The allure of NFTs, those shimmering digital tokens holding unique artworks and promises of fortune, has captivated the world. But amidst the buzz lurks a sinister shadow: the NFT scam. Recently, Check Point Research exposed a sophisticated airdrop scam targeting…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
OSINVGPT – A Tool For Open-source Investigations
OSINVGPT is an AI-based system that helps security analysts with open-source investigations and tool selection. While this tool was developed by “Very Simple Research.” This tool can assist security analysts in gathering relevant information, sources, and tools for their investigations.…
FBI & CISA Warns of risk to critical infrastructure by Chinese Drones
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have raised a red flag: Chinese-made drones pose a significant risk to the security of critical infrastructure in the United States. While any UAS can harbor…
Bigpanzi Bot Hacks 170,000+ Android TVs to Launch DDoS Attacks
Android TVs are widely used, and due to their wide adoption, threat actors frequently target them for unauthorized access or data theft. In Android smart TVs, the vulnerabilities in outdated software or third-party apps can be exploited. The interconnected nature…
Multichain Inferno Drainer Abuse Web3 Protocols To Connect Crypto Wallets
A cryptocurrency-related phishing scam that uses malware called a drainer is one of the most widely used tactics these days. From November 2022 to November 2023, ‘Inferno Drainer’, a well-known multichain cryptocurrency drainer, was operational under the scam-as-a-service paradigm. On sophisticated…
How Do You Protect Your APIs From DDoS Attacks?
Today, DDoS attacks stand out as the most widespread cyber threat, extending their impact to APIs. When successfully executed, these attacks can cripple a system, presenting a more severe consequence than DDoS incidents targeting web applications. The increased risk amplifies…
Citrix NetScaler 0-day Vulnerability Exploited In The Wild, CISA Urges Patching
Cisco NetScaler ADC and NetScaler Gateway have been discovered to have two vulnerabilities, which were associated with remote code execution and denial of service. The CVEs for these vulnerabilities were CVE-2023-6548 and CVE-2023-6549, and the severity has been given as…
Hackers Deploying Androxgh0st Botnet Malware that Steals AWS, Microsoft Credentials
Threat actors use botnet malware to gain access to the network of compromised systems that enable them to perform several types of illicit activities. They get attracted to botnet malware due to its distributed and anonymous infrastructure, which makes it…
macOS Infostealers That Actively Involve in Attacks Evade XProtect Detection
Ever since the beginning of 2023, infostealers targeting macOS have been on the rise with many threat actors actively targeting Apple devices. As of last year, many variants of Atomic Stealer, macOS meta stealer, RealStealer, and many others were discovered.…
Google Chrome Browser Zero-Day Vulnerability Exploited in Wild – Emergency Patch!
Google Chrome has released its stable channel update version 20.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 for Windows. However, Google stated that this new security update will roll out in the upcoming days/weeks. The extended stable channel has also…
PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool
GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesting operations. PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is…
Hackers Abuse GitHub to Host Malicious Infrastructure
GitHub has become a major platform that cybercriminals use for various attack methods such as payload delivery, dead drop resolution (DDR), C2 (Command and Control) and exfiltration. T This is because GitHub is considered legitimate traffic, which threat actors can…
Mastermind Hacker Behind $2 Million Crypto Scam Arrested
The 29-year-old man was arrested in Mykolaiv, Ukraine, for using hacked accounts to create 1 million virtual servers to illegally mine cryptocurrency. It is estimated that the suspect has mined cryptocurrency worth over USD 2 million (or EUR 1.8 million). The…
Network Penetration Testing Checklist – 2024
Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and…
Web Server Penetration Testing Checklist – 2024
Web server pentesting is performed under three significant categories: identity, analysis, and reporting vulnerabilities such as authentication weaknesses, configuration errors, and protocol relationship vulnerabilities. 1. “Conduct a series of methodical and repeatable tests ” is the best way to test the webserver…
