Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Windows Defender is a built-in antivirus and anti-malware software developed by Microsoft for Windows operating systems.  It provides real-time protection against various threats, including:- Cybersecurity researchers at Fox-IT recently discovered that revived Windows Defender Quarantine folder metadata helps in boosting…

Read more →

In a recent turn of events, Ledger, a prominent hardware wallet provider, faced a security breach that sent shockwaves through the cryptocurrency community.  The breach, initiated by a malevolent version of the npm package @ledgerhq/connect-kit, posed a severe risk to…

Read more →

In early October 2023, a DNA testing company for ancestry discovery purposes, 23andMe, disclosed that it suffered a data breach. On the 5th of December 2023, the company shared that the data breach was more damaging than was initially reported.…

Read more →

Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive. You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network. To prevent this, analyzing suspicious files in malware…

Read more →

AI (Artificial Intelligence) has significantly revolutionized software engineering with several advanced AI tools like ChatGPT and GitHub Copilot, which help boost developers’ efficiency.  Besides this, two types of AI-powered coding assistant tools emerged in recent times, and here we have…

Read more →

Volt Typhoon, also known as the Bronze Silhouette, has been discovered to be linked with a complex botnet called “KV-botnet.” The threat actor has been using this botnet to target Small Office/Home Office routers since at least February 2022. Their…

Read more →

As Cynet’s COO, my team and I get to work closely with risk management executives at small-to-medium enterprises (SMEs) around the world. In this article, I’ll condense our collaboration’s insights into three key trends for 2024, backed up by data…

Read more →

Red Balloon Security, Narf Industries, and MITRE collaborated to create the EMB3D Threat Model, which offers a shared knowledge of the risks embedded devices experience and the security measures needed. The EMB3D model is a comprehensive framework that focuses specifically…

Read more →

A new type of phishing attack known as BazarCall has emerged, and it’s using a clever technique to make it appear more legitimate. The attack utilizes a Google Form to trick unsuspecting victims into divulging sensitive information. The method of…

Read more →

The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other co-authoring agencies have issued a warning that Russian Foreign Intelligence Service (SVR) cyber actors are widely exploiting CVE-2023-42793, aiming their attacks at servers that host JetBrains TeamCity…

Read more →

In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) unveils the Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines.  This architectural marvel establishes a robust groundwork, elevating data security across nine…

Read more →

Phishing, a persistent cyberthreat, has evolved with the times. Once a symbol of convenience, QR codes are now being weaponized by attackers through Quishing.  This alarming trend demands attention, as it exposes both individuals and organizations to significant risks. Interpol’s…

Read more →

A critical security flaw has been discovered in the Sophos Firewall User Portal and Webadmin, allowing hackers to execute malicious code remotely. The vulnerability enables attackers to inject harmful code into the software, which if exploited, can result in a…

Read more →

Microsoft has released their patches for December 2023 as part of their Patch Tuesday. In this release, they have patched more than 34 vulnerabilities and one zero-day. Among the 34 vulnerabilities patched, there were 4 Critical severity vulnerabilities and 30…

Read more →

San Francisco resident Miklos Daniel Brody, 38, took revenge on his former employer, a bank, by hacking valuable computer code and damaging the bank’s cloud system. And the Cloud Engineer Sentenced. After stealing information from and purposefully damaging a protected computer, he…

Read more →

Researchers discovered two vulnerabilities in pfSense CE related to Cross-Site Scripting (XSS) and Command Injection that allow an attacker to execute arbitrary commands on a pfSense appliance. An attacker with RCE capabilities can control the firewall, monitor traffic on the…

Read more →

Hackers use ransomware to encrypt victims’ files and demand payment (usually in cryptocurrency) for the decryption key.  This malicious tactic allows them to extort money from the following entities by exploiting vulnerabilities in their digital systems:- In May 2023, this…

Read more →

Toyota Financial Services (TFS) notifies customers after a data breach that exposed personal and sensitive financial information. In a limited number of locations, including Toyota Kreditbank GmbH in Germany, Toyota Financial Services Europe & Africa has discovered unauthorized activity on…

Read more →

Cloud security is becoming a central part of any organization’s cybersecurity strategy. However, in most organizations, the teams managing cloud operations work separately from those that manage security. CloudSecOps is setting out to change that. CloudSecOps is about integrating security…

Read more →

Over 90,000 websites are currently at risk due to a vulnerability found in the WordPress Backup Migration Plugin. This vulnerability has enabled unauthenticated remote code execution, making it possible for potential attackers to gain access to these websites. A group…

Read more →