Tag: GBHackers – Latest Cyber Security News | Hacker News

Gmail has the highest number of users, amounting to a massive 1.5 billion, which is 18.75% of the world population. Gmail is well-known for its security features which prevent hackers from taking over user accounts.  Gmail has released a new…

Read more →

RedBus and MakeMyTrip Limited, two of India’s biggest online travel agencies, allow users to reserve free seats. Mr. Vishnu Thulasidoss had intended to go to his hometown a few months ago when he was interning in Chennai for several reasons.…

Read more →

Web server pentesting is performed under 3 significant categories: Identity, Analyse, and Report Vulnerabilities such as authentication weakness, configuration errors, and protocol Relation vulnerabilities.  1.  “Conduct a serial of methodical and Repeatable tests “ is the best way to test the web…

Read more →

Splunk is one of the most used SIEM (Security Incident and Event Management) tools worldwide. Splunk can collect logs of all the configured events that can be used later to investigate security incidents. Based on recent reports, Splunk was vulnerable…

Read more →

California-based Ring LLC endangered its customers’ privacy by allowing any employee or contractor to see consumers’ private footage and failing to implement basic privacy and security controls, enabling hackers to gain control of consumers’ accounts, cameras, and videos. Ring LLC,…

Read more →

Gigabyte systems have been identified by the Eclypsium platform for exhibiting suspicious backdoor-like behavior. This discovery marks a recent development in detecting potential security vulnerabilities in Gigabyte systems. The Eclypsium platform employed heuristic detection methods to identify potential supply chain…

Read more →

The third Beta version of Security Onion 2.4 is made available by Security Onion Solutions. A free and open platform for log management, enterprise security monitoring, and threat hunting is called Security Onion. It consists of both their in-house tools,…

Read more →

The Leak discloses Address, Vehicle Identification Number (VIN), Email address, Phone number, Name, and Vehicle Registration Number. The post Toyota Server Misconfiguration Leaks Owners Data for Over Seven Years appeared first on GBHackers – Latest Cyber Security News | Hacker…

Read more →

Dark Pink has successfully targeted 13 organizations across 9 countries, highlighting the extent of their malicious activities. The post Dark Pink APT Group Compromised 13 Organizations in 9 Countries appeared first on GBHackers – Latest Cyber Security News | Hacker…

Read more →

This vulnerability exists due to improper processing, validation, and sanitization of the names of the files within the user-supplied .tar file. The post Hackers Exploit Barracuda Zero-Day Flaw Since 2022 to Install Malware appeared first on GBHackers – Latest Cyber…

Read more →

In today’s interconnected world, where digital communication and transactions dominate, phishing attacks have become an ever-present threat. By masquerading as trustworthy entities, phishing attacks deceive users and organizations into divulging sensitive information, such as passwords, financial data, and personal details.…

Read more →

This vulnerability could be used by authors on a site to manipulate any files in the WordPress installation The post Critical Jetpack WordPress Flaw Exposes Millions of Website appeared first on GBHackers – Latest Cyber Security News | Hacker News.…

Read more →

Users of Kali Linux can now upgrade to the 2023.2 version, which has many new features and enhanced capabilities. The post Kali Linux 2023.2 Released – What’s New! appeared first on GBHackers – Latest Cyber Security News | Hacker News.…

Read more →

CTF (Capture The Flag) exercises have existed for several years. These CTF exercises provide a great challenge and provide great knowledge for ethical hackers and Bug Bounty Hunters. Many companies have been conducting CTF competitions very often as a part…

Read more →

A phishing attack that involved mimicking a browser-based file archiver software like WinRAR using a .zip domain to enhance its credibility. The post New Phishing Attack Abuses .Zip Domain to Emulate Fake WinRAR Within the Browser appeared first on GBHackers…

Read more →

The creator of this Invicta malware is heavily active on social networking sites, using them to advertise their information-stealing malware and its deadly powers. GoDaddy refund emails have become a common tool hackers use to deceive customers into downloading malware.…

