A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface. This vulnerability could potentially allow authenticated, remote attackers to conduct SQL injection attacks on affected systems. This vulnerability, tracked as CVE-2024-20360, poses significant risks,…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Hackers Exploit WordPress Plugin to Steal Credit Card Data
Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting WooCommerce online stores to steal credit card information. This alarming trend highlights the persistent threat cybercriminals pose and the need for robust security measures in the…
Google Patches Chrome Zero-Day: Type Confusion in V8 JavaScript
Google has released a patch for a zero-day exploit in its Chrome browser. The vulnerability, identified as CVE-2024-5274, involves a confusion issue in the V8 JavaScript engine, which could allow attackers to execute arbitrary code on affected systems. CVE-2024-5274 –…
Hackers Created Rogue VMs in Recent MITRE’s Cyber Attack
State-sponsored hackers recently exploited vulnerabilities in MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). They used rogue virtual machines (VMs) to evade detection and maintain persistence in a cyberattack. The attack, attributed to a China-linked group tracked as UNC5221, underscores…
Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program
In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing ZIP and RAR attachments to distribute SMOKELOADER malware. The most recent attacks involve emails that carry Microsoft Access files and ZIP archives that, when opened, install…
Chinese Hackers Stay Hidden On Military And Government Networks For Six Years
Hackers target military and government networks for varied reasons, primarily related to spying, which involves interference in the functioning of critical infrastructure. This is mainly because these networks hold sensitive data and command systems that if tampered with can be…
NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers
Zero Trust Maturity measures the extent to which an organization has adopted and implemented the Zero Trust security model. It calculates how fully a company has adopted Zero Trust’s foundational concepts, such as stringent authentication of each user, device, and…
Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities
The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining attacks in the cloud. Unlike on-premises infrastructure, whereby it is difficult to scale up resources, cloud environments enable attackers to deploy resources for cryptomining rapidly, making…
Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft
Gift cards are attractive to hackers since they provide quick monetization for stolen data or compromised systems. Reselling gift cards is simple, and they can also be converted into money, which makes them a comparatively risk-free means of ensuring threat…
DNSBomb : A New DoS Attack That Exploits DNS Queries
A new practical and powerful Denial of service attack has been discovered that exploits DNS queries and responses. This new attack has been termed “DNSBomb,” which transforms different security mechanisms employed by DNS, including reliability enhancement, security protection, timeout, query…
Malicious PyPI & NPM Packages Attacking MacOS Users
Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users. These packages, found on the Python Package Index (PyPI) and NPM, have been meticulously analyzed to uncover their malicious intent and sophisticated attack mechanisms. GuardDog: The Sentinel…
Beware Of HTML That Masquerade As PDF Viewer Login Pages
Phishing attacks have evolved into increasingly sophisticated schemes to trick users into revealing their personal information. One such method that has gained prominence involves phishing emails masquerading as PDF viewer login pages. These deceptive emails lure unsuspecting users into entering their email addresses and passwords, compromising their online security. Forcepoint X-Labs has recently observed many phishing emails targeting various government departments in the Asia-Pacific (APAC)…
Operation SpecTor: Authorities Seized Dark Markets Offering Illicit Goods
Law enforcement agencies have successfully dismantled several dark web marketplaces offering illicit goods. Dubbed “Operation SpecTor,” this coordinated crackdown marks a significant victory in the ongoing battle against cybercrime and illegal online activities. This news was shared on the Dark…
Apple’s Wi-Fi Positioning Can Be System Abused To Track Users
A new study by researchers at the University of Maryland has uncovered a privacy vulnerability in Apple’s Wi-Fi Positioning System (WPS) that allows attackers to track users’ locations and movements globally. The findings raise serious concerns about the potential for…
Spyware App Found Running on Multiple US Hotel Check-In Computers
A consumer-grade spyware app named pcTattletale has been discovered running on the check-in systems of at least three Wyndham hotels across the United States. This alarming discovery was made by TechCrunch, which reported that the app stealthily captured screenshots of…
OpenText Acquires Cybersecurity MDR Platform for MSPs
OpenText, a leader in information management solutions, has announced the acquisition of Pillr technology, a cloud-native, multi-tenant Managed Detection and Response (MDR) platform designed for Managed Service Providers (MSPs). This strategic move aims to improve OpenText’s cybersecurity capabilities, enabling it…
Microsoft Replacing VBScript With JavaScript & PowerShell
Microsoft has shifted its scripting options for web development and task automation. The company is replacing VBScript with more advanced alternatives such as JavaScript and PowerShell to provide users with the most modern and efficient tools. This article explores what…
Ikaruz Red Team Leveraging LockBit Builder To Launch Ransomware Attacks
Hackers exploit ransomware as it enables them to extort money from victims by encrypting their data and demanding a ransom for its release. While this method is highly lucrative and often difficult to trace back to the perpetrators. Sentinel One…
Turla Hackers Leveraging Microsoft Build Engine To Deliver Malware Stealthily
Hackers exploit the Microsoft Build Engine because it can execute code and build applications. This engine provides an easy means for them to send harmful payloads using legitimate software development tools. Moreover, inside corporate environments, Build Engine’s trusted nature enables…
Stealerium Malware Targeting Wi-Fi Networks, Outlook to Steal Login Credentials
A new strain of malware known as Stealerium has been identified. It targets Wi-Fi networks and Microsoft Outlook to steal login credentials. This sophisticated malware poses a significant threat to individual users and organizations, highlighting the need for heightened vigilance…