Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

OSINVGPT – A Tool For Open-source Investigations

OSINVGPT is an AI-based system that helps security analysts with open-source investigations and tool selection. While this tool was developed by “Very Simple Research.” This tool can assist security analysts in gathering relevant information, sources, and tools for their investigations.…

How Do You Protect Your APIs From DDoS Attacks?

Today, DDoS attacks stand out as the most widespread cyber threat, extending their impact to APIs.  When successfully executed, these attacks can cripple a system, presenting a more severe consequence than DDoS incidents targeting web applications.  The increased risk amplifies…

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesting operations. PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is…

Hackers Abuse GitHub to Host Malicious Infrastructure

GitHub has become a major platform that cybercriminals use for various attack methods such as payload delivery, dead drop resolution (DDR), C2 (Command and Control) and exfiltration. T This is because GitHub is considered legitimate traffic, which threat actors can…

Mastermind Hacker Behind $2 Million Crypto Scam Arrested

The 29-year-old man was arrested in Mykolaiv, Ukraine, for using hacked accounts to create 1 million virtual servers to illegally mine cryptocurrency. It is estimated that the suspect has mined cryptocurrency worth over USD 2 million (or EUR 1.8 million). The…

Network Penetration Testing Checklist – 2024

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and…

Web Server Penetration Testing Checklist – 2024

Web server pentesting is performed under three significant categories: identity, analysis, and reporting vulnerabilities such as authentication weaknesses, configuration errors, and protocol relationship vulnerabilities.  1.  “Conduct a series of methodical and repeatable tests ” is the best way to test the webserver…

Most Important Web Server Penetration Testing Checklist

Web server pentesting is performed under 3 significant categories: Identity, Analyse, and Report Vulnerabilities such as authentication weakness, configuration errors, and protocol Relation vulnerabilities.  1.  “Conduct a series of methodical and Repeatable tests ” is the best way to test the webserver…

WordPress Plugin Flaw Exposes 300,000+ to Hack Attacks

Hackers target vulnerable WordPress plugins as they provide a potential entry point to exploit website security weaknesses.  These plugins often have outdated code or known vulnerabilities, which make them attractive targets for malicious actors seeking:- Recently, on December 14th, 2023,…

Splunk Patched Critical Vulnerabilities in Enterprise Security

Several vulnerabilities have been discovered in Splunk Enterprise Security and Splunk User Behavior Analytics (UBA), which existed in several third-party packages. The third-party package includes Splunk, which includes babel/traverse, handsontable, semver, loader-utils, json5, socket.io-parser, protobuf, and Guava. However, Splunk has…

Qbot Malware Via FakeUpdates Leads the Race of Malware Attacks

Hackers use Qbot malware for its advanced capabilities, including keylogging, credential theft, and backdoor functionality. Previously distributed Qakbot malware campaign was capable of monitoring the browsing activities of the infected computer and logs all information related to finance-related websites. Qbot…

Windows Computer Hit with AgentTesla Malware to Steal Data

AgentTesla is a notorious malware that functions as a keylogger and information stealer.  By logging keystrokes and capturing screenshots on infected systems, this notorious malware targets sensitive data like:- Recently, the cybersecurity researchers at BitSight Security discovered that AgentTesla malware…

AgentTesla Malware Attacking Windows Machine to Steal Sensitive Data

AgentTesla is a notorious malware that functions as a keylogger and information stealer.  By logging keystrokes and capturing screenshots on infected systems, this notorious malware targets sensitive data like:- Recently, the cybersecurity researchers at BitSight Security discovered that AgentTesla malware…

Mirai-Based NoaBot Launches a DDoS Attack on Linux Devices

Hackers use the Mirai botnet to launch large-scale Distributed Denial of Service (DDoS) attacks by exploiting vulnerable Internet of Things (IoT) devices.  Mirai’s ability to recruit a massive number of compromised devices allows attackers to do the following things to…

Adobe Substance 3D Stager Let Attacker Execute Arbitrary Code

Adobe has released a security update that fixes “Important-severity” vulnerabilities in its Substance 3D Stager product. The successful exploitation of these issues could result in a memory leak and arbitrary code execution in the current user’s context. Adobe Substance 3D…

Hackers Using Weaponized PDF Files to Deliver Qakbot Malware

Qakbot is a sophisticated banking trojan and malware that primarily targets financial institutions. This sophisticated malware steals sensitive information such as:- While hackers exploit Qakbot to conduct:- Qakbot malware returns after the “Duck Hunt” bust. Not only that, even Microsoft…