Read more →

Bandit malware prioritizes Windows as its target and leverages the legitimate command-line tool to execute programs under different user permissions. The post New Bandit Malware Attacks Browsers to Steal Personal & Financial Logins appeared first on GBHackers – Latest Cyber…

Read more →

Critical Google Cloud SQL Service could be exploited by attackers to access sensitive data and breach other cloud services. The post Critical Google Cloud’s SQL Service Flaw Exposes Sensitive Data appeared first on GBHackers – Latest Cyber Security News |…

Read more →

SaaS (Software-as-a-Service) has become popular for delivering software applications and services over the cloud. While SaaS offers numerous benefits, such as flexibility and scalability, it also introduces unique security challenges. SaaS security is the measures and practices implemented to protect…

Read more →

A commercial spyware product offered by the spyware company Intellexa (formerly Cytrox) has been described by Cisco Talos. By designing deployment procedures that frequently call for little to no user engagement, spyware vendors go to significant efforts to make the final…

Read more →

Based on reports from Jeremiah Fowler, a non-password-protected database exposed nearly 360 million records related to a VPN. The database contained email addresses, device information, and even website references that users visited. According to the investigation, these records belonged to…

Read more →

In response to the future artificial intelligence (AI) restrictions by the European Union, OpenAI CEO Sam Altman stated that the maker of ChatGPT may think about leaving Europe. The EU is developing the first set of international regulations for AI. The…

Read more →

SYDNEY makes a return, but this time in a different way. Following Microsoft’s decision to discontinue its turbulent Bing chatbot’s alter ego, devoted followers of the enigmatic Sydney persona regretted its departure.  However, a certain website has managed to revive…

Read more →

Proofpoint’s security researchers have identified indications of sophisticated threat actors focusing their attention on small and medium-sized enterprises and service providers operating within that particular ecosystem. The researchers recently issued a cautionary message in their latest report regarding a collection…

Read more →

Wireshark is a free and open-source network packet analyzer used by people worldwide. It has a wide range of uses when it comes to packet analysis. The original name of Wireshark is “Ethreal” released by Gerald Combs in late 1997.…

Read more →

Apria HealthCare Inc. is a leading home medical equipment and clinical support provider. The company was founded in 1924 and had a net worth of $644 million headquartered in Indianapolis, US. On 23rd May 2023, Apria released a notification letter…

Read more →

Antivirus products continuously advance to combat evolving threats, prompting malware developers to create new bypassing techniques like “packing” and “crypting,” GuLoader is a notable service employed by cybercriminals to avoid detection by antivirus software. The cybersecurity researchers at Check Point…

Read more →

Chief Information Security Officers (CISOs) hold a critical and challenging role in today’s rapidly evolving cybersecurity landscape. Here are the common security challenges CISOs face. As organizations increasingly rely on technology to drive their operations, CISOs face complex security challenges…

Read more →

The cybersecurity researchers at ESET recently made a significant discovery, a previously unidentified remote access trojan (RAT) lurking within an Android screen recording app, available for download on the Google Play Store and already amassed tens of thousands of installations.…

Read more →

Facebook (now Meta) has faced many allegations and litigations in the past 10 years. Most are related to privacy, data protection, and surveillance in other countries. However, a case that was filed against Facebook in 2013 was given a verdict. …

Read more →

CERT-UA has identified and addressed a cyber attack on the government information systems of Ukrainian governmental state bodies. Through investigation, it was discovered that the department’s email address received communications on April 18, 2023, and April 20, 2023, appearing to…

Read more →

Editing messages is one of the key features that WhatsApp has been missing for a while. Ever since the Facebook takeover in 2014, there have been several additional features, including 24-hour status, video status, etc.,  Recent reports stated that the…

Read more →

A novel assault named ‘BrutePrint’ has been unveiled by the joint efforts of Tencent Labs and Zhejiang University researchers, enabling the forceful extraction of fingerprints on contemporary smartphones.  This method circumvents user authentication, granting unauthorized access and full control over…