Most Important Web Server Penetration Testing Checklist
Web server pentesting is performed under 3 significant categories: Identity, Analyse, and Report Vulnerabilities such as authentication weakness, configuration errors, and protocol Relation vulnerabilities. 1. “Conduct a series of methodical and Repeatable tests ” is the best way to test the webserver…
WordPress Plugin Flaw Exposes 300,000+ to Hack Attacks
Hackers target vulnerable WordPress plugins as they provide a potential entry point to exploit website security weaknesses. These plugins often have outdated code or known vulnerabilities, which make them attractive targets for malicious actors seeking:- Recently, on December 14th, 2023,…
Splunk Patched Critical Vulnerabilities in Enterprise Security
Several vulnerabilities have been discovered in Splunk Enterprise Security and Splunk User Behavior Analytics (UBA), which existed in several third-party packages. The third-party package includes Splunk, which includes babel/traverse, handsontable, semver, loader-utils, json5, socket.io-parser, protobuf, and Guava. However, Splunk has…
Qbot Malware Via FakeUpdates Leads the Race of Malware Attacks
Hackers use Qbot malware for its advanced capabilities, including keylogging, credential theft, and backdoor functionality. Previously distributed Qakbot malware campaign was capable of monitoring the browsing activities of the infected computer and logs all information related to finance-related websites. Qbot…
Hackers Actively Exploited 2 Ivanti Zero-Day to Execute Arbitrary Commands
Invati Connect Secure (ICS) and Ivanti Policy Secure Gateways have been discovered with two new vulnerabilities associated with authentication bypass and command injection. The CVEs for these vulnerabilities have been assigned as CVE-2023-46805 and CVE-2024-21887. The severity of these vulnerabilities…
Windows Computer Hit with AgentTesla Malware to Steal Data
AgentTesla is a notorious malware that functions as a keylogger and information stealer. By logging keystrokes and capturing screenshots on infected systems, this notorious malware targets sensitive data like:- Recently, the cybersecurity researchers at BitSight Security discovered that AgentTesla malware…
AgentTesla Malware Attacking Windows Machine to Steal Sensitive Data
AgentTesla is a notorious malware that functions as a keylogger and information stealer. By logging keystrokes and capturing screenshots on infected systems, this notorious malware targets sensitive data like:- Recently, the cybersecurity researchers at BitSight Security discovered that AgentTesla malware…
Mirai-Based NoaBot Launches a DDoS Attack on Linux Devices
Hackers use the Mirai botnet to launch large-scale Distributed Denial of Service (DDoS) attacks by exploiting vulnerable Internet of Things (IoT) devices. Mirai’s ability to recruit a massive number of compromised devices allows attackers to do the following things to…
Adobe Substance 3D Stager Let Attacker Execute Arbitrary Code
Adobe has released a security update that fixes “Important-severity” vulnerabilities in its Substance 3D Stager product. The successful exploitation of these issues could result in a memory leak and arbitrary code execution in the current user’s context. Adobe Substance 3D…
Apple AirDrop Hacked by China to Gain Access to Private Information
AirDrop was introduced in iOS 7, which allows Apple users to transmit files between iOS and macOS systems. Moreover, this does not require an internet connection or a phone book contact for the receiver to receive files. However, it has…
Water Curupira Hackers Launch Pikabot Malware Attack on Windows Machine
Pikabot is a loader malware that is active in spam campaigns and has been used by the threat group Water Curupira, which has been paused from June to September 2023 after Qakbot’s takedown. However, the surge in Pikabot phishing campaigns…
Beware! Hackers Using YouTube Channels to Deliver Lumma Malware
Hackers use YouTube channels to deliver malware due to the huge user base of the platform. By using YouTube channels, hackers disguise their malicious content as:- Besides this, the popularity of YouTube also gives the threat actors the ability to…
Hackers Using Weaponized PDF Files to Deliver Qakbot Malware
Qakbot is a sophisticated banking trojan and malware that primarily targets financial institutions. This sophisticated malware steals sensitive information such as:- While hackers exploit Qakbot to conduct:- Qakbot malware returns after the “Duck Hunt” bust. Not only that, even Microsoft…
Cacti Blind SQL Injection Flaw Enables Remote Code Execution
