Tag: GBHackers – Latest Cyber Security News | Hacker News

Splunk Enterprise has multiple vulnerabilities that can lead to Cross-site Scripting (XSS), Denial of Service (DoS), Remote code execution, Privilege Escalation, and Path Traversal. The severities of these vulnerabilities range between 6.3 (Medium) to 8.8 (High).  Splunk has addressed these…

Read more →

Cisco released a fix for the medium impact vulnerability found on CommPilot Application Software, allowing cross-site scripting against the user interface. The Cisco BroadWorks CommPilot Application allows authenticated users to upload configuration files on the platform. The lack of file…

Read more →

In a shocking turn of events, Paramount Media recently fell victim to a significant data breach, leading to the unauthorized access of user personal information.  Paramount Media Networks(founded as MTV Networks in 1984 and known under this name until 2011)…

Read more →

Multiple vulnerabilities have been identified in ArubaOS-Switch Switches, specifically pertaining to Stored Cross-site Scripting (Stored XSS), Denial of Service (DoS), and Memory corruption. Aruba has taken measures to mitigate these vulnerabilities and has subsequently published a security advisory. ArubaOS-Switch is…

Read more →

Qakbot (aka QBot, Pinkslipbot) is a sophisticated banking Trojan malware that can spread through various methods. Once installed on a system, Qakbot can collect:- The FBI, along with the Justice Department, led a multinational operation to dismantle the complete infrastructure…

Read more →

Google has updated the Stable and Extended Stable channels for Mac, Linux, and Windows to version 116.0.5845.140/.141 to address a security issue in Chrome. One “high-severity” security patch is included in this version. This upgrade will roll out over the…

Read more →

The research revealed high malspam activity of DarkGate malware distributed via phishing emails to the users either through MSI files or VBs script payloads. Darkgate malware has been active since 2018 and has the ability to download and execute files…

Read more →

Email communication is essential for personal and professional contact in the modern digital environment. Email is widely used, making it a perfect target for cybercriminals, leading to increased phishing attempts, spam, and email spoofing. Strong email security measures are becoming…

Read more →

There were multiple vulnerabilities in the Juniper SRX and EX Series, which were reported previously. These vulnerabilities have a medium severity if they are separated. However, combining them together results in a pre-auth RCE, which is a critical vulnerability. Following…

Read more →

A recently discovered Android Trojan, dubbed “MMRat,” poses a serious threat to mobile banking security. Unlike other forms of malware, this Trojan is designed to evade detection from traditional antivirus software. The security experts at TrendMicro have identified the Trojan…

Read more →

Static NAT is a type of NAT that maps one public IP address to one private IP address. Every time a device with a private IP address on your network tries to access the internet, its traffic will be routed…

Read more →

Threat actors continue to evolve their spam tactics by utilizing legitimate  Google Groups to send Fake order messages to target multiple users.  Fake order scams work by notifying victims about the purchase status or confirmation that originally was not placed…

Read more →

Hackers can now capture your IP address and expose your physical location by sending a Skype link, even if you don’t click it. An IP address, which stands for “Internet Protocol address,” is like a unique digital home address for…

Read more →

Recent reports indicate that there has been a privilege escalation vulnerability discovered, which arises due to abandoned Active Directory URLs. Threat actors can use this flaw to gain illegal authorization codes that can be used against Microsoft Power Platform API…

Read more →

PurFoods, LLC, operating under the trade name Mom’s Meals, has announced the compromise of personal information affecting its clients and employees.  The company acknowledged that its cybersecurity defenses had been compromised, allowing unauthorized access to a treasure trove of consumer…

Read more →

Authorities in Poland arrested two individuals on suspicion of planning an unlawful hack into the communication network of the national railway, which caused delays in train service in some areas. The Polish PKP railway’s radio communication system was hacked on Friday…

