Tag: GBHackers – Latest Cyber Security News | Hacker News

A new but ancient technique for Phishing emails has been recently identified called ZeroFont Phishing. Threat actors have followed several tactics for sending phishing emails, bypassing all the security mechanisms. However, using this technique, threat actors could bypass Microsoft’s Natural…

Read more →

ZYXEL has been discovered with a Buffer Overflow vulnerability on their ZYXEL-PMG2005-T20B device, which can result in a denial-of-service condition. This condition exists due to improper sanitization of user-supplied input on their HTTP request. Zyxel is a Taiwanese multinational company…

Read more →

Indusface research on 1400+ websites recorded a significant surge in DDoS attacks and bot attacks during Q2, 2023, compared to Q1, 2023. We observed a 75% surge in DDoS attacks and a 48% increase in bot attacks. Moreover, recent trends…

Read more →

The Snatch Ransomware group is considered dangerous due to its advanced techniques and ability to evade detection.  Security systems find it difficult to identify and stop such assaults since they use techniques like file encryption and memory injection to avoid…

Read more →

Cisco, a prominent player in the world of networking and cybersecurity, has issued a critical security advisory concerning multiple vulnerabilities in their Catalyst SD-WAN Manager, formerly known as Cisco SD-WAN vManage.  These vulnerabilities could potentially open doors for cyber attackers…

Read more →

Google has recently deployed updates to mitigate a newly discovered zero-day vulnerability in their Chrome browser, which is currently being actively exploited. Google has acknowledged its awareness of an exploit currently available for CVE-2023-5217, which has been observed to be…

Read more →

Since 2010, a group of hackers known as BlackTech APT has been engaging in malicious activities. The targets of their attacks encompass a wide range of sectors, including governmental institutions, industrial facilities, technological infrastructure, media outlets, electronic systems, mobile devices,…

Read more →

Through strategies like polymorphic code, which continuously alters its appearance to prevent detection, as well as employing encryption and obfuscation to disguise its actions, malware is getting more complex and sneaky. Additionally, to infiltrate systems and avoid detection by traditional…

Read more →

Apple previously reported three zero-day vulnerabilities exploited in the wild by threat actors, which Apple fixed as part of an Emergency patch update. However, a new security advisory has been released by Apple, which mentions all the security patches and…

Read more →

Healthcare has been one of the primary industries targeted by threat actors as part of every malware or ransomware campaign. Many Advanced Persistent Threat (APT) actors are from China due to political reasons between China and the United States. These…

Read more →

Though we can’t see it, the world brims with more technology than ever. These days, devices with internet connectivity live within the ever-growing Internet of Things (IoT)—a worldwide “web” where wireless communication and information technology work together. Since the early…

Read more →

Cybersecurity analysts at NSFOCUS Security Labs recently uncovered an unknown phishing-based attack process during threat-hunting.  Apart from this, during their further investigation, they identified two new Trojans and rare attack methods. NSFOCUS Security Labs suspects a skilled APT attacker is…

Read more →

Google Chrome has been recently discovered to be a Use-after-free vulnerability that threat actors can exploit to attack users. This vulnerability exists in the Google Chrome VideoEncoder, which can be triggered using a malicious web page. However, Google Chrome version…

Read more →

The Progress MOVEit software’s vulnerability resulted in a cybersecurity breach that affected BORN (the Better Outcomes Registry & Network), which gathers data on pregnancies, births, the postpartum period, and childhood. Unauthorized copies of files containing sensitive personal health data were obtained…

Read more →

EvilBamboo, formerly known as “Evil Eye,” has been found to target Tibetan, Uyghur, and Taiwanese organizations and individuals. This threat actor was mentioned as conducting custom Android malware campaigns in September 2019. In April 2020, EvilBamboo was discovered to be…

Read more →

The threat actors have been spotted increasingly depending on Remote Management and Monitoring (RMM) tools, which resulted in a relatively botched Hive ransomware distribution.  The original payload consisted of an executable file disguised as a legitimate document.  According to Huntress, this campaign…

