Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Over 90,000 websites are currently at risk due to a vulnerability found in the WordPress Backup Migration Plugin. This vulnerability has enabled unauthenticated remote code execution, making it possible for potential attackers to gain access to these websites. A group…

Read more →

Researchers discovered the spread of a malicious exe file that targets specific individuals and is disguised as information related to a personal data leak. The malware functions as a backdoor, executing obfuscated commands in XML format after receiving them from the threat actor. Because this…

Read more →

Phishing emails targeting Windows users were discovered, tricking users into opening a malicious PDF file called “MrAnon Stealer” that spreads malware by using fake booking details. To obtain the final malware, the PowerShell script is executed by the PDF after…

Read more →

A new method of keylogging using malicious keyboard apps has been discovered to affect iPhones, evading all Apple’s security detection procedures. Additionally, threat actors could also use this method to steal passwords, authentication codes, notes, private messages, etc., There have…

Read more →

In the labyrinth of cybersecurity, the specter of insider threats emerges as a formidable adversary, wielding both malicious intent and unintentional foibles.  This expose delves into the intricacies of how insiders exploit vulnerabilities, introducing an air of risk through actions…

Read more →

Privacy concerns related to smart cars primarily revolve around the extensive data collection, sharing, and potential misuse of personal information. Automobiles that are outfitted with artificial intelligence that is driven by systems are known as smart cars.  They comprise numerous…

Read more →

Bitzlato Ltd., a cryptocurrency exchange, was founded and is primarily owned by an individual who facilitated transactions between buyers and sellers in dark markets. The exchange acted as a conduit for such transactions to take place, making it an important…

Read more →

In the intricate web of our interconnected world, the Domain Name System (DNS) stands as a linchpin, directing users to their online destinations.  Yet, even this vital system is not impervious to the dark art of malicious manipulation. In a…

Read more →

A critical remote code execution vulnerability has been patched as part of the WordPress 6.4.2 version. This vulnerability exists in the POP chain introduced in version 6.4, which can be combined with a separate Object Injection, resulting in the execution…

Read more →

Hackers target email accounts because they contain valuable personal and financial information. Successful email breaches enable threat actors to:- Cybersecurity researchers at Microsoft Threat Intelligence team recently unveiled that the Russian state-sponsored actor, Star Blizzard (aka SEABORGIUM, COLDRIVER, Callisto Group),…

Read more →

PlugX malware is sophisticated in evasion, as it uses the following techniques to avoid detection by antivirus programs, making it challenging for security measures to identify and mitigate its presence:- That’s why PlugX malware stands out as a challenging and…

Read more →

Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative targets.  Outlook vulnerabilities offer:- WinRAR vulnerabilities provide an entry point to manipulate compressed files, potentially executing malicious code on a victim’s system. Cybersecurity researchers at Proofpoint…

Read more →

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been discovered. This vulnerability can be exploited by tricking the Bluetooth host state machine into pairing with a fake keyboard without authentication. This vulnerability affects Android devices…

Read more →

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in multiple products. The CVEs for these vulnerabilities have been assigned as CVE-2023-22522, CVE-2023-22523, CVE-2023-22524, and CVE-2022-1471. Atlassian has patched these vulnerabilities and has released security advisories…

Read more →

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat actors unauthorized access to sensitive data. Hackers exploit Spectre because it enables them to extract confidential information by manipulating the speculative execution capabilities of CPUs, bypassing…

Read more →

The Akira ransomware group, which first appeared in March 2023, has been identified as a serious threat to data security. It encrypts data and demands a ransom for decryption, affecting both Windows and Linux devices. The group has about 140…

Read more →

The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being disseminated via WSF script format. The WSF file was found to be disseminated in a compressed file (.zip) format through URLs included in emails. AsyncRAT spreads…

Read more →

Beneath the surface of the cyber realm, a silent menace emerges—crafted with the precision of the .NET framework, the Serpent Stealer slithers undetected through security measures, leaving traces of its intrusion.  Researchers at K7 Labs have analyzed the malware called…

