Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years. The California-based firm, which has performed over 500,000 blood tests, is notifying an…

Read more →

Guardant Health, a leading cancer screening and precision medicine company, has disclosed a data breach that left sensitive patient information publicly accessible online for over three years. The California-based firm, which has performed over 500,000 blood tests, is notifying an…

Read more →

Critical operational elements such as data storage, processing, backups, and recovery heavily rely on Australian industrial organizations’ data centers. These facilities support various business functions, including productivity tools, transaction-intensive applications, big-data processing systems, and artificial intelligence (AI). The importance of…

Read more →

Enterprises are being targeted by the malware known as SocGholish through deceptive browser update prompts. This malware, notorious for its stealth and the complexity of its delivery mechanisms, has been identified in a series of incidents involving fake browser updates…

Read more →

A sprawling cybercrime network, “BogusBazaar,” has stolen credit card details from over 850,000 online shoppers, mainly in Western Europe and the United States, by operating tens of thousands of fraudulent e-commerce websites. Security researchers estimate that since 2021, the hackers…

Read more →

In a significant cybersecurity development, researchers have uncovered critical vulnerabilities in F5’s Next Central Manager, which could potentially allow attackers to gain full administrative control over the device. This alarming security flaw also creates hidden rogue accounts on any managed…

Read more →

The Polish computer emergency response team CERT.pl has issued a warning about an ongoing cyberattack campaign by the notorious APT28 hacking group, also known as Fancy Bear or Sofacy. The campaign is targeting various Polish government institutions with a new…

Read more →

Tappware, a prominent IT service provider, faced a breach when approximately 50GB of its database was leaked on a hacker forum. This database contained 2.3 million rows of data, including sensitive personal information such as names, addresses, and phone numbers…

Read more →

Ensuring adherence to GDPR, the ANY RUN sandbox service employs TLS 1.3 for data in transit and AES-256 for data at rest; it is hosted in Germany and provides supplementary tools, predominantly for enterprise plans, to empower users with greater…

Read more →

A critical vulnerability in CrushFTP, identified as CVE-2024-4040, has been actively exploited in the wild. It allows attackers to perform unauthenticated remote code execution on vulnerable servers. This severe security flaw affects versions of CrushFTP before 10.7.1 and 11.1.0, enabling…

Read more →

Hackers have been found exploiting Google search ads to distribute malware through MSI (Microsoft Installer) packages. This campaign, involving the malware loader known as FakeBat, targets unsuspecting users by masquerading as legitimate software downloads. The Infection Chain: From Ad to…

Read more →

Veeam Service Provider console has been discovered with two critical vulnerabilities that were associated with Remote Code Execution. A CVE for these vulnerabilities is yet to be assigned. These vulnerabilities exist in version 7.x and version 8.x of the Veeam…

Read more →

A new critical vulnerability has been discovered in PDF.js, which could allow a threat actor to execute arbitrary code when opening a malicious PDF. PDF.js allows browsers to render PDF files without any plugins or external software.  This vulnerability affects…

Read more →

Hackers are now using steganography techniques to distribute the notorious Remote Access Trojan (RAT) known as RemcosRAT. This method, which involves hiding malicious code within seemingly innocuous image files, marks a concerning evolution in malware delivery tactics. The Initial Breach:…

Read more →

Juniper Threat Labs has reported active exploitation attempts targeting vulnerabilities in Ivanti Pulse Secure VPN appliances. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, have been exploited to deliver the Mirai botnet, among other malware, posing a significant threat to network…

Read more →

Google has announced an update to its two-factor authentication (2FA) process, also known as 2-step Verification (2SV), aimed at simplifying the setup and making it easier for users to secure their accounts. The changes rolled out on Monday, May 6,…

Read more →

In collaboration with US and Australian authorities, the UK’s National Crime Agency (NCA) has unmasked and sanctioned the leader of the notorious LockBit ransomware group, once considered the world’s most harmful cybercrime operation. Russian national Dmitry Khoroshev, who went by…

Read more →

Hackers target LNK (Windows shortcut) files to disseminate malware because they can embed malicious code that automatically executes when the shortcut is clicked.  LNK files appear harmless but can stealthily trigger malware downloads or other malicious actions, making them an…

Read more →

A significant update for Trend Micro’s Antivirus One software has been released. The update addresses a critical vulnerability that may have enabled attackers to inject malicious code.  The vulnerability, called custom dynamic library injection vulnerability CVE-2024-34456, may enable an attacker…

Read more →

In a cybersecurity update, Samsung announced the patching of 25 vulnerabilities in its mobile devices, aiming to fortify them against potential code execution and privilege escalation attacks. This move is part of Samsung’s ongoing efforts to enhance the security of…

Read more →