Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Kali Linux 2023.4, the latest version of Offensive Security’s renowned operating system, has been released, and it includes the advanced Gnome 45 desktop environment and 15 new tools, with enhancements to existing ones. Kali Linux is a Linux distribution intended for…

Read more →

A 40-year-old Russian national, Vladimir Dunaev, pleaded guilty for developing and deploying Trickbot malware. Trickbot, a suite of malware tools, targeted hospitals and businesses, causing millions in losses. Trickbot is a sophisticated modular banking Trojan that primarily targets financial institutions. …

Read more →

ICANN is a non-profit organization that is responsible for coordinating the global internet’s- This organization manages the distribution and maintenance of domain names and ensures the stable and secure operation of the Internet. ICANN introduced RDRS (Registration Data Request Service),…

Read more →

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed AeroBlade, which appears to be aimed at carrying out both competitive and commercial cyberespionage. The threat actor employed spear-phishing as the means of distribution mechanism. A…

Read more →

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own cloud vulnerabilities in their catalog. As the national coordinator for critical infrastructure security and resilience, CISA oversees government cybersecurity operations.  Document Protect Your Storage With SafeGuard…

Read more →

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense for initial access. Qlik Sense is a data discovery and analytics platform that allows you to visualize and analyze data from various sources. It has a…

Read more →

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer malware, and its new variant was being marketed in underground communities. Threat actors use the ScrubCrypt obfuscation tool to help them avoid detection by antivirus software and initiate attacks that might…

Read more →

According to a recent report by Secureworks, a well-planned and advanced phishing attack was carried out, specifically targeting hotels and their guests, through the popular website Booking.com. The attackers utilized a sophisticated phishing campaign to lure unsuspecting victims into providing…

Read more →

Zoom, the most widely used video conferencing platform has been discovered with a critical vulnerability that threat actors could potentially exploit for various malicious purposes. This vulnerability was reported as part of the H1-4420 Hacking event conducted in June 2023.…

Read more →

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious links within seemingly legitimate payment requests.  This tactic aims to deceive recipients into opening the invoice, leading to:- Cybersecurity researchers at Perception Point recently discovered and…

Read more →

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed that the North Korean hacker group Lazarus was using it to launder funds that had been stolen. Millions of dollars worth of virtual currency from Lazarus Group…

Read more →

In a disconcerting turn of events, cyber threat actors have set their sights on Unitronics programmable logic controllers (PLCs) embedded in Water and Wastewater Systems (WWS).  This perilous trend casts a looming shadow over the nation’s critical infrastructure, with the…

Read more →

Three Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products, which could allow a threat actor to execute system commands on successful exploitation of these vulnerabilities. Zyxel NAS (Network Attached Storage) devices provide fast, secure, and…

Read more →

Hackers often use weaponized documents to exploit vulnerabilities in software, which enables the execution of malicious code. All these documents contain malicious code or macros, often disguised as familiar files, which help hackers gain unauthorized access and deliver malware to…

Read more →

The latest analysis shows that tens of millions of people are creating weak passwords on three of the four most popular websites in the world, which do not fulfill the minimum required standards. Researchers also found that 12% of websites…

Read more →

An Android malware campaign was previously discovered that distributed banking trojans targeting four major Iranian Banks: Bank Mellat, Bank Saderat, Resalat Bank, and Central Bank of Iran.  There were 40 credential-harvesting applications circulated on Cafe Bazaar between December 2022 and…

Read more →

Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this year. The flaw, identified as CVE-2023-6345, is classified as an integer overflow in Skia, an open-source 2D graphics library written in C++. “Google is aware that an exploit…

Read more →

Six novel Bluetooth attack methods have been discovered, which were named BLUFFS (Bluetooth Forward and Future Secrecy) attacks. These attacks could enable threat actors to impersonate devices or machine-in-the-middle attacks.  These attacks have been reported to be at the architectural…

Read more →

Recent years saw a surge in cloud tech adoption, highlighting the efficiency through tools like Google’s Domain-Wide Delegation.  It enables GCP (Google Cloud Platform) identities to perform tasks in GWS (Google Workspace) apps on behalf of Workspace users, streamlining work…

Read more →

In a digital age marred by deceit, 25-year-old Amir Hossein Golshan stands as a testament to the dark underbelly of cyberspace.  Hailing from downtown Los Angeles, Golshan’s intricate orchestration of fraudulent schemes has earned him a federal prison sentence of…

Read more →