Tag: GBHackers – Latest Cyber Security News | Hacker News

US Navy, one of the red team members, recently released “TeamsPhisher,” a tool that exploits the Microsoft Teams’ security flaw that is not fixed to bypass the incoming file restrictions from external tenants. This new tool allows attackers to deliver…

Read more →

Firefox has released patches for some of its high and moderate vulnerabilities in Firefox, ESR (Extended Support Release), and Thunderbird products. These vulnerabilities were privately disclosed, and appropriate CVEs and security advisories have been released. The severity of the released…

Read more →

OpenAI recently disabled ChatGPT’s Bing browsing due to user discovery of its paywall-bypassing potential, commonly employed by news outlets to promote paid subscriptions. While OpenAI makes this announcement via a tweet. The Bing browsing feature is exclusive to ChatGPT Plus…

Read more →

China has declared that it is going to control the exports of several metals used in the semiconductor sector, including goods made of gallium and germanium. The announcement follows Washington’s attempts to restrict Chinese access to select advanced microprocessors. China’s…

Read more →

Hackers use Malicious QR Codes to Retrieve Employee Credentials. Sophisticated technology has been overwritten by simple technologies like QR replacing Barcodes. QR (Quick Response) has been playing a major role in the current generation, which provides the response within a…

Read more →

ChatGPT has been met with skepticism and optimism in equal measures in the cybersecurity realm. IT professionals leverage this chatbot to write firewall rules, detect threats, develop custom codes, test software and vulnerability, and more.  This has another implication, too…

Read more →

The Burp Scanner’s new GraphQL capabilities allow it to recognize known endpoints, locate hidden endpoints, determine whether introspection or recommendations are enabled, and report when an endpoint fails to validate the content type. Portswigger, the firm behind the renowned web…

Read more →

Being a business owner has unquestionably many perks. However, there are plenty of hazards as well. Criminals often target businesses of all sizes and types worldwide, posing a constant problem. Because of the important and sensitive data they manage, e-commerce…

Read more →

The July 2023 Product Security Bulletin from Taiwanese chipmaker MediaTek describes security flaws impacting MediaTek chipsets for smartphones, tablets, AIoT, smart displays, smart displays, OTT, and Wi-Fi. This security advisory provides details on 24 vulnerabilities, of which CVE-2023-20754 and CVE-2023-20755…

Read more →

The latest research shows Fortigate firewalls are vulnerable to remote code execution attempts. 490,000 affected SSL VPN interfaces are exposed on the internet, and roughly 69% are currently unpatched. Bishop Fox internally developed an exploit for CVE-2023-27997, a heap overflow…

Read more →

The Cybersecurity & Infrastructure Security Agency (CISA) is well-known for providing preventive measures to all organizations based on their recent research and exploitation from threat actors. CISA has recently added and published a list of 8 new vulnerabilities which are…

Read more →

A Major Data Leak of information affects well-known social media sites, including TikTok, Instagram, and Yahoo. The alleged data leak included a 178GB TikTok database, over 17 million records on Instagram accounts, and a database leak for Yahoo! accounts. SOCRadar…

Read more →

Over recent months, CPR (Check Point Research) monitored a Chinese threat actor attacking European Foreign Affairs ministries and embassies. Check Point Research identified a broader trend of Chinese activity, specifically targeting European entities and their foreign policy. While security analysts…

Read more →

The cybersecurity researchers at Trend Micro recently identified that the Blackcat Ransomware (aka ALPHV) actors are using malvertising tricks to spread fake WinSCP installers via Targeted Attack Detection (TAD) service. In these advertising campaigns, the threat actors lured their victims…

Read more →

In a class action complaint filed on Wednesday, it is claimed that OpenAI and Microsoft stole “vast amounts of private information” from internet users without their permission to train ChatGPT. The case seeks $3 billion in damages. There is currently…

Read more →

It has been discovered that the Siemens A8000 CP-8050 and CP-8031 PLCs contain a vulnerability that can be exploited for Remote Code Execution (RCE) without the need for authentication. The Siemens SICAM A8000 is a versatile device that can be…

