Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

Researchers detected IMPERIAL KITTEN, an adversary with ties to Iran, conducting strategic web compromise (SWC) operations with a focus on transportation, logistics, and technology firms. The adversary, who has been operating since at least 2017, has been reported to have…

Read more →

Managing a diverse range of devices, including desktops, mobile devices, and Internet of Things (IoT) devices, is an essential aspect of modern businesses. To efficiently handle these devices, a set of best Unified Endpoint Management Tools (UEM) technologies provide an…

Read more →

After being apprehended by the US government, a Serbian citizen confessed to placing multiple orders on the Monopoly drugs market, which operates on the darknet. The individual in question has admitted to engaging in the illicit purchase of drugs through…

Read more →

Cambodian government entities were discovered to be targeted and compromised by Chinese APT actors. The threat actors are using the infrastructure to masquerade as a cloud backup service. The infrastructure also exhibits several malicious nature and persistent connections. China has…

Read more →

In an age where online threats loom large, safeguarding our personal and professional accounts has never been more critical.  With hackers tirelessly attempting to breach security barriers, the need for robust identity verification methods has become paramount.  In response to…

Read more →

IBM has recently announced the launch of its Cloud-Native SIEM solution, which is designed to enhance the scale, speed, and flexibility of security teams. With this new offering, organizations can benefit from improved threat detection and response capabilities, empowering them…

Read more →

Burp Suite 2023.10.3.4 is the name of the newest version of Burp Suite, which was just published by the PortSwigger developers. The Burp Suite is a cybersecurity tool that is used for evaluating the security of online applications. It performs…

Read more →

In a recent development, cybersecurity experts have identified a significant shift in the tactics employed by Sapphire Sleet, a notorious threat actor known for cryptocurrency theft through social engineering.  Microsoft’s threat intelligence team has been closely monitoring Sapphire Sleet, a…

Read more →

SysAid On-Prem software has been reported with a 0-day vulnerability determined during an incident response investigation. According to Microsoft, attackers are exploiting this zero-day vulnerability to infiltrate corporate servers, to steal sensitive data and deploy the notorious Clop ransomware. This…

Read more →

In a recent development, cybersecurity experts have identified a significant shift in the tactics employed by Sapphire Sleet, a notorious threat actor known for cryptocurrency theft through social engineering.  Microsoft’s threat intelligence team has been closely monitoring Sapphire Sleet, a…

Read more →

In a recent and alarming development, the notorious Russia-linked threat actor Sandworm executed a sophisticated cyber-physical attack targeting a critical infrastructure organization in Ukraine.  The incident, responded to by cybersecurity firm Mandiant, unfolded as a multi-event assault, showcasing a novel…

Read more →

A new malware variant is distributed by BlueNordoff APT group, a financially motivated threat group targeting cryptocurrency exchanges, venture capital firms, and banks. This new campaign has similar characteristics to their RustBucket campaign. BlueNoroff was first discovered in early 2014…

Read more →

Experts issued security alerts concerning the ongoing exploitation of Big-IP (CVE-2023-46747, CVE-2023-46748) and Citrix (CVE-2023-4966) vulnerabilities. The publicly available Proof of Concepts (POCs) for these vulnerabilities were rapidly circulated in cybercrime forums. Over 20,000 “Netscaler” instances and 1,000 “Big IP”…

Read more →

Trusted Computing Group’s Trust Platform Module 2.0 reference library specification has been discovered with two buffer overflow vulnerabilities that threat actors can exploit to access read-only sensitive data or overwrite normally protected data, which is only available to the TPM.…

Read more →

Hackers target Remote Desktop Protocol (RDP) via malware because it provides them with remote access to a victim’s computer or network, allowing them to:- Cybersecurity researchers at IBM X-Force affirmed recently that in place of conventional frameworks like CobaltStrike, the…

Read more →

WhatsApp has begun to roll out the ‘Protect IP Address in Calls’ feature, which conceals your IP address during calls. Upon using this feature, all your calls will be relayed through WhatsApp’s servers, protecting your IP address and preventing other…

Read more →

Hackers actively target Confluence flaws because it is a widely used collaboration and documentation platform, making it a valuable target for gaining unauthorized access to sensitive information or spreading malware.  Exploiting vulnerabilities in Confluence can lead to:-  These things make…

Read more →

CISOs rely on information about security from across the organization, particularly from the various IT departments. Unfortunately, the information being fed to CISOs about cybersecurity risk is incomplete. There is a blind spot present—a gaping hole. Data about the security…

Read more →

Ransomware attacks are on the rise, causing organizations to lose millions of dollars, restricting them from accessing their data, and possibly disclosing personal information. According to the FBI Private Industry Notification, ransomware attackers have recently been taking advantage of flaws in…

