerability. However, a Proof-of-concept and the patch file provided by VMware have been briefed. CVE-2023-34039…

Read more →

Pizza Hut Australia has fallen victim to a cyberattack resulting in unauthorized access and potential compromise of customer data.  DataBreaches has uncovered alarming details about this breach, with a hacking group known as ShinyHunters claiming responsibility for the attack. According…

Read more →

A large language model (LLM) is a deep learning AI model or system that understands, generates, and predicts text-based content, often associated with generative AI. In the current technological landscape, we have robust and known models like:- Cybersecurity analysts at…

Read more →

Microsoft Windows announced deprecated features for Windows clients 11 and 10. In this article, we’ll delve into the features and functionalities that are no longer actively developed for Windows clients.  Please note that the information below is subject to change…

Read more →

QuickSet and Grid Configurator of Schweitzer Labs were found to be vulnerable to multiple vulnerabilities that threat actors can exploit. Nearly, 9 new vulnerabilities were found which include 4 High severity and 5 Medium severity vulnerabilities.  The High severity vulnerabilities…

Read more →

The latest version of Nmap, 7.94, was released on its 26th birthday. The most significant upgrade was the migration of Zenmap and Ndiff from Python 2 to Python 3 across all platforms. This new version of Nmap 7.94 was upgraded…

Read more →

With the rise of new technological innovations and security mechanisms, threat actors are also upgrading their skills and evolving rapidly.  These evolutions have resulted in an alarming increase in the quick growth of Android malware. Recently, CISA (The United States’…

Read more →

With the rise of new technological innovations and security mechanisms, threat actors are also upgrading their skills and evolving rapidly.  These evolutions have resulted in an alarming increase in the quick growth of Android malware. Recently, CISA (The United States’…

Read more →

Prompt injection refers to a technique where users input specific prompts or instructions to influence the responses generated by a language model like ChatGPT. However, threat actors mainly use this technique to mod the ChatGPT instances for several malicious purposes.…

Read more →

In a recent development, Forever 21 disclosed a cyber incident that came to light on March 20, 2023, affecting a limited number of its systems.  Forever 21 is a multinational fast fashion retailer headquartered in Los Angeles, California, United States.…

Read more →

The Kinsing malware has resurfaced with a new attack method that exploits the Openfire vulnerability tracked as CVE-2023-32315. A path traversal attack caused by this vulnerability allows an unauthorized user access to the Openfire setup environment. Researchers from Aqua Nautilus report that…

Read more →

The Android BadBazaar malware is being distributed through the Google Play store, Samsung Galaxy Store, and dedicated websites mimicimg Signal Plus Messenger and FlyGram malicious applications. These active campaigns are connected to the China-aligned APT organization known as GREF. Uyghurs and other Turkic ethnic minorities…

Read more →

Smishing is a type of cyberattack in which attackers use SMS (text messages) to trick individuals into revealing the following type of Personal and financial data or information:- In attacks like this, threat actors mimic government, bank, or postal agencies…

Read more →

VMware has been reported with a SAML token signature bypass vulnerability, which a threat actor can exploit to perform VMware Guest operations. CVE ID has been assigned for this vulnerability, and the severity was mentioned as 7.5 (High). VMware tools…

Read more →

Splunk Enterprise has multiple vulnerabilities that can lead to Cross-site Scripting (XSS), Denial of Service (DoS), Remote code execution, Privilege Escalation, and Path Traversal. The severities of these vulnerabilities range between 6.3 (Medium) to 8.8 (High).  Splunk has addressed these…

Read more →

Cisco released a fix for the medium impact vulnerability found on CommPilot Application Software, allowing cross-site scripting against the user interface. The Cisco BroadWorks CommPilot Application allows authenticated users to upload configuration files on the platform. The lack of file…

Read more →

In a shocking turn of events, Paramount Media recently fell victim to a significant data breach, leading to the unauthorized access of user personal information.  Paramount Media Networks(founded as MTV Networks in 1984 and known under this name until 2011)…