Cacti, the performance and fault management framework, has been discovered with a blind SQL injection vulnerability, which could reveal Cacti database contents or trigger remote code execution. The CVE for this vulnerability has been assigned with CVE-2023-51448, and the severity…
Cacti Blind, SQL Injection Flaw, Enables Remote Code Execution
Cacti, the performance and fault management framework, has been discovered with a blind SQL injection vulnerability, which could reveal Cacti database contents or trigger remote code execution. The CVE for this vulnerability has been assigned with CVE-2023-51448, and the severity…
Multiple QNAP High-Severity Flaws Let Attackers Execute Remote Code
QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the affected products and their versions and the…
Accenture Buys 6point6 to Expand Cyber Portfolio
Accenture, a global professional services company, has made a strategic move in the U.K. market by acquiring 6point6, a leading technology consultancy specializing in cloud, data, and cybersecurity. This acquisition, announced on October 31, 2023, significantly enhances Accenture’s capabilities in…
Surge in Open Source Malware Stealing Login Credentials & Sensitive Data
Over the decade, Python has been dominating the programming languages and consistently growing with open-source love. Numerous popular Python projects exist that are used by millions of users. However, besides this, in recent times, it’s been noted that open-source malware…
Incorporating Mobile Threat Defense into Your Device Management Ecosystem
In recent years, we have seen a significant shift in the global workforce. With the proliferation of high-speed internet and advanced communication tools, remote work has become the new norm for countless professionals. This transition hasn’t just been about convenience;…
xDedic Marketplace Admin and Operators Arrested
In a landmark victory for cybersecurity, the xDedic Marketplace, a notorious haven for cybercrime, has been shut down. This international operation, spearheaded by the U.S. Attorney’s Office, FBI, IRS-CI, and a consortium of law enforcement agencies from Belgium, Ukraine, and…
AsyncRAT Malware Attacking the US Infrastructure for 11 Months
AsyncRAT is an open-source remote access Trojan (RAT) malware known for its ability to provide unauthorized access and control over infected systems. It was released in 2019. Hackers use it actively for various malicious purposes, including:- Cybersecurity researchers at AT&T…
3 New Malicious PyPI Packages Found Installing CoinMiner on Linux Devices
Researchers identified three malicious PyPI (Python Package Index) packages that deploy a CoinMiner executable on Linux devices, affecting latency in device performance. These packages, namely modular even-1.0, driftme-1.0, and catme-1.0, come from a recently established author account called “sastra” and exhibit an intricate…
UAC-0050 Group Using Remcos RAT to Attack Government Agencies
Remcos RAT (Remote Control and Surveillance) is a type of Remote Access Trojan used for unauthorized access and control of a computer system. It allows threat actors to perform various malicious activities like:- Cybersecurity researchers at Uptycs recently discovered that…
Google Chrome Use After Free Flaw Let Attacker Hijack Browser
The latest stable channel update for Google Chrome, version 120.0.6099.199 for Mac and Linux and 120.0.6099.199/200 for Windows, is now available and will shortly be rolled out to all users. Furthermore, the Extended Stable channel has been updated to 120.0.6099.200 for…
Free Decryptor Tool Released for the Black Basta Ransomware
A vulnerability in the encryption algorithm used by the Black Basta ransomware has led researchers to develop a free decryptor tool. Active since April 2022, the Black Basta ransomware group employs a double extortion strategy, encrypting the vital servers and…
Four Cyber Criminals Convicted of Spreading ChatGPT-Assisted Ransomware
Four Chinese cybercriminals were taken into custody after using ChatGPT to create ransomware. The lawsuit is the first of its sort in China, where OpenAI’s popular chatbot is not legally available, and Beijing has been tightening down on foreign AI.…
Active Directory Infiltration Methods Employed by Cybercriminals – ASEC Report
Active Directory infiltration methods exploit vulnerabilities or weaknesses in Microsoft’s Active Directory to gain unauthorized access. Active Directory is a central component in many organizations, making it a valuable target for attackers seeking access to:- While successful infiltration allows threat…
Wireshark 4.2.1 Released: What’s New!