Read more →

Researchers have uncovered a new Trojan-attacking macOS user that is associated with the BlueNoroff APT group and their ongoing RustBucket campaign.  As a subgroup of Lazarus, BlueNoroff possesses reverse engineering expertise because they spend time analyzing and patching SWIFT Alliance software as well…

Read more →

It has been observed that threat actors are using AI technology to conduct illicit operations on social media platforms. These malicious actors employ several tactics and automated bots to achieve their nefarious goals, which can pose a serious threat to…

Read more →

Kali Linux 2023.4, the latest version of Offensive Security’s renowned operating system, has been released, and it includes the advanced Gnome 45 desktop environment and 15 new tools, with enhancements to existing ones. Kali Linux is a Linux distribution intended for…

Read more →

A 40-year-old Russian national, Vladimir Dunaev, pleaded guilty for developing and deploying Trickbot malware. Trickbot, a suite of malware tools, targeted hospitals and businesses, causing millions in losses. Trickbot is a sophisticated modular banking Trojan that primarily targets financial institutions. …

Read more →

ICANN is a non-profit organization that is responsible for coordinating the global internet’s- This organization manages the distribution and maintenance of domain names and ensures the stable and secure operation of the Internet. ICANN introduced RDRS (Registration Data Request Service),…

Read more →

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed AeroBlade, which appears to be aimed at carrying out both competitive and commercial cyberespionage. The threat actor employed spear-phishing as the means of distribution mechanism. A…

Read more →

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own cloud vulnerabilities in their catalog. As the national coordinator for critical infrastructure security and resilience, CISA oversees government cybersecurity operations.  Document Protect Your Storage With SafeGuard…

Read more →

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense for initial access. Qlik Sense is a data discovery and analytics platform that allows you to visualize and analyze data from various sources. It has a…

Read more →

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer malware, and its new variant was being marketed in underground communities. Threat actors use the ScrubCrypt obfuscation tool to help them avoid detection by antivirus software and initiate attacks that might…

Read more →

Zoom, the most widely used video conferencing platform has been discovered with a critical vulnerability that threat actors could potentially exploit for various malicious purposes. This vulnerability was reported as part of the H1-4420 Hacking event conducted in June 2023.…

Read more →

According to a recent report by Secureworks, a well-planned and advanced phishing attack was carried out, specifically targeting hotels and their guests, through the popular website Booking.com. The attackers utilized a sophisticated phishing campaign to lure unsuspecting victims into providing…

Read more →

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious links within seemingly legitimate payment requests.  This tactic aims to deceive recipients into opening the invoice, leading to:- Cybersecurity researchers at Perception Point recently discovered and…

Read more →

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed that the North Korean hacker group Lazarus was using it to launder funds that had been stolen. Millions of dollars worth of virtual currency from Lazarus Group…

Read more →

In a disconcerting turn of events, cyber threat actors have set their sights on Unitronics programmable logic controllers (PLCs) embedded in Water and Wastewater Systems (WWS).  This perilous trend casts a looming shadow over the nation’s critical infrastructure, with the…

Read more →

Three Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products, which could allow a threat actor to execute system commands on successful exploitation of these vulnerabilities. Zyxel NAS (Network Attached Storage) devices provide fast, secure, and…

Read more →

The latest analysis shows that tens of millions of people are creating weak passwords on three of the four most popular websites in the world, which do not fulfill the minimum required standards. Researchers also found that 12% of websites…

Read more →

Hackers often use weaponized documents to exploit vulnerabilities in software, which enables the execution of malicious code. All these documents contain malicious code or macros, often disguised as familiar files, which help hackers gain unauthorized access and deliver malware to…

Read more →

An Android malware campaign was previously discovered that distributed banking trojans targeting four major Iranian Banks: Bank Mellat, Bank Saderat, Resalat Bank, and Central Bank of Iran.  There were 40 credential-harvesting applications circulated on Cafe Bazaar between December 2022 and…