Read more →

Microsoft Edge has published a release note that mentioned a Privilege escalation vulnerability with the CVE ID of CVE-2023-36741 and has a CVSS Score of 8.3 (High). This vulnerability exists in the Microsoft-Edge Chromium-based versions prior to 116.0.1938.62. An unauthorized…

Read more →

It has come to the attention of researchers that the LockBit 3.0 builder has suffered from a leak, which now allows anyone to create various versions of the LockBit ransomware according to their own preferences. This poses a serious security…

Read more →

To avoid detection, hackers employed a new method dubbed “MalDoc in PDF” to insert a malicious Word file into a PDF file. Despite having magic numbers and a PDF-specific file format, a file created with MalDoc in PDF may be opened…

Read more →

Poland’s Railway infrastructure, a crucial transit route for Western weapons transported to Ukraine, has been compromised by cybercriminals. The signals were intermingled with recordings of the Russian national anthem and a speech by President Vladimir Putin, according to the Polish…

Read more →

A Denial-of-Service vulnerability has been discovered in the Cisco Nexus 3000 and 9000 series switches, which could allow a threat actor to cause a denial-of-service condition due to a flaw in the IS-IS (Intermediate System-to-Intermediate System) protocol. ISIS is one…

Read more →

There has been a cyber attack on two cloud hosting providers, namely CloudNordic and Azero Cloud, both of which are owned by Certiqa Holding. The cyber attack has resulted in a complete data loss for all of their customers. The…

Read more →

A high-severity vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software might allow an unauthenticated local attacker to force an affected device to unintentionally reload. NX-OS is a network operating system for Cisco Systems’ Nexus-series Ethernet switches and…

Read more →

The recent discovery of a zero-day vulnerability (CVE-2023-2868) in Barracuda Networks Email Security Gateway (ESG) appliances has brought significant concern.  CVE-2023-2868 is a remote command injection vulnerability that grants unauthorized execution of system commands with administrator privileges on Barracuda ESG…

Read more →

The most widely used network protocol analyzer in the world, Wireshark, has released version 4.0.8. It is employed for network analysis, troubleshooting, software and communications protocol development, and education. This new version includes bug fixes, improved protocol support, and a…

Read more →

Brute force attacks have been one of the most common attack types. In Q1 2022, brute force made up 51% of all attacks! These attacks often pave the way for other types of threats and have devastating consequences for the…

Read more →

Corporate mobile devices have become essential to everyday tasks for employees, but this convenience also comes with security risks. The challenge lies in managing and securing multiple devices, especially without a proper solution. This is where mobile device management (MDM)…

Read more →

Privilege escalation is a commonly employed attack vector in the Windows operating system environment. Attackers often leverage offensive tools such as Meterpreter, CobaltStrike, or Potato tools to execute code such as “NT AUTHORITY\SYSTEM.”  These tools typically employ token duplication and…

Read more →

Kali Linux 2023.3 is now available, and it includes a variety of new packages and tools, as well as the usual upgrades. The release of Kali Linux 2023.3 arrives three months after Kali Linux 2023.2.  This upgrades the kernel from Debian…

Read more →

A cyber attack group – GroundPeony, targeting the Taiwanese government, was discovered in March 2023; it used several tactics, such as tampering with legitimate websites for distributing malware, URL obfuscation, and multi-stage loaders. Further investigations revealed that a China-nexus attack…

Read more →

One of the renowned hospitals in Israel became the victim of a data breach, and patients were blackmailed with a financial motive. According to an Israel Hayom report, Maayanei HaYeshua Medical Center in Bnei Brak was attacked, and the sensitive…

Read more →

Cyberattacks are becoming increasingly sophisticated, threatening organizations’ critical infrastructure and sensitive data more than ever. Core solutions such as SIEMs are often insufficient to ensure complete protection against malware infections, especially new and unexplored ones. As a result, security specialists…

Read more →

For a supply chain attack and to plant the Korplug backdoor (aka PlugX) on the systems of the targeted victims, an unknown APT group was found to be using the “Cobra DocGuard.”  Cobra DocGuard is a legit software package that…

