Category: GBHackers – Latest Cyber Security News | Hacker News

The subject of whether ChatGPT can be used to create phishing sites and if it can also be used to accurately detect them has been discussed by security researchers. This experiment has been carried out to see how much cybersecurity…

Read more →

In the ever-evolving landscape of system connectivity, APIs have transformed how information is shared and utilized. However, their widespread adoption has introduced security risks that cannot be ignored.  LinkedIn’s data breach, where approximately 92% of data was exposed due to…

Read more →

Former FBI Analyst sentenced for keeping hundreds of National Defense documents and other classified information. According to the report published by the Department of Justice, Kendra Kingsbury, 50 who was a former FBI analyst was arrested and sentenced to 46…

Read more →

Hackers Attack Linux SSH Servers. An attack campaign has been recently uncovered by AhnLab ASEC, where poorly controlled Linux SSH servers are targeted and infiltrated with the Tsunami DDoS Bot. In addition to Tsunami, the threat actor installed several other…

Read more →

Xerosploit is a penetration testing toolbox whose objective is to perform man-in-the-middle attacks. It brings different modules that permit to acknowledge of proficient assault and furthermore permit to do DOS attacks and port filtering. We can use this tool to…

Read more →

Stealthy SMS Side-Channel Attack Exposed. When you send an SMS, delivery reports let you know if your message reached the recipient. But here the most interesting thing is that they also have the potential to provide the location of the…

Read more →

On illegal Dark Web Markets, more than 101,000 hacked accounts of the OpenAI language model ChatGPT were discovered. These hacked credentials were found in the logs of information-stealing malware sold on illegal dark web markets. Reports say in May 2023,…

Read more →

Hackers Attacks on Websites, the websites developed by a certain Korean company, have been the subject of assaults and have been used to spread malware.  A wide range of businesses, including those in the manufacturing, trade, electrical, electronics, education, construction, medical,…

Read more →

Recent reports indicate that a cyber attack hit the European Investment Bank (EIB) – DDoS Attack claimed to be from Russian threat actors. Cybercrime activities have seen a large rise after the Russia-Ukraine LoCs heated up in 2022. Several threat…

Read more →

Recently, the High Court in Auckland sentenced the Megaupload programmers to jail after they admitted guilt and agreed to provide testimony against Kim Dotcom. The two men overseeing the site ‘Megaupload’ received individual prison terms exceeding two years. Here below,…

Read more →

An ongoing phishing campaign has found that attackers abuse legitimate credential harvesting services and data exfiltration to avoid detection. With 59% of assaults recorded, credential harvesting has consistently been the most common attack vector. It contributes significantly to business email compromise…

Read more →

Recently, the cybersecurity researchers at CYFIRMA found that hackers are actively using “Mystic Stealer Malware,” a new information stealer.  It’s been claimed that in an underground forum, this new information stealer is actively advertised by the threat actors, and for…

Read more →

Since August 2022, a recently discovered Android virus named “GravityRAT” has rapidly circulated through a new Android malware campaign.  It gains access to phones by disguising itself as a fraudulent chat app called ‘BingeChat‘ in order to steal users’ sensitive…

Read more →

Recently, it’s been confirmed by Microsoft that the current outage problems experienced by the following services of Microsoft were due to intentional Layer 7 DDoS attacks:- The credit for the attacks goes to a threat actor called Storm-1359 (aka Anonymous…

Read more →

A Vulnerability Scanner Tool is one of the essential tools in IT departments Since vulnerabilities pop up every day and thus leaving a loophole for the organization. The Vulnerability scanning tools help detect security loopholes in the application, operating systems,…

Read more →

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from…

Read more →

This article will help you to understand the modern cyber threats and the most commonly used attack surfaces behind any malware/cyber-attacks. In most times, the cyber attacks are getting executed in stages. So the SOC team must understand the attack patterns…