Wireshark is a popular open-source network protocol analyzer that allows users to inspect and capture data on a network in real time. It enables detailed examination of network traffic for the following purposes:- Several key factors make Wireshark one of…
New Google Cookies Exploit Allows Access After Password Reset
A Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts. Hackers exploit this illicit mechanism to:- A developer, PRISMA, discovered a major Google cookie exploit in Oct 2023 that…
New DLL Hijacking Technique Let Attackers Bypass Windows Security
DLL hijacking is a technique where a malicious DLL (Dynamic Link Library) is placed in a directory that a vulnerable application searches before the legitimate one. When the application is launched, it unknowingly loads the malicious DLL instead, allowing attackers…
New DLL Hijacking Technique Let Attackers Bypass Windows Security Mechanisms
DLL hijacking is a technique where a malicious DLL (Dynamic Link Library) is placed in a directory that a vulnerable application searches before the legitimate one. When the application is launched, it unknowingly loads the malicious DLL instead, allowing attackers…
Multiple Flaws in Google Kubernetes Engine Let Attackers Escalate Privileges
Google Kubernetes Engine (GEK) has been detected with two flaws that a threat actor can utilize to create significant damage in case the threat actor already has access inside the Kubernetes cluster. The first issue was associated with FluentBit with…
10 Most Common Types of Cyber Attacks in 2023
Cyber attacks are evolving rapidly with advancements in technology, as threat actors exploit new vulnerabilities in:- The rise of the following sophisticated techniques demonstrates a growing level of complexity:- Moreover, the expansion of Internet of Things (IoT) devices provides new…
650,000+ Malicious Domains Registered Resembling ChatGPT
Hackers abuse the ChatGPT name for malicious domains to exploit the credibility associated with the ChatGPT model, deceiving users into trusting fraudulent websites. Leveraging the model’s reputation enables them to trick individuals into:- H2 2023’s ransomware from ESET highlight isn’t…
50+ Network Penetration Testing Tools for Hackers & Security Professionals – 2024
Network Security tools for Penetration testing is more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Network Security Tools list that covers Performing Penetration testing Operations in all Environments.…
New Medusa Stealer Attacking Users to Steal Login Credentials
While the world celebrated Christmas, the cybercrime underworld feasted on a different kind of treat: the release of Meduza 2.2, a significantly upgraded password stealer poised to wreak havoc on unsuspecting victims. Cybersecurity researchers at Resecurity uncovered the details of…
Operation Triangulation: 0-click Attack Chained With 4 Zero-Days to Hack iPhones
Hackers exploit Zero-Days because these vulnerabilities are unknown to software developers, making them valuable for launching attacks before developing patches. Zero-day exploits provide an opportunity to:- Cybersecurity researchers at Securelist recently discovered a malicious operation dubbed “Triangulation,” in which threat…
Chinese Hackers Exploit New Zero-Day in Barracuda’s ESG to Deploy Backdoor
Barracuda Email Security Gateway (ESG) Appliance has been discovered with an Arbitrary code Execution vulnerability exploited by a China Nexus threat actor tracked as UNC4841. Additionally, the vulnerability targeted only a limited number of ESG devices. However, Barracuda has deployed…
Critical Apache OfBiz Zero-Day Let Attackers Bypass Authentication
A new vulnerability has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Apache OfBiz is used as a part of the software supply chain in Atlassian’s JIRA, which is predominantly used in several organizations. This vulnerability…
10 Prominent Cybersecurity Acquisitions of 2023
The cybersecurity domain is undergoing rapid changes owing to the rise in frequency and complexity of cyber threats. As the digital world expands, the risk of cyberattacks is increasing, and security experts must stay vigilant to safeguard against potential breaches.…
Hackers Stolen Over $58 Million in Crypto Via Malicious Google and X Ads
Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. Several techniques were used for…
Ubisoft Investigates Cyber Attack: Possible Data Exfiltration by Hackers
Ubisoft, the renowned video game developer behind iconic franchises like Assassin’s Creed and Far Cry, narrowly escaped a potentially devastating data breach. On December 20th, an unidentified threat actor infiltrated their systems, gaining access for approximately 48 hours before Ubisoft’s…
New Nim-Based Malware Delivered via Weaponized Word Document
Hackers use weaponized Word documents to deliver malicious payloads through social engineering. By embedding malware or exploiting vulnerabilities in these documents, attackers trick users into opening them and leading to the execution of malicious code. While leveraging the familiarity and…
Cisco to Acquire Cloud Networking and Security Startup Isovalent
In a strategic move destined to fortify its dominance in the ever-evolving realm of cloud security, Cisco has officially declared its intent to acquire Isovalent, a trailblazer in open-source cloud-native networking and security. This bold acquisition underscores Cisco’s steadfast commitment…
Android Malware Actively Infecting Devices to Take Full Control
Android malware infects devices to take full control for various illicit purposes like:- By gaining complete control, threat actors can exploit the device for their illicit activities, posing significant threats to:- Cybersecurity analysts at McAfee Mobile Research recently found an…
How Do You Protect Your APIs from Bot Attacks?
