Category: GBHackers – Latest Cyber Security News | Hacker News

A new but ancient technique for Phishing emails has been recently identified called ZeroFont Phishing. Threat actors have followed several tactics for sending phishing emails, bypassing all the security mechanisms. However, using this technique, threat actors could bypass Microsoft’s Natural…

Read more →

ZYXEL has been discovered with a Buffer Overflow vulnerability on their ZYXEL-PMG2005-T20B device, which can result in a denial-of-service condition. This condition exists due to improper sanitization of user-supplied input on their HTTP request. Zyxel is a Taiwanese multinational company…

Read more →

Indusface research on 1400+ websites recorded a significant surge in DDoS attacks and bot attacks during Q2, 2023, compared to Q1, 2023. We observed a 75% surge in DDoS attacks and a 48% increase in bot attacks. Moreover, recent trends…

Read more →

The Snatch Ransomware group is considered dangerous due to its advanced techniques and ability to evade detection.  Security systems find it difficult to identify and stop such assaults since they use techniques like file encryption and memory injection to avoid…

Read more →

Cisco, a prominent player in the world of networking and cybersecurity, has issued a critical security advisory concerning multiple vulnerabilities in their Catalyst SD-WAN Manager, formerly known as Cisco SD-WAN vManage.  These vulnerabilities could potentially open doors for cyber attackers…

Read more →

Google has recently deployed updates to mitigate a newly discovered zero-day vulnerability in their Chrome browser, which is currently being actively exploited. Google has acknowledged its awareness of an exploit currently available for CVE-2023-5217, which has been observed to be…

Read more →

Since 2010, a group of hackers known as BlackTech APT has been engaging in malicious activities. The targets of their attacks encompass a wide range of sectors, including governmental institutions, industrial facilities, technological infrastructure, media outlets, electronic systems, mobile devices,…

Read more →

Through strategies like polymorphic code, which continuously alters its appearance to prevent detection, as well as employing encryption and obfuscation to disguise its actions, malware is getting more complex and sneaky. Additionally, to infiltrate systems and avoid detection by traditional…

Read more →

Apple previously reported three zero-day vulnerabilities exploited in the wild by threat actors, which Apple fixed as part of an Emergency patch update. However, a new security advisory has been released by Apple, which mentions all the security patches and…

Read more →

Healthcare has been one of the primary industries targeted by threat actors as part of every malware or ransomware campaign. Many Advanced Persistent Threat (APT) actors are from China due to political reasons between China and the United States. These…

Read more →

Though we can’t see it, the world brims with more technology than ever. These days, devices with internet connectivity live within the ever-growing Internet of Things (IoT)—a worldwide “web” where wireless communication and information technology work together. Since the early…

Read more →

Cybersecurity analysts at NSFOCUS Security Labs recently uncovered an unknown phishing-based attack process during threat-hunting.  Apart from this, during their further investigation, they identified two new Trojans and rare attack methods. NSFOCUS Security Labs suspects a skilled APT attacker is…

Read more →

Google Chrome has been recently discovered to be a Use-after-free vulnerability that threat actors can exploit to attack users. This vulnerability exists in the Google Chrome VideoEncoder, which can be triggered using a malicious web page. However, Google Chrome version…

Read more →

The Progress MOVEit software’s vulnerability resulted in a cybersecurity breach that affected BORN (the Better Outcomes Registry & Network), which gathers data on pregnancies, births, the postpartum period, and childhood. Unauthorized copies of files containing sensitive personal health data were obtained…

Read more →

EvilBamboo, formerly known as “Evil Eye,” has been found to target Tibetan, Uyghur, and Taiwanese organizations and individuals. This threat actor was mentioned as conducting custom Android malware campaigns in September 2019. In April 2020, EvilBamboo was discovered to be…

Read more →

The threat actors have been spotted increasingly depending on Remote Management and Monitoring (RMM) tools, which resulted in a relatively botched Hive ransomware distribution.  The original payload consisted of an executable file disguised as a legitimate document.  According to Huntress, this campaign…

Read more →

In a recent disclosure, BIND 9, a widely-used DNS (Domain Name System) server software, has been found vulnerable to two critical security flaws, labeled CVE-2023-4236 and CVE-2023-3341.  These vulnerabilities, if exploited, could have serious consequences, making it imperative for users…

Read more →

OilRig (APT34) is an Iranian cyberespionage group active since 2014, targeting Middle Eastern governments and various industries like:- OilRig launched DNSpionage in 2018-2019 against Lebanon and the UAE, followed by the 2019-2020 HardPass campaign using LinkedIn for energy and government…

