Tag: GBHackers On Security

Third-party cloud services open up any business to new risks. The high number of components of serverless applications are difficult to track and manage by security teams. Increased attack surfaces create more entry points that can lead threat actors into…

Read more →

Security analysts at Trend Micro have recently tracked down ‘Earth Longzhi’, a previously unknown Chinese APT hacking group that is actively targeting several organizations in countries such as:- With the help of custom versions of Cobalt Strike loaders, the threat…

Read more →

StrelaStealer Malware The post <strong>Hackers Stealing Outlook and Thunderbird Credentials Using StrelaStealer Malware</strong> appeared first on GBHackers On Security. This article has been indexed from GBHackers On Security Read the original article: Hackers Stealing Outlook and Thunderbird Credentials Using StrelaStealer…

Read more →

The Amadey Bot has been found to be used by attackers to install LockBit 3.0 with the help of malicious MS Word document files, eventually dropping the ransomware strain. In the year 2018, Amadey Bot was discovered that spread across…

Read more →

Citrix published security patches to fix a critical authentication bypass issue in Citrix ADC and Citrix Gateway. It is advised that impacted users of Citrix ADC and Citrix Gateway install the relevantly updated versions of those products as early as…

Read more →

Read more →

A ransomware gang threatened to reveal the personal information of millions of Medibank customers after the private health insurance firm declared it will not pay a ransom demand. Medibank is a leading private health insurer, providing health insurance through our…

Read more →

A ransomware gang threatened to reveal the personal information of millions of Medibank customers after the private health insurance firm declared it will not pay a ransom demand. Medibank is a leading private health insurer, providing health insurance through our…

Read more →

Information Security Risks assisted Business models for banking & financial services(BFS) institutions have evolved from being a monolithic banking entity to multi-tiered service entity. What this means to BFS companies is that they need to be more updated and relevant…

Read more →

Researchers from Positive Security uncovered a website scanner called “Urlscan” that unintentionally leaking sensitive URLs and data due to misconfiguration. It appears that a third party accidentally leaked the GitHub Pages URLs, and this incident happened while a metadata analysis…

Read more →

Read more →

Information Security Risks assisted Business models for banking & financial services(BFS) institutions have evolved from being a monolithic banking entity to multi-tiered service entity. What this means to BFS companies is that they need to be more updated and relevant…

Read more →

Cybersecurity experts at Trend Micro have recently identified that hackers are actively attacking the Amazon Web Services (AWS) EC2 workloads to steal credentials. By exploiting this tool, hackers get the ability to exfiltrate essential data like access keys and tokens. …

Read more →

Healthcare organizations are increasingly using apps for telehealth and beyond. These apps have a significant impact on how they operate. They also have access to lots of sensitive information, such as EMR. As a result, we have seen an uptick…

Read more →

The cybersecurity analysts at Zscaler ThreatLabz have recently detected a new malicious version of a multi-factor-authentication (MFA) solution, known as Kavach, which has been exploited by the threat actors of Transparent Tribe (aka APT-36, C-Major, and Mythic Leopard) actively to…

Read more →

CybeReady, provider of the world’s fastest security training platform, today announced the release of its new Manager’s Program Tool. The new tool is another major step in offering enterprises a fully-automated solution for enhancing employee behavior and building a strong…

Read more →

Read more →

Android users are being targeted by threat actors using spyware known as SandStrike, which is delivered via malware-infected VPN applications. In short, threat actors have been circulating extremely stealthy and sophisticated spyware inside a VPN application. Cybersecurity researchers at Kaspersky…

Read more →

We all know that vulnerability assessment is very important nowadays, and that’s why most of companies use this assessment. Whether the company is small or it is a large IT sector, everyone needs to protect their company from cyberattacks, especially…

Read more →

A security flaw in the Galaxy Store allows attackers to trigger remote code execution on affected smartphones.  The now patched vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep…