Organizations face an escalating threat of bot attacks in the rapidly evolving digital landscape. As revealed in our latest AppSec report, there has been a staggering 56% increase in bot attacks compared to Q2 2023. Previously associated with DDoS attacks,…
Hackers Attacking Linux SSH Servers to Deploy Scanner Malware
Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:- Cybersecurity researchers at AhnLab Security Emergency Response Center…
Intellexa Spyware Adds Persistence with iOS or Android Device
In the shadowy realm of commercial spyware, the spotlight turns to the notorious Intellexa spyware and its Predator/Alien solution, as dissected by Cisco Talos in their comprehensive May 2023 report. This expose navigates the labyrinthine intricacies and disconcerting features of…
Operation RusticWeb Using PowerShell Commands to Exfiltrate Confidential Documents
Hackers use PowerShell commands because they provide a powerful scripting environment on Windows systems, allowing them to stealthily execute malicious scripts and commands called Operation RusticWeb. While besides this, the PowerShell’s capabilities make it an attractive tool for gaining:- Cybersecurity…
JaskaGO Malware Attacking Windows and macOS Operating Systems
Due to the widespread use and popularity of Windows and macOS, threat actors often target these platforms. Windows is a common target because it dominates the global operating system market, while macOS is targeted because of its majority among:- Recently,…
Hackers Exploiting Old Microsoft Office RCE Flaw to Deploy Agent Tesla Malware
It has been reported that malicious individuals are utilizing a malware called Agent Tesla to target Microsoft Office users using versions affected by CVE-2017-11882 XLAM. This malware is taking advantage of a remote code execution vulnerability in Equation Editor, which…
New OilRig Downloaders Abusing Microsoft Cloud APIs for C&C Communications
Threat actors engage in cyberespionage to gain the following advantages:- Hackers do so by stealing the following key things from the targeted organizations or nations:- Cybersecurity researchers at ESET recently identified that new OilRig downloaders are abusing Microsoft Cloud APIs…
HCL Investigating Ransomware Attack on Isolated Cloud Environment
In the dynamic realm of IT, HCL Technologies, the Noida-based juggernaut, recently found itself navigating choppy digital waters. The revelation of a targeted ransomware incident within an isolated cloud environment created industry ripples, yet the company’s adept response and ongoing…
Hackers Abuse Bot Protection Tool to Launch Cyber Attacks
Predator, a bot protection tool designed to fight against bots and crawlers, has now been found to be abused by threat actors for malicious purposes. Threat actors have been using phishing emails with malicious links to lure users into a…
Hackers Stole Banking Details From Over 50,000 Users Via Web Injections
Web injections involve injecting malicious code into websites to manipulate content or redirect users to fraudulent sites. Threat actors use this technique to steal sensitive information, such as:- Cybersecurity researchers at Security Intelligence recently identified that hackers hijacked the banking…
Interpol Arrested 3,500 Suspects and Seized $300 Million
In a groundbreaking initiative spanning 34 countries, INTERPOL orchestrates Operation HAECHI IV, a relentless assault on online financial crime, yielding a formidable impact. Interpol, short for the International Criminal Police Organization, is a global entity dedicated to fostering international police…
Hackers Leveraging GitHub Platform for Hosting Malware
Researchers have discovered two novel techniques on GitHub: one exploits GitHub Gists, while the other involves sending commands through Git commit messages. Malware authors will occasionally upload samples to services such as Dropbox, Google Drive, OneDrive, and Discord to host second-stage malware…
Tech Device Manufacturers Urged by CISA to Remove Default Passwords