Read more →

Two Server-Side Request Forgery (SSRF) vulnerabilities were found in Apache Batik, which could allow a threat actor to access sensitive information in Apache Batik. These vulnerabilities exist in the Apache XML Graphics Batik and are given CVE IDs CVE-2022-44729 and…

Read more →

Researchers have identified a new Malware-as-a-Service (MaaS) operator called ‘EVLF DEV’ as being behind the creation of CypherRAT and CraxsRAT. EVLF has been selling CraxsRAT, one of the most extremely dangerous Android RATs accessible today, for the past three years, with…

Read more →

An unauthenticated critical API access vulnerability was found in the Ivanti Sentry interface, which could allow a threat actor to gain access to sensitive APIs that can be used to access the Ivanti administrator portal and configure Ivanti Sentry. This…

Read more →

Multiple vulnerabilities have been discovered on Junos OS, which can be combined to execute a preAuth remote code execution vulnerability on Junos OS on SRX and EX Series. An unauthenticated network-based attacker can exploit these vulnerabilities by chaining them. Junos…

Read more →

A blind XPath injection vulnerability was discovered in Apache Software Foundation Apache Ivy, which allows threat actors to exfiltrate data and access sensitive information that is restricted to only the machine that runs Apache Ivy. This vulnerability exists in the…

Read more →

Multiple vulnerabilities have been discovered on Junos OS, which can be combined to execute a preAuth remote code execution vulnerability on Junos OS on SRX and EX Series. An unauthenticated network-based attacker can exploit these vulnerabilities by chaining them. Junos…

Read more →

DotRunpeX is one of the new and stealthiest .NET injectors that employs the “Process Hollowing” method, through which this malware distributes a diverse range of other malware strains. Cybersecurity researchers at Check Point recently revealed the real-world use and campaign-related…

Read more →

The recent Africa Cyber Surge II operation conducted by INTERPOL and AFRIPOL has revealed a stark reality – the surge in digital insecurity and cybercriminals threats across Africa.  This operation spanned 25 African countries and successfully identified 20,674 suspicious cyber…

Read more →

Android Smartphones lay a vital role in our daily life, as they help us to stay connected and, not only that even it also helps in performing several daily tasks like:- But, besides this, it also attracts the attention of…

Read more →

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, along with Windows and macOS. Here we have provided you with a top 10 best Linux distros in 2023 for all professionals. Hence Linux…

Read more →

Threat actors are actively modifying their TTPs to counter the advanced security mechanisms and tools to accomplish their illicit goals for several malicious purposes. Hiding malicious traffic in cloud storage platforms is not a new concept completely, and it seems…

Read more →

The Cuba ransomware seems to be gaining more pace with each passing year, and this ransomware has been operating and active since 2019. Until now, the operators of the Cuba ransomware have executed several high-profile attacks to target many industries…

Read more →

Cynomi, the leading AI-powered virtual Chief Information Security Officer (vCISO) platform vendor for Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs) and consulting firms, has published the results of its first annual report, “The State of the Virtual CISO…

Read more →

The Airplane mode in smartphones ensures safe device use on flights, as this feature prevents interference with critical flight systems by deactivating all the wireless functions of the smartphone. Besides this, the Airplane Mode’s role extends beyond travel, serving as:…

Read more →

Web servers are a prime target for threat actors due to their open and volatile nature. However, these servers must remain open to provide various web services to users. Web services that are provided on Windows servers by the Web…

Read more →

In the current world of cybersecurity, security threats are evolving at a rapid pace, as there are always new problems to deal with. Among the ever-evolving threats, SMS Bomber attacks are one of the modern attacks in the current threat…

Read more →

An SQL injection vulnerability was discovered in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME).  Cisco Unified CM is used for handling voice and video calls,…

Read more →

The vulnerabilities, CVE-2023-38401 and CVE-2023-38402, affect the HPE Aruba Networking Virtual Intranet Access (VIA) client for the Microsoft Windows operating system. If the exploit is successful, the attacker can overwrite arbitrary files. HPE Aruba Networking has issued an upgrade to…