Read more →

Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this year. The flaw, identified as CVE-2023-6345, is classified as an integer overflow in Skia, an open-source 2D graphics library written in C++. “Google is aware that an exploit…

Read more →

Six novel Bluetooth attack methods have been discovered, which were named BLUFFS (Bluetooth Forward and Future Secrecy) attacks. These attacks could enable threat actors to impersonate devices or machine-in-the-middle attacks.  These attacks have been reported to be at the architectural…

Read more →

Recent years saw a surge in cloud tech adoption, highlighting the efficiency through tools like Google’s Domain-Wide Delegation.  It enables GCP (Google Cloud Platform) identities to perform tasks in GWS (Google Workspace) apps on behalf of Workspace users, streamlining work…

Read more →

In a digital age marred by deceit, 25-year-old Amir Hossein Golshan stands as a testament to the dark underbelly of cyberspace.  Hailing from downtown Los Angeles, Golshan’s intricate orchestration of fraudulent schemes has earned him a federal prison sentence of…

Read more →

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 – A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and…

Read more →

Hackers target chips to exploit vulnerabilities in hardware, enabling unauthorized access to systems or extracting sensitive data.  The Norwegian news agency NRC reported that a Chinese-linked hacker group, a Dutch semiconductor giant, recently breached the NXP’s network. Manipulating chips could…

Read more →

Hackers launched ransomware attacks to extort money from the following two entities by encrypting their data and demanding a ransom payment for its release:- Here, cryptocurrency payments’ financial motivation and relative anonymity make them an attractive method for hackers. Recently,…

Read more →

Broadcom Inc., a multinational semiconductor manufacturing company headquartered in San Jose, CA, has announced the successful acquisition of VMware in a $61 billion deal. VMware is a top supplier of multi-cloud services for all apps, providing digital innovation with organizational control.…

Read more →

In a perplexing turn of events, a notable cohort of Google Drive users is grappling with the disappearance of files from their accounts.  Reports indicate that some users have experienced the loss of crucial data, with instances of up to…

Read more →

North Korea, DPRK threat actors, have been reportedly involved in several supply-chain attacks to gain unauthorized access to the intranet of an organization. One of the software exploited by the DPRK threat actors was the MagicLine4NX security authentication program, which…

Read more →

The Andariel threat group has been discovered installing malware via the exploitation of the Apache ActiveMQ remote code execution vulnerability classified as CVE-2023-46604. The group is known to be either a subsidiary of Lazarus or in an active partnership with the Lazarus…

Read more →

Phishing bots are a tool used by hackers to fool people into disclosing private information such as- With the help of these automated tools, threat actors easily create deceptive, harmful emails and websites, which makes it easier for them to…

Read more →

Investments in cybersecurity tools have been on the rise in the Asia-Pacific region, owing to the increased prevalence of cyberattacks. It is projected that the market will grow at a CAGR of 16.4% by 2032. The market for cyber warfare…

Read more →

In the ever-evolving cybersecurity domain, the resurgence of NetSupport RAT, a Remote Access Trojan (RAT), has raised concerns among security professionals.  This sophisticated malware, initially developed as a legitimate remote administration tool, has been repurposed by malicious actors to infiltrate…

Read more →

AutoZone Inc., a US retailer of automotive parts and accessories, warned customers that their data had been compromised as a result of the Clop MOVEit file transfer attacks. Personal information, such as the names and social security numbers of 185,000…

Read more →

The DPRK has been a great threat to organizations in recent times. Their attack methods have been discovered with several novel techniques involving different scenarios. Their recent attack method was associated with fake candidates and employers for supply chain attacks.…

Read more →

DarkGate is a complete toolkit, first discovered in 2018, that provides attackers with extensive capabilities to access target systems completely. On underground cybercrime forums, an actor known as RastaFarEye develops and sells the software as Malware-as-a-Service (MaaS). The malware is offered through a…