Read more →

In a recent disclosure, BIND 9, a widely-used DNS (Domain Name System) server software, has been found vulnerable to two critical security flaws, labeled CVE-2023-4236 and CVE-2023-3341.  These vulnerabilities, if exploited, could have serious consequences, making it imperative for users…

Read more →

OilRig (APT34) is an Iranian cyberespionage group active since 2014, targeting Middle Eastern governments and various industries like:- OilRig launched DNSpionage in 2018-2019 against Lebanon and the UAE, followed by the 2019-2020 HardPass campaign using LinkedIn for energy and government…

Read more →

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering Open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator to close unused ports, additional services, Hide or customize banners, troubleshoot services, and…

Read more →

Students, authors, and anybody else wishing to improve their vocabulary and language abilities frequently utilize Thesaurus, one of the well-known platforms with 5 million monthly visitors. Cybersecurity analysts at Group-IB recently found a cryptojacking scheme on a popular Thesaurus site,…

Read more →

The financially motivated GOLD MELODY threat group has been active at least since 2017, attacking organizations by taking advantage of flaws in unpatched internet-facing servers. A threat group serves as an initial access broker (IAB) by selling access to organizations…

Read more →

MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2) and a Reflected Cross-Site Scripted (XSS). The severity for these vulnerabilities ranges between 6.1 (Medium) and 8.8 (High). Progress-owned MOVEit transfer was popularly exploited by…

Read more →

A new financially motivated threat group named “LUCR-3” has been discovered targeting organizations to steal intellectual property for extortion. This threat actor surpasses Scatter Spider, Oktapus, UNC3944, and Storm-0875. LUCR-3 is targeting Fortune 2000 companies in various sectors, which include…

Read more →

Only a few malware families can claim to have persisted for nearly twenty years, and QakBot (also referred to as QBot) stands among them as one of the most enduring. Since its first appearance in 2008, it has been deployed…

Read more →

For taking part in a large international scheme to earn millions of dollars by selling pirated business telephone system software licenses, a computer system admin and his spouse pled guilty. Software licenses with a retail value of over $88 million are…

Read more →

If you use Trend Micro Apex One, you should know that the third-party Antivirus uninstaller feature may have a security hole. This flaw could make it possible for random code to be run. Even though the National Vulnerability Database (NVD)…

Read more →

The mobile application of T-Mobile has recently been a cause of concern among its customers due to issues concerning privacy. Users have reported accessing sensitive information belonging to other customers when logging into their own accounts.  This alarming situation has…

Read more →

Huawei is known for its telecommunications equipment and consumer electronics, including smartphones, and the USA banned Huawei primarily due to national security concerns. As the Chinese government may utilize Huawei’s technology for spying, the U.S. government claimed that the business…

Read more →

In recent cybersecurity news, the notorious Bumblebee loader has made a resurgence in a new campaign, posing a significant threat to organizations’ digital security.  This loader, often used as a stepping stone for ransomware attacks, had taken a pause but…

Read more →

Nagios XI is a prominent and frequently used commercial monitoring system for IT infrastructure and network monitoring.  Vulnerability Research Engineer Astrid Tedenbrant found four distinct vulnerabilities in Nagios XI (version 5.11.1 and below) while conducting routine research. By making use…

Read more →

In 2022, state-sponsored actors and advanced adversaries consistently targeted telecoms globally, making it a top sector in Talos IR cases. Telecom firms with critical infrastructure assets are prime targets due to their role in national networks and as potential gateways…

Read more →

Recent reports indicate that Fortinet FortiOS has been discovered with Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, which threat actors can use for malicious purposes. These vulnerabilities have been given the CVE IDs CVE-2023-29183 and CVE-2023-34984. The severity…

Read more →

Recent reports indicate that threat actors have been using a new type of Linux-targeted backdoor that has never been seen before. This new backdoor has been named SprySOCKS, which uses the strings of Trochilus (Windows backdoor) and the new Socket…

Read more →

At the end of August 2023, Juniper Networks released a security advisory mentioning the CVE-2023-36845 vulnerability affecting SRX and EX series firewalls. The vulnerability was categorized as a Medium (5.3) severity vulnerability.  Following this, security researchers at watchtowr published a…