Read more →

An ongoing campaign has resulted in the compromise of multiple LinkedIn accounts. However, the motive behind this campaign remains unclear at this time. Numerous users have reported instances of their LinkedIn accounts being temporarily locked, hacked, or permanently deleted. In…

Read more →

The Monti ransomware was found in June 2022 that attracted notice due to its close resemblance to the Conti ransomware, both in name and tactics, drawing attention from cybersecurity experts and organizations. Monti ransomware group has been observed to employ…

Read more →

Recent reports indicate that GigaBud malware has been targeting more than 99 financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru. GigaBud is an undocumented Android Remote Access Trojan (RAT) and has been active since July 2022. Investigating the…

Read more →

LummaC, an information stealer, is being disseminated on Russian-speaking forums through a Malware-as-a-Service (MaaS) approach. Sensitive data from affected devices is intended to be stolen by this malware.  Cryptocurrency wallets, browser add-ons, two-factor authentication credentials, and numerous files are some…

Read more →

ScrutisWeb is a secure solution that aids global organizations in monitoring ATMs, enhancing issue response time, and this solution is accessible through any browser. The following things could be done with the help of this secure solution:- Cybersecurity researchers at…

Read more →

The Federal Bureau of Investigation has released an announcement stating that cybercriminals are using mobile-beta testing applications to target victims for malicious purposes. These apps are often distributed through phishing or romance scams. These applications are capable of stealing personally…

Read more →

A malware campaign targeting the Ministries of Foreign Affairs of NATO-aligned countries was recently discovered, which used PDF files masquerading as a German Embassy email. One of the PDF files consists of Duke malware which was previously linked with a…

Read more →

Ford recently identified a buffer overflow flaw in the Wi-Fi driver used by it in the SYNC 3 infotainment system. After the discovery, Ford quickly alerted about this flaw and disclosed the vulnerability publicly. Car hijacking by hackers exploiting various…

Read more →

Xiaomi, the Asian smartphone giant, has implemented measures within its MIUI operating system that flag Telegram as a malicious app.  This move has ignited discussions surrounding both technical and political dimensions, raising questions about user privacy, app censorship, and the…

Read more →

Reports indicate that there seems to be an ongoing campaign that lures victims into installing a Remote Administration Tool called NetSupport Manager with fake Chrome browser updates.  Threat actors use this remote administration software as an info stealer and to…

Read more →

ChatGPT quickly gathered more than 100 million users just after its release, and the ongoing trend includes newer models like the advanced GPT-4 and several other smaller versions. LLMs are now widely used in a multitude of applications, but flexible…

Read more →

The 26th annual BLACK HAT USA is taken place at the Mandalay Bay Convention Centre in Las Vegas from August 5 to August 10, 2023. Four days of intensive cybersecurity training covering all skill levels are scheduled to start off…

Read more →

MoustachedBouncer, a cyberespionage group active since 2014, likely has performed ISP-level adversary-in-the-middle (AitM) attacks since 2020 to compromise its targets. For AitM, the MoustachedBouncer employs a lawful interception system like “SORM,” and besides this, it uses two toolsets that we…

Read more →

The Second quarter of 2023 has shown a significant increase in the overall cyber-threat risks. The blocking of unique web attacks rose to 24% which accounts for more than 700 million unique blocked attacks each month. Among these cyber risks,…

Read more →

Ransomware groups often recycle tools, techniques, and procedures. Even some of them also provide playbooks for affiliates as well. Numerous use Cobalt Strike for remote access, employ RDP brute force, and target Domain Controller servers to control network machines. Cybersecurity…

Read more →

The well-known bulletproof hosting platform, Lolek Hosted, has been shut down by law enforcement officials from the United States and Poland to limit fraudsters’ access to tools that enable anonymous online behavior. These platforms give hackers anonymity and are frequently…