Read more →

Multiple vulnerabilities have been identified in ArubaOS-Switch Switches, specifically pertaining to Stored Cross-site Scripting (Stored XSS), Denial of Service (DoS), and Memory corruption. Aruba has taken measures to mitigate these vulnerabilities and has subsequently published a security advisory. ArubaOS-Switch is…

Read more →

Qakbot (aka QBot, Pinkslipbot) is a sophisticated banking Trojan malware that can spread through various methods. Once installed on a system, Qakbot can collect:- The FBI, along with the Justice Department, led a multinational operation to dismantle the complete infrastructure…

Read more →

Google has updated the Stable and Extended Stable channels for Mac, Linux, and Windows to version 116.0.5845.140/.141 to address a security issue in Chrome. One “high-severity” security patch is included in this version. This upgrade will roll out over the…

Read more →

The research revealed high malspam activity of DarkGate malware distributed via phishing emails to the users either through MSI files or VBs script payloads. Darkgate malware has been active since 2018 and has the ability to download and execute files…

Read more →

Email communication is essential for personal and professional contact in the modern digital environment. Email is widely used, making it a perfect target for cybercriminals, leading to increased phishing attempts, spam, and email spoofing. Strong email security measures are becoming…

Read more →

There were multiple vulnerabilities in the Juniper SRX and EX Series, which were reported previously. These vulnerabilities have a medium severity if they are separated. However, combining them together results in a pre-auth RCE, which is a critical vulnerability. Following…

Read more →

A recently discovered Android Trojan, dubbed “MMRat,” poses a serious threat to mobile banking security. Unlike other forms of malware, this Trojan is designed to evade detection from traditional antivirus software. The security experts at TrendMicro have identified the Trojan…

Read more →

Static NAT is a type of NAT that maps one public IP address to one private IP address. Every time a device with a private IP address on your network tries to access the internet, its traffic will be routed…

Read more →

Threat actors continue to evolve their spam tactics by utilizing legitimate  Google Groups to send Fake order messages to target multiple users.  Fake order scams work by notifying victims about the purchase status or confirmation that originally was not placed…

Read more →

Hackers can now capture your IP address and expose your physical location by sending a Skype link, even if you don’t click it. An IP address, which stands for “Internet Protocol address,” is like a unique digital home address for…

Read more →

Recent reports indicate that there has been a privilege escalation vulnerability discovered, which arises due to abandoned Active Directory URLs. Threat actors can use this flaw to gain illegal authorization codes that can be used against Microsoft Power Platform API…

Read more →

PurFoods, LLC, operating under the trade name Mom’s Meals, has announced the compromise of personal information affecting its clients and employees.  The company acknowledged that its cybersecurity defenses had been compromised, allowing unauthorized access to a treasure trove of consumer…

Read more →

Authorities in Poland arrested two individuals on suspicion of planning an unlawful hack into the communication network of the national railway, which caused delays in train service in some areas. The Polish PKP railway’s radio communication system was hacked on Friday…

Read more →

Microsoft Edge has published a release note that mentioned a Privilege escalation vulnerability with the CVE ID of CVE-2023-36741 and has a CVSS Score of 8.3 (High). This vulnerability exists in the Microsoft-Edge Chromium-based versions prior to 116.0.1938.62. An unauthorized…

Read more →

It has come to the attention of researchers that the LockBit 3.0 builder has suffered from a leak, which now allows anyone to create various versions of the LockBit ransomware according to their own preferences. This poses a serious security…

Read more →

To avoid detection, hackers employed a new method dubbed “MalDoc in PDF” to insert a malicious Word file into a PDF file. Despite having magic numbers and a PDF-specific file format, a file created with MalDoc in PDF may be opened…

Read more →

Poland’s Railway infrastructure, a crucial transit route for Western weapons transported to Ukraine, has been compromised by cybercriminals. The signals were intermingled with recordings of the Russian national anthem and a speech by President Vladimir Putin, according to the Polish…

Read more →

A Denial-of-Service vulnerability has been discovered in the Cisco Nexus 3000 and 9000 series switches, which could allow a threat actor to cause a denial-of-service condition due to a flaw in the IS-IS (Intermediate System-to-Intermediate System) protocol. ISIS is one…

