Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Bank robbers of today are nothing like their counterparts of the past. Modern-day Bonnie and Clyde operate remotely, carrying out their operations from hundreds of miles away, simply using their laptops. On top of that, every year, the barrier of…

Read more →

The frequency of hackers exploiting macOS flaws varies over time, but Apple continuously releases security updates to patch vulnerabilities.  While macOS is generally considered more secure than some other operating systems but, it is not immune to exploitation, and hackers…

Read more →

Hackers can exploit Massive Domain Generator and URL Shortener services by creating large numbers of deceptive or malicious domains and using URL shorteners to hide the true destination of links.  This can be used for the following illicit purposes:-  Recently,…

Read more →

Hackers opt for DLL hijacking as a technique to exploit vulnerable applications because it allows them to load malicious code by tricking a legitimate application into loading a malicious DLL. This can give them unauthorized access and control over a…

Read more →

HWP documents are primarily associated with the Hangul Word Processor software used in South Korea.  Hackers may opt for HWP documents to target National Defense and Press Sectors because they exploit vulnerabilities in this specific file format and software, which…

Read more →

F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748.  This vulnerability is an authenticated SQL injection flaw that allows attackers with network access to execute arbitrary system commands.  F5 Networks…

Read more →

At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical). After the release of PoC, there seems to be…

Read more →

The NuGet package manager, which .NET developers widely use, has been under attack by a series of malicious activities, according to a report by cybersecurity firm ReversingLabs.  The report, which follows previous investigations on npm, PyPI, and RubyGems ecosystems, shows…

Read more →

Atlassian has been reported with a critical vulnerability in their Confluence Software, which several organizations have widely adopted. The CVE for this vulnerability has been assigned as CVE-2023-22518, and the severity has been given as 9.1 (Critical). Atlassian has addressed…

Read more →

Imagine walking into work one morning to find your company’s network completely crippled. Servers are down, workstations display ransomware notices, and critical data has been encrypted or deleted. Total operational paralysis. This is the potential aftermath of a devastating zero-day…

Read more →

Cybercriminals are resorting to unscrupulous tactics to deploy Bonanza malware by exploiting Google Search Ads. The hackers are taking advantage of the search engine’s advertising mechanism to spread the malicious software, putting unsuspecting users at risk of cyber attacks. This…

Read more →

A young man from Orlando, Florida, has been handed a 30-month prison sentence for his role in a cybercrime scheme that stole nearly $1 million in cryptocurrency from unsuspecting victims.  As part of a group of hackers, Jordan Dave Persad,…

Read more →

Proofpoint, an enterprise security company, has entered into a definitive agreement to acquire Tessian, a leading provider of email security solutions. The acquisition is aimed at enhancing the existing email security offerings of Proofpoint and preventing misdirected emails and data…

Read more →

ServiceNow has been alerted to a potential misconfiguration concern that might impact the security of its platform. The company is actively addressing the issue and working towards a resolution. The issue involves Access Control Lists (ACLs), which are used to…

Read more →

Role-Based Access Control (RBAC) is a security paradigm focused on assigning system access to users based on their organizational role. It’s a sophisticated approach of ensuring that only the right people can access the right information at the right time.…

Read more →

AhnLab Security Emergency Response Center (ASEC) has recently revealed a disturbing case of Remcos RAT, a malicious software that can remotely access and manipulate infected machines.  The attackers behind this malware used a clever email scam that pretended to be…

Read more →

F-Secure has recently implemented organizational changes in order to pursue strategic growth initiatives and meet its financial targets. These changes likely involve adjustments to the company’s structure, processes, and resources to ensure they are better aligned with their goals and…

Read more →

A new OAuth vulnerability has been discovered in three of the major extensions such as Grammarly, Vidio, and Bukalapak. These applications use the OAuth protocol for their authentication, which is vulnerable to an authentication token-stealing attack. OAuth is an authentication…

Read more →

XWorm is a RAT (Remote Access Trojan), a malware-as-a-service. It was first discovered in July 2022 and is known to have originated from the ex-USSR. The malware is capable of multiple things, such as stealing sensitive data and cryptocurrency, launching…

Read more →

Cycode is excited to introduce Raven, a state-of-the-art security scanner for CI/CD pipelines.  Raven stands for Risk Analysis and Vulnerability Enumeration for CI/CD Pipeline Security, and it is now available as an open-source tool on GitHub.  This innovative solution will…

Read more →