Read more →

There is an unofficial patch from 0patch for a Zero-Day flaw in Microsoft Windows that allows bypassing the MotW (Mark-of-the-Web) protections that are built into the operating system and at moment it’s actively exploited. By utilizing files signed with malformed…

Read more →

The J-Web component of Juniper Networks’ Junos OS has been discovered to contain a number of vulnerabilities, one or more of which may allow remote code execution, cross-site scripting attacks, route injection, traversal, or local file inclusion. According to Octagon…

Read more →

During recent research, Microsoft has discovered evidence of a complex interconnected malware ecosystem that is associated with the Raspberry Robin worm. With other malware families, there are several root links to the Raspberry Robin worm were identified. Even security experts…

Read more →

Drinik Android trojan is using a new version to target 18 Indian banks, posing as the app used by the country to manage tax payments. The main aim of these criminals is to steal personal and bank account information from…

Read more →

The threat actor behind a remote access trojan, ‘RomCom RAT’ is now targeting Ukrainian military institutions. The threat actors are known to spoof legitimate apps like ‘Advanced IP Scanner’ and ‘PDF Filler’ to drop backdoors on compromised systems. Reports say…

Read more →

In earlier years, everyone depends on SOC (includes firewalls, WAF, SIEM,etc.) and the prioritize in building the SOC provides security and the CIA was maintained. However, later the emerge of the attacks and the threat actors becomes more challenge and…

Read more →

The Cybernews research team noticed that Thomson Reuters left three of its databases publicly accessible which resulted in the leak of more than 3TB of sensitive customer and corporate data, including third-party server passwords. Thomson Reuters Corporation is a Canadian…

Read more →

In an international cybercrime operation dubbed Raccoon Stealer malware-as-a-service (MaaS), the Department of Justice has charged a Ukrainian 26-year-old, Mark Sokolovsky for playing a foul role. Raccoon Stealer is a trojan that is primarily distributed with the intention of stealing…

Read more →

Kimsuky (aka Thallium, Black Banshee, Velvet Chollima) is a North Korean hacking group that is actively targeting Android device users with 3 new mobile malware that are recently discovered by the cybersecurity experts at S2W. This group has been active…

Read more →

Cisco issued a warning of active exploitation attempts targeting two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows.  The security flaws are tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), which allows the attacker…

Read more →

A new version of Wireshark has been released recently by the Wireshark Team, it’s Wireshark 4.0.1, which contains several enhancements, new updates, and bug fixes. Wireshark is one of the most widely used open-source free software packet analyzers that are…

Read more →

Trail of Bits researcher Andreas Kellas recently disclosed a 22-Years-Old SQLite bug which has been tracked as “CVE-2022-35737.” The SQLite database library has been found to contain this vulnerability that has a high severity level. In October 2000 several code…

Read more →

Since the start of this year, there have been 8 zero-day vulnerabilities discovered by Apple that have been used to attack iPhones and iPads remotely. The ninth zero-day bug (CVE-2022-42827) has now been fixed by Apple as part of the…

Read more →

Researchers at FortiGuard Labs noticed multiple malware campaigns targeting the VMware vulnerability to deploy cryptocurrency miners and ransomware on affected machines. The critical vulnerability is tracked as CVE-2022-22954 (CVSS score: 9.8), a remote code execution vulnerability that causes server-side template…

Read more →

Cisco issued a warning of active exploitation attempts targeting two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows.  The security flaws are tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), which allows the attacker…

Read more →

Trail of Bits researcher Andreas Kellas recently disclosed a 22-Years-Old SQLite bug which has been tracked as “CVE-2022-35737.” The SQLite database library has been found to contain this vulnerability that has a high severity level. In October 2000 several code…

Read more →

Malware analysis tools are highly essential for Security Professionals who is always need to learn many tools, techniques, and concepts to analyze sophisticated Threats and current cyber attacks. Here we are going to see some of the Malware Analysis Tools…