Read more →

CISA has issued a recent warning regarding a security flaw that impacts Samsung devices, enabling attackers to circumvent Android’s address space layout randomization (ASLR) protection during targeted attacks. ASLR serves as a crucial security feature in Android, ensuring that the…

Read more →

According to reports from the FSB (Federal Security Service) Department’s Press Service in Rostov Region, Yevgeny Kotikov, an IT specialist, was sentenced to three years imprisonment. FSB also ordered to pay a fine of 800 thousand rubles ($10,000) for his…

Read more →

Malicious ad campaigns with themes connected to artificial intelligence (AI) tools like Midjourney and ChatGPT have been seen in Google’s search engine, according to Trendmicro researchers. When a user types in the keyword “midjourney” into Google, several malicious advertisements are…

Read more →

ExtraHop released a new tool called “Reveal(x)” that helps organizations understand their potential risk exposure from employee use of OpenAI ChatGPT by providing visibility into the devices and users on their networks connecting to OpenAI domains. ChatGPT has become highly…

Read more →

Researchers uncovered a financially motivated threat group known as ‘UNC3944’ which employs phishing and SIM-swapping techniques to seize control of Microsoft Azure admin accounts.  Enabling them to exploit Azure’s Serial Console on VMs for persistent installation of remote management software…

Read more →

KeePass, a widely used password manager application, is vulnerable to a security flaw that gives the threat actors ability to extract the master password from the memory of the app. This vulnerability poses a significant risk as attackers can retrieve…

Read more →

The web-based user interface of some Cisco Small Business Series Switches contains multiple vulnerabilities, according to a warning from Cisco. Cisco lists four critical remote code execution flaws with public exploit code. With CVSS base scores of 9.8/10, all four…

Read more →

Tam Cymru researchers have recently revealed noteworthy patterns and irregularities from their continuous monitoring of QakBot’s command and control infrastructure.  The researchers shared high-level insights into the findings, shedding light on emerging trends and unusual activities related to QakBot. From…

Read more →

Google’s Device Vulnerability Reward Program helps the company identify security flaws in its operating system and devices. To promote additional security research in areas of their products that will have a greater impact and protect the users’ security, Google is launching a…

Read more →

Apple published a report claiming that they prevented around $2 billion of potentially fraudulent transactions in 2022 and rejected around 1.7 million app submissions as they failed to meet the App Store’s High Standard of Privacy. Apple has been giving…

Read more →

Geacon, a Cobalt Strike implementation written in Golang, is likely to attract the attention of threat actors looking for vulnerable macOS devices. Threat actors have been employing Cobalt Strike to breach Windows PCs for years, despite the infosec industry’s ongoing…

Read more →

The ‘RA Group’ is a recently emerged ransomware organization that is actively attacking the following companies in the United States and South Korea:- Cybersecurity researchers at Cisco Talos observed them employing the common ‘double-extortion’ technique by establishing a data leak…

Read more →

Meta is introducing Meta Verified on Facebook and Instagram. The popular social networking platform will now permit anyone who agrees to pay the price to have a blue tick on their profile.   Previously, Twitter sold the blue tick exclusively given to…

Read more →

To mitigate the threats posed by increasingly potent AI systems, government action will be essential, according to the CEO of the artificial intelligence company that produces ChatGPT. The success of OpenAI’s chatbot, ChatGPT, provoked worries and an AI arms race…

Read more →

The cybersecurity researchers at Symantec Threat Labs recently discovered APT hacking group has been utilizing the specialized ‘Merdoor’ backdoor malware to conduct precise and prolonged attacks on the following sectors in South and Southeast Asia since 2018:- While apart from…

Read more →

The Office of the Main Attorney General of Maine reported that there was a data breach in one of the Brightly-owned Software on 20th April 2023, which was discovered 8 days later. Brightly Inc is a Software company founded in…

