Tag: GBHackers – Latest Cyber Security News | Hacker News

The “Customer Proprietary Network Information (CPNI)” from some wireless accounts was accessed by an unauthorized person, according to AT&T, who discovered the breach in a vendor’s system. Over 9 million AT&T customers were informed that some of their information had…

Read more →

The breach of a Washington, DC, health insurance marketplace may have allowed hackers’ access to members of the House and Senate’s sensitive personal information, it was revealed on Wednesday. The lawmakers’ staff members and their families also suffered. DC Health…

Read more →

There have been recent revelations by Microsoft that an old version of the SHEIN Android application has been found reading the contents of the clipboard on Android devices irregularly. With more than 100 million downloads from the Google Play Store,…

Read more →

A new information stealer has been recently found by cybersecurity researchers at Morphisec which is called “SYS01stealer.” This stealer primarily targets entities from the following critical infrastructures:- The Morphisec intelligence team has been tracking this advanced information stealer since November…

Read more →

There has been a proof-of-concept published recently for CVE-2023-21716 that analyzes this vulnerability. This vulnerability has been marked as “Critical” and has been detected in Microsoft Word which permits remote code execution (RCE). Microsoft’s latest Patch Tuesday release in February…

Read more →

Lumen’s Black Lotus Labs recently witnessed that Hackers are currently targeting DrayTek Vigor router models 2960 and 3900 in a campaign known as ‘Hiatus’.  The primary goal of hackers is to steal data from victims and establish a covert proxy…

Read more →

Cyber Security operations center is protecting organizations and the sensitive business data of customers. It ensures active monitoring of valuable assets of the business with visibility, alerting and investigating threats, and a holistic approach to managing risk. Analytics service can…

Read more →

In a recent analysis, MQsTTang, a newly designed custom backdoor, has been scrutinized by ESET researchers. After a thorough investigation, the source of this malware has been attributed to the infamous Mustang Panda APT group by the experts. Tracing back…

Read more →

The latest release of Wireshark, version 4.0.4, has been launched by the Wireshark Team. This new version offers a host of improvements and updates that enhance protocol support, including several bug fixes. It can be used for a wide range…

Read more →

BidenCash, a new entrant in the underground carding business, has announced a 1-year anniversary promotion in which it is offering the data of 2 million credit cards for free. This leaked dataset comprises credit card information sourced from various regions…

Read more →

The cybersecurity analysts at ESET recently reported that BlackLotus, a sneaky bootkit for UEFI (Unified Extensible Firmware Interface), has gained notoriety as the primary malware known to successfully evade Secure Boot defenses, creating it a formidable danger. Even on the…

Read more →

Credit card sniffers or online skimmers are a type of harmful software that cybercriminals often create using the JavaScript programming language.  Threat actors primarily use this to steal payment card data and PII from unsuspecting individuals while they transact on…

Read more →

The theft of critical law enforcement data is currently under investigation by the U.S. Marshals Service (USMS), triggered by a ransomware attack that targeted a stand-alone USMS system.  The USMS has confirmed that the compromised information is of a sensitive…

Read more →

In 2022, the number of new mobile banking Trojan installers found by Kaspersky Lab’s cybersecurity researchers surged to 196,476, which is more than twice the number reported in 2021.  This alarming statistic underscores the increasing sophistication and frequency of cyberattacks…

Read more →

Houzez is a high-quality WordPress theme that is available for purchase on ThemeForest, a popular marketplace for digital products. This premium theme has been widely recognized for its outstanding features and has garnered an impressive 35,000 sales to date with…

Read more →

Cybersecurity experts at Sophos recently detected multiple malicious 2FA apps in App Store and Google Play that deploy malware.  While Twitter made a recent announcement stating that it no longer considers SMS-based two-factor authentication (2FA) to be sufficiently secure. Users…

Read more →

Stanford University has recently reported a security incident involving a data breach. The incident, which occurred between December 2022 and January 2023, involved the unauthorized download of files containing sensitive admission information for the Economics Ph.D. program from the university’s…

Read more →

Stanford University has recently reported a security incident involving a data breach. The incident, which occurred between December 2022 and January 2023, involved the unauthorized download of files containing sensitive admission information for the Economics Ph.D. program from the university’s…

Read more →

Telus, a Canadian national telecommunications company is looking into whether employees’ data as well as the source code for the system were stolen and then sold on a dark web marketplace. Subsequently, the threat actor published screenshots that appear to depict the…