Read more →

Android has fixed 37 vulnerabilities that were impacting its devices with the release of its November 2023 security updates. Most of the flaws included information disclosure, elevation of privilege, denial of service, and remote code execution. These updates address major…

Read more →

Cybersecurity researchers link attackers to the Iranian-backed APT group “Agonizing Serpens,” which has upgraded its capabilities and uses various tools to bypass security measures. Hackers target and steal sensitive data for various reasons, including: They may sell the stolen data…

Read more →

Two critical OS command injection flaws have been discovered in multiple QNAP products, which include QTS, Multimedia Console, Media Streaming add-on, QuTS Hero, and QuTScloud.  These vulnerabilities existed in the QTS operating system and applications on network-attached storage (NAS) devices,…

Read more →

In the ever-evolving digital world, organizations must safeguard their networks and sensitive data against sophisticated cyber threats. Have you ever heard NDR in relation to cybersecurity? Whether you have or not, do you know what is network detection and response?.…

Read more →

Veeam, a Global Leader in Data Protection, issued hotfixes to address four vulnerabilities affecting the Veeam ONE IT infrastructure monitoring and analytics platform. Two vulnerabilities are classified as ‘critical,’ while the other two are classified as ‘medium severity’ flaws. The critical flaws allow remote…

Read more →

Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as…

Read more →

Linux Privilege Escalation flaw is one of the highly critical flaws as it can allow an attacker to gain elevated privileges on a system, potentially leading to full control.  Hackers typically exploit these vulnerabilities by crafting malicious code or commands…

Read more →

Natalie Mottram, a 25-year-old intelligence analyst who worked for Cheshire Police and the North West Regional Organised Crime Unit (ROCU), has been given a prison sentence of three years and nine months for her role in a serious security breach. …

Read more →

Proxy services let users rent IP addresses and provide online anonymity by disguising their traffic as regular IP addresses while hiding the true source or origin. Bitsight researchers recently found a new malware sample distributed by the following two loaders:-…

Read more →

Sam Bankaman-Fried, the founder and CEO of the largest cryptocurrency exchange, has recently pleaded guilty to charges of fraud and money laundering. This news has sent shockwaves through the cryptocurrency community, as Bankaman-Fried was highly regarded and his exchange was…

Read more →

According to recent reports, Arabic-speaking Android users have been targeted with spyware by the “Arid Viper” threat actor, also known as APT-C-23, Desert Falcon, or TAG-63). This threat actor has been using counterfeit dating apps designed to exfiltrate data from…

Read more →

Kubernetes is a popular open-source platform for managing containerized workloads and services. It’s a system that simplifies a wide array of deployment, scaling, and operations tasks, but it’s not without its risks. Just as any other software or platform, Kubernetes…

Read more →

Social media platforms offer financially motivated threat actors opportunities for large-scale attacks by providing a vast user base to target with:-  These platforms allow attackers to exploit trust and personal information shared by users, making it easier to craft convincing…

Read more →

CVSS (Common Vulnerability Scoring System) is vital for supplier-consumer interaction, offering a numerical score to assess security vulnerabilities’ technical severity that helps in guiding the following entities:- CVSS scores interpret the following qualitative ratings for prioritizing vulnerability management and enhancing…

Read more →

Accenture, the global technology services and consulting giant, has announced the acquisition of Innotec Security, a leading cybersecurity-as-a-service provider based in Spain.  The deal, which was made public on November 2, 2023, is a strategic move by Accenture to enhance…

Read more →

A new wave of cyberattacks has been discovered by Netskope Threat Labs, involving the use of SharePoint as a delivery platform for the notorious DarkGate malware.  This alarming trend is driven by an attack campaign that exploits vulnerabilities in Microsoft…

Read more →

Multiple vulnerabilities have been discovered in the Cisco Services Engine associated with Arbitrary File Upload and Denial of Service assigned with CVEs CVE-2023-20195, CVE-2023-20196, and CVE-2023-20213. The severity for these vulnerabilities ranges between 4.3 (Medium) and 4.7 (Medium). These vulnerabilities…

Read more →

A lot of money is being spent to protect the enterprise against intrusion. Ransomware protection is currently in the spotlight – and with good reason. But organizations also invest heavily in technologies such as Zero Trust Network Access (ZTNA), Secure…

Read more →

A vulnerability of medium severity, identified as CVE-2023-20042, with a CVSS score of 6.8, was found in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defence (FTD) Software.  This vulnerability could potentially…

Read more →

Bank robbers of today are nothing like their counterparts of the past. Modern-day Bonnie and Clyde operate remotely, carrying out their operations from hundreds of miles away, simply using their laptops. On top of that, every year, the barrier of…

Read more →

The frequency of hackers exploiting macOS flaws varies over time, but Apple continuously releases security updates to patch vulnerabilities.  While macOS is generally considered more secure than some other operating systems but, it is not immune to exploitation, and hackers…