Read more →

Infostealer malware is becoming extremely popular among cybercriminals, especially in the malware-as-a-service (MaaS) based sector. These kinds of malware remain undetected as much as possible for stealing information from the user’s device and transfer to the C2 server of the…

Read more →

In the last three years, hackers unknowingly seeking data or malware deployment have found a seemingly vulnerable virtual machine that is hosted in the U.S., which in reality, is a cleverly designed trap. While this cleverly designed, trap has been…

Read more →

The TargetCompany ransomware (aka Mallox, Fargo, and Tohnichi) is actively targeting the organizations that are using or running vulnerable SQL servers. Apart from this, recently, the TargetCompany ransomware unveiled a new variant of malware along with several malicious tools for…

Read more →

A new ransomware group known as ‘Rhysida’ has been operating since May 2023, posing a huge danger to the healthcare industry. Rhysida ransomware gang has been connected to several significant attacks, including an assault on the Chilean Army. Recently, the organization…

Read more →

CODESYS, a widely-used integrated environment for controller programming, holds a strong presence in Operational Technology across diverse industries, such as:- Backed by more than 500 manufacturers (including Schnieder Electric, Beckhoff, Wago, Eaton, ABB, Festo, etc.) and spanning various architectures that…

Read more →

RedHotel (TAG-22), a Chinese-state-sponsored threat group, is well-known for its persistence, prominence, operational intensity, and global reach. RedHotel is reported to have acted upon over 17 countries in North America Asia and between 2021 and 2023. This threat group poses…

Read more →

Gather Data Sampling (GDS) impacts select Intel CPUs, enabling attackers to deduce outdated data through malicious use of gather instructions. While all these entries link to the prior thread or sibling core registers. Like MDS, GDS (Gather Data Sampling) enables…

Read more →

Researchers have discovered a Google Bard Ads campaign that is being used by cybercriminals on Facebook to impersonate well-known generative AI brands such as ChatGPT and Google Bard. The campaign is actually malicious software that is disguised as legitimate ads.…

Read more →

Microsoft fixed 74 security issues in its August Patch Tuesday release, including two that were being actively exploited and twenty-three that allowed remote code execution. Although twenty-three RCE flaws were addressed, Microsoft only categorized six of them as ‘Critical,’ and 67…

Read more →

An unidentified threat actor has deployed the Yashma ransomware variant since June 4, 2023, actively targeting English-speaking countries like:- While this new variant of Yashma ransomware has reemerged after being fixed last year since the release of a decryptor. This…

Read more →

It has been reported that over 43 Android applications, which are available on the Google Play Store, display ads while the mobile screen is turned off. When the users attempt to open their home screen, they might catch a glimpse…

Read more →

Recent reports indicate that threat actors have been manipulating Script kiddies or amateur hackers into performing malicious actions that they never intended. This is done with the OpenBullet tool, which is used by web application testers and security professionals. OpenBullet…

Read more →

Microsoft Bug Bounty Program awarded $13.8M for their collaboration with over 345 security researchers from +45 countries around the world between July 01, 2023, to June 30, 2023. Bug Bounty Programs authorize independent security experts to report bugs to a…

Read more →

A Critical vulnerability was discovered in the widely used PaperCut MG/ NF print management software running on Windows prior to version 22.1.3. As of the July 2023 security bulletin, patches have been released by PaperCut to fix this vulnerability. PaperCut…

Read more →

According to recent reports, there have been instances of threat actors using malware called “SkidMap” to exploit vulnerable Redis systems. Earlier versions of SkidMap were used to surreptitiously mine cryptocurrency and create false network traffic and CPU usage by loading…

Read more →

After being criticized as “grossly irresponsible” and “blatantly negligent” by the CEO of Tenable, Microsoft addressed a vulnerability in the Power Platform Custom Connectors feature that allowed unauthenticated attackers access to cross-tenant apps and sensitive data from Azure customers. On…