Recently, the Cybersecurity and Infrastructure Security Agency (CISA) has requested technology device manufacturers to take measures to eliminate default passwords due to the threats posed by IRGC actors. This step has been taken to ensure the security of tech devices…
Sidewinder Hacker Group Using Weaponized Documents to Deliver Malware
Sidewinder APT group’s sophisticated threat landscape reveals a skilled and persistent threat targeting the Nepalese Government entities. Their focus extends to South Asian governments, with researchers also identifying a recent complex attack on Bhutan. Cybersecurity researchers at Cyfirma recently identified…
New SMTP Smuggling Attack Lets Hackers Send Spoofed Emails
SMTP (Simple Mail Transfer Protocol) smuggling is a technique where attackers exploit the inconsistencies in how proxy servers or firewalls analyze and handle the SMTP traffic. Threat actors can smuggle malicious payloads or evade detection by exploiting these inconsistencies. This…
Hackers Actively Exploiting ActiveMQ Vulnerability to Install Malware
Attackers have been exploiting the Apache ActiveMQ Vulnerability (CVE-2023-46604) to steal data and install malware constantly. Using the Apache ActiveMQ remote code execution vulnerability, the Andariel threat group was found to be installing malware last month. Their primary targets are national…
QakBot Malware Emerges with New Tactics, Attacking Hospitality Industry
QakBot (aka Qbot) primarily targets financial institutions since it is a sophisticated banking trojan and malware. This malware can facilitate more malicious acts, such as the following, by infecting Windows systems and stealing confidential data, such as banking credentials:- Besides…
3CX Asks Customers to Disable SQL Database Integrations to Stop Hack Attacks
3CX, a VoIP communications firm, has advised customers to disable SQL Database integrations due to the risks posed by a potential vulnerability. A SQL Injection vulnerability in 3CX CRM Integration has been identified as CVE-2023-49954. An attacker can manipulate an application’s database…
8220 Hacker Group Attacking Windows & Linux Web Servers
The 8220 hacker group, which was first identified in 2017 by Cisco Talos, is exploiting both Windows and Linux web servers with crypto-jacking malware. One of their recent activities involved the exploitation of Oracle WebLogic vulnerability (CVE-2017-3506) and Log4Shell (CVE-2021-44228).…
Google Chrome’s New Tracking Protection Limits Website Tracking
Goodbye, third-party cookies. Hello, Tracking Protection! Chrome, the world’s most popular browser, is taking a major step toward a privacy-first web with the launch of its Tracking Protection feature. Starting January 4th, this limited rollout marks a turning point in Google’s…
NKAbuse Malware Attacking Linux Desktops & Use Corn Job for Persistence
Threat actors target Linux systems due to their prevalence in server environments, and cron jobs offer a discreet means of maintaining unauthorized access over an extended period. Kaspersky experts discovered “NKAbuse,” a versatile malware using NKN tech for peer data…
Hackers are Increasingly Using Remote Admin Tools to Control Infected Systems
Recently, there has been a rise in incidences of hackers using “Remote Administration Tools” to control the infected system and bypass protection technologies. Remote administration tools are software that allows managing and controlling terminals from a remote location. The tools can…
Windows Defender Quarantine Folder Metadata Recovered for Forensic Investigations
Windows Defender is a built-in antivirus and anti-malware software developed by Microsoft for Windows operating systems. It provides real-time protection against various threats, including:- Cybersecurity researchers at Fox-IT recently discovered that revived Windows Defender Quarantine folder metadata helps in boosting…
Ledger NPM Repo Hacked Through a Spear Phishing Attack on an Employee
In a recent turn of events, Ledger, a prominent hardware wallet provider, faced a security breach that sent shockwaves through the cryptocurrency community. The breach, initiated by a malevolent version of the npm package @ledgerhq/connect-kit, posed a severe risk to…
How Can DSPM Prevent High-Profile Breaches?