Read more →

Hackers can exploit Massive Domain Generator and URL Shortener services by creating large numbers of deceptive or malicious domains and using URL shorteners to hide the true destination of links.  This can be used for the following illicit purposes:-  Recently,…

Read more →

Hackers opt for DLL hijacking as a technique to exploit vulnerable applications because it allows them to load malicious code by tricking a legitimate application into loading a malicious DLL. This can give them unauthorized access and control over a…

Read more →

HWP documents are primarily associated with the Hangul Word Processor software used in South Korea.  Hackers may opt for HWP documents to target National Defense and Press Sectors because they exploit vulnerabilities in this specific file format and software, which…

Read more →

F5 Networks has issued a security alert about a severe vulnerability in its BIG-IP Configuration utility, identified as CVE-2023-46748.  This vulnerability is an authenticated SQL injection flaw that allows attackers with network access to execute arbitrary system commands.  F5 Networks…

Read more →

At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical). After the release of PoC, there seems to be…

Read more →

The NuGet package manager, which .NET developers widely use, has been under attack by a series of malicious activities, according to a report by cybersecurity firm ReversingLabs.  The report, which follows previous investigations on npm, PyPI, and RubyGems ecosystems, shows…

Read more →

Atlassian has been reported with a critical vulnerability in their Confluence Software, which several organizations have widely adopted. The CVE for this vulnerability has been assigned as CVE-2023-22518, and the severity has been given as 9.1 (Critical). Atlassian has addressed…

Read more →

Imagine walking into work one morning to find your company’s network completely crippled. Servers are down, workstations display ransomware notices, and critical data has been encrypted or deleted. Total operational paralysis. This is the potential aftermath of a devastating zero-day…

Read more →

Cybercriminals are resorting to unscrupulous tactics to deploy Bonanza malware by exploiting Google Search Ads. The hackers are taking advantage of the search engine’s advertising mechanism to spread the malicious software, putting unsuspecting users at risk of cyber attacks. This…

Read more →

A young man from Orlando, Florida, has been handed a 30-month prison sentence for his role in a cybercrime scheme that stole nearly $1 million in cryptocurrency from unsuspecting victims.  As part of a group of hackers, Jordan Dave Persad,…

Read more →

Proofpoint, an enterprise security company, has entered into a definitive agreement to acquire Tessian, a leading provider of email security solutions. The acquisition is aimed at enhancing the existing email security offerings of Proofpoint and preventing misdirected emails and data…

Read more →

ServiceNow has been alerted to a potential misconfiguration concern that might impact the security of its platform. The company is actively addressing the issue and working towards a resolution. The issue involves Access Control Lists (ACLs), which are used to…

Read more →

Role-Based Access Control (RBAC) is a security paradigm focused on assigning system access to users based on their organizational role. It’s a sophisticated approach of ensuring that only the right people can access the right information at the right time.…

Read more →

AhnLab Security Emergency Response Center (ASEC) has recently revealed a disturbing case of Remcos RAT, a malicious software that can remotely access and manipulate infected machines.  The attackers behind this malware used a clever email scam that pretended to be…

Read more →

F-Secure has recently implemented organizational changes in order to pursue strategic growth initiatives and meet its financial targets. These changes likely involve adjustments to the company’s structure, processes, and resources to ensure they are better aligned with their goals and…

Read more →

A new OAuth vulnerability has been discovered in three of the major extensions such as Grammarly, Vidio, and Bukalapak. These applications use the OAuth protocol for their authentication, which is vulnerable to an authentication token-stealing attack. OAuth is an authentication…

Read more →

XWorm is a RAT (Remote Access Trojan), a malware-as-a-service. It was first discovered in July 2022 and is known to have originated from the ex-USSR. The malware is capable of multiple things, such as stealing sensitive data and cryptocurrency, launching…

Read more →

Cycode is excited to introduce Raven, a state-of-the-art security scanner for CI/CD pipelines.  Raven stands for Risk Analysis and Vulnerability Enumeration for CI/CD Pipeline Security, and it is now available as an open-source tool on GitHub.  This innovative solution will…

Read more →

A security flaw called SQL injection has been uncovered in the D-Link DAR-7000 device. SQL injection is a malicious attack that exploits vulnerabilities in web applications to inject malicious SQL statements and gain unauthorized access to the database. This technique…

Read more →

Two high vulnerabilities have been discovered in VMware Tools, which were assigned with CVE-2023-34057 and CVE-2023-34058. These vulnerabilities were associated with Local Privilege Escalation and SAML Token Signature Bypass. The severities of these vulnerabilities are 7.5 (High) and 7.8 (High),…

Read more →

On Google Play, several new malicious apps with over 2 million installations have been found to display intrusive advertisements to users. Once installed, these trojans attempted to conceal themselves from users of Android smartphones. According to detection statistics collected by…

Read more →