Read more →

On January 20, 2022, News Corp identified cyberattacks on a business email and document storage system utilized by numerous News Corp businesses. According to the inquiry, News Corp has learned that, between February 2020 and January 2022, a third party illegally…

Read more →

Since January 20, 2023, there have been several instances where malicious entities have been observed exploiting a significant security vulnerability in various Zoho ManageEngine products. The vulnerability in question has been tracked by the security analysts at Bitdefender as “CVE-2022-47966”…

Read more →

According to a Mozilla analysis, the majority of the top apps’ data privacy labels on the Google Play Store are false or deceptive. “Google Play Store’s misleading Data Safety labels give users a false sense of security. Honest nutrition labels…

Read more →

There has been an emergence of a new security threat that has been causing havoc among the Asian shipping and medical laboratory industries. It’s a never-before-seen threat group dubbed Hydrochasma, actively targeting the shipping and medical organizations that are engaged…

Read more →

In the digital age, protecting your data is more important than ever. With hackers becoming increasingly sophisticated in their methods of stealing sensitive information, it’s essential that businesses and individuals alike take steps to secure their data. As transcriptions can…

Read more →

Cybercriminals can breach the security of your home WiFi and potentially cause you significant harm. Your home network may be used by malicious cyber actors to access sensitive, private, and personal data. The National Security Agency published best practices for…

Read more →

Trellix researchers discovered a new class of privilege escalation bugs based on the ForcedEntry attack, which exploited a feature of macOS and iOS to deploy the NSO Group’s mobile Pegasus malware. The new class of bugs allows arbitrary code to…

Read more →

BitSight recently detected MyloBot, an advanced botnet that has successfully infiltrated numerous computer systems, primarily situated in four countries:-  The botnet has targeted and compromised thousands of systems, demonstrating its ability to operate on a massive scale across a wide…

Read more →

Sn1per is an automated scanner that can automate the process of collecting data for exploration and penetration testing. In their work sn1per involves such well-known tools like: amap, arachni, amap, cisco-torch, dnsenum, enum4linux, golismero, hydra, metasploit-framework, nbtscan, nmap smtp-user-enum, sqlmap,…

Read more →

As of October 2022, The HardBit ransomware attack was first detected as a threat extorting cryptocurrency payments to decrypt data from organizations. Recently, version 2.0 of HardBit ransomware has been released by its operators.  It is believed that the operators…

Read more →

Nmap is an open source network monitoring and port scanning tool to find the hosts and services in the computer by sending the packets to the target host for network discovery and security auditing. Numerous frameworks and system admins additionally…

Read more →

Samsung recently unveiled a cutting-edge addition to their feature suite, known as Message Guard. This new feature is specifically designed to offer an enhanced level of security to users against malware and spyware.  Its advanced technology provides safeguards that protect…

Read more →

Twitter has recently made an announcement regarding its two-factor authentication (2FA) service. The company has disclosed that the privilege of using this service will no longer be free. This means that Twitter users who wish to enable 2FA for added…

Read more →

A Franco-Israeli criminal network engaged in extensive CEO fraud has been destroyed as a result of a combined investigation assisted by Europol. The investigation was conducted jointly by Europol, the police forces of France, Croatia, Hungary, Portugal, and Spain. In…

Read more →

Google Dorks List “Google Hacking” is mainly referred to pulling sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites. Google…

Read more →

Today’s Cyber security operations center (CSOC) should have everything it needs to mount a competent defense of the ever-changing information technology (IT) enterprise. This includes a vast array of sophisticated detection and prevention technologies, a virtual sea of cyber intelligence…

Read more →

This article covers Active directory penetration testing that can help for penetration testers and security experts who want to secure their network. “Active Directory Pentesting” Called as “AD penetration Testing” is a directory service that Microsoft developed for the Windows…

Read more →

GoDaddy found malicious malware had been installed on servers in its cPanel shared hosting environment by an unauthorized third party. This results in the websites of its clients being intermittently rerouted. “We investigated and found that the intermittent redirects were…

Read more →

Google has become an inevitable thing in our day-to-day life. Especially, mobile apps are being developed every day to make life better with technology. Now the company officially announced that they are rolling out Privacy Sandbox Beta for a few…

Read more →

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, simultaneously with Windows and macOS. Here we have provided you with a top 10 best Linux distros list 2023 for all professionals. Hence Linux…

Read more →

SSL Checker helps you in troubleshooting common SSL issues and SSL endpoint vulnerabilities. With the free SSL certificate checker tool, just you need to submit the domain name or IP address along with the port number to analyze the configuration…

