Category: GBHackers On Security

Read the original article: Europol Arrested 10 SIM Swapping Hackers for Stealing Over USD 100 Million in Cryptocurrencies Sports stars, musicians, internet influencers. Wondering what they have in common apart from their lavish lifestyles? Well, they have had more than…

Read more →

Read the original article: Domestic Kitten – Extensive Surveillance Operation Against Iranian citizens Researchers have studied and analyzed the workings of the hacking group Domestic Kitten. Domestic Kitten also goes by the name APT-50, and has been accused of deceiving…

Read more →

Read the original article: HelloKitty Ransomware Group Behind CD Projekt Red that Encrypts Devices and Steals Data CD Projekt S.A. is a Polish video game developer, publisher, and distributor based in Warsaw, Poland. CD Projekt Red, the videogame-development company behind…

Read more →

Read the original article: Microsoft Warns Customers to Fix Critical TCP/IP Bugs Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an important Denial of Service (DoS)…

Read more →

Read the original article: Android Barcode Scanner With 10 Million Download Turns Malicious after an Update A popular Barcode Scanner App with above 10 million downloads on the Google Play Store has been caught infecting Android devices with malware. The…

Read more →

Read the original article: Hackers Attempted to Poison the Water Supply After Gaining Access to the Water Treatment System Pinellas County Sheriff Bob Gualtieri said that a hacker gained access into the water system of Oldsmar, Florida, on Friday and…

Read more →

Read the original article: New Chrome Browser Zero-day Under Active Attack — Update Now!! Recently, Google has released a new version of Google Chrome browser for Windows, Mac and Linux, that contains only one bugfix for a zero-day vulnerability that…

Read more →

Read the original article: Police Seize $60 Million of Bitcoin That Generated Via Installing Malware But Fraudster Refused to Say Password The officials of Germany have recently seized a digital wallet that was assumed to carry $60 million in bitcoins;…

Read more →

Read the original article: OWASP Top 10 Proactive Security Controls For Software Developers to Build Secure Software Proactive Controls for Software developers describing the more critical areas that software developers must focus to develop a secure application. The OWASP Top…

Read more →

Read the original article: Critical RCE Bugs in Cisco SMB Routers Let Hackers Gain the Root Access Remotely – Update Now!! Recently, the Cisco Small Business Routers has manifested numerous security issues. Cisco has approached multiple pre-auth remote code execution…

Read more →

Read the original article: Security Information and Event Management (SIEM) – A Detailed Explanation SIEM software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by network hardware…

Read more →

Read the original article: Beware!! New Cryptojacking Malware Attacking Apache, Oracle, Redis Servers The security researchers at unit 42 are keeping a stern eye on China-based cybercrime group Rocke. This hacking group was detected in 2019 for using cloud-targeted malware,…

Read more →

Read the original article: Protect Your WordPress sites with CrowdSec The CrowdSec team is expanding the capabilities of their open source and free security solution by finalizing the release of its brand new application bouncer on the WordPress marketplace. This…

Read more →

Read the original article: What You Should Know About Mobile Or Web App Security and How To Achieve It In the age of technology, it is almost impossible to keep your privacy contained. With every year passing, more people start…

Read more →

Read the original article: Most Important Cyber Attack Techniques that often used by Hackers The cyber attack occurs on a daily basis, and these can range from attacks on tech giants to individuals falling foul to the many scams which…

Read more →

Read the original article: Virtual Private Network: What is it and Why is it So Important To Protect Your Privacy? Computers and the Internet have become one of the main means of transmitting and processing information. Most of the information…

Read more →

Read the original article: Your Guide to Endpoint Security With tens of millions of cyber attacks occurring every single day, cyber-security has quite simply never been so important. Today’s world is increasingly dependent on connected devices and digital systems, both…

Read more →

Read the original article: Sonicwall Hacked with Highly Sophisticated Hackers By Exploiting Zero-Day Vulnerabilities Recently, the cybersecurity researchers reported that SonicWall, the popular internet security provider of firewall and VPN products, on late Friday has become victim to a coordinated…

