Tag: GBHackers – Latest Cyber Security News | Hacker News

In a race against time to safeguard user security, major browser vendors, including Google and Mozilla, have scrambled to release urgent updates in response to a critical vulnerability discovered in the WebP Codec.  This newly unearthed vulnerability, bearing the identifier…

Read more →

Chrome’s Stable and Extended stable channels have been upgraded to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows as part of a security update. One “Critical” security upgrade is included in this release. In the coming days and weeks,…

Read more →

Threat actors were using Windows Arbitrary File Deletion to perform Denial-of-service attacks on systems affected by this vulnerability. However, recent reports indicate that this Windows Arbitrary file deletion can be used for a full compromise. The possibility of this attack…

Read more →

The Ballistic Bobcat is an Iran-aligned APT group, and initially, about two years ago, cybersecurity researchers at ESET tracked this threat group. Here below, we have mentioned all the other names of the Ballistic Bobcat APT group:- Recently, cybersecurity analysts…

Read more →

Software as a Service (SaaS) security refers to the measures and practices employed to protect SaaS solutions’ data, applications, and infrastructure. SaaS is a cloud computing model where software applications are hosted and delivered over the internet, rather than installed…

Read more →

Gamaredon, also known as Primitive Bear, Actinium, or Shuckworm, is a Russian Advanced Persistent Threat (APT) group active since at least 2013. It is a very aggressive threat group that employs prolonged attacks that are highly disguised and particularly aggressive. The…

Read more →

In recent times, it’s been observed that fake malware-loaded browser updates are gaining rapid growth in the threat landscape. Rapid7 researchers recently identified a Fake Browser Update lure that tricks users into running malicious binaries, using a new loader to…

Read more →

Hive0117 group has launched a new phishing campaign, which targets individuals working for significant industries in the energy, banking, transportation, and software security sectors with headquarters in Russia, Kazakhstan, Latvia, and Estonia. This group is known for disseminating the fileless…

Read more →

Notepad++ v8.5.7 has been released, which has several bug fixes and new features. There has also been Integrity and authenticity validation, added Security enhancement and fixed a memory leak while reading Utf8-16 files. Multiple vulnerabilities in Notepad++ relating to Heap…

Read more →

Recent reports indicate that threat actors have been using Microsoft Teams to deliver DarkGate Loader malware. The campaign originated from two compromised external Office 365 accounts identified to be “Akkaravit Tattamanas” (63090101@my.buu.ac.th) and “ABNER DAVID RIVERA ROJAS” (adriverar@unadvirtual.edu.co) DarkGate loader…

Read more →

In the evolving hospitality industry landscape, where vacation rental software has transitioned from luxury to necessity, a growing concern emerges regarding cybersecurity.  This software, while primarily simplifying booking, guest interactions, and property management, stores sensitive data such as credit card…

Read more →

Recent reports indicate that a new threat actor named “W3LL” has been discovered running a large phishing empire completely hidden until now. It was also found that this threat actor played a major role in compromising Microsoft 365 business email…

Read more →

Google’s Threat Analysis Group (TAG) has issued an update regarding an ongoing campaign by North Korean threat actors targeting security researchers.  This campaign, which first came to light in January 2021, involved using 0-day exploits to compromise the security of…

Read more →

A new sophisticated stealing campaign named  “Steal-It”  has been discovered that exfiltrates NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script. It is believed that the Steal-It campaign may be attributed to APT28 (aka Fancy Bear) based on its…

Read more →

Google’s Threat Analysis Group (TAG) has issued an update regarding an ongoing campaign by North Korean threat actors targeting security researchers.  This campaign, which first came to light in January 2021, involved using 0-day exploits to compromise the security of…

Read more →

Two Zero-Day flaws have been discovered on Apple Devices affecting macOS, iOS, and iPadOS. The vulnerabilities involve an arbitrary code execution and a buffer overflow. Reports indicate that these vulnerabilities are being actively exploited. This is considered a high-risk vulnerability…

Read more →

A single sign-on (SSO) implementation flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform might make it possible for a remote, unauthenticated attacker to forge credentials to access a vulnerable system. This “Critical” severity vulnerability has…

Read more →

A Global Ticketing Giant company, See Tickets, recently reported a data breach that exposed the payment card information of over 300,000 customers. See Tickets, owned by Vivendi Ticketing, revealed the latest breach in a complaint with Maine’s attorney general.  The ticketing business…

Read more →

Multiple vulnerabilities have been discovered in Aruba 9200 and 9000 Series Controllers and Gateways running ArubaOS. The vulnerabilities related to Buffer Overflow and Hardware Root of Trust bypass. Aruba has released a security advisory for addressing these vulnerabilities. At the…

Read more →

RaaS (Ransomware-as-a-service) is actively strengthening the ransomware attacks, but understanding their operations is restricted by illegality.  That’s why ransomware attacks have surged in scale and complexity over the past decade, driven by RaaS models like Conti (formerly Ryuk). However, the…

Read more →