Read more →

In the perpetually evolving realm of cybersecurity, the reawakening of NetSupport RAT, a Remote Access Trojan (RAT), casts a looming shadow that beckons the attention of vigilant security professionals.  This insidious malware, initially conceived as a bona fide remote administration…

Read more →

Authorities seized about $9 million in crypto, which was earned by taking advantage of over 70 victims nationwide through alleged “pig butchering” schemes.  A pig-butchering scam is an investment fraud that tricks people into investing their money in seemingly legitimate and lucrative enterprises. These…

Read more →

In the late 1990s, VPN technology revolutionized remote work. However, the traditional VPN model has become outdated and unworkable as the world becomes increasingly mobile and cloud-based. The need for a new cybersecurity system has been growing for years. Businesses…

Read more →

MySQL stands out for its reliability and efficiency among the various database systems available. However, as with any technology that holds valuable data, MySQL databases are a lucrative target for cybercriminals. This makes MySQL security not just an option but…

Read more →

Kubernetes is an open-source container orchestration platform that automates the deployment, scaling, and management of containerized applications.  Besides this, hackers often target Kubernetes due to its widespread adoption, making it a valuable attack vector for compromising and controlling distributed systems. …

Read more →

A new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack. This vulnerability enables a novel distributed denial of service (DDoS) attack technique. This vulnerability was assigned with CVE-2023-44487 and a severity…

Read more →

Microsoft Windows Hello Fingerprint authentication was evaluated for security over its fingerprint sensors embedded in laptops. This led to the discovery of multiple vulnerabilities that would allow a threat actor to bypass the Windows Hello Authentication completely. The research was…

Read more →

Microsoft 365 Apps is a suite of productivity tools that includes the following apps and services offered by Microsoft through a subscription service:- Hackers often target these applications because they are widely used in business environments, providing a large potential…

Read more →

In the fast-paced world of cryptocurrency, the ever-looming threat of Rug Pulls has once again taken center stage.  Check Point’s Threat Intel Blockchain system, a vigilant guardian of the blockchain realm, recently uncovered a meticulously executed scheme that swindled nearly…

Read more →

Two ongoing efforts, Contagious Interview and Wagemole, have been identified to target job-seeking activities connected to North Korean Hackers and state-sponsored threat actors. Threat actors use the interview process in “Contagious Interview” to trick developers into installing malware by posing…

Read more →

Poloniex is a popular cryptocurrency exchange platform headquartered in the United States that provides a diverse range of digital assets for trading. The platform was established in January 2014 by Tristan D’Agosta, with a vision to make cryptocurrency trading easier…

Read more →

DarkGate, a sophisticated Malware-as-a-Service (MaaS) offered by the enigmatic RastaFarEye persona, has surged in prominence. The malware is known for abusing Microsoft Teams and MSI files to compromise target systems.  This Sekoia report delves into its ominous capabilities, examining its…

Read more →

Researchers discovered a new campaign delivering DarkGate and PikaBot that employs strategies similar to those employed in QakBot phishing attempts. This operation sends out a large number of emails to a variety of industries, and because the malware transmitted has…

Read more →

Former COO of the Atlanta-based cybersecurity company Securolytics, Vikas Singla, launched a series of cyberattacks on the non-profit healthcare organization Gwinnett Medical Center (GMC), which has locations in Lawrenceville and Duluth, Georgia. GMC suffered a financial loss of $817,804.12 as…

Read more →

Embarking on a journey into the realm of cyber threats, Microsoft recently uncovered a series of mobile banking trojan campaigns meticulously designed to exploit unsuspecting users in India.  This expose delves into the sophisticated strategies employed by cybercriminals utilizing social…

Read more →

The Andariel group has been identified in recent reports as distributing malware through asset management programs. This group has been previously discovered to be in a relationship with the Lazarus group. The Andariel group is known to launch supply chain,…