Read more →

Read the original article: Tesla Sues Former Employee for Stealing Sensitive Data Tesla, Inc., an American electric car manufacturing company based in Palo Alto, California has sued a former employee and software engineer named ‘Alex Khatilov’ alleging trade secret theft…

Read more →

Read the original article: Most Important Android Application Penetration Testing Checklist Android is the biggest organized base of any mobile platform and developing fast—every day. Besides, Android is rising as the most extended operating system in this viewpoint because of…

Read more →

Read the original article: Cybercriminals Target Employees of Companies Worldwide to Exploit Network Access and Privilege Escalation The FBI has published a Private Industry Notification (PIN) observing Cybercriminals are focusing to target employees of companies worldwide who maintain network access…

Read more →

Read the original article: Microsoft Research Reveals SolarWinds Hackers Stealthily Evaded Detection A month after the discovery of the Solorigate hack, investors continue to unearth new facts about the attack, which goes on to show the sophistication and complexity of…

Read more →

Read the original article: FreakOut Malware that Exploits Critical Vulnerabilities in Linux Devices Check Point Research (CPR) encountered that ongoing attacks involve a new malware variant, called ‘FreakOut.’ The purpose behind these attacks is to create an IRC botnet. An…

Read more →

Read the original article: New Malware Discovered in SolarWinds Attack that Used 7-Zip Code to Hide An additional piece of malware used in the SolarWinds attacks has been uncovered by researchers at Symantec, a division of Broadcom. Raindrop (Backdoor.Raindrop) is…

Read more →

Read the original article: How to Create an Effective Cybersecurity Solution Stack that can Secure Banking and Financial Operations in These Transformative Times Banking and financial institutions sit on large amounts of personal identification information and financial portfolios of their…

Read more →

Read the original article: Livecoin has Announced Shutdown of Services after Being Hacked Livecoin Exchange announces closure following an alleged breach in December. The trading platform declares it will close and repay users any remaining funds. Livecoin servers were compromised…

Read more →

Read the original article: Microsoft will Enable Domain Controller Enforcement Mode to Address Zerologon Flaw In a post on 14th January 2021, Microsoft’s Aanchal Gupta, VP Engineering, published a post alerting network admins that an upcoming Windows Security Update will…

Read more →

Read the original article: Facebook Sued two Chrome Developers for Scraping Profile Data Facebook Inc. and Facebook Ireland have filed a legal action in Portugal against two people for scraping user-profiles and other data from Facebook’s website, in violation of…

Read more →

Read the original article: WhatsApp Delays New Privacy Policy Update by Three Months Last week an announcement by WhatsApp caused an outcry among people. Whatsapp had announced that it would be updating its policies from February 8th and people would…

Read more →

Read the original article: Hackers Using 4 Zero-day Vulnerabilities to Attack Windows and Android Devices Remotely During a regular investigation, the security experts at Google have detected a major hacking campaign in early 2020. The experts have uncovered a series…

Read more →

Read the original article: Russian Hacker Sentenced to 12 years in Prison for his Role in an International Hacking Campaign The Acting United States Attorney for the Southern District of New York, Audrey Strauss, announced that “Andrei Tyurin,” a Russian…

Read more →

Read the original article: Russian Hacker Sentenced to 12 years in Prison for his Role in an International Hacking Campaign The Acting United States Attorney for the Southern District of New York, Audrey Strauss, announced that “Andrei Tyurin,” a Russian…

Read more →

Read the original article: SolarWinds Hack – Multiple Similarities Found Between Sunburst Backdoor and Turla’s Backdoor Over the past few weeks FireEye, Microsoft, SolarWinds and several US government departments have been subject to attack by the “Sunburst” malware injected via…

Read more →

Read the original article: Babuk Locker Emerges as New Enterprise Ransomware of 2021 The year begins brightly and so is the new malware that got added into the world of Cyber Security. Yes, Babuk Ransomware, happens to be the first…

Read more →

Read the original article: TA551 Hacker Group Pushes New Information Stealer Malware IcedID TA551 also known as Shathak is an email-based malware distribution campaign that frequently targets English-speaking victims. This campaign has aimed German, Italian and Japanese speakers. TA551 in…