Cacti Blind SQL Injection Flaw Enables Remote Code Execution

Cacti, the performance and fault management framework, has been discovered with a blind SQL injection vulnerability, which could reveal Cacti database contents or trigger remote code execution.  The CVE for this vulnerability has been assigned with CVE-2023-51448, and the severity…

Cacti Blind, SQL Injection Flaw, Enables Remote Code Execution

Cacti, the performance and fault management framework, has been discovered with a blind SQL injection vulnerability, which could reveal Cacti database contents or trigger remote code execution.  The CVE for this vulnerability has been assigned with CVE-2023-51448, and the severity…

Accenture Buys 6point6 to Expand Cyber Portfolio

Accenture, a global professional services company, has made a strategic move in the U.K. market by acquiring 6point6, a leading technology consultancy specializing in cloud, data, and cybersecurity.  This acquisition, announced on October 31, 2023, significantly enhances Accenture’s capabilities in…

xDedic Marketplace Admin and Operators Arrested

In a landmark victory for cybersecurity, the xDedic Marketplace, a notorious haven for cybercrime, has been shut down.  This international operation, spearheaded by the U.S. Attorney’s Office, FBI, IRS-CI, and a consortium of law enforcement agencies from Belgium, Ukraine, and…

AsyncRAT Malware Attacking the US Infrastructure for 11 Months

AsyncRAT is an open-source remote access Trojan (RAT) malware known for its ability to provide unauthorized access and control over infected systems. It was released in 2019.  Hackers use it actively for various malicious purposes, including:- Cybersecurity researchers at AT&T…

3 New Malicious PyPI Packages Found Installing CoinMiner on Linux Devices

Researchers identified three malicious PyPI (Python Package Index) packages that deploy a CoinMiner executable on Linux devices, affecting latency in device performance. These packages, namely modular even-1.0, driftme-1.0, and catme-1.0, come from a recently established author account called “sastra” and exhibit an intricate…

UAC-0050 Group Using Remcos RAT to Attack Government Agencies

Remcos RAT (Remote Control and Surveillance) is a type of Remote Access Trojan used for unauthorized access and control of a computer system.  It allows threat actors to perform various malicious activities like:- Cybersecurity researchers at Uptycs recently discovered that…

Wireshark 4.2.1 Released: What’s New!

Wireshark is a popular open-source network protocol analyzer that allows users to inspect and capture data on a network in real time.  It enables detailed examination of network traffic for the following purposes:- Several key factors make Wireshark one of…

New Google Cookies Exploit Allows Access After Password Reset

A Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts.  Hackers exploit this illicit mechanism to:- A developer, PRISMA, discovered a major Google cookie exploit in Oct 2023 that…

10 Most Common Types of Cyber Attacks in 2023

Cyber attacks are evolving rapidly with advancements in technology, as threat actors exploit new vulnerabilities in:- The rise of the following sophisticated techniques demonstrates a growing level of complexity:- Moreover, the expansion of Internet of Things (IoT) devices provides new…

650,000+ Malicious Domains Registered Resembling ChatGPT

Hackers abuse the ChatGPT name for malicious domains to exploit the credibility associated with the ChatGPT model, deceiving users into trusting fraudulent websites.  Leveraging the model’s reputation enables them to trick individuals into:- H2 2023’s ransomware from ESET highlight isn’t…

New Medusa Stealer Attacking Users to Steal Login Credentials

While the world celebrated Christmas, the cybercrime underworld feasted on a different kind of treat: the release of Meduza 2.2, a significantly upgraded password stealer poised to wreak havoc on unsuspecting victims.  Cybersecurity researchers at Resecurity uncovered the details of…

10 Prominent Cybersecurity Acquisitions of 2023

The cybersecurity domain is undergoing rapid changes owing to the rise in frequency and complexity of cyber threats. As the digital world expands, the risk of cyberattacks is increasing, and security experts must stay vigilant to safeguard against potential breaches.…

New Nim-Based Malware Delivered via Weaponized Word Document

Hackers use weaponized Word documents to deliver malicious payloads through social engineering.  By embedding malware or exploiting vulnerabilities in these documents, attackers trick users into opening them and leading to the execution of malicious code.  While leveraging the familiarity and…

Cisco to Acquire Cloud Networking and Security Startup Isovalent

In a strategic move destined to fortify its dominance in the ever-evolving realm of cloud security, Cisco has officially declared its intent to acquire Isovalent, a trailblazer in open-source cloud-native networking and security.  This bold acquisition underscores Cisco’s steadfast commitment…

Android Malware Actively Infecting Devices to Take Full Control

Android malware infects devices to take full control for various illicit purposes like:-  By gaining complete control, threat actors can exploit the device for their illicit activities, posing significant threats to:- Cybersecurity analysts at McAfee Mobile Research recently found an…

How Do You Protect Your APIs from Bot Attacks?