Read more →

In March 2023, Group-IB’s Threat Intelligence team accessed the Qilin ransomware (Agenda ransomware) group and discovered that it is a Ransomware-as-a-Service affiliate program using Rust-based ransomware to target victims. Qilin ransomware employs personalized attack strategies, including modifying file extensions and…

Read more →

In April 2023, Google announced VirusTotal Code Insight to improve the capacity of its malware detection and analysis platform. This week, Google released an enhanced version of VirusTotal Code Insight, including support for more scripting languages. Code Insight is an…

Read more →

The Insurance industry was the most targeted sector in Q1, 2023, according to Indusface’s State of Application Security report, with 12 times more attacks than any other sector. Another report from the same year reveals that the insurance industry witnessed…

Read more →

WithSecure Labs, researchers uncovered a cyber operation named Ducktail in July 2022, where threat actors employed information-stealing malware to specifically target marketing and HR professionals with spear-phishing campaigns through LinkedIn direct messages, focusing on individuals and employees with potential access…

Read more →

Meta is introducing a new “Chat Lock” feature for WhatsApp to assist customers in securing their conversations. “We’re excited to bring to you a new feature we’re calling Chat Lock, which lets you protect your most intimate conversations behind one more…

Read more →

A part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to handle was found to have been made public as a result of misconfiguration of the cloud environment. Between November 6, 2013, and April 17, 2023, the…

Read more →

There has been a shift in threat actor behavior in recent years. Observations by threat researchers showed a peak in their change of activities. Ever since, Microsoft disabled macros by default, which was extensively exploited by threat actors and paved…

Read more →

Based on the recent report from char49, it appears that there was a critical flaw in Ferrari’s subdomain, which led to an arbitrary file read vulnerability. The vulnerability existed in the media.ferrari.com subdomain using a vulnerable WordPress plugin (W3 Total…

Read more →

Recently, it has been observed by JPCERT/CC that threat actors are actively targeting the cryptocurrency exchanges linked to the DangerousPassword attack campaign (aka CryptoMimic or SnatchCrypto), involving the distribution of malware through email shortcuts since June 2019. Apart from malware…

Read more →

Researchers from Trend Micro at Black Hat Asia claim that criminals have pre-infected millions of Android devices with malicious firmware before the devices ever leave their manufacturing. The manufacturing of the gadgets is outsourced to an original equipment manufacturer (OEM).…

Read more →

The widely-used Elementor plugin, “Essential Addons for Elementor,” has been discovered to have a security flaw that enables unauthorized users to gain administrative control, potentially impacting millions of WordPress websites. PatchStack recently uncovered a critical unauthenticated privilege escalation vulnerability, tracked…

Read more →

As the threats against the Internet of Things are on the rise, several types of research are going on to secure these devices. As part of this, the Zero Day Initiative (ZDI) conducted a “Pwn2Own” competition in March. Multiple vulnerabilities…

Read more →

A USB device is a popular choice for storing data and information and, alas, a popular data theft target for hackers. In this article, we’ll cover the challenges for sysadmins and how these are addressed utilizing an often overlooked security…

Read more →

GitHub is one of the largest code repository platforms developers use worldwide. Developers belonging to an organization, individual developers, and enterprise developers use this platform to commit and push the codes inside their repository. Microsoft took over the code repository…

Read more →

Google declared that all Gmail users within the United States would shortly be able to utilize the dark web report security feature to determine whether their e-mail address has been found on the dark web. Google already offers a dark…

Read more →

A new ransomware variant called “Akira” has emerged, targeting multiple organizations and employing a double-extortion technique by exfiltrating and encrypting sensitive data, with the threat of selling or leaking it on the dark web unless the ransom is paid for…

Read more →

A recently found Linux NetFilter kernel vulnerability, identified as CVE-2023-32233, enables unprivileged local users to gain root-level privileges and full control over the affected system. However, the severity of the flaw has not yet been assessed. The security issue with…