Read more →

There has been a cyber attack on two cloud hosting providers, namely CloudNordic and Azero Cloud, both of which are owned by Certiqa Holding. The cyber attack has resulted in a complete data loss for all of their customers. The…

Read more →

A high-severity vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software might allow an unauthenticated local attacker to force an affected device to unintentionally reload. NX-OS is a network operating system for Cisco Systems’ Nexus-series Ethernet switches and…

Read more →

The recent discovery of a zero-day vulnerability (CVE-2023-2868) in Barracuda Networks Email Security Gateway (ESG) appliances has brought significant concern.  CVE-2023-2868 is a remote command injection vulnerability that grants unauthorized execution of system commands with administrator privileges on Barracuda ESG…

Read more →

The most widely used network protocol analyzer in the world, Wireshark, has released version 4.0.8. It is employed for network analysis, troubleshooting, software and communications protocol development, and education. This new version includes bug fixes, improved protocol support, and a…

Read more →

Brute force attacks have been one of the most common attack types. In Q1 2022, brute force made up 51% of all attacks! These attacks often pave the way for other types of threats and have devastating consequences for the…

Read more →

Corporate mobile devices have become essential to everyday tasks for employees, but this convenience also comes with security risks. The challenge lies in managing and securing multiple devices, especially without a proper solution. This is where mobile device management (MDM)…

Read more →

Privilege escalation is a commonly employed attack vector in the Windows operating system environment. Attackers often leverage offensive tools such as Meterpreter, CobaltStrike, or Potato tools to execute code such as “NT AUTHORITY\SYSTEM.”  These tools typically employ token duplication and…

Read more →

Kali Linux 2023.3 is now available, and it includes a variety of new packages and tools, as well as the usual upgrades. The release of Kali Linux 2023.3 arrives three months after Kali Linux 2023.2.  This upgrades the kernel from Debian…

Read more →

A cyber attack group – GroundPeony, targeting the Taiwanese government, was discovered in March 2023; it used several tactics, such as tampering with legitimate websites for distributing malware, URL obfuscation, and multi-stage loaders. Further investigations revealed that a China-nexus attack…

Read more →

One of the renowned hospitals in Israel became the victim of a data breach, and patients were blackmailed with a financial motive. According to an Israel Hayom report, Maayanei HaYeshua Medical Center in Bnei Brak was attacked, and the sensitive…

Read more →

Cyberattacks are becoming increasingly sophisticated, threatening organizations’ critical infrastructure and sensitive data more than ever. Core solutions such as SIEMs are often insufficient to ensure complete protection against malware infections, especially new and unexplored ones. As a result, security specialists…

Read more →

For a supply chain attack and to plant the Korplug backdoor (aka PlugX) on the systems of the targeted victims, an unknown APT group was found to be using the “Cobra DocGuard.”  Cobra DocGuard is a legit software package that…

Read more →

Two Server-Side Request Forgery (SSRF) vulnerabilities were found in Apache Batik, which could allow a threat actor to access sensitive information in Apache Batik. These vulnerabilities exist in the Apache XML Graphics Batik and are given CVE IDs CVE-2022-44729 and…

Read more →

Researchers have identified a new Malware-as-a-Service (MaaS) operator called ‘EVLF DEV’ as being behind the creation of CypherRAT and CraxsRAT. EVLF has been selling CraxsRAT, one of the most extremely dangerous Android RATs accessible today, for the past three years, with…

Read more →

An unauthenticated critical API access vulnerability was found in the Ivanti Sentry interface, which could allow a threat actor to gain access to sensitive APIs that can be used to access the Ivanti administrator portal and configure Ivanti Sentry. This…

Read more →

Multiple vulnerabilities have been discovered on Junos OS, which can be combined to execute a preAuth remote code execution vulnerability on Junos OS on SRX and EX Series. An unauthenticated network-based attacker can exploit these vulnerabilities by chaining them. Junos…

Read more →

A blind XPath injection vulnerability was discovered in Apache Software Foundation Apache Ivy, which allows threat actors to exfiltrate data and access sensitive information that is restricted to only the machine that runs Apache Ivy. This vulnerability exists in the…