Read more →

BlackCat Ransomware variant Sphynx has been newly identified with additional features used for encrypting Azure Storage accounts. This Sphynx variant of BlackCat was first discovered in March and was upgraded in May, which added the Exmatter exfiltration tool.  Another version…

Read more →

The use of AI has greatly increased over the past few months, with programs like ChatGPT and Bing AI making the technology freely available to all. It has been used to create beautiful works of art and poetry and for…

Read more →

Cryptojacking is a malicious cyberattack in which an attacker stealthily utilizes a victim’s computer or device to mine cryptocurrencies such as Bitcoin or Monero without the victim’s knowledge or agreement. This usually entails infecting the victim’s PC with malware that…

Read more →

The Canadian government, banking, and transportation industries have recently been the targets of many distributed denial of service (DDoS) attacks. This criminal activity is linked to state-sponsored cyber threat actors from Russia. Since March 2022, NoName057(16), a pro-Russian hacktivist operator…

Read more →

Peach Sandstorm, an Iranian Hackers group that targets organizations globally, aligns with the following threat groups:- Besides this, in the following sectors, the Iranian group, Peach Sandstorm pursued its targets most in the past attacks:- The cybersecurity researchers at Microsoft…

Read more →

Azure HDInsight has been identified with multiple Cross-Site Scripting – XSS vulnerabilities related to Stored XSS and Reflected XSS. The severity for these vulnerabilities ranges between 4.5 (Medium) and 4.6 (Medium).  These vulnerabilities have affected multiple products, including Azure Apache…

Read more →

An Arbitrary code execution vulnerability has been found in Windows 11. This vulnerability is a result of several factors, such as a Time-of-Check Time-of-Use (TOCTOU) race condition, malicious DLL, cab files, and the absence of Mark-of-the-Web validation. This particular vulnerability…

Read more →

Multiple memory corruption vulnerabilities have been discovered in the ncurses library, which various programs use on multiple operating systems like Portable Operating System Interface (POSIX) OS, Linux OS, macOS, and FreeBSD.  Threat actors can chain these vulnerabilities with environment variable…

Read more →

Ransomware is a universal threat to enterprises, targeting anyone handling sensitive data when profit potential is high. A new ransomware named 3AM has surfaced and is used in a limited manner. Symantec’s Threat Hunter Team witnessed it in a single…

Read more →

Trellix Windows DLP endpoint for Windows has a privilege escalation vulnerability that allows unauthorized deletion of any file or folder. Trellix DLP Endpoint protects against all potential leak channels, including portable storage devices, the cloud, email, instant messaging, web, printing,…

Read more →

Email communication is still widely used as an attack vector despite the ever-changing nature of cyber threats. The vast number of people who use it for communication daily, both professionally and personally, makes it a tempting target. Cybercriminals are becoming…

Read more →

According to recent reports, a threat actor known as Storm-0324 has been using email-based initial infection vectors to attack organizations. However, as of July 2023, the threat actor has been found to have been using Microsoft Teams to send Phishing…

Read more →

Cisco has been discovered with an arbitrary code execution flaw on their Cisco IOS XR Software image verification checks, which allows an authenticated, local attacker to execute arbitrary code on their underlying operating system. Cisco Internetwork Operating System (IOS) is…

Read more →

SolarWinds Platform has published its release notes 2023.3.1, which provides multiple bug fixes and security updates. With this release, the platform has fixed two vulnerabilities, CVE-2023-23840 and CVE-2023-23845, related to arbitrary command execution.  SolarWinds Platform is an infrastructure monitoring and…

Read more →

A new and highly concerning cyber threat has emerged, as a botnet known as “MrTonyScam” has been orchestrating an extensive Messenger phishing campaign on Facebook.  Recently, this campaign has flooded the platform with malicious messages, posing a significant risk to…

Read more →

Burp Suite, the renowned Bug Bounty Hunting and Web Application Penetration Testing tool, has been improvised with many extensions over the years. Many of Burp’s Extensions have been used by Bug Bounty Hunters and Security Researchers for various purposes. It…