Read more →

It has been discovered that the Siemens A8000 CP-8050 and CP-8031 PLCs contain a vulnerability that can be exploited for Remote Code Execution (RCE) without the need for authentication. The Siemens SICAM A8000 is a versatile device that can be…

Read more →

Around 2700 people were rescued in Manila who were involved in Human Trafficking for fraudulent online gaming sites and other cybercrime groups. The latest news regarding nighttime rides shows Las Pinas City in metropolitan Manila has become the Hubspot for…

Read more →

A new tool named “Snappy” developed by cybersecurity experts, can assist in identifying rogue WiFi access points that aim to steal data from users who are unaware. Tom Neaves, a security researcher with Trustwave and an enthusiast of wireless and…

Read more →

Submarine cables installed on the ocean floor facilitate the transmission of data and voice between land-based stations. International communication has relied on submarine cables since the first one was laid across the English Channel in 1850. This cable was used…

Read more →

Recently, the Wall Street Journal reported that in the early months of this year, a Chinese spy balloon utilized American technology to effectively collect audio-visual information while crossing the United States. Multiple US defense and intel agencies’ analysis revealed balloon…

Read more →

The sudden surge in the activity of 8base ransomware in June 2023 shows it is a well-established organization to execute attacks that alarms security professionals and industries. The group utilizes encryption paired with “name-and-shame” techniques to compel their victims to…

Read more →

The cybersecurity researchers at Morphisec Labs have been tracking the GuLoader campaign since April of this year and found that it has been actively targeting the law firms that are based in the US along with several other sectors like:-…

Read more →

Akira ransomware appeared in 2017 when it encrypted video folders without leaving any ransom notes. The file encrypted by Akira ransomware has an extension of .akira. Researchers have been working on decrypting the files affected by the ransomware and finally…

Read more →

According to a report from the Telegram channel, Dozor, a Russian telecommunications company that offers services to power grids, oil fields, the Russian military, and the Federal Security Service (FSB), has been hacked. The post that the unknown threat actors…

Read more →

Cloud service providers fundamentally changed the way we do business in 2023. Office 365 is one of the most popular cloud-based services catering to online businesses. The suite’s advanced collaboration and productivity features make it a go-to service for businesses…

Read more →

The top 25 most dangerous software weaknesses impacting software for the previous two calendar years have been published by MITRE as part of the 2023 Common Weaknesses Enumeration (CWE). Attackers can utilize these flaws to seize control of a vulnerable…

Read more →

Brave version of 1.54 for desktop and Android will include more powerful features for controlling which sites can access local network resources and for how long. Malicious requests from websites to access local host resources act as a fingerprinting technique…

Read more →

Charming Kitten APT Group Uses Innovative Spear-phishing Methods. Volexity researchers recently noticed that threat actors are actively intensifying their efforts to compromise the credentials or systems of their targets by employing Spear-phishing Methods.  While spear-phishing techniques involve sending personalized messages…

Read more →

Cybersecurity researchers at FortiGuard Labs recently found an unseen infostealer dubbed “ThirdEye” that is mainly crafted to steal several information from the systems that are compromised. While the stolen data and information that are gathered by this infostealer are used…

Read more →

A flaw was discovered in Progress MOVEit Transfer, a popular third-party online transfer application. By exploiting the flaw, attackers compromised multiple organizations, including U.S. Government agencies. Honeywell is the recent victim of MOVEit Hackers as they gained Unauthorized access to…

Read more →

A newly emerged ransomware known as Akira expands its operations to target Linux-based platforms which add the “.akira” file extension to each compromised file.  Akira ransomware mostly operating since April 2023, and actively targeting numerous organizations, compromising their sensitive data. …

Read more →

The latest research discovered Andariel, a part of the Lazarus group, introduced several new malware families, such as YamaBot and MagicRat, updated versions of NukeSped and DTrack.  Andariel group executed the Maui ransomware attack using the DTrack backdoor by exploiting…

