A proof-of-concept (PoC) exploit for a critical zero-day vulnerability (CVE-2024-4947) in Google Chrome has been made public. The potential for exploitation of this vulnerability, which impacts the V8 JavaScript engine, has generated considerable apprehension among members of the cybersecurity community.…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Kinsing Malware Attacking Apache Tomcat Servers To Deploy Cryptominers
Kinsing malware, known for exploiting vulnerabilities on Linux cloud servers to deploy backdoors and cryptominers, has recently expanded its target to include Apache Tomcat servers. The malware utilizes novel techniques to evade detection by hiding itself within seemingly innocuous system…
Sonicwall SSL-VPN exploit Advertised on the Dark web
The dark web has seen the release of a new vulnerability that targets SonicWALL SSL-VPN devices. Recently, the exploit, which lets people enter private networks without permission, was sold on a well-known dark web market. The news was first shared…
Hackers Exploiting Docusign With Phishing Attack To Steal Credentials
Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make it a highly effective and low-cost attack method. Phishing attacks can be easily scaled to target a large number of individuals, increasing the likelihood of success.…
ViperSoftX Malware Uses Deep Learning Model To Execute Commands
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts text from images, and the malware scans these extracted strings for phrases related to passwords or cryptocurrency wallets. If a…
New Linux Backdoor Attacking Linux Users Via Installation Packages
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target for gaining unauthorized access or spreading malware. Besides this, its open-source nature allows threat actors to study the code and…
Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS) based VPN solutions, like SSLVPN and WebVPN, should be replaced with safer options. Bad people are still taking advantage of…
Santander Data Breach: Hackers Accessed Company Database
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and Chile. Concerns have been made about data security and privacy following the breach, which was found to have started with…
U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and severance of North Korean IT workers working around the world. This plan, which was announced on Thursday, is meant to…
Russian APT Hackers Attacking Critical Infrastructure
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals, as APT groups conduct espionage to gather valuable political and economic information. The Russian government may recruit financially motivated groups,…
Millions Of IoT Devices Vulnerable To Attacks Leads To Full Takeover
Researchers discovered four significant vulnerabilities in the ThroughTek Kalay Platform, which powers 100 million IoT-enabled devices. Notably, ThroughTek Kalay’s influence emphasizes the importance of protecting homes, companies, and integrators alike with its widespread presence in security cameras and other devices.…
Apple Has Terminated 370 Million+ Developer & Customer Accounts
The App Store will close over 370 million developer and customer accounts in 2023. Apple takes this move to fight fraud and provide a safe and dependable platform for consumers and developers. Apple has led app distribution since 2008, setting…
QakBot Malware Exploiting Windows zero-Day To Gain System Privileges
In April 2024, security researchers revisited CVE-2023-36033, a Windows DWM Core Library elevation of privilege vulnerability that was previously discovered and exploited in the wild. As part of their investigation into exploit samples and potential attack vectors, they stumbled upon…
Vmware Workstation & Fusion Flaws Let Attackers Execute Arbitrary Code
Multiple security flaws affecting VMware Workstation and Fusion have been addressed by upgrades published by VMware. If these vulnerabilities are successfully exploited, attackers may be able to obtain privileged data from the device, execute arbitrary code, and cause a denial…
VirusTotal’s Crowdsourced AI Initiative to Analyze Macros With Word & Excel Files
VirusTotal has announced a major change to its Crowdsourced AI project: it has added a new AI model that can examine strange macros in Microsoft Office files. This model, created by Dr. Ran Dubin from Ariel University and the ByteDefend…
Nissan Data Breach – 53,000+ Employees Data Stolen
Nissan says that the personal information of more than 53,000 workers has been stolen. The huge automaker is now taking proactive steps to help those who have been affected and limit the damage that could occur from the stolen data.…
Nissan Data breach – 53,000+ Employees Data Stolen
Nissan says that the personal information of more than 53,000 workers has been stolen. The huge automaker is now taking proactive steps to help those who have been affected and limit the damage that could occur from the stolen data.…
PoC Exploit Released For D-LINK RCE Zero-Day Vulnerability
Two critical vulnerabilities have been discovered in D-Link DIR-X4860 routers which were associated with Authentication bypass due to HNAP port and remote code execution. Moreover, exploiting these vulnerabilities together could lead to a complete compromise of the vulnerable device. However,…
Wireshark 4.2.5 Released: What’s New!
Wireshark, the world’s foremost and widely used network protocol analyzer, has recently released version 4.2.5, which brings a host of new features and improvements. This latest update promises to enhance the user experience and provide even more powerful tools for…
Hackers Attacking Foxit PDF Reader Users To steal Sensitive Data
Researchers identified a PDF exploit targeting Foxit Reader users that uses a design flaw that presents security warnings with a default “OK” option, potentially tricking users into executing malicious code. The exploit is actively being used and bypasses typical detection…