Read more →

ProxyShellMiner is being distributed to Windows endpoints by a very elusive malware operation, according to Morphisec. To generate income for the attackers, “ProxyShellMiner” deploys cryptocurrency miners throughout a Windows domain using the Microsoft Exchange ProxyShell vulnerabilities. ProxyShellMiner exploits a company’s…

Read more →

SSL Checker helps you in troubleshooting common SSL issues and SSL endpoint vulnerabilities. With the free SSL certificate checker tool, just you need to submit the domain name or IP address along with the port number to analyze the configuration…

Read more →

As a result of a new zero-day vulnerability found in Apple products that can be exploited in hacking attacks, Apple has recently released an emergency security update. Here below we have mentioned the devices that are vulnerable:- This discovered vulnerability…

Read more →

DDos is a malicious attempt to disturb the legitimate packets reaching the network equipment and services. When the DDoS attack is in place, organizations may experience an outage with one or more services, as the attacker looted their resources with…

Read more →

Car manufacturers Kia and Hyundai have recently taken measures to address concerns over vehicle security following the viral popularity of TikTok videos demonstrating how to easily steal their cars.  In response, the companies are now offering car owners the option…

Read more →

Security logging and monitoring failures feature in the OWASP Top 10 list, moving up to #9 from #10 in the 2017 list. Why so? Because logging and monitoring failures hinder your effective threat detection. If the website risks are not…

Read more →

Every cybersecurity workflow starts from log data collection and management, that’s why we curated the Best SIEM Tools list that is highly demanded among enterprises that strive to maintain a stable security posture and comply with necessary regulations. This overview…

Read more →

The cybersecurity researchers at Sucuri recently discovered a critical backdoor that has managed to infiltrate thousands of websites over the past few months. A group of threat actors who are responsible for a malware campaign called “black hat redirect” has…

Read more →

Google has become an inevitable thing in our day-to-day life. Especially, mobile apps are being developed every day to make life better with technology. Now the company officially announced that they are rolling out Privacy Sandbox Beta for a few…

Read more →

The Linux Distros is generally acknowledged as the third of the holy triplet of PC programs, simultaneously with Windows and macOS. Here we have provided you with a top 10 best Linux distros list 2023 for all professionals. Hence Linux…

Read more →

Using technology powered by AI (Artificial Intelligence), scammers can now take advantage of potential victims looking for love online by deceiving them by using modern hooks. With the rapid advancement of AI technology, scammers now have a powerful ally in…

Read more →

As a result of a new zero-day vulnerability found in Apple products that can be exploited in hacking attacks, Apple has recently released an emergency security update. Here below we have mentioned the devices that are vulnerable:- This discovered vulnerability…

Read more →

DDos is a malicious attempt to disturb the legitimate packets reaching the network equipment and services. When the DDoS attack is in place, organizations may experience an outage with one or more services, as the attacker looted their resources with…

Read more →

Recently, the FortiGuard Labs team made a groundbreaking discovery of several new zero-day attacks in the PyPI packages. The source of these attacks was traced back to a malware author known as “Core1337.” This individual had published a number of…

Read more →

The email account of domain registrar Namecheap was compromised which led to a flood of DHL and MetaMask phishing emails that sought to steal the victims’ personal information and cryptocurrency wallets. Reports say the phishing attacks began at 4:30 PM…

Read more →

According to Avanan, a Check Point Software Company, hackers are employing geotargeting tools to tailor phishing attacks to certain regions. Geo Targetly is a legitimate online service that offers its own URL shortening service, similar to Bitly, called Geo Link.…

Read more →

is this website safe ? In this digital world, Check website safety is the most important concern since there are countless malicious websites available everywhere over the Internet, it is tough to find a trustworthy website. We need to browse smart and…

Read more →

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued a new advisory regarding cybersecurity. This advisory details recent observations of TTPs used in North Korean ransomware operations.  These operations have targeted public health and other critical infrastructure sectors, highlighting…

Read more →

The Global Supplier Preparation Information Management System, or GSPIMS, of Toyota, was breached by a security researcher using a backdoor. After 90 days, the hacker dutifully alerted the company about the breach. The firm’s web platform, known as GSPIMS, enables…

Read more →

The police and the Public Prosecution Service in the Netherlands have been able to gain access to data from a crypto communication service used by criminals and read their conversations. It relates to the dismantled crypto-communication service Exclu. According to…

Read more →

Reddit recently revealed that it was subjected to a security breach. Unidentified cybercriminals were able to gain unauthorized access to the company’s internal documents, source code, as well as some of its business systems. On the evening of February 5,…