Read more →

IBM has discovered a vulnerability in the IBM SDK, Java Technology Edition, that allows threat actors to execute arbitrary code on the system due to unsafe deserialization. This vulnerability exists in the Object Request Broker (ORB) and is given a…

Read more →

Tesla has a reputation for having highly integrated and technologically advanced car computers, which can be used for everything from basic entertainment to completely autonomous driving. BlackHat brief on an attack against modern AMD-based infotainment systems (MCU-Z) found on all current…

Read more →

A versatile Java-based RAT that is capable of keylogging and credential theft from browsers and email clients emerged in 2020 that is dubbed “STRRAT.” The most recent updated version of STRRAT evolved dramatically, and since its discovery, it has been…

Read more →

Magniber Ransomware was first detected in late 2017; it targeted South Korean users through malvertising attacks using the Magnitude Exploit Kit. It had been distributed earlier through Internet Explorer(IE) vulnerabilities. Since Microsoft announced IE’s end of support, it is now being…

Read more →

Magniber Ransomware was first detected in late 2017; it targeted South Korean users through malvertising attacks using the Magnitude Exploit Kit. It had been distributed earlier through Internet Explorer(IE) vulnerabilities. Since Microsoft announced IE’s end of support, it is now being…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has published a report which was co-authored by the NSA, FBI, and the FYEY (Five Eyes) from different countries. The report provides a complete insight into the Common Vulnerabilities and Exposures (CVEs) that…

Read more →

BEC, an acronym for Business Email Compromise, is a sophisticated form of cybercrime. Cyber threats have become a pressing concern in a world where almost every aspect of our lives is digitized. One of these threats that have been growing…

Read more →

Cult of the Dead Cow (cDc) is one of the oldest and most highly influential hacking groups that was formed at the end of the 1980s. This group was once responsible for distributing hacking tools and pointing out flaws in…

Read more →

The notorious Hacktivists group, Known as Mysterious Team Bangladesh, exploits vulnerable versions of PHPMyAdmin and WordPress. It conducts DDoS and defacement attacks through open-source utilities and is believed to have carried out over 750 DDoS and 70+ website defacements within…

Read more →

The National Security Agency (NSA) has released best practices for configuring and hardening Cisco Firepower Threat Defense (FTD) which can help network and system administrators in configuring these Next Generation Firewalls (NGFW). These Cisco FTD systems provide a combination of…

Read more →

HackerOne is a renowned cybersecurity company that offers bounty and penetration testing platforms to ethical hackers for the following activities:- HackerOne is a San Francisco-based startup, and at the moment, it boasts more than 450 employees globally. However, HackerOne CEO…

Read more →

A website pretending to be Flipper Devices offers a free FlipperZero in exchange for completing an offer, but it merely directs users to insecure browser extensions and fraudulent websites. Flipper Zero is a portable multi-functional cybersecurity gadget designed for pen…

Read more →

Legitimate SSM agents can turn malicious when attackers with high-privilege access use it to carry out ongoing malicious activities on an endpoint. Once compromised, the threat actors retain access to the compromised system, allowing ongoing illicit activities on AWS or…

Read more →

A critical remote code execution (RCE) vulnerability identified as CVE-2023-3519 has been the subject of several attacks, which have already compromised and backdoored hundreds of Citrix Netscaler ADC and Gateway servers. Attackers used web shells on at least 640 Citrix servers in…

Read more →

An unreported phishing campaign that disseminated a Python version of the NodeStealer has been found. NodeStealer gave threat actors the ability to steal browser cookies and use them to hijack users’ accounts on the platform, with a focus on business accounts.…

Read more →

LLMs are commonly trained on vast internet text data, often containing offensive content. To mitigate this, developers use “alignment” methods via finetuning to prevent harmful or objectionable responses in recent LLMs. ChatGPT and AI siblings were fine-tuned to avoid undesirable…

Read more →

Threat actors targeting macOS have increased lately as there were several cases of macOS information stealer malware found in the past, and many are being currently exploited in the wild.  According to reports, there was a new macOS malware found…

Read more →