Read more →

In recent years, Linux systems gained prominence among diverse threat actors, with more than 260,000 unique samples emerging in H1 2023. In the case of Linux, threat actors can run multiple campaigns without being detected for years, and maintain long-term…

Read more →

Cybersecurity researchers at Symantec’s Threat Hunter Team recently discovered that the Redfly threat actor group used ShadowPad Trojan to breach an Asian national grid for 6 months. Artificial intelligence-driven cyber threats grow as technology advances, significantly influencing and boosting threat…

Read more →

In a race against time to safeguard user security, major browser vendors, including Google and Mozilla, have scrambled to release urgent updates in response to a critical vulnerability discovered in the WebP Codec.  This newly unearthed vulnerability, bearing the identifier…

Read more →

Chrome’s Stable and Extended stable channels have been upgraded to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows as part of a security update. One “Critical” security upgrade is included in this release. In the coming days and weeks,…

Read more →

Threat actors were using Windows Arbitrary File Deletion to perform Denial-of-service attacks on systems affected by this vulnerability. However, recent reports indicate that this Windows Arbitrary file deletion can be used for a full compromise. The possibility of this attack…

Read more →

The Ballistic Bobcat is an Iran-aligned APT group, and initially, about two years ago, cybersecurity researchers at ESET tracked this threat group. Here below, we have mentioned all the other names of the Ballistic Bobcat APT group:- Recently, cybersecurity analysts…

Read more →

Software as a Service (SaaS) security refers to the measures and practices employed to protect SaaS solutions’ data, applications, and infrastructure. SaaS is a cloud computing model where software applications are hosted and delivered over the internet, rather than installed…

Read more →

Gamaredon, also known as Primitive Bear, Actinium, or Shuckworm, is a Russian Advanced Persistent Threat (APT) group active since at least 2013. It is a very aggressive threat group that employs prolonged attacks that are highly disguised and particularly aggressive. The…

Read more →

In recent times, it’s been observed that fake malware-loaded browser updates are gaining rapid growth in the threat landscape. Rapid7 researchers recently identified a Fake Browser Update lure that tricks users into running malicious binaries, using a new loader to…

Read more →

Hive0117 group has launched a new phishing campaign, which targets individuals working for significant industries in the energy, banking, transportation, and software security sectors with headquarters in Russia, Kazakhstan, Latvia, and Estonia. This group is known for disseminating the fileless…

Read more →

Notepad++ v8.5.7 has been released, which has several bug fixes and new features. There has also been Integrity and authenticity validation, added Security enhancement and fixed a memory leak while reading Utf8-16 files. Multiple vulnerabilities in Notepad++ relating to Heap…

Read more →

Recent reports indicate that threat actors have been using Microsoft Teams to deliver DarkGate Loader malware. The campaign originated from two compromised external Office 365 accounts identified to be “Akkaravit Tattamanas” (63090101@my.buu.ac.th) and “ABNER DAVID RIVERA ROJAS” (adriverar@unadvirtual.edu.co) DarkGate loader…

Read more →

In the evolving hospitality industry landscape, where vacation rental software has transitioned from luxury to necessity, a growing concern emerges regarding cybersecurity.  This software, while primarily simplifying booking, guest interactions, and property management, stores sensitive data such as credit card…

Read more →

Recent reports indicate that a new threat actor named “W3LL” has been discovered running a large phishing empire completely hidden until now. It was also found that this threat actor played a major role in compromising Microsoft 365 business email…

Read more →

Google’s Threat Analysis Group (TAG) has issued an update regarding an ongoing campaign by North Korean threat actors targeting security researchers.  This campaign, which first came to light in January 2021, involved using 0-day exploits to compromise the security of…

Read more →

A new sophisticated stealing campaign named  “Steal-It”  has been discovered that exfiltrates NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script. It is believed that the Steal-It campaign may be attributed to APT28 (aka Fancy Bear) based on its…

Read more →

Google’s Threat Analysis Group (TAG) has issued an update regarding an ongoing campaign by North Korean threat actors targeting security researchers.  This campaign, which first came to light in January 2021, involved using 0-day exploits to compromise the security of…