In early October 2023, a DNA testing company for ancestry discovery purposes, 23andMe, disclosed that it suffered a data breach. On the 5th of December 2023, the company shared that the data breach was more damaging than was initially reported.…
How Sandboxes Help Security Analysts Expose Script-Based Attacks
Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive. You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network. To prevent this, analyzing suspicious files in malware…
BazarCall Attack Weaponizing Google Forms to Appear Legitimate
A new type of phishing attack known as BazarCall has emerged, and it’s using a clever technique to make it appear more legitimate. The attack utilizes a Google Form to trick unsuspecting victims into divulging sensitive information. The method of…
Chinese Hackers Seized Outdated Routers for Covert Data Transfer
Volt Typhoon, also known as the Bronze Silhouette, has been discovered to be linked with a complex botnet called “KV-botnet.” The threat actor has been using this botnet to target Small Office/Home Office routers since at least February 2022. Their…
MITRE Reveals EMB3D, a Threat Model for Embedded Devices in Critical Infrastructure
Red Balloon Security, Narf Industries, and MITRE collaborated to create the EMB3D Threat Model, which offers a shared knowledge of the risks embedded devices experience and the security measures needed. The EMB3D model is a comprehensive framework that focuses specifically…
Poisoned AI Coding, Assistant Tools Opens Application to Hack Attack
AI (Artificial Intelligence) has significantly revolutionized software engineering with several advanced AI tools like ChatGPT and GitHub Copilot, which help boost developers’ efficiency. Besides this, two types of AI-powered coding assistant tools emerged in recent times, and here we have…
Russian Hackers Exploiting JetBrain Vulnerability to Hack Servers
The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other co-authoring agencies have issued a warning that Russian Foreign Intelligence Service (SVR) cyber actors are widely exploiting CVE-2023-42793, aiming their attacks at servers that host JetBrains TeamCity…
CISA Asks Public Opinion on Google Workspace Secure Configuration Baselines
In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) unveils the Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines. This architectural marvel establishes a robust groundwork, elevating data security across nine…
Quishing: New Sophisticated Phishing Attacks on the Rise
Phishing, a persistent cyberthreat, has evolved with the times. Once a symbol of convenience, QR codes are now being weaponized by attackers through Quishing. This alarming trend demands attention, as it exposes both individuals and organizations to significant risks. Interpol’s…
Sophos Firewall Code Injection Flaw: Let Attackers Execute Remote Code
A critical security flaw has been discovered in the Sophos Firewall User Portal and Webadmin, allowing hackers to execute malicious code remotely. The vulnerability enables attackers to inject harmful code into the software, which if exploited, can result in a…
1,450+ pfSense Servers Vulnerable to Remote Code Execution Attacks via Exploit Chain
Researchers discovered two vulnerabilities in pfSense CE related to Cross-Site Scripting (XSS) and Command Injection that allow an attacker to execute arbitrary commands on a pfSense appliance. An attacker with RCE capabilities can control the firewall, monitor traffic on the…
Microsoft’s 2023 Final Patch: 34 Vulnerabilities Including Critical 0-Day Fixed
Microsoft has released their patches for December 2023 as part of their Patch Tuesday. In this release, they have patched more than 34 vulnerabilities and one zero-day. Among the 34 vulnerabilities patched, there were 4 Critical severity vulnerabilities and 30…
Cloud Engineer Sentenced for Deleting Ex-employer’s Code Repos & Logs
San Francisco resident Miklos Daniel Brody, 38, took revenge on his former employer, a bank, by hacking valuable computer code and damaging the bank’s cloud system. And the Cloud Engineer Sentenced. After stealing information from and purposefully damaging a protected computer, he…
Rhysida Ransomware Attacking Government & IT Industries Worldwide
Hackers use ransomware to encrypt victims’ files and demand payment (usually in cryptocurrency) for the decryption key. This malicious tactic allows them to extort money from the following entities by exploiting vulnerabilities in their digital systems:- In May 2023, this…
Toyota Ransomware Attack Exposes Customers Personal Data
Toyota Financial Services (TFS) notifies customers after a data breach that exposed personal and sensitive financial information. In a limited number of locations, including Toyota Kreditbank GmbH in Germany, Toyota Financial Services Europe & Africa has discovered unauthorized activity on…
What is CloudSecOps? – A Complete Security Operations Guide – 2024
Cloud security is becoming a central part of any organization’s cybersecurity strategy. However, in most organizations, the teams managing cloud operations work separately from those that manage security. CloudSecOps is setting out to change that. CloudSecOps is about integrating security…