Read more →

The Flipper Zero hacking device plans on selling $80 million worth of gadgets this year, up from preorders on Kickstarter that totaled over $5 million. It also claims to have sold $25 million of the devices last year. The business, established…

Read more →

SIEM (Security Incident and Event Management) tools are being used in most organizations for monitoring, analyzing, and preventing threat actors. Organizations are trying to build more and more in terms of security to protect against ransomware attacks, data breaches, and…

Read more →

IBM QRadar is a popular SIEM (Security Incident and Event Management) tool organizations use to detect and monitor threats. The IBM QRadar SIEM can be used in the form of a physical appliance, a software-only solution, or a virtual appliance.…

Read more →

Cisco AsyncOS Software, used by Cisco Secure Email and Web Manager, Cisco Secure Email Gateway (previously Cisco Email Security Appliance; ESA), and Cisco Secure Web Appliance (WSA), has multiple flaws in its web-based management interface. The vulnerabilities could allow a…

Read more →

Zyxel has been one of the world’s leading networking products manufacturing companies and one of the top companies in the telecommunications industry.  The company has customers worldwide, including the United States, the United Kingdom, France, and India. Zyxel NAS (Network-Attached…

Read more →

A fresh ongoing campaign spreads the Android banking Trojan known as Anatsa. New institutions in the United States, the United Kingdom, and German-speaking countries were hit by this wave of Anatsa malware. Threat actors intend to steal credentials by authorizing customers…

Read more →

Chrome Security Update – 4 High-Severity Vulnerabilities Patched. For Mac, Linux, and Windows, the Stable and Extended Stable channels have been upgraded to 114.0.5735.198/114.0.5735.198/199, respectively.  This update will be rolling out over the next few days/weeks. With three issues that…

Read more →

American Airlines and Southwest Airlines, two significant US-based aviation companies, have announced data breaches that have impacted their Pilot Credentials. Pilot Credentials, a third party, manages various airlines’ pilot application and recruiting websites, including Southwest Airlines. The Pilot Credentials issue,…

Read more →

A new variant of Mallox ransomware, also known as “Target company” ransomware, adopts a unique method of appending the name of the targeted company as a file extension to encrypt the files and launch the ransomware attack. The Mallox threat…

Read more →

A new variant of Mallox ransomware, also known as “Target company” ransomware, adopts a unique method of appending the name of the targeted company as a file extension to encrypt the files and launch the ransomware attack. The Mallox threat…

Read more →

Joseph James O’Connor, 24, a UK citizen, was responsible for one of the biggest social media hacks in 2020, where Twitter accounts of several celebrities and verified accounts were hacked for posting about a “double your cryptocurrency” scam. O’Connor was…

Read more →

Digital initiatives play a crucial role in business today; they bring new business opportunities, fostered creative partnerships, and deliver new customer conveniences across multiple industries. But all these innovations pose the biggest challenges for CISOs/CSOs, and they don’t want companies…

Read more →

Web application security refers to the measures taken to safeguard web applications from potential attacks. It involves strategies and processes to secure web applications from external threats that could compromise their functionality, safety, and data integrity. An effective web application…

Read more →

The founder of BreachForums made his first court appearance in the Eastern District of Virginia over a criminal complaint arising from his alleged creation and oversight of a prominent hacking forum and illicit marketplace for cybercriminals. More than 340,000 individuals claimed to…

Read more →

The latest research unveiled the JavaScript-based droppers, which deliver Bumblebee and IcedID malware instead of PowerShell-based droppers. These two malware types are significantly related to ransomware attacks.  Bumblebee is a modular loader, distributed primarily through phishing, used to deliver payloads…

Read more →

In the most extreme action taken against the firm by the agency’s chair, Lina Khan, the Federal Trade Commission filed a lawsuit against Amazon on Wednesday, accusing it of illegally pressuring customers to subscribe to its Prime membership and making…