Read more →

Two Zero-Day flaws have been discovered on Apple Devices affecting macOS, iOS, and iPadOS. The vulnerabilities involve an arbitrary code execution and a buffer overflow. Reports indicate that these vulnerabilities are being actively exploited. This is considered a high-risk vulnerability…

Read more →

A single sign-on (SSO) implementation flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform might make it possible for a remote, unauthenticated attacker to forge credentials to access a vulnerable system. This “Critical” severity vulnerability has…

Read more →

A Global Ticketing Giant company, See Tickets, recently reported a data breach that exposed the payment card information of over 300,000 customers. See Tickets, owned by Vivendi Ticketing, revealed the latest breach in a complaint with Maine’s attorney general.  The ticketing business…

Read more →

Multiple vulnerabilities have been discovered in Aruba 9200 and 9000 Series Controllers and Gateways running ArubaOS. The vulnerabilities related to Buffer Overflow and Hardware Root of Trust bypass. Aruba has released a security advisory for addressing these vulnerabilities. At the…

Read more →

RaaS (Ransomware-as-a-service) is actively strengthening the ransomware attacks, but understanding their operations is restricted by illegality.  That’s why ransomware attacks have surged in scale and complexity over the past decade, driven by RaaS models like Conti (formerly Ryuk). However, the…

Read more →

Storm-0558, a threat actor based in China, has recently gained access to a Microsoft account consumer key. This has allowed them to infiltrate and compromise 25 organizations, including those within government agencies. Since May 15, 2023, they have been using…

Read more →

AhnLab Security Emergency Response Center (ASEC) has issued a warning about a significant security threat involving the distribution of malicious LNK files.  This threat, known as RedEyes (ScarCruft), has transitioned from CHM format to LNK format, posing new challenges for…

Read more →

On Tuesday, Synopsys addressed High and medium vulnerabilities CVE-2023-2453, and CVE-2023-4480 discovered in PHPFusion by the researchers. PHPFusion is an open-source content management system (CMS) designed for managing personal or commercial websites and is offered under the GNU Affero General…

Read more →

On Tuesday, Synopsys addressed High and medium vulnerabilities CVE-2023-2453, and CVE-2023-4480 discovered in PHPFusion by the researchers. PHPFusion is an open-source content management system (CMS) designed for managing personal or commercial websites and is offered under the GNU Affero General…

Read more →

The АРТ28 hacking group, suspected to have ties to Russian special services, has made an audacious attempt to breach the critical power infrastructure of Ukraine.  This latest cyberattack has raised alarms within the cybersecurity community and heightened concerns over the…

Read more →

The Raspberry Pi is a budget-friendly Linux computer system board that features GPIO pins for physical computing and IoT exploration. However, besides this, threat actors also abuse this board for several illicit purposes as well. Recent arrests in Lubbock involve…

Read more →

Flipper Zero Devices have been discovered with the capability to perform Denial of Service attacks on iPhones. Threat actors can probably spam the iPhones with so many pop-ups prompting about nearby AirTag, Apple TV, AirPods, and other Apple devices. Moreover,…

Read more →

MITRE has CISA (America’s cyber defense agency) unveiled a collection of plugins designed to extend the capabilities of Caldera into the Operational Technology (OT) environment.  MITRE Caldera is a cyber security platform designed to easily automate adversary emulation, assist manual…

Read more →

The usage of Blueshell malware spikes up by various threat actors to target Windows, Linux, and other operating systems across Korea and Thailand. Blueshell backdoor malware has been active since 2020 and written in GO language, believed to be created…

Read more →

Phylum analyzes source code and metadata for all registry-pushed packages. This year, in millions of packages they are aiming to examine nearly a billion files, as this will enable them to get unique insights into package behaviors across ecosystems. That’s…

Read more →

Cyber Security operations center is protecting organizations and the sensitive business data of customers. It ensures active monitoring of valuable assets of the business with visibility, alerting and investigating threats, and a holistic approach to managing risk. Analytics service can…