Read more →

It has been discovered that threat actors might take over expired Amazon S3 buckets to serve rogue binaries without changing the actual modules. Malicious binaries exfiltrate the stolen data to the hacked bucket after stealing the user names, passwords, local machine…

Read more →

Shell corporation has published a report indicating that they have faced a security incident that involved Accelion’s File Transfer appliance in 2021.  This is the second time the company has faced a security incident after 2021. Shell is one of…

Read more →

A global cyberattack targeting numerous US federal government institutions has been launched as a result of the recent revelation of vulnerabilities in the MOVEit Transfer and MOVEit Cloud platforms. According to reports, the claimed responsible ransomware group, Clop, is known to…

Read more →

Recently, the cybersecurity researchers at VulnCheck identified a growing trend of hackers masquerading as cybersecurity researchers on social platforms like Twitter and GitHub.  While hackers are doing so to spread fake proof-of-concept exploits for the vulnerabilities that are Zero-day in…

Read more →

LockBit was one of the most widely used ransomware in 2022, targeting both small and large organizations irrespective of their size or net worth. The threat actor group deploying this LockBit ransomware was working as a RaaS (Ransomware-as-a-service) based group…

Read more →

Based on the recent reports by IOActive, Drones, also called Unmanned Aerial Vehicles (UAVs), are vulnerable to code injection, which would result in gaining complete access to the firmware and core functionality of the drone. Drones have been used in…

Read more →

The Chinese cyberespionage gang, identified as UNC3886, has been spotted employing a VMware ESXi zero-day vulnerability to get escalated privileges on guest virtual machines. UNC3886 has been using malicious vSphere Installation Bundles (VIBs), typically used to maintain systems and deploy…

Read more →

Bolster’s threat research team recently discovered an extensive brand impersonation effort targeting more than 100 well-known clothes, footwear, and apparel firms. The peak phishing activity for this campaign occurred between November 2022 and February 2023, after becoming active around June…

Read more →

A shocking discovery has been made by researchers, unveiling an innovative method for extracting covert encryption keys from smart cards and smartphones. Utilizing the integrated cameras of iPhones or surveillance systems, they record videos of power LEDs, serving as indicators…

Read more →

The information of hundreds of thousands of Indians who received the COVID vaccination was exposed in a significant data breach and posted on a Telegram channel. The Fourth News, a Malayalam news portal, said that a Telegram bot on the…

Read more →

An alarming cyberattack has hit the University of Manchester, and the University confirmed this incident officially on June 9, 2023. This unfortunate event likely resulted in threat actors’ unauthorized access, raising concerns about potential data exposure. The University of Manchester…

Read more →

In a recent revelation, Microsoft disclosed that banking and financial service institutions had become the active target of a fresh attack known as adversary-in-the-middle (AitM) phishing and BEC. As the number of reported cases surpasses 21,000 and the losses skyrocket…

Read more →

Super Smash Flash 2 Unblocked is the next fun version of the impressive game series which is titled Super Smash Bros. Super Smash Flash 2 was designed by McLeodGaming operator. The release of the game was as brilliant as its…

Read more →

Penetration testing & Hacking Tools are more often used by security industries to test the vulnerabilities in networks and applications. Here you can find the Comprehensive Penetration Testing & Hacking Tools list that covers Performing Penetration testing Operations in all…

Read more →

The digital counterpart of your physical reality is growing phenomenally. While positive outcomes are certainly there, with the growth of the internet, the risks associated with it are also growing rapidly. When discussing cybersecurity risk management, the first thing that…

Read more →

Eaton Zveare, a security researcher, has released the specifics of major vulnerabilities uncovered in Honda’s e-commerce platform for power equipment, marine, and lawn & garden products. It allowed anyone to reset their password for any account and was therefore open…

Read more →

Network Security tools for Penetration testing is more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Network Security Tools list that covers Performing Penetration testing Operation in all the…