Read more →

Malicious cyber actors might exploit a known flaw in Microsoft Windows’ secure startup process to bypass Secure Boot protection and run the BlackLotus malware. BlackLotus uses a known flaw dubbed “Baton Drop,” tracked as CVE-2022-21894, to bypass beyond security precautions made by the…

Read more →

An attack called RepoJacking may potentially affect millions of GitHub repositories. If abused, this vulnerability might result in code execution on the internal networks of organizations or on the networks of their customers.  This includes the repositories of companies like…

Read more →

The latest version of Microsoft Teams had a security flaw uncovered recently by Max Corbridge (@CorbridgeMax) and Tom Ellson (@tde_sec), JUMPSEC’s Red Team members. Due to this flaw, there is a possibility for malware to be injected into organizations that…

Read more →

XSS is a very commonly exploited vulnerability type that is very widely spread and easily detectable, and also it is one of the important vulnerabilities in OWASP TOP 10. What is XSS(Cross-Site Scripting )? An attacker can inject untrusted snippets…

Read more →

The threat actor “Midnight Blizzard” is engaging in increasing credential attack activity. They conceal the origin of their assaults by employing residential proxy services. These attacks target governments, IT service providers, NGOs, the defense sector, and vital manufacturing. Numerous password…

Read more →

CalPERS (California Public Employees’ Retirement Systems) is an organization working to provide pension benefits for retirees and health security services for public servants and their survivors.  CalPERS has been working alongside PBI (Public Research Services/Berwyn Group) to identify member deaths…

Read more →

The subject of whether ChatGPT can be used to create phishing sites and if it can also be used to detect them accurately has been discussed by security researchers. This experiment has been conducted to see how much cybersecurity information…

Read more →

The subject of whether ChatGPT can be used to create phishing sites and if it can also be used to accurately detect them has been discussed by security researchers. This experiment has been carried out to see how much cybersecurity…

Read more →

In the ever-evolving landscape of system connectivity, APIs have transformed how information is shared and utilized. However, their widespread adoption has introduced security risks that cannot be ignored.  LinkedIn’s data breach, where approximately 92% of data was exposed due to…

Read more →

Former FBI Analyst sentenced for keeping hundreds of National Defense documents and other classified information. According to the report published by the Department of Justice, Kendra Kingsbury, 50 who was a former FBI analyst was arrested and sentenced to 46…

Read more →

Hackers Attack Linux SSH Servers. An attack campaign has been recently uncovered by AhnLab ASEC, where poorly controlled Linux SSH servers are targeted and infiltrated with the Tsunami DDoS Bot. In addition to Tsunami, the threat actor installed several other…

Read more →

Xerosploit is a penetration testing toolbox whose objective is to perform man-in-the-middle attacks. It brings different modules that permit to acknowledge of proficient assault and furthermore permit to do DOS attacks and port filtering. We can use this tool to…

Read more →

Stealthy SMS Side-Channel Attack Exposed. When you send an SMS, delivery reports let you know if your message reached the recipient. But here the most interesting thing is that they also have the potential to provide the location of the…

Read more →

On illegal Dark Web Markets, more than 101,000 hacked accounts of the OpenAI language model ChatGPT were discovered. These hacked credentials were found in the logs of information-stealing malware sold on illegal dark web markets. Reports say in May 2023,…

Read more →

Hackers Attacks on Websites, the websites developed by a certain Korean company, have been the subject of assaults and have been used to spread malware.  A wide range of businesses, including those in the manufacturing, trade, electrical, electronics, education, construction, medical,…

Read more →

Recent reports indicate that a cyber attack hit the European Investment Bank (EIB) – DDoS Attack claimed to be from Russian threat actors. Cybercrime activities have seen a large rise after the Russia-Ukraine LoCs heated up in 2022. Several threat…

Read more →

Recently, the High Court in Auckland sentenced the Megaupload programmers to jail after they admitted guilt and agreed to provide testimony against Kim Dotcom. The two men overseeing the site ‘Megaupload’ received individual prison terms exceeding two years. Here below,…