Read more →

The social network formerly known as Twitter, X, has released its latest data-gathering policy announcement. This includes collecting user information, such as educational history and biometric data. According to the policy, X may collect and use user biometric information for…

Read more →

In a recent development, NSFOCUS Security Labs has detected a fresh APT34 phishing attack.  During this operation, APT34, believed to originate from Iran and also known as OilRig or Helix Kitten, assumed the identity of a marketing services company named…

Read more →

Multiple vulnerabilities have been found in IBM Sterling Secure Proxy, mostly related to Denial of Service and Information Disclosure. It also consisted of a code execution vulnerability and an unidentified vulnerability. The severities of these vulnerabilities vary from 4.5 (Medium)…

Read more →

VMware Aria Operations for Network was discovered with an Authentication Bypass vulnerability previously, which had a critical severity. VMware has released patches for fixing this vulnerability. However, a Proof-of-concept and the patch file provided by VMware have been briefed. CVE-2023-34039…

Read more →

Pizza Hut Australia has fallen victim to a cyberattack resulting in unauthorized access and potential compromise of customer data.  DataBreaches has uncovered alarming details about this breach, with a hacking group known as ShinyHunters claiming responsibility for the attack. According…

Read more →

A large language model (LLM) is a deep learning AI model or system that understands, generates, and predicts text-based content, often associated with generative AI. In the current technological landscape, we have robust and known models like:- Cybersecurity analysts at…

Read more →

Microsoft Windows announced deprecated features for Windows clients 11 and 10. In this article, we’ll delve into the features and functionalities that are no longer actively developed for Windows clients.  Please note that the information below is subject to change…

Read more →

QuickSet and Grid Configurator of Schweitzer Labs were found to be vulnerable to multiple vulnerabilities that threat actors can exploit. Nearly, 9 new vulnerabilities were found which include 4 High severity and 5 Medium severity vulnerabilities.  The High severity vulnerabilities…

Read more →

The latest version of Nmap, 7.94, was released on its 26th birthday. The most significant upgrade was the migration of Zenmap and Ndiff from Python 2 to Python 3 across all platforms. This new version of Nmap 7.94 was upgraded…

Read more →

With the rise of new technological innovations and security mechanisms, threat actors are also upgrading their skills and evolving rapidly.  These evolutions have resulted in an alarming increase in the quick growth of Android malware. Recently, CISA (The United States’…

Read more →

With the rise of new technological innovations and security mechanisms, threat actors are also upgrading their skills and evolving rapidly.  These evolutions have resulted in an alarming increase in the quick growth of Android malware. Recently, CISA (The United States’…

Read more →

Prompt injection refers to a technique where users input specific prompts or instructions to influence the responses generated by a language model like ChatGPT. However, threat actors mainly use this technique to mod the ChatGPT instances for several malicious purposes.…

Read more →

In a recent development, Forever 21 disclosed a cyber incident that came to light on March 20, 2023, affecting a limited number of its systems.  Forever 21 is a multinational fast fashion retailer headquartered in Los Angeles, California, United States.…

Read more →

The Kinsing malware has resurfaced with a new attack method that exploits the Openfire vulnerability tracked as CVE-2023-32315. A path traversal attack caused by this vulnerability allows an unauthorized user access to the Openfire setup environment. Researchers from Aqua Nautilus report that…

Read more →

The Android BadBazaar malware is being distributed through the Google Play store, Samsung Galaxy Store, and dedicated websites mimicimg Signal Plus Messenger and FlyGram malicious applications. These active campaigns are connected to the China-aligned APT organization known as GREF. Uyghurs and other Turkic ethnic minorities…

Read more →

Smishing is a type of cyberattack in which attackers use SMS (text messages) to trick individuals into revealing the following type of Personal and financial data or information:- In attacks like this, threat actors mimic government, bank, or postal agencies…

Read more →

VMware has been reported with a SAML token signature bypass vulnerability, which a threat actor can exploit to perform VMware Guest operations. CVE ID has been assigned for this vulnerability, and the severity was mentioned as 7.5 (High). VMware tools…

Read more →