Read more →

Recently, a script kiddie has been banned for sharing the stolen OpenAI API keys with many users on Discord for the r/ChatGPT subreddit. Developers can seamlessly incorporate OpenAI’s language model, GPT-4, into their applications using API keys. Oftentimes, developers unintentionally…

Read more →

PortSwigger released a brand-new version of Burp Suite 2023.6 that is intended for both Professional and Community users. BChecks, a new type of custom scan check, are introduced in this release. Additionally, it includes GraphQL scan checks, enhancements to Burp…

Read more →

The North Korean APT group Kimsuky has been running a social engineering operation that targets experts in North Korean affairs from the non-government sector, according to SentinelLabs. For spear-phishing attempts to gather intelligence from think tanks, research centers, academic institutions, and…

Read more →

Recently, cybersecurity researchers uncovered that over 60,000 Android applications had been stealthily disguised as genuine software for the past six months. It has been identified that these malicious apps have been secretly implanting adware onto unsuspecting mobile devices without detection.…

Read more →

Google has recently taken prompt security measures by releasing a security update for its Chrome web browser, aiming to fix the third zero-day vulnerability of this year that hackers have exploited. The third Chrome zero-day vulnerability that was fixed recently…

Read more →

A major MOVEit Hack has impacted many businesses, notably the BBC, British Airways, Boots, and Aer Lingus. The organizations acknowledged that tens of thousands of British Airways, Boots, and BBC staff had their personal information compromised due to a large-scale…

Read more →

A Vulnerability Scanner Tools is one of the essential tools in IT departments Since vulnerabilities pop up every day and thus leaving a loophole for the organization. The Vulnerability scanning tools help detect security loopholes in the application, operating systems,…

Read more →

Moonlighter, a groundbreaking project dubbed the “first-ever hacking sandbox in space,” will revolutionize satellite hacking as it ventures into low-Earth orbit in August.  This pioneering effort promises to push the boundaries of cybersecurity by providing a unique platform for hacking…

Read more →

OpenAI, supported by Microsoft, recently unveiled an innovative cybersecurity grant initiative to enhance AI-driven cybersecurity measures. The creators of ChatGPT are actively engaged in enhancing cybersecurity evaluations for AI models, aiming to measure and enhance their efficacy.  They are dedicated…

Read more →

Analyzing the malware to break down its function and infection routine is a kind of tough job. here we describe the complete Malware Analysis Tutorials, tools, and elaborate cheatsheet. Also Read; Became a Certified Malware Analyst What is Malware Analysis?…

Read more →

Gmail has the highest number of users, amounting to a massive 1.5 billion, which is 18.75% of the world population. Gmail is well-known for its security features which prevent hackers from taking over user accounts.  Gmail has released a new…

Read more →

RedBus and MakeMyTrip Limited, two of India’s biggest online travel agencies, allow users to reserve free seats. Mr. Vishnu Thulasidoss had intended to go to his hometown a few months ago when he was interning in Chennai for several reasons.…

Read more →

Web server pentesting is performed under 3 significant categories: Identity, Analyse, and Report Vulnerabilities such as authentication weakness, configuration errors, and protocol Relation vulnerabilities.  1.  “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web…

Read more →

Splunk is one of the most used SIEM (Security Incident and Event Management) tools worldwide. Splunk can collect logs of all the configured events that can be used later to investigate security incidents. Based on recent reports, Splunk was vulnerable…

Read more →

California-based Ring LLC endangered its customers’ privacy by allowing any employee or contractor to see consumers’ private footage and failing to implement basic privacy and security controls, enabling hackers to gain control of consumers’ accounts, cameras, and videos. Ring LLC,…

Read more →

Gigabyte systems have been identified by the Eclypsium platform for exhibiting suspicious backdoor-like behavior. This discovery marks a recent development in detecting potential security vulnerabilities in Gigabyte systems. The Eclypsium platform employed heuristic detection methods to identify potential supply chain…