Read more →

Cybersecurity Ventures has made a prediction that the cost of global cybercrime will increase at a rate of 15% every year.  This projection means that by the year 2025, the total amount spent as a result of cybercrime is expected…

Read more →

The field of computer Forensics Analysis involves identifying, extracting, documenting, and preserving information that is stored or transmitted in an electronic or magnetic form (that is, digital evidence). Forensics Analysis – Volatile Data: How to Collect Volatile Data: Acquisition of…

Read more →

CERT-FR, the French Computer Emergency Response Team (CERT-FR), as well as administrators and hosting providers, have issued a warning concerning new ransomware, called ESXiArgs, that has been discovered. This vulnerability makes it possible for the attackers to deploy the ESXiArgs…

Read more →

A 25-year-old Finnish man named Julius “Zeekill” Kivimäki was taken into custody this week in France. He is facing charges of extorting an online psychotherapy practice based in his local area and causing the confidential therapy notes of over 22,000…

Read more →

Application security refers to the measures taken to protect the confidentiality, integrity, and availability of an application and its associated data. This involves designing, developing, and deploying applications in a secure manner and protecting them against threats such as hacking,…

Read more →

Lately, a number of individuals have been encountering difficulties with the Tor network in terms of connectivity and performance. It’s not just you who is facing this issue, as others have reported slower loading or even complete failure to load…

Read more →

The Global Supplier Preparation Information Management System, or GSPIMS, of Toyota, was breached by a security researcher using a backdoor. After 90 days, the hacker dutifully alerted the company about the breach. The firm’s web platform, known as GSPIMS, enables…

Read more →

The police and the Public Prosecution Service in the Netherlands have been able to gain access to data from a crypto communication service used by criminals and read their conversations. It relates to the dismantled crypto-communication service Exclu. According to…

Read more →

A zero-day vulnerability affecting on-premise instances of Fortra’s GoAnywhere MFT-managed file transfer solution was actively exploited, according to a warning posted on Mastodon by security researcher Brian Krebs. GoAnywhere is a safe web file transfer application that allows businesses to securely…

Read more →

Kubernetes security refers to the measures and practices used to protect a Kubernetes cluster and its resources, such as pods, services, and secrets, from unauthorized access and potential threats. This includes securing the communication between components, defining and enforcing access…

Read more →

CERT-FR, the French Computer Emergency Response Team (CERT-FR), as well as administrators and hosting providers, have issued a warning concerning new ransomware, called ESXiArgs, that has been discovered. This vulnerability makes it possible for the attackers to deploy the ESXiArgs…

Read more →

Android penetration testing tools are more often used by security industries to test the vulnerabilities in Android applications. Here you can find the Comprehensive mobile penetration testing tools and resource list that covers Performing Penetration testing Operations in Android Mobiles.…

Read more →

F5 reports a high-severity format string vulnerability in BIG-IP that might allow an authenticated attacker to cause a denial-of-service (DoS) issue and possibly execute arbitrary code. “A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to…

Read more →

Cloud Computing Penetration Testing is a method of actively checking and examining the Cloud system by simulating the attack from the malicious code. Cloud computing is the shared responsibility of the Cloud provider and the client who earn the service…

Read more →

Threat Intelligence Tools are more often used by security industries to test the vulnerabilities in network and applications. It helps with the collection and analysis of information about current and potential attacks that threaten the safety of an organization or…

Read more →

Threat actors have managed to get their hands on two shady applications that were uploaded to the app stores managed by both Google and Apple. These apps then induced users into making fake investments in cryptocurrencies. The cybersecurity experts at…

Read more →

Cyble Research and Intelligence Labs (CRIL) is a security research organization that has been monitoring the actions of a group of cyber criminals called “InTheBox”.  This group is primarily active on a Russian-language cybercrime forum, where they engage in illegal…

Read more →

Prilex is indeed a single threat actor that transformed from malware targeted at ATMs into distinctive modular point-of-sale (PoS) malware. Prilex has resurfaced with new upgrades that allow it to block contactless payment transactions. This is extremely sophisticated malware that uses…

Read more →

Multiple fraudulent Microsoft Partner Network accounts were discovered to have created harmful OAuth applications, causing breaches in organizations’ cloud environments and leading to the theft of emails. As a result, Microsoft has taken action and disabled these verified accounts. Microsoft…

Read more →

GitHub announced that it suffered a security breach in which unauthorized individuals obtained access to specific development and release planning repositories and stole encrypted code-signing certificates for the Desktop and Atom applications. Hence, in order to avoid any potential misunderstandings,…

