Tag: GBHackers – Latest Cyber Security News | Hacker News

More than two million Android users have been tricked into installing a set of malicious, phishing, and advertising apps via the Google Play store. Dr. Web antivirus discovered that these apps were disguised as essential utilities and system optimizer tools.…

Read more →

The Threat Research Unit at Qualys’ has revealed how a new Linux flaw tracked as (CVE-2022-3328),  may be combined with two other, seemingly insignificant flaws to gain full root rights on a compromised system. The Linux snap-confine function, a SUID-root…

Read more →

The mobile security firm Zimperium has recently issued a warning about a Trojan called “Schoolyard Bully,” which is actively masquerading as an educational application in a malicious threat campaign. While this trojan “Schoolyard Bully” has been active since 2018, and…

Read more →

In response to the active exploit of an open high-severity zero-day vulnerability (CVE-2022-4262) in the Chrome web browser, Google has released an emergency security patch to address the issue. Actively exploited Chrome zero-day vulnerability that allows attackers to execute an…

Read more →

With cyberattacks cropping up in several tech sectors today, there is rightly more focus on monitoring software supply chains in the SDLC than ever before. When SolarWinds was hacked in 2020, the event sent shockwaves across the software industry. Although…

Read more →

Spanish National Police arrested the notorious SIM-swapping gang operating under the name “Black Panthers” for various cyber crimes. The law enforcement agents arrested 55 people, including the leader heading this Black Panthers gang. The operators behind this Black Panthers committed the bank…

Read more →

Recently, Mandiant Managed Defense discovered cyber espionage activity that focuses on the Philippines and mainly uses USB drives as an initial infection vector. This operation, which Mandiant tracks as ‘UNC4191’, has a connection to China. The report states that operations of…

Read more →

It turns out that Akamai’s team of researchers accidentally killed a newly discovered cryptocurrency mining botnet known as KmsdBot during the investigation. Due to a syntax error, the botnet was unable to send commands any longer, and as a result,…

Read more →

A trio of newly discovered exploit frameworks has been detailed by Google’s Threat Analysis Group (TAG) in a recent publication. In the last few years, these exploit frameworks have been exploited as zero-day vulnerabilities by exploiting:  There were three separate…

Read more →

IP geolocation services are capable of far more than serving website visitors in their local language and currency using IP lookup. They can also play a critical role in cybersecurity. Geolocation data can source the IP address of DDoS (Distributed…

Read more →

A trio of newly discovered exploit frameworks has been detailed by Google’s Threat Analysis Group (TAG) in a recent publication. In the last few years, these exploit frameworks have been exploited as zero-day vulnerabilities by exploiting:  There were three separate…

Read more →

Using data from the August 2022 incident, LastPass experienced a breach of user information within a third-party cloud storage service. LastPass is a freemium Android password manager that simply collects encrypted passwords online, and LogMeIn, Inc. obtained the LastPass in…

Read more →

Multiple critical vulnerabilities were found by the security researchers at Synopsys in three Android apps that enable users to control computer systems with Android devices.  Furthermore, these critical vulnerabilities could be exploited by threat actors to expose key presses and…

Read more →

A Vulnerability Scanning Tool is one of the essential tools in IT departments Since vulnerabilities pop up every day and thus leaving a loophole for the organization. The Vulnerability scanning tools help in detecting security loopholes in the application, operating…

Read more →

Cybersecurity analysts at Checkmarx affirmed that a popular TikTok challenge is being used by hackers to trick people into downloading malicious software that steals private information from them. Currently, the #invisiblefilter tag of this challenge has accumulated over 25 million…

Read more →

The cybersecurity researchers at Binarly recently discovered that outdated versions of the OpenSSL cryptographic library are still being used by the following companies on their devices:-  OpenSSL cryptographic library versions that are outdated provide a risk to the supply chain…

Read more →

The eighth zero-day vulnerability used in attacks this year has been fixed by Google in an emergency security upgrade for the desktop version of the Chrome web browser. This high-severity zero-day vulnerability is tracked as CVE-2022-4135, a Heap buffer overflow…

Read more →

The eighth zero-day vulnerability used in attacks this year has been fixed by Google in an emergency security upgrade for the desktop version of the Chrome web browser. This high-severity zero-day vulnerability is tracked as CVE-2022-4135, a Heap buffer overflow…

Read more →

Recently, there have been almost 1000 arrests made as a result of a police operation conducted by INTERPOL in an attempt to combat online fraud. As a result of this operation, Interpol recovered virtual assets worth USD 129,975,440. Between June…

Read more →

There has recently been a discovery made by IBM Security X-Force Threat Researchers regarding a new variant of ransomware known as RansomExx that is dubbed RansomExx2 which was written in Rust language. While threat actor behind this malware is known…

Read more →

Web Application Pentesting is a method of identifying, analyzing and Report the vulnerabilities which are existing in the Web application including buffer overflow, input validation, code Execution, Bypass Authentication, SQL Injection, CSRF, Cross-site scripting in the target web Application which…

Read more →

In order to steal cryptocurrency and clipboard contents, ViperSoftX was detected by the security analysts at Avast, a Windows malware that is using a Google Chrome extension called VenomSoftX. A JavaScript-based RAT and crypto-hijacker are hidden within this Chrome extension…