Read more →

The third Beta version of Security Onion 2.4 is made available by Security Onion Solutions. A free and open platform for log management, enterprise security monitoring, and threat hunting is called Security Onion. It consists of both their in-house tools,…

Read more →

The Leak discloses Address, Vehicle Identification Number (VIN), Email address, Phone number, Name, and Vehicle Registration Number. The post Toyota Server Misconfiguration Leaks Owners Data for Over Seven Years appeared first on GBHackers – Latest Cyber Security News | Hacker…

Read more →

Dark Pink has successfully targeted 13 organizations across 9 countries, highlighting the extent of their malicious activities. The post Dark Pink APT Group Compromised 13 Organizations in 9 Countries appeared first on GBHackers – Latest Cyber Security News | Hacker…

Read more →

This vulnerability exists due to improper processing, validation, and sanitization of the names of the files within the user-supplied .tar file. The post Hackers Exploit Barracuda Zero-Day Flaw Since 2022 to Install Malware appeared first on GBHackers – Latest Cyber…

Read more →

In today’s interconnected world, where digital communication and transactions dominate, phishing attacks have become an ever-present threat. By masquerading as trustworthy entities, phishing attacks deceive users and organizations into divulging sensitive information, such as passwords, financial data, and personal details.…

Read more →

This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation The post Critical Jetpack WordPress Flaw Exposes Millions of Website appeared first on GBHackers – Latest Cyber Security News | Hacker News.…

Read more →

Users of Kali Linux can now upgrade to the 2023.2 version, which has many new features and enhanced capabilities. The post Kali Linux 2023.2 Released – What’s New! appeared first on GBHackers – Latest Cyber Security News | Hacker News.…

Read more →

CTF (Capture The Flag) exercises have existed for several years. These CTF exercises provide a great challenge and provide great knowledge for ethical hackers and Bug Bounty Hunters. Many companies have been conducting CTF competitions very often as a part…

Read more →

A phishing attack that involved mimicking a browser-based file archiver software like WinRAR using a .zip domain to enhance its credibility. The post New Phishing Attack Abuses .Zip Domain to Emulate Fake WinRAR Within the Browser appeared first on GBHackers…

Read more →

The creator of this Invicta malware is heavily active on social networking sites, using them to advertise their information-stealing malware and its deadly powers. GoDaddy refund emails have become a common tool hackers use to deceive customers into downloading malware.…

Read more →

Bandit malware prioritizes Windows as its target and leverages the legitimate command-line tool to execute programs under different user permissions. The post New Bandit Malware Attacks Browsers to Steal Personal & Financial Logins appeared first on GBHackers – Latest Cyber…

Read more →

Critical Google Cloud SQL Service could be exploited by attackers to access sensitive data and breach other cloud services. The post Critical Google Cloud’s SQL Service Flaw Exposes Sensitive Data appeared first on GBHackers – Latest Cyber Security News |…

Read more →

SaaS (Software-as-a-Service) has become popular for delivering software applications and services over the cloud. While SaaS offers numerous benefits, such as flexibility and scalability, it also introduces unique security challenges. SaaS security is the measures and practices implemented to protect…

Read more →

A commercial spyware product offered by the spyware company Intellexa (formerly Cytrox) has been described by Cisco Talos. By designing deployment procedures that frequently call for little to no user engagement, spyware vendors go to significant efforts to make the final…

Read more →

Based on reports from Jeremiah Fowler, a non-password-protected database exposed nearly 360 million records related to a VPN. The database contained email addresses, device information, and even website references that users visited. According to the investigation, these records belonged to…

Read more →

In response to the future artificial intelligence (AI) restrictions by the European Union, OpenAI CEO Sam Altman stated that the maker of ChatGPT may think about leaving Europe. The EU is developing the first set of international regulations for AI. The…

Read more →

SYDNEY makes a return, but this time in a different way. Following Microsoft’s decision to discontinue its turbulent Bing chatbot’s alter ego, devoted followers of the enigmatic Sydney persona regretted its departure.  However, a certain website has managed to revive…