Read more →

Read the original article: Catch the Unknown Cyber-Attacks with Threat Hunting The “reactive trend” of Cyberthreat monitoring is a very essential issue since it demonstrates that most organizations don’t hunt until the event is identified. They respond simply to intrusion…

Read more →

Read the original article: U.S. Army Launches Hack the Army 3.0 Bug Bounty Program with HackerOne The Defense Digital Service (DDS) and HackerOne announced the launch of the DDS’s latest bug bounty program with HackerOne. It is the eleventh program…

Read more →

Read the original article: North Korean APT37 Hackers Use VBA Self Decode Technique to Inject RokRat A North Korean hacking group known as ScarCruft, Reaper and Group123 has been involved in targeting the South Korean government by using a VBA…

Read more →

Read the original article: DOJ Says SolarWinds Hackers Accessed 3% of it’s Office 365 Mailboxes The U.S. Department of Justice declared its emails accounts were breached by SolarWinds hackers. Their email systems have been accessed by the hackers who broke…

Read more →

Read the original article: WhatsApp Updates – Users Must Agree on New Privacy Policy to Continue Using the App Facebook-owned instant messaging app WhatsApp is expected to update its usage policies on February 8, 2020. WhatsApp holds the biggest slice…

Read more →

Read the original article: Over 500,000 Credentials of two Dozen Leading Gaming Firms Leaked Online Tel Aviv-based threat intelligence firm Kela has warned gaming companies to improve their cybersecurity posture after discovering 500,000 breached employee credentials and a million compromised…

Read more →

Read the original article: Cloud Security vs. Network Security: What’s the Difference? Cloud security and network security fall under the security umbrellas that are used to protect the information of an organization, but each one of them has a specific…

Read more →

Read the original article: FBI, CISA, ODNI, and NSA Says Russian Threat Actors Behind SolarWinds Hack The Federal Bureau of Investigation (FBI), the Cybersecurity & Infrastructure Agency (CISA) and the Office of the Director of National Intelligence (ODNI) along with…

Read more →

Read the original article: Most Advanced CrowdSec IPS v.1.0.x is out: how-to guide We are happy to announce the official release of CrowdSec v.1.0.x which introduces several improvements to the previous version, including a major architectural change: the introduction of…

Read more →

Read the original article: FBI warns of Swatting Attacks Targeting smart home devices with voice and video Capabilities The Federal Bureau of Investigation (FBI) issued a notice, to warn users of smart home devices with cameras and voice capabilities to…

Read more →

Read the original article: AutoHotkey-Based Credential Stealer Targets US, Canadian Bank Customers Trend Micro team has detected a malware’s command-and-control (C&C) servers that has been targeting the financial institutions in the US and Canada and determined that these come from…

Read more →

Read the original article: Facebook ads Abused to Steal 615000+ Logins in Phishing Campaign Facebook ads and Github pages seem to be the latest route opted for by cybersecurity attackers to phish for and steal credentials of Facebook users. Researchers…

Read more →

Read the original article: Secret Backdoor found Installed in Zyxel Firewall and VPN Zyxel Communications Corp. is a manufacturer of networking devices. It is popular for firewalls that are marketed towards small and medium businesses. Their Unified Security Gateway (USG) product…

Read more →

Read the original article: Converting Your Android Smartphone into Penetration Testing Device Big corporations trying to improve the user experience by making everything around simplify, increasing performance and connections with “IoT’s”. Today with the Android operating system installed on the…

Read more →

Read the original article: DHS Urges US govt agencies to Update SolarWinds Orion Software The recent SolarWinds hack has left several companies and government agencies reeling in their wake having caused widespread chaos and panic. Following up from this, the…

Read more →

Read the original article: 20 World’s Best Free Hacking Books For 2021 – Beginners to Advanced Level In today’s article, we will discuss the best 20 Hacking Books, hence, if you want to learn the hacking properly, and you are…

Read more →

Read the original article: SolarWinds Hackers Aimed to Access Victim Cloud Assets after deploying the Solorigate Backdoor Microsoft security researchers have continued to investigate Solorigate which caused supply chain compromise and the subsequent compromise of cloud assets and have said…

