Category: GBHackers On Security

Read the original article: Chrome 87 Released with Improved Performance and Security Updates Google has released Chrome 87 on November 17th, 2020, to the Stable desktop channel, and it includes numerous performance improvements, security fixes, and new features. With Chrome 87,…

Read more →

Read the original article: Multiple Critical Flaws in Cisco Security Manager Let Attackers to Execute Remote Code Cisco, this week, published an advisory, CVE-2020-27130, stating that a vulnerability was identified and resolved in Cisco Security Manager that could allow an…

Read more →

Read the original article: Businesses Need Automated Web Application Security Scanners to Detect Web Vulnerabilities It is a popular belief that automated web application security scanners are not good enough. We even find some IT security professionals saying that they…

Read more →

Read the original article: Ransomware Operators Partner With Hackers to Attack High profile Organizations Let’s first get the old news out of the way. Ransomware is a hornet’s nest. Well, now to the latest news. Ransomware operators are now partnering…

Read more →

Read the original article: Most Important Endpoint Security & Threat Intelligence Tools List for Hackers and Security Professionals Threat Intelligence & Endpoint Security Tools are more often used by security industries to test the vulnerabilities in network and applications. Here…

Read more →

Read the original article: New TroubleGrabber Malware Steals Credentials and System Information TroubleGrabber, the latest in a line of credential stealers, spreads via Discord attachments and uses Discord webhooks to hand over stolen data and information to its users. Discord…

Read more →

Read the original article: ModPipe Malware Steals Sensitive Information from Oracle POS Software used by Hundreds of Thousands of Hotels A new Point-of-Sale (PoS) named ModPipe malware is targeting devices utilized by many thousands of organizations within the hospitality sector,…

Read more →

Read the original article: Wireless Penetration Testing Checklist – A Detailed Cheat Sheet Wireless Penetration testing actively examines the process of Information security Measures which is Placed in WiFi Networks and also analyses the Weakness, technical flows, and Critical wireless…

Read more →

Read the original article: 10 Best Vulnerability Scanning Tools For Penetration Testing – 2020 A Vulnerability Scanning Tools is one of the essential tools in IT departments Since vulnerabilities pop up every day and thus leaving a loophole for the…

Read more →

Read the original article: Critical Vulnerabilities Discovered in World’s Largest Android TVs Manufacturer Television is a mass medium for entertainment, advertising, news, and sports. In advent with the technology, inbuilt integration offered with apps like Netflix, YouTube, etc. TCL is the…

Read more →

Read the original article: xHunt Hackers Uses New Backdoor to Attack Exchange Servers xHunt hackers uses New Backdoor to attack Exchange Servers and the xHunt Campaign has also targeted Kuwait organizations to compromise systems. One amongst the tools used is…

Read more →

Read the original article: Attackers Using Image Inversion Technique to Bypass Office 365 Filtering Mechanism A creative Office 365 phishing campaign was discovered by WMC Global Analysis researchers that a legitimate login page of a Microsoft Account, but uses color…

Read more →

Read the original article: Gitpaste-12 Malware via GitHub and Pastebin Attacks Linux Servers and IoT Devices Gitpaste-12 is a new worm that uses GitHub and Pastebin for housing component code and has atleast 12 different attack modules available. This has…

Read more →

Read the original article: Over 20 Million BigBasket Customers Data Exposed in DarkWeb BigBasket(Innovative Retail Concepts Private Limited) is India’s largest online food and grocery store. It is funded by Alibaba Group, Mirae Asset-Naver Asia Growth Fund, and therefore the UK…

Read more →

Read the original article: Hackers Attacking WebLogic Servers via CVE-2020–14882 Flaw to install Cobalt Strike Malware Attackers are found to be exploiting Oracle WebLogic Servers via CVE-2020–14882 to install Cobalt Strike which will allow persistent remote access to the compromised…

Read more →

Read the original article: Top 10 Best Linux Distro Operating Systems For Ethical Hacking & Penetration Testing – 2020 There are different OS for Hacking and Penetration Testing with Linux distro is dedicatedly developed for Security Researchers or Ethical Hackers…