Read more →

Proofpoint’s security researchers have identified indications of sophisticated threat actors focusing their attention on small and medium-sized enterprises and service providers operating within that particular ecosystem. The researchers recently issued a cautionary message in their latest report regarding a collection…

Read more →

Wireshark is a free and open-source network packet analyzer used by people worldwide. It has a wide range of uses when it comes to packet analysis. The original name of Wireshark is “Ethreal” released by Gerald Combs in late 1997.…

Read more →

Apria HealthCare Inc. is a leading home medical equipment and clinical support provider. The company was founded in 1924 and had a net worth of $644 million headquartered in Indianapolis, US. On 23rd May 2023, Apria released a notification letter…

Read more →

Antivirus products continuously advance to combat evolving threats, prompting malware developers to create new bypassing techniques like “packing” and “crypting,” GuLoader is a notable service employed by cybercriminals to avoid detection by antivirus software. The cybersecurity researchers at Check Point…

Read more →

Chief Information Security Officers (CISOs) hold a critical and challenging role in today’s rapidly evolving cybersecurity landscape. Here are the common security challenges CISOs face. As organizations increasingly rely on technology to drive their operations, CISOs face complex security challenges…

Read more →

The cybersecurity researchers at ESET recently made a significant discovery, a previously unidentified remote access trojan (RAT) lurking within an Android screen recording app, available for download on the Google Play Store and already amassed tens of thousands of installations.…

Read more →

Facebook (now Meta) has faced many allegations and litigations in the past 10 years. Most are related to privacy, data protection, and surveillance in other countries. However, a case that was filed against Facebook in 2013 was given a verdict. …

Read more →

CERT-UA has identified and addressed a cyber attack on the government information systems of Ukrainian governmental state bodies. Through investigation, it was discovered that the department’s email address received communications on April 18, 2023, and April 20, 2023, appearing to…

Read more →

Editing messages is one of the key features that WhatsApp has been missing for a while. Ever since the Facebook takeover in 2014, there have been several additional features, including 24-hour status, video status, etc.,  Recent reports stated that the…

Read more →

A novel assault named ‘BrutePrint’ has been unveiled by the joint efforts of Tencent Labs and Zhejiang University researchers, enabling the forceful extraction of fingerprints on contemporary smartphones.  This method circumvents user authentication, granting unauthorized access and full control over…

Read more →

CISA has issued a recent warning regarding a security flaw that impacts Samsung devices, enabling attackers to circumvent Android’s address space layout randomization (ASLR) protection during targeted attacks. ASLR serves as a crucial security feature in Android, ensuring that the…

Read more →

According to reports from the FSB (Federal Security Service) Department’s Press Service in Rostov Region, Yevgeny Kotikov, an IT specialist, was sentenced to three years imprisonment. FSB also ordered to pay a fine of 800 thousand rubles ($10,000) for his…

Read more →

Malicious ad campaigns with themes connected to artificial intelligence (AI) tools like Midjourney and ChatGPT have been seen in Google’s search engine, according to Trendmicro researchers. When a user types in the keyword “midjourney” into Google, several malicious advertisements are…

Read more →

ExtraHop released a new tool called “Reveal(x)” that helps organizations understand their potential risk exposure from employee use of OpenAI ChatGPT by providing visibility into the devices and users on their networks connecting to OpenAI domains. ChatGPT has become highly…

Read more →

Researchers uncovered a financially motivated threat group known as ‘UNC3944’ which employs phishing and SIM-swapping techniques to seize control of Microsoft Azure admin accounts.  Enabling them to exploit Azure’s Serial Console on VMs for persistent installation of remote management software…

Read more →

KeePass, a widely used password manager application, is vulnerable to a security flaw that gives the threat actors ability to extract the master password from the memory of the app. This vulnerability poses a significant risk as attackers can retrieve…