Read more →

Read the original article: CISA Releases Free Azure, Microsoft 365 Malicious Activity Detection Tool The Cybersecurity and Infrastructure Security Agency (CISA) has created a free tool to identify unusual activity that could have potentially malicious repercussions that could threaten users…

Read more →

Read the original article: New Top 10 Best Antivirus for Android in 2021 -100 % Mobile Protection Choosing the Best Antivirus for Android is the most important concern to protect your Andriod device from sophisticated cyber threats. An antivirus plays…

Read more →

Read the original article: US Treasury officials’ Email Accounts Hacked by the Threat Actors Behind SolarWinds Attack Last week we had reported that SolarWinds was subject to a massive cyberattack and it had left the data of many organizations and…

Read more →

Read the original article: New SUPERNOVA Backdoor Found in SolarWinds Cyberattack Analysis An analysis reports the detection of a backdoor possibly developed by the unidentified hacking team involved in the attack; known as Supernova, this is a web shell injected into SolarWinds…

Read more →

Read the original article: Critical Dell Wyse Bugs Let Attackers to Execute Code and Access Files and Credentials The giant Dell Wyse is affected by two Critical Vulnerabilities CVE-2020-29491 and CVE-2020-29492 which targets thin client devices. The CyberMDX Research team has…

Read more →

Read the original article: NSA Warns of Cloud Attacks on Authentication Mechanisms The US National Security Agency (NSA) published a security advisory, warning about two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure. The…

Read more →

Read the original article: Supply-chain Attack Targeting Certification Authority in Southeast Asia ESET Researchers revealed a supply-chain attack occurred on the website of the Vietnam Government Certification Authority (VGCA): ca.gov.vn. This is similar to the supply-chain attack on the Able Desktop…

Read more →

Read the original article: Microsoft Breached in Suspected Russian Hack Using SolarWinds Yesterday we had reported that SolarWinds appeared to have been hacked by Russian attackers. Today we have another victim related to this breach. The victim happens to be…

Read more →

Read the original article: What is XSS (Cross Site Scripting) ? – A Detailed Understanding the Type of XSS XSS is a very commonly exploited vulnerability type which is very widely spread and easily detectable and also it is one…

Read more →

Read the original article: How to Ensure Mobile App Security: Key Risks & Top Practises Building an app today doesn’t end with finding the right technologies and implementing features in a user-friendly user interface. Today, creating an app means investing…

Read more →

Read the original article: Russian Hackers Breached US govt, FireEye in a Supply Chain Attack When the National Security Council meets at the White House on a Saturday, you know that the hack is very serious. The US Treasury and…

Read more →

Read the original article: PgMiner Botnet Attacks PostgreSQL Databases to Install a Cryptocurrency Miner Unit 42 researchers at Paloalto discovered a cryptocurrency mining botnet named “PGMiner”. It is a Linux based cryptocurrency botnet that exploits a disputed PostgreSQL remote code…

Read more →

Read the original article: Flaws with PoS Terminals Let Attackers Execute Arbitrary Code Researchers describe the intense vulnerabilities in the two biggest Point of Sales (PoS) vendors, Verifone, and Ingenico. The affected devices are Verifone VX520, Verifone MX series, and…

Read more →

Read the original article: WordPress Easy WP SMTP zero-day Vulnerability Exposes Hundreds of Thousands of Sites to Hack Easy WP SMTP, a WordPress plugin, with more than 500,000 installations, allows one to configure and send all outgoing mails via a…

Read more →

Read the original article: Adrozek Malware Silently Hijacks Microsoft Edge, Google Chrome, Yandex, and Firefox Browsers Google Chrome, Firefox, Microsoft Edge, and Yandex have become the most recent targets of an ongoing malware campaign, called Adrozek, as disclosed by Microsoft. The malware injects…

Read more →

Read the original article: Facebook Takedown Infrastructure of Hacker Groups Targeting Various Government Entities Bangladesh and Vietnam based hackers were caught by Facebook recently for hacking into its users’ accounts and taking control of the pages. APT32, a Vietnamese group,…