Read more →

Microsoft released updates for two zero-day problems and 40 other newly discovered vulnerabilities in its products on Tuesday. CVE-2023-29336, one of the zero days, is a Windows “elevation of privilege” bug with a low attack complexity, minimal privilege requirements, and…

Read more →

After a Twitter engineer posted photos of an Android dashboard showing his WhatsApp microphone being used while he slept, Elon Musk declared that WhatsApp could not be trusted. A developer for Twitter named Foad Dabiri said that while he was sleeping,…

Read more →

A significant Indian lending organization ‘Fullerton India’ was breached at the beginning of April 2023. The LockBit ransomware Darknet blog, where hackers listed the business and have since released all the hacked information, confirms it. According to reports, on May…

Read more →

The FBI has been coordinating Operation PowerOFF since 2018, aiming to disrupt the DDoS-for-hire service infrastructures worldwide.  As part of this Operation, On May 8th, 2023, the FBI seized around 13 internet domains that offered DDos-for-hire services. The FBI has…

Read more →

NextGen Healthcare, which has its headquarters in Atlanta, Georgia, is a company that develops and markets software for the management of electronic health data and offers practice management services to medical practitioners. The Office of the Maine Attorney General has…

Read more →

Iranian hacker group ‘Mint Sandstorm’ is retaliating against recent attacks on its infrastructure by targeting critical US infrastructure, as recently discovered by cybersecurity researchers at Microsoft’s Threat Intelligence team. Linked to the IRGC (Islamic Revolutionary Guard Corps) and believed to…

Read more →

According to reports, there has been a security incident with Twitter’s Private Circle tweets feature as they have been exposed publicly. Twitter’s Private Circle was a feature introduced by Twitter in 2022, in which users can send their tweets to…

Read more →

Cisco SPA112 2-Port Phone Adapters have been reported to be vulnerable to arbitrary code execution via a malicious firmware upgrade. Cisco has classified this vulnerability as Critical, with a CVSS Score as 9.8 CVE-2023-20126 – Port Phone Adapters RCE Flaw…

Read more →

Check Point Research has recently published a study revealing the discovery of a previously unknown malware variant dubbed FluHorse. The malware comprises multiple malicious Android apps that impersonate legitimate ones, and unfortunately, most of these fake apps have already been…

Read more →

CERT-UA (Ukrainian Government Computer Emergency Response Team) recently reported that the Ukrainian state networks suffered a cyber attack attributed to the notorious ‘Sandworm’ hacking group from Russia. The attackers reportedly employed WinRar to destroy critical data on various government devices.…

Read more →

What is SIEM? A security information and event management (SIEM) system is the foundation of security processes in the modern security operations center (SOC). A SIEM saves security analysts the effort of monitoring many different systems.  SIEM systems integrate with…

Read more →

GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesitng operations. PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is…

Read more →

In accordance with World Password Day, Google has launched its new feature called “passkeys” which will provide a passwordless authentication for users. As mentioned, Google has been working with the FIDO Alliance, Apple, and Microsoft to support passkeys on their…

Read more →

As per reports, the U.S government authorities have dismantled yet another large network of cybercriminals. Denis Gennadievich Kulkov, the prime owner of the illegal network, was charged with access fraud, computer intrusion, and money laundering through his “Try2Check” platform. Try2Check…

Read more →

The FBI has reportedly shut down 9 Virtual Currency Exchange services belonging to organizations to prevent cyber criminals from laundering their money. These exchange services were used by threat actors who received ransom payments through criminal activities. These organizations were…

Read more →

Numerous updates and alterations were witnessed in the major malware families employed in phishing scams during the first quarter of 2023, alongside significant variations in TTPs. The Cofense Intelligence team has recently published Active Threat Reports, which provide insights into…

Read more →

Forescout Vedere Labs recently highlighted the neglected BGP security aspect – software implementation vulnerabilities. FRRouting’s BGP message parsing vulnerabilities discovered by Forescout Vedere Labs could enable attackers to trigger a DoS state on susceptible BGP peers. Major networking vendors depend…