Read more →

Read the original article: New 15 Best Kickass Proxy and 5 Best Kickass Alternatives for 2020 New Kickass Torrents (KAT) also known as KAT or kickass proxy is one of the best Torrent Sites in the world contains a list…

Read more →

Read the original article: QBot Trojan Attacks Victims with Malicious Election Interference Attachments QBot malware, also referred to as Qakbot and Pinkslipbot, is a banking Trojan active since 2008. Attackers are using the QBot malware with updated worm features to steal users’…

Read more →

Read the original article: Cisco AnyConnect VPN zero-day Vulnerability, Exploit Code Available Cisco, the California based tech giant, has identified and disclosed a vulnerability via advisory CVE-2020-3556, regarding the InterProcess Communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software…

Read more →

Read the original article: Top 8 Best Web Security and Hacking Software for Security Professionals in 2020 Hacking software is not only used by hackers for criminal activities but it’s equally used by white hat hackers and security professionals to…

Read more →

Read the original article: Fake COVID-19 Test Results Drop King Engine Ransomware According to Cofense Intelligence researchers, a new version of Hentai OniChan Ransomware dubbed “King Engine” is being delivered during a Coronavirus-themed phishing campaign. The new variant called King…

Read more →

Read the original article: Infamous Maze Ransomware Operators Shuts Down Operations Maze ransomware, one of the most dangerous and potent strains of Windows ransomware that have hit companies and organizations around the world and demanded a payment in cryptocurrency in…

Read more →

Read the original article: Attackers Using Google Drive Notifications to Trick the Users in Clicking Malicious Links Scammers found a new phishing lure to play with Google Drive.  An unpatched security loophole within the Drive is being exploited to send seemingly legitimate emails…

Read more →

Read the original article: Oracle Issues Emergency Patch for Remote Code Execution Vulnerability in Oracle WebLogic Server IT giant Oracle, on 1st November 2020, issued a Security Alert Advisory, CVE-2020-14750, regarding a remote code execution vulnerability on Oracle WebLogic Server.…

Read more →

Read the original article: Gold Seller JM Bullion Hacked – Attackers Steals Credit Card and Personal Details “JM Bullion” company is one of the largest and most premier online retailers of precious metals like gold, silver, copper, platinum, and palladium…

Read more →

Read the original article: Hackers Selling a Total of 34 Million User Records Stolen From 17 Companies A threat actor is selling account databases containing a total of 34 million user records that they claim were stolen from seventeen companies…

Read more →

Read the original article: Firestarter Malware Abuses Google Firebase Cloud Messaging Platform to Spread The ‘Firestarter’ malware is used by an APT threat group called “DoNot”. DoNot uses Firebase Cloud Messaging (FCM), a cross-platform cloud solution for messages and notifications for Android, iOS, and web applications,…

Read more →

Read the original article: Passwarden – The Easy and Secure Way to Store Your Passwords While all aspects of our lives, from grocery shopping to working to socializing, continue to move online, we need to remember an increasingly large number…

Read more →

Read the original article: U.S. Govt Released Advisory on how Iranian APT Group Obtained Voter Registration Data The latest advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) along with the FBI, states that they are aware of an…

Read more →

Read the original article: Facebook Taken Down Number of Political ads due to Technical Flaws in their System Facebook on Thursday acknowledged that a technical error in its systems caused a variety of ads from both political parties to be…

Read more →

Read the original article: Vermont Hospitals Now Latest Victim of Ransomware Attacks The University of Vermont Health Network is now the latest victim in an ongoing onslaught of cyberattacks. The cyberattack has targeted the University’s six hospitals in Vermont and…

Read more →

Read the original article: Trula Hacker Group Uses Custom Malware & Legacy Tools to Attack Government Organizations Trula, a sophisticated hacking group also known as Krypton, VenomousBear, Waterbug, Uroburos, or Snakegroup targets government entities, military, energy, and nuclear research organizations.…

Read more →

Read the original article: A Complete Guide to Perform External Penetration Testing on Your Client Network | Step-by-Step Methods This write-up walks us through one of my many journeys in my external penetration testing and how I compromised the organization…