Read more →

Computer Forensics tools are more often used by security industries to test the vulnerabilities in networks and applications by collecting the evidence to find an indicator of compromise and take appropriate mitigation Steps. Here you can find the Comprehensive Computer…

Read more →

Passion Group, a Killnet, and Anonymous Russia affiliate, recently started providing DDoS-as-a-Service to pro-Russian hackers.  During the attacks on January 27, the Passion Botnet was used to target medical institutions in the United States, Portugal, Spain, Germany, Poland, Finland, Norway, the…

Read more →

The cybersecurity analysts at Check Point Research recently reported that TrickGate, a shellcode-based packer, has been in operation for over six years without being detected. It has enabled threat actors to deploy various types of malware such as:-  TrickGate is…

Read more →

The lack of rate-limiting in Instagram was discovered by Gtm Mänôz, a security researcher from Kathmandu, Nepal.  This flaw could have allowed an attacker to bypass Facebook’s two-factor authentication by validating the targeted user’s already-validated Facebook mobile number using the…

Read more →

Cyble Research and Intelligence Labs (CRIL) is a security research organization that has been monitoring the actions of a group of cyber criminals called “InTheBox”.  This group is primarily active on a Russian-language cybercrime forum, where they engage in illegal…

Read more →

Prilex is indeed a single threat actor that transformed from malware targeted at ATMs into distinctive modular point-of-sale (PoS) malware. Prilex has resurfaced with new upgrades that allow it to block contactless payment transactions. This is extremely sophisticated malware that uses…

Read more →

Multiple fraudulent Microsoft Partner Network accounts were discovered to have created harmful OAuth applications, causing breaches in organizations’ cloud environments and leading to the theft of emails. As a result, Microsoft has taken action and disabled these verified accounts. Microsoft…

Read more →

GitHub announced that it suffered a security breach in which unauthorized individuals obtained access to specific development and release planning repositories and stole encrypted code-signing certificates for the Desktop and Atom applications. Hence, in order to avoid any potential misunderstandings,…

Read more →

The lack of rate-limiting in Instagram was discovered by Gtm Mänôz, a security researcher from Kathmandu, Nepal.  This flaw could have allowed an attacker to bypass Facebook’s two-factor authentication by validating the targeted user’s already-validated Facebook mobile number using the…

Read more →

Microsoft has been strongly encouraging its customers to keep updating their Exchange servers, in addition to taking steps to ensure that the environment remains secured with robust security implementations. While doing so, users can do the following things:- The number…

Read more →

The identity of the individual behind the Golden Chickens malware-as-a-service has been uncovered by cybersecurity experts. The perpetrator, known online as “badbullzvenom,” has been identified in the real world. An extensive 16-month investigation by eSentire’s Threat Response Unit revealed that…

Read more →

As a result of an international law enforcement operation, the sites utilized by the Hive ransomware operation for both payments and data leaks on the Tor network were successfully taken over, following the FBI’s infiltration of the group’s infrastructure in…

Read more →

The Wireshark Team has recently unveiled the latest iteration of their widely-utilized packet analyzer, Wireshark 4.0.3.  This version boasts a multitude of improvements, including new features and updates, as well as the resolution of various bugs to ensure a smooth…

Read more →

Silver is an open-source command-and-control framework that is becoming increasingly popular among malicious actors at current attacks. As threat actors are opting for this option since it offers a viable alternative to commercial tools such as:- Designed with scalability in…

Read more →

The source code of Yandex, the largest IT company in Russia and commonly referred to as the Russian Google, was hacked by attackers. On a well-known hacker site, a Yandex source code repository purportedly stolen by a former employee of…

Read more →

A joint Cybersecurity Advisory (CSA) from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) has been released to alert network defenders to malicious use of legitimate remote monitoring and management (RMM)…

Read more →

Recently, the US Justice Department along with the eight states filed a lawsuit against Google, accusing the company of having a monopoly on the online advertising market, which they argue harms advertisers, consumers, and even the US government.  They claim…

Read more →

A recent report reveals that the number of attacks on financial service APIs and web applications worldwide increased by 257%.   There are more APIs in use than ever, and the average FinTech company takes advantage of hundreds if not thousands of connections…

Read more →

The Wireshark Team has recently unveiled the latest iteration of their widely-utilized packet analyzer, Wireshark 4.0.3.  This version boasts a multitude of improvements, including new features and updates, as well as the resolution of various bugs to ensure a smooth…

Read more →