Read more →

An ongoing phishing campaign has found that attackers abuse legitimate credential harvesting services and data exfiltration to avoid detection. With 59% of assaults recorded, credential harvesting has consistently been the most common attack vector. It contributes significantly to business email compromise…

Read more →

Recently, the cybersecurity researchers at CYFIRMA found that hackers are actively using “Mystic Stealer Malware,” a new information stealer.  It’s been claimed that in an underground forum, this new information stealer is actively advertised by the threat actors, and for…

Read more →

Since August 2022, a recently discovered Android virus named “GravityRAT” has rapidly circulated through a new Android malware campaign.  It gains access to phones by disguising itself as a fraudulent chat app called ‘BingeChat‘ in order to steal users’ sensitive…

Read more →

Recently, it’s been confirmed by Microsoft that the current outage problems experienced by the following services of Microsoft were due to intentional Layer 7 DDoS attacks:- The credit for the attacks goes to a threat actor called Storm-1359 (aka Anonymous…

Read more →

A Vulnerability Scanner Tool is one of the essential tools in IT departments Since vulnerabilities pop up every day and thus leaving a loophole for the organization. The Vulnerability scanning tools help detect security loopholes in the application, operating systems,…

Read more →

Cloud Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service from…

Read more →

This article will help you to understand the modern cyber threats and the most commonly used attack surfaces behind any malware/cyber-attacks. In most times, the cyber attacks are getting executed in stages. So the SOC team must understand the attack patterns…

Read more →

It has been discovered that threat actors might take over expired Amazon S3 buckets to serve rogue binaries without changing the actual modules. Malicious binaries exfiltrate the stolen data to the hacked bucket after stealing the user names, passwords, local machine…

Read more →

Shell corporation has published a report indicating that they have faced a security incident that involved Accelion’s File Transfer appliance in 2021.  This is the second time the company has faced a security incident after 2021. Shell is one of…

Read more →

A global cyberattack targeting numerous US federal government institutions has been launched as a result of the recent revelation of vulnerabilities in the MOVEit Transfer and MOVEit Cloud platforms. According to reports, the claimed responsible ransomware group, Clop, is known to…

Read more →

Recently, the cybersecurity researchers at VulnCheck identified a growing trend of hackers masquerading as cybersecurity researchers on social platforms like Twitter and GitHub.  While hackers are doing so to spread fake proof-of-concept exploits for the vulnerabilities that are Zero-day in…

Read more →

LockBit was one of the most widely used ransomware in 2022, targeting both small and large organizations irrespective of their size or net worth. The threat actor group deploying this LockBit ransomware was working as a RaaS (Ransomware-as-a-service) based group…

Read more →

Based on the recent reports by IOActive, Drones, also called Unmanned Aerial Vehicles (UAVs), are vulnerable to code injection, which would result in gaining complete access to the firmware and core functionality of the drone. Drones have been used in…

Read more →

The Chinese cyberespionage gang, identified as UNC3886, has been spotted employing a VMware ESXi zero-day vulnerability to get escalated privileges on guest virtual machines. UNC3886 has been using malicious vSphere Installation Bundles (VIBs), typically used to maintain systems and deploy…

Read more →

Bolster’s threat research team recently discovered an extensive brand impersonation effort targeting more than 100 well-known clothes, footwear, and apparel firms. The peak phishing activity for this campaign occurred between November 2022 and February 2023, after becoming active around June…

Read more →

A shocking discovery has been made by researchers, unveiling an innovative method for extracting covert encryption keys from smart cards and smartphones. Utilizing the integrated cameras of iPhones or surveillance systems, they record videos of power LEDs, serving as indicators…

Read more →

The information of hundreds of thousands of Indians who received the COVID vaccination was exposed in a significant data breach and posted on a Telegram channel. The Fourth News, a Malayalam news portal, said that a Telegram bot on the…