Read more →

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering Open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator to close unused ports, additional services, Hide or customize banners, troubleshoot services, and…

Read more →

Students, authors, and anybody else wishing to improve their vocabulary and language abilities frequently utilize Thesaurus, one of the well-known platforms with 5 million monthly visitors. Cybersecurity analysts at Group-IB recently found a cryptojacking scheme on a popular Thesaurus site,…

Read more →

The financially motivated GOLD MELODY threat group has been active at least since 2017, attacking organizations by taking advantage of flaws in unpatched internet-facing servers. A threat group serves as an initial access broker (IAB) by selling access to organizations…

Read more →

MOVEit transfer service pack has been discovered with three vulnerabilities associated with SQL injections (2) and a Reflected Cross-Site Scripted (XSS). The severity for these vulnerabilities ranges between 6.1 (Medium) and 8.8 (High). Progress-owned MOVEit transfer was popularly exploited by…

Read more →

A new financially motivated threat group named “LUCR-3” has been discovered targeting organizations to steal intellectual property for extortion. This threat actor surpasses Scatter Spider, Oktapus, UNC3944, and Storm-0875. LUCR-3 is targeting Fortune 2000 companies in various sectors, which include…

Read more →

Only a few malware families can claim to have persisted for nearly twenty years, and QakBot (also referred to as QBot) stands among them as one of the most enduring. Since its first appearance in 2008, it has been deployed…

Read more →

For taking part in a large international scheme to earn millions of dollars by selling pirated business telephone system software licenses, a computer system admin and his spouse pled guilty. Software licenses with a retail value of over $88 million are…

Read more →

If you use Trend Micro Apex One, you should know that the third-party Antivirus uninstaller feature may have a security hole. This flaw could make it possible for random code to be run. Even though the National Vulnerability Database (NVD)…

Read more →

The mobile application of T-Mobile has recently been a cause of concern among its customers due to issues concerning privacy. Users have reported accessing sensitive information belonging to other customers when logging into their own accounts.  This alarming situation has…

Read more →

Huawei is known for its telecommunications equipment and consumer electronics, including smartphones, and the USA banned Huawei primarily due to national security concerns. As the Chinese government may utilize Huawei’s technology for spying, the U.S. government claimed that the business…

Read more →

In recent cybersecurity news, the notorious Bumblebee loader has made a resurgence in a new campaign, posing a significant threat to organizations’ digital security.  This loader, often used as a stepping stone for ransomware attacks, had taken a pause but…

Read more →

Nagios XI is a prominent and frequently used commercial monitoring system for IT infrastructure and network monitoring.  Vulnerability Research Engineer Astrid Tedenbrant found four distinct vulnerabilities in Nagios XI (version 5.11.1 and below) while conducting routine research. By making use…

Read more →

In 2022, state-sponsored actors and advanced adversaries consistently targeted telecoms globally, making it a top sector in Talos IR cases. Telecom firms with critical infrastructure assets are prime targets due to their role in national networks and as potential gateways…

Read more →

Recent reports indicate that Fortinet FortiOS has been discovered with Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, which threat actors can use for malicious purposes. These vulnerabilities have been given the CVE IDs CVE-2023-29183 and CVE-2023-34984. The severity…

Read more →

Recent reports indicate that threat actors have been using a new type of Linux-targeted backdoor that has never been seen before. This new backdoor has been named SprySOCKS, which uses the strings of Trochilus (Windows backdoor) and the new Socket…

Read more →

At the end of August 2023, Juniper Networks released a security advisory mentioning the CVE-2023-36845 vulnerability affecting SRX and EX series firewalls. The vulnerability was categorized as a Medium (5.3) severity vulnerability.  Following this, security researchers at watchtowr published a…

Read more →

BlackCat Ransomware variant Sphynx has been newly identified with additional features used for encrypting Azure Storage accounts. This Sphynx variant of BlackCat was first discovered in March and was upgraded in May, which added the Exmatter exfiltration tool.  Another version…

Read more →

The use of AI has greatly increased over the past few months, with programs like ChatGPT and Bing AI making the technology freely available to all. It has been used to create beautiful works of art and poetry and for…

Read more →

Cryptojacking is a malicious cyberattack in which an attacker stealthily utilizes a victim’s computer or device to mine cryptocurrencies such as Bitcoin or Monero without the victim’s knowledge or agreement. This usually entails infecting the victim’s PC with malware that…

Read more →

The Canadian government, banking, and transportation industries have recently been the targets of many distributed denial of service (DDoS) attacks. This criminal activity is linked to state-sponsored cyber threat actors from Russia. Since March 2022, NoName057(16), a pro-Russian hacktivist operator…