Read more →

Read the original article: Russian APT28 Hackers Uses COVID-19 Lures to Deliver Zebrocy Malware via VHD File The security firm Intezer revealed COVID-19 phishing lures that were used to deliver the Go version of Zebrocy. Zebrocy is mainly used against governments…

Read more →

Read the original article: OpenSSL Flaw Would Allow Attackers to Cause a denial-of-service Condition OpenSSL has released a Security Advisory [on 8th of December 2020] regarding the vulnerability CVE-2020-1971 which is called EDIPARTYNAME NULL pointer de-reference. What is the vulnerability?…

Read more →

Read the original article: Live Cyber Forensics Analysis with Computer Volatile Memory The field of computer Forensics Analysis involves identifying, extracting, documenting, and preserving information that is stored or transmitted in an electronic or magnetic form (that is, digital evidence).…

Read more →

Read the original article: ‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices Forescout Research Labs has launched Project Memoria, an initiative that aims at providing the community with the most important study on the security of TCP/IP stacks. AMNESIA:33 is…

Read more →

Read the original article: Cyber Security Gaint FireEye Got Hacked – Hackers Stole Red Team Tools The hunter becomes the hunted. FireEye, a California-based cybersecurity giant is the latest victim to have its systems hacked. Fireeye states that the hacker…

Read more →

Read the original article: DeathStalker Hacker Group’s New PowerPepper Malware Evade Antivirus Detection to Bypass Windows Researchers uncovered a new Malvertising campaign PowerPepper from DeathStalker threat actor group that is active since 2012, and actively attacking various organizations around the…

Read more →

Read the original article: CrowdSec, An Open-Source, Modernized & Collaborative Intrusion Prevention System (fail2ban) CrowdSec is a security automation engine designed to protect servers, services, containers, or virtual machines exposed on the internet with a server-side agent. It was inspired…

Read more →

Read the original article: USBStealer – Password Hacking Tool For Windows Applications to Perform Windows Penetration Testing USBStealer is a Windows Based Password Hacker Tool that helps to Extract the password from Windows-Based Applications such as Chrome Password, FireFox Password,…

Read more →

Read the original article: Operating Systems Can be Detected Using Ping Command Operating Systems can be detected using Ping Command, Ping is a computer network administration software utility, which used to find the Availability of a host on an Internet…

Read more →

Read the original article: Most Important Network Penetration Testing Checklist Network Penetration Testing determines vulnerabilities in the network posture by discovering Open ports, Troubleshooting live systems, services and grabbing system banners. The pen-testing helps administrator to close unused ports, additional services,…

Read more →

Read the original article: Google Discloses a zero-click Wi-Fi Exploit to Hack iPhone Devices Google Project Zero has disclosed the details of an iOS exploit that allows an attacker to hack iPhones remotely over Wi-Fi and steal sensitive data, with…

Read more →

Read the original article: Critical Oracle WebLogic Vulnerability Flaw Actively Exploited by DarkIRC Malware Juniper Threat Labs researchers observed active attacks on Oracle WebLogic software using CVE-2020-14882. This vulnerability, if successfully exploited, allows unauthenticated remote code execution.  Researchers found almost…

Read more →

Read the original article: New malicious NPM packages Used by Attackers Install njRAT Remote Access Trojan No, not the one that nibbles at your Thanksgiving leftovers. RAT, Remote Access Trojan, is a type of malware that enables attackers to take…

Read more →

Read the original article: North Korean Hackers Targeted COVID Vaccine Maker AstraZeneca British pharmaceutical company AstraZeneca, one of the manufacturers leading the way towards developing a Covid-19 vaccine, has been targeted by North Korean hackers.  Suspected North Korean hackers have…

Read more →

Read the original article: Red Team Research Discovered 6 new zero-day Vulnerabilities in Schneider Electric StruxureWare “A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix…

Read more →

Read the original article: Signed Bandook Malware Attacks Against Multiple Industrial Sectors Like a phoenix rises from the ashes, Bandook has risen after several years. Bandook, written in both Delphi and C++ was first seen in 2007 as a commercially…