Read more →

An alarming cyberattack has hit the University of Manchester, and the University confirmed this incident officially on June 9, 2023. This unfortunate event likely resulted in threat actors’ unauthorized access, raising concerns about potential data exposure. The University of Manchester…

Read more →

In a recent revelation, Microsoft disclosed that banking and financial service institutions had become the active target of a fresh attack known as adversary-in-the-middle (AitM) phishing and BEC. As the number of reported cases surpasses 21,000 and the losses skyrocket…

Read more →

Super Smash Flash 2 Unblocked is the next fun version of the impressive game series which is titled Super Smash Bros. Super Smash Flash 2 was designed by McLeodGaming operator. The release of the game was as brilliant as its…

Read more →

Penetration testing & Hacking Tools are more often used by security industries to test the vulnerabilities in networks and applications. Here you can find the Comprehensive Penetration Testing & Hacking Tools list that covers Performing Penetration testing Operations in all…

Read more →

The digital counterpart of your physical reality is growing phenomenally. While positive outcomes are certainly there, with the growth of the internet, the risks associated with it are also growing rapidly. When discussing cybersecurity risk management, the first thing that…

Read more →

Eaton Zveare, a security researcher, has released the specifics of major vulnerabilities uncovered in Honda’s e-commerce platform for power equipment, marine, and lawn & garden products. It allowed anyone to reset their password for any account and was therefore open…

Read more →

Network Security tools for Penetration testing is more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Network Security Tools list that covers Performing Penetration testing Operation in all the…

Read more →

Recently, a script kiddie has been banned for sharing the stolen OpenAI API keys with many users on Discord for the r/ChatGPT subreddit. Developers can seamlessly incorporate OpenAI’s language model, GPT-4, into their applications using API keys. Oftentimes, developers unintentionally…

Read more →

PortSwigger released a brand-new version of Burp Suite 2023.6 that is intended for both Professional and Community users. BChecks, a new type of custom scan check, are introduced in this release. Additionally, it includes GraphQL scan checks, enhancements to Burp…

Read more →

The North Korean APT group Kimsuky has been running a social engineering operation that targets experts in North Korean affairs from the non-government sector, according to SentinelLabs. For spear-phishing attempts to gather intelligence from think tanks, research centers, academic institutions, and…

Read more →

Recently, cybersecurity researchers uncovered that over 60,000 Android applications had been stealthily disguised as genuine software for the past six months. It has been identified that these malicious apps have been secretly implanting adware onto unsuspecting mobile devices without detection.…

Read more →

Google has recently taken prompt security measures by releasing a security update for its Chrome web browser, aiming to fix the third zero-day vulnerability of this year that hackers have exploited. The third Chrome zero-day vulnerability that was fixed recently…

Read more →

A major MOVEit Hack has impacted many businesses, notably the BBC, British Airways, Boots, and Aer Lingus. The organizations acknowledged that tens of thousands of British Airways, Boots, and BBC staff had their personal information compromised due to a large-scale…

Read more →

A Vulnerability Scanner Tools is one of the essential tools in IT departments Since vulnerabilities pop up every day and thus leaving a loophole for the organization. The Vulnerability scanning tools help detect security loopholes in the application, operating systems,…

Read more →

Moonlighter, a groundbreaking project dubbed the “first-ever hacking sandbox in space,” will revolutionize satellite hacking as it ventures into low-Earth orbit in August.  This pioneering effort promises to push the boundaries of cybersecurity by providing a unique platform for hacking…

Read more →

OpenAI, supported by Microsoft, recently unveiled an innovative cybersecurity grant initiative to enhance AI-driven cybersecurity measures. The creators of ChatGPT are actively engaged in enhancing cybersecurity evaluations for AI models, aiming to measure and enhance their efficacy.  They are dedicated…

Read more →

Analyzing the malware to break down its function and infection routine is a kind of tough job. here we describe the complete Malware Analysis Tutorials, tools, and elaborate cheatsheet. Also Read; Became a Certified Malware Analyst What is Malware Analysis?…

Read more →