Read more →

Read the original article: Delete Now! – These 21 Apps With More Than 7 Million Downloads Contains Malware Researchers found 21 malicious adware apps on Google play that disguised as gaming apps. These apps have adware hidden by design and…

Read more →

Read the original article: Modern CyberSOC – A Brief Implementation Of Building a Collaborative Cyber Security Infrastructure In earlier years, everyone depends on SOC (includes firewalls, WAF, SIEM,etc.) and the prioritize in building the SOC provides security and the CIA…

Read more →

Read the original article: Russian Hackers Attack U.S. Government Networks To Steal Sensitive Data CISA & FBI released a joint alert detailing Russian state-sponsored advanced persistent threat (APT) targeting various U.S. government networks to steal sensitive data. Russian State-sponsored actors…

Read more →

Read the original article: Cisco Warns of Attackers Targeting High Severity Router vulnerability Cisco warns of high severity flaw Cisco Discovery Protocol implementation for Cisco IOS XR Software that allows attackers to execute arbitrary code on the affected device. Cisco…

Read more →

Read the original article: Ryuk Ransomware Group using Zerologon Vulnerability to Accomplish their Objective Faster Ryuk ransomware is known for targeting know for targeting various large organizations worldwide. It is often distributed by other malware such as Emotet or TrickBot.…

Read more →

Read the original article: VOIP Service Provider Exposes 350M Customer Records A database of over 350 million customer records exposed from unsecured Elasticsearch cluster belonging to voice over-internet-protocol company Broadvoice. The database was uncovered by security researcher Bob Diachenko, on…

Read more →

Read the original article: Cryptocurrency Miners Back – Lemon Duck Attacking Government, Retail, and Technology Sectors The Cybersecurity research firm Cisco Talos has recently detected an activity that are linked with the cryptocurrency botnet. The experts claimed that these attacks…

Read more →

Read the original article: QQAAZZ Group Charged for Providing money-laundering Services to Malware Operations Law enforcement agencies charged the QQAAZZ group for working with Cybercriminals around the world to launder money stolen from victims of computer fraud in the United…

Read more →

Read the original article: Zoom Rolls Out end-to-end Encryption (E2EE) for Free and Paid Users Zoom rolls out end-to-end encryption (E2EE) for free and paid Zoom users starting from next week. In the end-to-end encryption meeting, up to 200 participants…

Read more →

Read the original article: Microsoft October 2020 Patch Tuesday Fixes 87 Security Bugs Including 21 RCE Microsoft has released an emergency security updates for critical vulnerabilities that allow attackers to execute arbitrary code on the vulnerable machine. The updates patched…

Read more →

Read the original article: Amazon Prime Day shoppers Beware!- Attackers Creating Fraudulent Sites Using the Amazon Brand Amazon Prime day deals to kick off tomorrow, on the other hand, attackers increased phishing and fraud campaigns using the Amazon brand and…

Read more →

Read the original article: New Sophisticated Android Ransomware that Doesn’t Encrypt Files but Blocks Access to Devices Microsoft detected new Android ransomware with new attack techniques and behavior that indicates the evolution of mobile ransomware. As we aware ransomware uses…

Read more →

Read the original article: Cisco Fixes High-severity Flaws in Webex, IP Cameras and ISE Cisco fixes high-security flaws with IP Cameras, Webex Teams, and Identity Services Engine let attackers execute remotely on an affected device. Along with this Cisco also…

Read more →

Read the original article: Food Delivery Platform Hacked – More than 400K Customer Impacted Hackers compromised the Asian food delivery service Chowbus and stole customer information such as customer names, email addresses, phone numbers, and mailing addresses. Chowbus founded in…

Read more →

Read the original article: PoetRAT: Malware Targeting Public and Private Sector Using Malicious Microsoft Word Documents Security researchers observed multiple new campaigns with modified PoetRAT targeting various public and private sector in Azerbaijan. The threat actor uses malicious word documents…

Read more →

Read the original article: CISA Warns of Emotet Malware Attacks Targeting Government Entities Via Weaponized Word Documents CISA observes a significant increase in Emotet malware attacks that steals login credentials from various browsers, email clients, and applications. The malware was…