Read more →

Peach Sandstorm, an Iranian Hackers group that targets organizations globally, aligns with the following threat groups:- Besides this, in the following sectors, the Iranian group, Peach Sandstorm pursued its targets most in the past attacks:- The cybersecurity researchers at Microsoft…

Read more →

Azure HDInsight has been identified with multiple Cross-Site Scripting – XSS vulnerabilities related to Stored XSS and Reflected XSS. The severity for these vulnerabilities ranges between 4.5 (Medium) and 4.6 (Medium).  These vulnerabilities have affected multiple products, including Azure Apache…

Read more →

An Arbitrary code execution vulnerability has been found in Windows 11. This vulnerability is a result of several factors, such as a Time-of-Check Time-of-Use (TOCTOU) race condition, malicious DLL, cab files, and the absence of Mark-of-the-Web validation. This particular vulnerability…

Read more →

Multiple memory corruption vulnerabilities have been discovered in the ncurses library, which various programs use on multiple operating systems like Portable Operating System Interface (POSIX) OS, Linux OS, macOS, and FreeBSD.  Threat actors can chain these vulnerabilities with environment variable…

Read more →

Ransomware is a universal threat to enterprises, targeting anyone handling sensitive data when profit potential is high. A new ransomware named 3AM has surfaced and is used in a limited manner. Symantec’s Threat Hunter Team witnessed it in a single…

Read more →

Trellix Windows DLP endpoint for Windows has a privilege escalation vulnerability that allows unauthorized deletion of any file or folder. Trellix DLP Endpoint protects against all potential leak channels, including portable storage devices, the cloud, email, instant messaging, web, printing,…

Read more →

Email communication is still widely used as an attack vector despite the ever-changing nature of cyber threats. The vast number of people who use it for communication daily, both professionally and personally, makes it a tempting target. Cybercriminals are becoming…

Read more →

According to recent reports, a threat actor known as Storm-0324 has been using email-based initial infection vectors to attack organizations. However, as of July 2023, the threat actor has been found to have been using Microsoft Teams to send Phishing…

Read more →

Cisco has been discovered with an arbitrary code execution flaw on their Cisco IOS XR Software image verification checks, which allows an authenticated, local attacker to execute arbitrary code on their underlying operating system. Cisco Internetwork Operating System (IOS) is…

Read more →

SolarWinds Platform has published its release notes 2023.3.1, which provides multiple bug fixes and security updates. With this release, the platform has fixed two vulnerabilities, CVE-2023-23840 and CVE-2023-23845, related to arbitrary command execution.  SolarWinds Platform is an infrastructure monitoring and…

Read more →

A new and highly concerning cyber threat has emerged, as a botnet known as “MrTonyScam” has been orchestrating an extensive Messenger phishing campaign on Facebook.  Recently, this campaign has flooded the platform with malicious messages, posing a significant risk to…

Read more →

Burp Suite, the renowned Bug Bounty Hunting and Web Application Penetration Testing tool, has been improvised with many extensions over the years. Many of Burp’s Extensions have been used by Bug Bounty Hunters and Security Researchers for various purposes. It…

Read more →

In recent years, Linux systems gained prominence among diverse threat actors, with more than 260,000 unique samples emerging in H1 2023. In the case of Linux, threat actors can run multiple campaigns without being detected for years, and maintain long-term…

Read more →

Cybersecurity researchers at Symantec’s Threat Hunter Team recently discovered that the Redfly threat actor group used ShadowPad Trojan to breach an Asian national grid for 6 months. Artificial intelligence-driven cyber threats grow as technology advances, significantly influencing and boosting threat…

Read more →

In a race against time to safeguard user security, major browser vendors, including Google and Mozilla, have scrambled to release urgent updates in response to a critical vulnerability discovered in the WebP Codec.  This newly unearthed vulnerability, bearing the identifier…

Read more →

Chrome’s Stable and Extended stable channels have been upgraded to 116.0.5845.187 for Mac and Linux and 116.0.5845.187/.188 for Windows as part of a security update. One “Critical” security upgrade is included in this release. In the coming days and weeks,…

Read more →

Threat actors were using Windows Arbitrary File Deletion to perform Denial-of-service attacks on systems affected by this vulnerability. However, recent reports indicate that this Windows Arbitrary file deletion can be used for a full compromise. The possibility of this attack…

Read more →

The Ballistic Bobcat is an Iran-aligned APT group, and initially, about two years ago, cybersecurity researchers at ESET tracked this threat group. Here below, we have mentioned all the other names of the Ballistic Bobcat APT group:- Recently, cybersecurity analysts…

Read more →