Read more →

In a pivotal decision on November 15, 2023, the Federal Communications Commission (FCC) orchestrated a formidable defensive strategy against insidious scams targeting consumers’ cell phone accounts.  This comprehensive report delves into the intricacies of the newly adopted rules, designed to…

Read more →

In a pivotal decision on November 15, 2023, the Federal Communications Commission (FCC) orchestrated a formidable defensive strategy against insidious scams targeting consumers’ cell phone accounts.  This comprehensive report delves into the intricacies of the newly adopted rules, designed to…

Read more →

A ransomware attack targeted Yamaha Motor Co., Ltd., resulting in a partial disclosure of the personal information maintained by the company. Notably, a third party gained unauthorized access to one of the servers run by Yamaha Motor Philippines, Inc. (YMPH),…

Read more →

Threat intelligence (TI) is critical to organizations’ cybersecurity infrastructure, allowing them to keep track of the evolving threat landscape and ensure timely detection. However, TI Solutions’ information frequently lacks the specifics required for thorough security measures. One way to address…

Read more →

Cyberattacks pose a significant risk, and prevention alone isn’t enough, so timely detection is crucial. That’s why most organizations use SIEM (Security Information and Event Management) systems to centrally collect and analyze security events with expert-written rules for detecting intrusions.…

Read more →

Multiple critical flaws in the infrastructure supporting AI models have been uncovered by researchers, which raise the risk of server takeover, theft of sensitive information, model poisoning, and unauthorized access. Affected are platforms that are essential for hosting and deploying large language models, including Ray,…

Read more →

For half a decade, NordPass has delved into the realm of password habits, uncovering familiar tunes that persist.  However, this year’s narrative is layered with intriguing patterns, particularly within distinct platform categories.  Amidst the discourse on passkeys, a question lingers:…

Read more →

The sequence of events sounds like it was taken straight from a movie script. Five software programmers were working late into the night, chatting on their phones while they worked. During the wee hours of October 9, between 1:00 am…

Read more →

In a chilling revelation, the cybercrime economy is projected to soar to $10.5 trillion by 2025, driven by financially motivated bad actors orchestrating dark enterprises.  Uncover the intricate web of these malicious activities and the alarming surge in cyber threats.…

Read more →

Kubernetes security is safeguarding your Kubernetes clusters, the applications they host, and the infrastructure they rely on from threats. As a container orchestration platform, Kubernetes is incredibly powerful but presents a broad attack surface for potential adversaries. Kubernetes security encompasses…

Read more →

Fortinet notifies users of a critical OS command injection vulnerability in the FortiSIEM report server that might enable an unauthenticated, remote attacker to execute malicious commands via crafted API requests. FortiSIEM is Fortinet’s security information and event management (SIEM) solution,…

Read more →

In an alarming development, Denmark faced its most extensive cyber attack in May 2023, targeting crucial components of its energy infrastructure.  A total of 22 companies fell victim to a meticulously coordinated attack, breaching their industrial control systems and prompting…

Read more →

In a momentous development in cybersecurity, Thomas Kennedy McCormick, alias “fubar,” a resident of Cambridge, Massachusetts, has been sentenced to 18 months imprisonment for masterminding a racketeering conspiracy within the infamous Darkode hacking forum. The intricate web of cybercrime unraveled…

Read more →

Alphv Ransomware gang filed an SEC complaint against MeridianLink for not disclosing a data breach. BlackCat, also known as ALPHV, BlackCat operates on the ransomware as a service (RaaS) model, with developers offering the malware for use by affiliates and…

Read more →

The biggest manufacturer of automobiles, Toyota, has discovered unauthorized activity on systems in a few of its Europe & African services. The ‘Medusa ransomware gang allegedly took data from Toyota Financial Services.’ The group offered the business ten days to…

Read more →

The popular video messaging platform Zoom has discovered multiple vulnerabilities affecting Zoom Clients. These vulnerabilities might allow an unauthorized user to carry out denial-of-service, privilege escalation, and information disclosure attacks. To receive the most recent security updates and bug fixes, Zoom…