Read more →

Read the original article: Hackers Abuse Windows Error Reporting (WER) Service in Fileless Malware Attack Security researchers uncovered a new attack dubbed Kraken that uses injected its payload into the Windows Error Reporting service to evade detection. The WerFault.exe is…

Read more →

Read the original article: Flaws in Popular Antivirus Softwares Let Attackers to Escalate Privileges Security researchers from CyberARK discovered security bugs with anti-malware software that allows attackers to escalate privileges on an infected machine. Bugs with anti-malware pose high risks…

Read more →

Read the original article: Top 5 Best Dedicated Academy to Learn Ethical Hacking & Cyber Security Training Online 2020 Nowadays, hacking becomes known to everyone, as this term has been around for a great time now. Well, the very first…

Read more →

Read the original article: New Ransomware that Threatens Companies to Pay Ransom Within 3 days Else they Leak Data The threat actor group behind new ransomware dubbed “Egregor” targets companies to steal sensitive data and then encrypt all the files.…

Read more →

Read the original article: Complete CompTIA Certification Training Bundle 2020 – CompTIA Security +, Pentest+, CySA+ With Lifetime Access CompTIA is a global provider of vendor-neutral IT certifications,  Most, if not all, CompTIA Certification Training are Teach you the best…

Read more →

Read the original article: A New Mirai based IoT RAT Spreading Through 2 0-day Vulnerabilities Netlab observed a new IoT botnet exploits two Tenda router 0-day vulnerabilities to install a Remote Access Trojan (RAT). The botnet dubbed Ttint was found…

Read more →

Read the original article: Joker Malware Targets Android Users to steal SMS Messages and Contact Lists – 17 Apps Removed from Google Play Joker is one of the most prominent malware families that continuously target the Android devices, it’s main…

Read more →

Read the original article: Certified Malware Analyst – Exploit Development, Expert Malware Analysis & Reverse Engineering Certified Malware Analyst: In 2020, sophisticated Cyber attacks keep on increasing by APT threats that target most of the enterprise-level networks and individuals. Preventing…

Read more →

Read the original article: Beware of the New Critical Zerologon Vulnerability in The Windows Server Microsoft Patchs the new critical vulnerability in Zerologon, A feature of Netlogon allows the domain controller to authenticate computers and update passwords in the Active…

Read more →

Read the original article: How to Become a Certified Cyber Threat Intelligent Analyst? Nowadays, Cyber crimes are increasing. The demand for cyber thteat intelligence experts is high. The field of cyber Intelligence is growing and booming, and the skills of…

Read more →

Read the original article: Top 8 Best Web Security and Hacking Software for Security Professionals in 2020 Hacking software is not only used by hackers for criminal activities but it’s equally used by white hat hackers and security professionals to…

Read more →

Read the original article: Wireshark 3.2.7 Released With Fix for Security Vulnerabilities & New Features Wireshark 3.2.7 was released with a fix for security vulnerabilities and an updated version of Npcap & Qt. Wireshark is known as the world’s most…

Read more →

Read the original article: 5G Technology and How It Will Change Cybersecurity 5G also called the fifth generation of wireless cellular networks, will offer new opportunities to all walks of life, including health, supply chain, agriculture, etc. Similarly, emerging technologies…

Read more →

Read the original article: Instagram Hacked – Critical Vulnerability Let Attackers Take Complete Control over Account A critical security vulnerability with the Instagram app lets attackers take over the victim’s Instagram account and can change their phone as a spying…

Read more →

Read the original article: Shopify Data Breach – Two Rogue Employees Stole Customer Data The Online e-commerce platform Shopify announced a data breach after two of their rogue employees of the support team engaged in accessing the transactional records of…

Read more →

Read the original article: The Importance of Cybersecurity in The Post-COVID-19 World Many organizations woke up to the importance of cybersecurity when the COVID-19 pandemic struck and shone a harsh light on the state of cybersecurity. The new constellation of…

Read more →

Read the original article: Google Chrome Security Update Wide Range of Attacks – Update Now! Google released Chrome 85.0.4183.121 for Windows, Mac, and Linux which comes with a fix for 10 security flaws. Successful exploitation of the vulnerability lets attackers…