Read more →

There is a collection of IOCs from VirusTotal and YARA Rules that has been recently open-sourced by the Google Cloud Threat Intelligence team.  As a result, Google has taken this step to make it easier for security researchers to catch…

Read more →

Security researchers at Cyble recently identified that the authors of ransomware now have access to a brand new malicious tool – AXLocker – which has the ability to encrypt and make the multitude of file types unusable. As one of…

Read more →

An extensive phishing campaign targeting businesses in numerous upright markets, including retail, was discovered by Cyjax recently in which the attackers exploited the reputation of renowned brands, and this includes the following business sectors:- Fangxiao is a group classified as…

Read more →

Experts from Rapid7 observed a customized CentOS installation operating on F5 BIG-IP and BIG-IQ devices found to have various vulnerabilities.  While the other flaws are security bypass methods that F5 does not consider vulnerabilities, two of the vulnerabilities have been…

Read more →

Recently, the Mitiga Research Team found that hundreds of databases each month were exposed, with significant Personally Identifiable Information (PII) leakage. An analysis found that the reputable Amazon Relational Database Service is leaking PII through exposed Relational Database Service (RDS)…

Read more →

Recently, the FBI and CISA published a joint advisory in which they disclosed an Iranian APT group compromised the Federal Civilian Executive Branch (FCEB) organization network Domain controller by exploiting the Log4Shell RCE flaw (CVE-2021-44228) to deploy XMRig crypto-mining malware…

Read more →

To settle a privacy lawsuit brought by a group of attorneys general from 40 different U.S. states, Google has agreed to pay $391.5 million. Reports say U.S. Michigan will earn close to $12 million from the settlement, which is the…

Read more →

Recently, a new piece of evasive malware has been discovered that is able to gain entry into enterprise systems in order to mine cryptocurrency by exploiting a key internet-facing protocol. Researchers have discovered that the malware is capable of launching…

Read more →

Recently, the cybersecurity researchers of Sucuri have found that threat actors are conducting a tremendous massive black hat search engine optimization (SEO) campaign.  However, nearly 15,000 websites redirected visitors to participate in fake Q&A discussion forums in this campaign. Over…

Read more →

Experts from Rapid7 observed a customized CentOS installation operating on F5 BIG-IP and BIG-IQ devices found to have various vulnerabilities.  While the other flaws are security bypass methods that F5 does not consider vulnerabilities, two of the vulnerabilities have been…

Read more →

Recently, the Mitiga Research Team found that hundreds of databases each month were exposed, with significant Personally Identifiable Information (PII) leakage. An analysis found that the reputable Amazon Relational Database Service is leaking PII through exposed Relational Database Service (RDS)…

Read more →

Experts from Rapid7 observed a customized CentOS installation operating on F5 BIG-IP and BIG-IQ devices found to have various vulnerabilities.  While the other flaws are security bypass methods that F5 does not consider vulnerabilities, two of the vulnerabilities have been…

Read more →

The Worok threat infects victims’ computers with information-stealing malware by concealing malware within PNG images with the help of the Steganography technique, which makes it very difficult to detect by malware scanners. The finding has substantiated one of the most…

Read more →

There was an extensive phishing campaign that took advantage of YouTube as a vehicle for promoting the download and installation of cracked software and free games. In this campaign, attackers are abusing video tutorial that has the intention of tricking…

Read more →

Recently, the Mitiga Research Team found that hundreds of databases each month were exposed, with significant Personally Identifiable Information (PII) leakage. Particularly, the analysis found that the reputable Amazon Relational Database Service is leaking PII through exposed Relational Database Service…

Read more →

To settle a privacy lawsuit brought by a group of attorneys general from 40 different U.S. states, Google has agreed to pay $391.5 million. Reports say U.S. Michigan will earn close to $12 million from the settlement, which is the…

Read more →

Recently, a new piece of evasive malware has been discovered that is able to gain entry into enterprise systems in order to mine cryptocurrency by exploiting a key internet-facing protocol. Researchers have discovered that the malware is capable of launching…

Read more →

Recently, the cybersecurity researchers of Sucuri have found that threat actors are conducting a tremendous massive black hat search engine optimization (SEO) campaign.  However, nearly 15,000 websites redirected visitors to participate in fake Q&A discussion forums in this campaign. Over…

Read more →

The Worok threat infects victims’ computers with information-stealing malware by concealing malware within PNG images with the help of the Steganography technique, which makes it very difficult to detect by malware scanners. The finding has substantiated one of the most…

Read more →

There was an extensive phishing campaign that took advantage of YouTube as a vehicle for promoting the download and installation of cracked software and free games. In this campaign, attackers are abusing video tutorial that has the intention of tricking…

Read more →

The Zscaler ThreatLabz team found the ‘Xenomorph’ banking trojan embedded in a Lifestyle app in the Google Play store. The app’s name is “Todo: Day manager,” and has more than 1,000 downloads.  The trojan called ‘Xenomorph’ steals login information from…

Read more →

A lock screen bypass vulnerability that affects all Pixel phones has been discovered by an ethical hacker. On his Pixel 6, David Schutz discovered a troublesome problem.  The hacker, however, thinks that every Pixel phone possesses a flaw. Nevertheless, a…

Read more →

Sucuri observed hackers compromising around 15,000 websites as part of a huge black hat SEO campaign in order to redirect visitors to fake Q&A discussion boards. “Our research team has tracked a surge in WordPress malware redirecting website visitors to…

Read more →