Read more →

T-Mobile recently confirmed another hack, the second this year and ninth since 2018, revealing customer data and account PINs. While T-Mobile confirmed a recent system detection that revealed a threat actor had accessed a small number of accounts, which compromised…

Read more →

Smartphones are frequently replaced by users when newer versions of smartphones with much more features are released. The exchange of smartphones has a significant complication in transferring data to the new device. To overcome this problem, Cloning applications were introduced…

Read more →

Cyble Research and Intelligence Labs (CRIL) has recently detected AresLoader, a novel loader that is found to be disseminating numerous malware families. Malware loaders are designed to deploy and execute diverse malware strains on the targeted computer system of the…

Read more →

Since Google bought Android 2005, its sole responsibility has been to provide the best user experience and ensure security for its users. Google Play Protect was installed on every Android device to ensure every application was secure.  Google stated that…

Read more →

Earlier this month, Italian SA raised a temporary ban for ChatGPT as there was a data breach in March 2023. Along with this, the application had data privacy issues and lack of age affirmation which made authorities conclude this decision.…

Read more →

Atomic macOS Stealer (AMOS) is a recent information-stealing malware capable of attacking macOS to steal confidential information. This malware was discovered by Cyble Research and Intelligence Labs (CRIL) on a telegram channel where the threat actor was advertising the malware.…

Read more →

As per reports, cybercrime will reach $10.5 trillion by 2025, including all kinds of cybercrime activities like RaaS, Phishing, malware, and much more. It will be mandatory for organizations to protect themselves from these threats.  According to Google, “ChromeOS, this…

Read more →

If you have ever had to configure a firewall, set up a router, or choose the best VPN for your computer, chances are you heard of the TCP and UDP protocols. However, if you’re reading this article, you’re probably confused…

Read more →

SOC Training is one of the most critical concerns in building a Quality Security Operation Center Team to fight against advanced threats that target the organization’s network. Sophisticated detection and prevention technologies are mandatory implementations by security experts since cyber…

Read more →

The Cosmos cooperative bank in Pune, among the city’s oldest urban cooperative banks, has fallen prey to cyber fraudsters. Hackers gained access to the bank’s system and stole Rs 94 crore. A court in Maharashtra’s Pune had found 11 persons…

Read more →

A fresh set of Git releases was made available to fix several security flaws. It gives attackers the ability to execute arbitrary code upon successful exploitation. Upgrades are advised for all users. View of the Most Recent Batch of Releases On GitHub…

Read more →

VMware Workstation, Workstation Pro, and Fusion have been subjected to several privately reported and fixed flaws. VMware has published a security advisory on the critical bugs discovered and their workarounds. CVE(s): The severity of these CVEs varies from 7.1 to…

Read more →

Mirai botnet exploits CVE-2023-1389 to add TP-Link Archer A21 (AX1800) routers to DDoS attacks. During the Pwn2Own Toronto event in December 2022, two hacking teams exploited the vulnerability in different ways via:- In January 2023, the flaw was unveiled to…

Read more →

A zero-day flaw in Cisco’s Prime Collaboration Deployment (PCD) software that can be used to launch cross-site scripting attacks has been identified. “A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker…

Read more →

Phishing has been one of the greatest threats to organizations, growing year after year. Phishing attacks have contributed to 90% of data breaches in the past few years, which makes cybercriminals adapt to them, making their attacks much more successful.…

Read more →

In the recent hybrid, multi-vendor, multi-threat world, Cisco Extended Detection and Response (XDR) streamlines security operations with unrivaled visibility across the network and endpoint. To accomplish its goal of the Cisco Security Cloud, a unified, AI-driven, cross-domain security platform, Cisco…

Read more →

Google Authenticator was launched in 2010, which provides additional security for various applications by providing authentication codes for every sign-in. This prevents attackers from account takeover on any application linked with Google Authenticator. Google has launched various authentication mechanisms like…

Read more →