Read more →

The web-based user interface of some Cisco Small Business Series Switches contains multiple vulnerabilities, according to a warning from Cisco. Cisco lists four critical remote code execution flaws with public exploit code. With CVSS base scores of 9.8/10, all four…

Read more →

Tam Cymru researchers have recently revealed noteworthy patterns and irregularities from their continuous monitoring of QakBot’s command and control infrastructure.  The researchers shared high-level insights into the findings, shedding light on emerging trends and unusual activities related to QakBot. From…

Read more →

Google’s Device Vulnerability Reward Program helps the company identify security flaws in its operating system and devices. To promote additional security research in areas of their products that will have a greater impact and protect the users’ security, Google is launching a…

Read more →

Apple published a report claiming that they prevented around $2 billion of potentially fraudulent transactions in 2022 and rejected around 1.7 million app submissions as they failed to meet the App Store’s High Standard of Privacy. Apple has been giving…

Read more →

Geacon, a Cobalt Strike implementation written in Golang, is likely to attract the attention of threat actors looking for vulnerable macOS devices. Threat actors have been employing Cobalt Strike to breach Windows PCs for years, despite the infosec industry’s ongoing…

Read more →

The ‘RA Group’ is a recently emerged ransomware organization that is actively attacking the following companies in the United States and South Korea:- Cybersecurity researchers at Cisco Talos observed them employing the common ‘double-extortion’ technique by establishing a data leak…

Read more →

Meta is introducing Meta Verified on Facebook and Instagram. The popular social networking platform will now permit anyone who agrees to pay the price to have a blue tick on their profile.   Previously, Twitter sold the blue tick exclusively given to…

Read more →

To mitigate the threats posed by increasingly potent AI systems, government action will be essential, according to the CEO of the artificial intelligence company that produces ChatGPT. The success of OpenAI’s chatbot, ChatGPT, provoked worries and an AI arms race…

Read more →

The cybersecurity researchers at Symantec Threat Labs recently discovered APT hacking group has been utilizing the specialized ‘Merdoor’ backdoor malware to conduct precise and prolonged attacks on the following sectors in South and Southeast Asia since 2018:- While apart from…

Read more →

The Office of the Main Attorney General of Maine reported that there was a data breach in one of the Brightly-owned Software on 20th April 2023, which was discovered 8 days later. Brightly Inc is a Software company founded in…

Read more →

In March 2023, Group-IB’s Threat Intelligence team accessed the Qilin ransomware (Agenda ransomware) group and discovered that it is a Ransomware-as-a-Service affiliate program using Rust-based ransomware to target victims. Qilin ransomware employs personalized attack strategies, including modifying file extensions and…

Read more →

In April 2023, Google announced VirusTotal Code Insight to improve the capacity of its malware detection and analysis platform. This week, Google released an enhanced version of VirusTotal Code Insight, including support for more scripting languages. Code Insight is an…

Read more →

The Insurance industry was the most targeted sector in Q1, 2023, according to Indusface’s State of Application Security report, with 12 times more attacks than any other sector. Another report from the same year reveals that the insurance industry witnessed…

Read more →

WithSecure Labs, researchers uncovered a cyber operation named Ducktail in July 2022, where threat actors employed information-stealing malware to specifically target marketing and HR professionals with spear-phishing campaigns through LinkedIn direct messages, focusing on individuals and employees with potential access…

Read more →

Meta is introducing a new “Chat Lock” feature for WhatsApp to assist customers in securing their conversations. “We’re excited to bring to you a new feature we’re calling Chat Lock, which lets you protect your most intimate conversations behind one more…

Read more →

A part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to handle was found to have been made public as a result of misconfiguration of the cloud environment. Between November 6, 2013, and April 17, 2023, the…

Read more →

There has been a shift in threat actor behavior in recent years. Observations by threat researchers showed a peak in their change of activities. Ever since, Microsoft disabled macros by default, which was extensively exploited by threat actors and paved…

Read more →