Read more →

Read the original article: Web Application Penetration Testing Checklist – A Detailed Cheat Sheet Web Application Pentesting is a method of identifying, analyzing and Report the vulnerabilities which are existing in the Web application including buffer overflow, input validation, code…

Read more →

Read the original article: Hackers Steal 800,000€ from ATMs in Italy Using Black Box attack A criminal organization has stolen money from a minimum of 35 ATMs and Post Office cash dispensers operated by Italian banks with a new Black Box…

Read more →

Read the original article: Carding Action 2020 – Crooks selling/purchasing Compromised Card Data Arrested We, at GBhackers usually report instances where the bad guys have had the upper hand in cyber-security, but today we are glad to report that the…

Read more →

Read the original article: Malware in Minecraft mods Games Attack More Than 1 Million Android Users Minecraft is a sandbox video game developed by Mojang. The first version of Minecraft was released earlier in 2009, but the game remains incredibly popular to the present…

Read more →

Read the original article: Cyber Monday Deals: Grab 15 World’s Best Cyber Security Bundle Courses From “Ethical Hackers Academy” Upto 90% Offer Cyber Monday Online Courses: Since cybercrimes are evolving day by day, organizations are looking for more cybersecurity professionals…

Read more →

Read the original article: cPanel 2FA Bypass Exposes Tens of Millions of Websites to Hack Digital Defense, Inc., a leader in vulnerability and threat management solutions, announced that its Vulnerability Research Team (VRT) exposed a previously undisclosed vulnerability affecting the cPanel & WebHost…

Read more →

Read the original article: WAPDropper – Android Malware Subscribing Victims To Premium Services By Telecom Companies Security analysts have found a new malware that infects mobile devices and subscribes the victims to premium subscription provided by telecom companies, and the…

Read more →

Read the original article: Spotify Hack – Over 300k Accounts Hacked in Credential Stuffing Attack Spotify is a Swedish-based audio streaming and media services provider, with over 299 million active monthly users in 2020. Noam Rotem and Ran Locar, vpnMentor’s research team…

Read more →

Read the original article: Telsa Flaw Let Attackers to Steal Vehicles in Minutes 90 seconds and $195 is all it takes to steal your brand new $100,000 Tesla Model X!! Computer Security and Industrial Cryptography (COSIC) Researchers from the University…

Read more →

Read the original article: Malware Operators Arrested for Running Services To Bypass Antivirus Software Romanian police forces have arrested two individuals this week, for allegedly running two malware crypting services like CyberSeal and DataProtector to escape antivirus software detection. These…

Read more →

Read the original article: Facebook Messenger Bug Let Android Users Spy On Each Other Tamagotchi hacker, Natalie Silvanovich, who works as a Security Engineer on Prjoect Zero at Google recently received a bounty of $60,000 for identifying a bug in…

Read more →

Read the original article: 10 Best WiFi Hacking Apps for Android – 2020 Edition In this article, we are sharing the top “Wifi Hacking Apps“ for Android applicants. With the help of this, anyone can hack Wifi network around them.…

Read more →

Read the original article: Kali Linux 2020.4 Released with New Tools, ZSH Shell & Updates for NetHunter Offensive Security released Kali Linux 2020.4 with ZSH shell as default, updated tools icons, new tools, and more. This new release has several…

Read more →

Read the original article: Cyber Security Jobs with Growing Demand in India – Here an Exclusive Cyber Security Job Portal Recently, there is a high demand for cybersecurity jobs in India and other parts of the world. We all know…

Read more →

Read the original article: Firefox 83.0 Released – Improved Page Load Performance, HTTPS-Only Mode & 0-Day Fix – Update Now!! Mozilla released Firefox 83.0 with new impartments on page load performance, fixed the Zero-day bug, introduces HTTPS-Only Mode., and various…

Read more →

Read the original article: Surprising Differences Between TLS and SSL Protocol TLS is simply a successor of SSL 3.0, TLS is a protocol which provides Data encryption and Integrity between communication channels. SSL 3.0 is served as a base for…

Read more →