Read more →

Multiple vulnerabilities have been discovered on Junos OS, which can be combined to execute a preAuth remote code execution vulnerability on Junos OS on SRX and EX Series. An unauthenticated network-based attacker can exploit these vulnerabilities by chaining them. Junos…

Read more →

DotRunpeX is one of the new and stealthiest .NET injectors that employs the “Process Hollowing” method, through which this malware distributes a diverse range of other malware strains. Cybersecurity researchers at Check Point recently revealed the real-world use and campaign-related…

Read more →

The recent Africa Cyber Surge II operation conducted by INTERPOL and AFRIPOL has revealed a stark reality – the surge in digital insecurity and cybercriminals threats across Africa.  This operation spanned 25 African countries and successfully identified 20,674 suspicious cyber…

Read more →

Android Smartphones lay a vital role in our daily life, as they help us to stay connected and, not only that even it also helps in performing several daily tasks like:- But, besides this, it also attracts the attention of…

Read more →

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, along with Windows and macOS. Here we have provided you with a top 10 best Linux distros in 2023 for all professionals. Hence Linux…

Read more →

Threat actors are actively modifying their TTPs to counter the advanced security mechanisms and tools to accomplish their illicit goals for several malicious purposes. Hiding malicious traffic in cloud storage platforms is not a new concept completely, and it seems…

Read more →

The Cuba ransomware seems to be gaining more pace with each passing year, and this ransomware has been operating and active since 2019. Until now, the operators of the Cuba ransomware have executed several high-profile attacks to target many industries…

Read more →

Cynomi, the leading AI-powered virtual Chief Information Security Officer (vCISO) platform vendor for Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs) and consulting firms, has published the results of its first annual report, “The State of the Virtual CISO…

Read more →

The Airplane mode in smartphones ensures safe device use on flights, as this feature prevents interference with critical flight systems by deactivating all the wireless functions of the smartphone. Besides this, the Airplane Mode’s role extends beyond travel, serving as:…

Read more →

Web servers are a prime target for threat actors due to their open and volatile nature. However, these servers must remain open to provide various web services to users. Web services that are provided on Windows servers by the Web…

Read more →

In the current world of cybersecurity, security threats are evolving at a rapid pace, as there are always new problems to deal with. Among the ever-evolving threats, SMS Bomber attacks are one of the modern attacks in the current threat…

Read more →

An SQL injection vulnerability was discovered in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME).  Cisco Unified CM is used for handling voice and video calls,…

Read more →

The vulnerabilities, CVE-2023-38401 and CVE-2023-38402, affect the HPE Aruba Networking Virtual Intranet Access (VIA) client for the Microsoft Windows operating system. If the exploit is successful, the attacker can overwrite arbitrary files. HPE Aruba Networking has issued an upgrade to…

Read more →

An ongoing campaign has resulted in the compromise of multiple LinkedIn accounts. However, the motive behind this campaign remains unclear at this time. Numerous users have reported instances of their LinkedIn accounts being temporarily locked, hacked, or permanently deleted. In…

Read more →

The Monti ransomware was found in June 2022 that attracted notice due to its close resemblance to the Conti ransomware, both in name and tactics, drawing attention from cybersecurity experts and organizations. Monti ransomware group has been observed to employ…

Read more →

Recent reports indicate that GigaBud malware has been targeting more than 99 financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru. GigaBud is an undocumented Android Remote Access Trojan (RAT) and has been active since July 2022. Investigating the…

Read more →

LummaC, an information stealer, is being disseminated on Russian-speaking forums through a Malware-as-a-Service (MaaS) approach. Sensitive data from affected devices is intended to be stolen by this malware.  Cryptocurrency wallets, browser add-ons, two-factor authentication credentials, and numerous files are some…

Read more →

ScrutisWeb is a secure solution that aids global organizations in monitoring ATMs, enhancing issue response time, and this solution is accessible through any browser. The following things could be done with the help of this secure solution:- Cybersecurity researchers at…

Read more →