Read more →

Read the original article: Member of Dark Overlord Hacker Group Sentenced to Five Years in Prison for Stealing Medical and Financial Data Nathan Wyatt, 39, United Kingdom national pleaded for his role in “The Dark Overlord” Hacking Group conspired to…

Read more →

Read the original article: Microsoft Bing Server Leaks Search Queries, Location Data, and Device Details Security researchers from WizCase uncovered a massive data leak in the Microsoft Bing mobile app that exposes search queries, device details, and GPS coordinates. Ata…

Read more →

Read the original article: The Cybersecurity Risks Related to Remote Workers Returning to Workplaces In many countries, governments have decided to ease the Covid-19 induced lockdowns. As a result, companies are now lifting the work-from-home orders. However, the uncertainty associated…

Read more →

Read the original article: Offensive Security released Win-KeX Version 2.0 that Brings Kali Desktop Experience in Windows Win-Kex was first introduced with Kali Linux 2020.3, it provides a Kali Desktop Experience for Windows Subsystem for Linux (WSL 2). Version 2.0…

Read more →

Read the original article: A Bug With Firefox for Android Let Attackers Hijack without user Interaction on the Same WiFi Network A bug SSDP engine in Firefox for Android would allow attackers to exploit targeted Android phones that are connected…

Read more →

Read the original article: Shodan and Censys: Finding Hidden Parts On the Internet With Special Search Engines Our digital lives connect massive things with the Internet. Starting with Smartphones, Wi-Fi routers, Surveillance Camera, Smart TV, SCADA networks and leading to…

Read more →

Read the original article: Google Removed Paytm form Play Store on Violation of Gambling Policy Google has removed Paytm from the Google Play store along with Paytm First Games app for violating its gambling policies. The Paytm iOS app is…

Read more →

Read the original article: Apple High Severity Bug Allows Attackers to Execute Arbitrary Code on iPhone, iPad, iPod Apple release updates for iOS and iPadOS operating systems that fixes several security iPhone, iPad, and iPod devices. With the security update,…

Read more →

Read the original article: Hackers Would Bypass Multi-Factor Authentication to Gain Full Access to Microsoft 365 Services Security researchers from Proofpoint discovered critical security vulnerabilities with multi-factor authentication (MFA) implementations in the cloud environment where the WS-Trust is enabled. WS-Trust…

Read more →

Read the original article: Wireshark 3.3.0 Released With New Features, Protocols & Capture File Support Wireshark 3.3.0 was released with a fix for vulnerabilities that results in the BACapp dissector crash and fix for other bugs. Wireshark is known as…

Read more →

Read the original article: CISA warns that Chinese Hackers Using Open-source Exploitation Tools to Target U.S. Agencies CISA warns that Chinese nation-state actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government…

Read more →

Read the original article: Thousands of Magento Stores Hacked in Largest-ever Skimming Campaign Hackers compromised nearly two thousand Magento stores in the largest ever web skimming campaign that targets Magento stores. The previous record of several stores hacked in a…

Read more →

Read the original article: ATM Penetration Testing – Advanced Testing Methods to Find The Vulnerabilities ATM Penetration testing, Hackers have found different approaches to hack into the ATM machines. Programmers are not restricting themselves to physical assaults, for example, money/card…

Read more →

Read the original article: World’s Largest Data Center provider Hit by Netwalker Ransomware Recently, the world’s largest data center provider Equinix hit by Netwalker Ransomware, and currently, Equinix is investigating the whole matter. Till now, they came to know that…

Read more →

Read the original article: Hackers Breached ETERBASE Cryptocurrency Exchange and Stole $ 5.4 Million Recently, the representatives of the ETERBASE has reported on the official Telegram channel of the portal that they have become a victim of hackers. In this…

Read more →

Read the original article: Samsung Security Updates to Mobile Devices to Fix Critical Security Vulnerabilities Recently, Samsung has rolled out security updates for its mobile devices to fix some critical security vulnerabilities. In September, Samsung has published the official changelog…