Read more →

ManageEngine, one of the most widely used IT infrastructure management platforms that offers more than 60 Enterprise IT management tools, has been discovered with an Information Disclosure vulnerability which is tracked as CVE-2023-6105. This vulnerability affects multiple ManageEngine products, including…

Read more →

Wireshark, a leading network packet analyzer, has released version 4.2.0, which brings bug fixes, protocol updates, major API changes, codec support, and several new features. It is still a widely used and popular tool for network protocol analysis. Network administrators and security experts use packet…

Read more →

Samsung Electronics (U.K.) Limited has announced a cybersecurity incident, corroborating the exposure of customer data that originated in July 2019.  The disclosure comes as the tech behemoth contends with the repercussions of illicit access to personal information. Sequence of the…

Read more →

A critical CPU vulnerability can pose a significant threat by allowing:- Exploitation of such vulnerabilities can lead to widespread cyberattacks and significant disruptions. Recently, Google noted a rise in CPU vulnerabilities this year, as August disclosures reveal the following vulnerabilities…

Read more →

Researchers have discovered a new phishing campaign that targets Middle Eastern and North African Government Entities to deliver a new initial access downloader termed “IronWind.” This downloader is followed by additional payload stages, which downloads a shellcode.  Most campaigns were…

Read more →

Cybersecurity researchers at Talos have discovered that spammers are taking advantage of Google Forms quizzes to disseminate various types of online scams to unsuspecting victims. Since Google’s servers are where the emails are coming from, it could be simpler for…

Read more →

Researchers found that vulnerable MySQL servers are being deployed with the Ddostf DDoS bot, which is capable of launching Distributed Denial of Service (DDoS) attacks. Ddostf, which was first identified around 2016, is well-known for supporting both Windows and Linux platforms…

Read more →

SystemBC (aka Coroxy or DroxiDat) is a multifunctional malware known as Proxy, Bot, Backdoor, and RAT, adapting to attackers’ needs.  Since 2018, this multifunctional malware has been active, and it remains popular in underground markets, with consistent annual incidents. Cybersecurity…

Read more →

There have been several cases of GPT model-based detection for various attacks from system logs. However, there has been no dedicated framework for detecting APTs as they use a low and slow approach to compromise the systems. Security researchers have…

Read more →

Payment Card Industry Data Security Standard or PCI DSS 4.0 was released in May 2022 by the PCI Security Standards Council (PCI SSC). After using PCI DSS 3.2.1 for several years, PCI DSS 4.0 is the latest security standard version…

Read more →

Recently, hackers have used the Ethereum network’s CREATE2 opcode to bypass wallet security alarms in certain wallets.  Using Create2’s pre-calculation feature, the Drainers can produce unique addresses for every malicious signature. After the victim signs the malicious signature, these addresses are deployed.…

Read more →

Dark forums and Telegram channels have become great places for threat actors to sell critical vulnerabilities and exploits. These vulnerabilities and exploits were associated with the Elevation of Privilege, Authentication Bypass, SQL Injection, and Remote Code Execution in products like…

Read more →

A class-action lawsuit had been filed against Intel due to a critical “Downfall” vulnerability in Intel CPUs, a defect that Intel was aware of since 2018 but neglected to report. According to Intel, the only way to “fix” it is to apply…

Read more →

A notorious phishing service that supplied cybercriminals with phishing kits, scam pages, and stolen credentials has been disrupted by a joint operation involving Malaysian, Australian, and U.S. authorities.  BulletProftLink, also known as a phishing-as-a-service (PhaaS) platform, had been operating for…

Read more →

A notorious phishing service that supplied cybercriminals with phishing kits, scam pages, and stolen credentials has been disrupted by a joint operation involving Malaysian, Australian, and U.S. authorities.  BulletProftLink, also known as a phishing-as-a-service (PhaaS) platform, had been operating for…

Read more →