Organizations face an escalating threat of bot attacks in the rapidly evolving digital landscape. As revealed in our latest AppSec report, there has been a staggering 56% increase in bot attacks compared to Q2 2023. Previously associated with DDoS attacks,…

Hackers Attacking Linux SSH Servers to Deploy Scanner Malware

Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:- Cybersecurity researchers at AhnLab Security Emergency Response Center…

Intellexa Spyware Adds Persistence with iOS or Android Device

In the shadowy realm of commercial spyware, the spotlight turns to the notorious Intellexa spyware and its Predator/Alien solution, as dissected by Cisco Talos in their comprehensive May 2023 report.  This expose navigates the labyrinthine intricacies and disconcerting features of…

Interpol Arrested 3,500 Suspects and Seized $300 Million

In a groundbreaking initiative spanning 34 countries, INTERPOL orchestrates Operation HAECHI IV, a relentless assault on online financial crime, yielding a formidable impact. Interpol, short for the International Criminal Police Organization, is a global entity dedicated to fostering international police…

Hackers Leveraging GitHub Platform for Hosting Malware

Researchers have discovered two novel techniques on GitHub: one exploits GitHub Gists, while the other involves sending commands through Git commit messages. Malware authors will occasionally upload samples to services such as Dropbox, Google Drive, OneDrive, and Discord to host second-stage malware…

Sidewinder Hacker Group Using Weaponized Documents to Deliver Malware

Sidewinder APT group’s sophisticated threat landscape reveals a skilled and persistent threat targeting the Nepalese Government entities.  Their focus extends to South Asian governments, with researchers also identifying a recent complex attack on Bhutan. Cybersecurity researchers at Cyfirma recently identified…

New SMTP Smuggling Attack Lets Hackers Send Spoofed Emails

SMTP (Simple Mail Transfer Protocol) smuggling is a technique where attackers exploit the inconsistencies in how proxy servers or firewalls analyze and handle the SMTP traffic.  Threat actors can smuggle malicious payloads or evade detection by exploiting these inconsistencies. This…

8220 Hacker Group Attacking Windows & Linux Web Servers

The 8220 hacker group, which was first identified in 2017 by Cisco Talos, is exploiting both Windows and Linux web servers with crypto-jacking malware. One of their recent activities involved the exploitation of Oracle WebLogic vulnerability (CVE-2017-3506) and Log4Shell (CVE-2021-44228).…

How Can DSPM Prevent High-Profile Breaches?

In early October 2023, a DNA testing company for ancestry discovery purposes, 23andMe, disclosed that it suffered a data breach. On the 5th of December 2023, the company shared that the data breach was more damaging than was initially reported.…

How Sandboxes Help Security Analysts Expose Script-Based Attacks

Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive. You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network. To prevent this, analyzing suspicious files in malware…

Russian Hackers Exploiting JetBrain Vulnerability to Hack Servers

The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other co-authoring agencies have issued a warning that Russian Foreign Intelligence Service (SVR) cyber actors are widely exploiting CVE-2023-42793, aiming their attacks at servers that host JetBrains TeamCity…

CISA Asks Public Opinion on Google Workspace Secure Configuration Baselines

In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) unveils the Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines.  This architectural marvel establishes a robust groundwork, elevating data security across nine…

Quishing: New Sophisticated Phishing Attacks on the Rise

Phishing, a persistent cyberthreat, has evolved with the times. Once a symbol of convenience, QR codes are now being weaponized by attackers through Quishing.  This alarming trend demands attention, as it exposes both individuals and organizations to significant risks. Interpol’s…

Toyota Ransomware Attack Exposes Customers Personal Data

Toyota Financial Services (TFS) notifies customers after a data breach that exposed personal and sensitive financial information. In a limited number of locations, including Toyota Kreditbank GmbH in Germany, Toyota Financial Services Europe & Africa has discovered unauthorized activity on…