Read more →

Read the original article: Zoom Adds Two-factor Authentication Available for all Users Zoom announced Two-Factor Authentication (2FA) for all users that let admins and organizations prevent security breaches & data thefts. The 2FA brings an additional security layer to the…

Read more →

Read the original article: Cynet Unveils Complete Cybersecurity with Integrated XDR, MDR and Response Automation As cybersecurity leaders struggle with a mix of point solutions to defend against a wide range of vulnerabilities and endpoint attacks, they continue to miss…

Read more →

Read the original article: BLURtooth – A new Vulnerability Let Attackers to Overwrite the Authentication Keys Security researchers from at the École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University discovered vulnerabilities related to Cross-Transport Key Derivation (CTKD) with Bluetooth…

Read more →

Read the original article: Intrusion Detection System (IDS) and Its Detailed Working Function – SOC/SIEM An intrusion detection system (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information…

Read more →

Read the original article: Google Maps XSS Bug – Bounty Doubled After the Original Fix had Failed Google fixed the vulnerability with Google Maps that was reported through Google Vulnerability Reward Program (VRP) and in return, the researchers are paid…

Read more →

Read the original article: Critical Code Execution Flaws With Adobe InDesign, Framemaker, and Experience Manager – Update Now! Adobe has released updates that fix critical vulnerabilities in the Adobe InDesign, Framemaker, and Experience Manager. Attackers can exploit the vulnerability to…

Read more →

Read the original article: Sudden Upsurge with Emotet Malware that Designed to Steal Login Credentials France, Japan, and New Zealand warn of a sudden spike with Emotet malware that steals login credentials from various browsers, email clients, and applications. The…

Read more →

Read the original article: Visa Warns of JavaScript Skimmer Baka that Steals Payment Card Data Visa warns of a new e-commerce skimmer dubbed Baka that loads malware dynamically to avoid static malware scanners and unique encryption to obfuscate the malicious…

Read more →

Read the original article: Malware Authors Create Malicious Excel Documents Using the .NET library to Bypass Security Checks Malware authors use a new technique that lets them create macro-laden Excel workbooks without using Microsoft Office. Security researchers from NVISO detected…

Read more →

Read the original article: WhatsApp Discloses 6 Bugs That Allows Attackers to Execute Code Remotely WhatsApp disclosed 6 security bugs through their dedicated security advisory site that allows attackers to execute remote code. WhatsApp is a messaging app used by…

Read more →

Read the original article: Evilnum APT used Python-based RAT PyVil Tool To Spy and Steal the Sensitive Data Recently, the Evilnum APT group used the Python-based RAT PyVil tool to spy and steal sensitive data; here, the main motive of…

Read more →

Read the original article: Top 10 Open Port Scanner and Port Checker Tools for 2020 Port scanner and port checker tools are one of the most essential parts to find the open ports and status of the port. The open…

Read more →

Read the original article: Digital Strike!! Government of India Banned 118 Mobile Apps Including PUBG The government of India took a digital strike towards Chinese mobile phone applications, and in this step, they have banned one of the most popular…

Read more →

Read the original article: Streamlining Cybersecurity With Immutable Log Files Although often relegated to the sidelines, the use of log files and the implementation of a strong log management strategy is vital for ensuring the performance and stability of business…

Read more →

Read the original article: Cisco Warns Hackers Actively Exploited Bug in Carrier-grade Routers Cisco warned users that the hackers actively exploited a bug in carrier-grade-routers, and it was a zero-day vulnerability affecting the Internetwork Operating System (IOS) that boats with…

Read more →

Read the original article: Streamlining cybersecurity with immutable log files Although often relegated to the sidelines, the use of log files and the implementation of a strong log management strategy is vital for ensuring the performance and stability of business…

Read more →

Read the original article: Lazarus APT Hackers Attack Japanese Organization Using Remote SMB Tool “SMBMAP” After Network Intrusion Researchers from JPCERT/CC observed that the world’s most dangerous APT hackers attack Japanese organization with different malware for during and after the…

Read more →

Read the original article: How to Build and Run a Security Operations Center Today’s Cyber security operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise. This includes a vast…

Read more →