Read more →

Since the start of this year, there have been 8 zero-day vulnerabilities discovered by Apple that have been used to attack iPhones and iPads remotely. The ninth zero-day bug (CVE-2022-42827) has now been fixed by Apple as part of the…

Read more →

Researchers at FortiGuard Labs noticed multiple malware campaigns targeting the VMware vulnerability to deploy cryptocurrency miners and ransomware on affected machines. The critical vulnerability is tracked as CVE-2022-22954 (CVSS score: 9.8), a remote code execution vulnerability that causes server-side template…

Read more →

Security Professionals always need to learn many tools, techniques, and concepts to analyze sophisticated Threats and current cyber attacks. Here we are going to see some of the Malware Analysis Tools , books, Resources which is mainly using for Malware…

Read more →

Operation CuckooBees is still active and has been detected by Symantec recently. While this time it has been found that the operators of CuckooBees, APT41 (aka Winnti, Barium, Bronze Atlas, and Wicked Panda) are targeting Hong Kong-based companies and organizations.…

Read more →

Many people are concerned about an RCE flaw in the Apache Commons Text library. They believe that this RCE flaw may turn out to be the next successive “Log4shell” flaw. The new RCE flaw in Apache Commons Text is tracked…

Read more →

It appears that 16 malicious campaigns have been carried out by a Russian-speaking ransomware group called OldGremlin (aka TinyScouts).  A combination of these campaigns was launched by the operators over the course of two and a half years targeting the…

Read more →

When moving to a cloud infrastructure, businesses should be looking toward a Zero Trust strategy. This security model protects the cloud from the inside out using the principle of least privilege to grant secure access to any company resource. Eliminating…

Read more →

Cybersecurity experts at Cyble Research and Intelligence Labs (CRIL) have recently identified a fake AnyDesk website (hxxp://anydesk[.]ml).  They found this website was spreading Mitsu Stealer, and it’s a sophisticated custom-made 64-bit malware. This malware is primarily designed to steal all…

Read more →

Recently, Microsoft has confirmed that due to a misconfiguration of Microsoft server multiple sensitive information about some of Microsoft’s customers was exposed over the internet. A total of over 65,000 leaked entities were detected by SOCRadar in this leak, which…

Read more →

Verizon notified its prepaid customers of the recent cyberattack that threat actors gained access to Verizon accounts and used exposed credit card information. The company says during regular account monitoring, they were able to notice an abnormal activity on the…

Read more →

Recently, a brand-new out-of-band security update (Cobalt Strike 4.7.2) has been released by HelpSystems to fix an RCE vulnerability in the post-exploitation Cobalt Strike toolkit. The RCE vulnerability has been identified and reported by the security experts from the X-Force…

Read more →

The distribution of QAKBOT malware is resurrected once again by operators of the Black Basta ransomware group on September 8, 2022, after a short leisure break. While the latest distribution mechanism and campaign were identified by cybersecurity researchers at Trend…

Read more →

Operation CuckooBees is still active and has been detected by Symantec recently. While this time it has been found that the operators of CuckooBees, APT41 (aka Winnti, Barium, Bronze Atlas, and Wicked Panda) are targeting Hong Kong-based companies and organizations.…

Read more →

Many people are concerned about an RCE flaw in the Apache Commons Text library. They believe that this RCE flaw may turn out to be the next successive “Log4shell” flaw. The new RCE flaw in Apache Commons Text is tracked…

Read more →

A new open-source analytical tool dubbed RedEye designed to make it easier for operators to visualize and report activities associated with C2 communication has been released by CISA. Both the red and blue teams can benefit from RedEye, as it…

Read more →

The Zscaler ThreatLabz research team observed a PHP version of ‘Ducktail’ Infostealer distributed in the form of cracked application installer for a variety of applications including games, Microsoft Office applications, Telegram, and others.   Notably, Ducktail has been active since 2021;…

Read more →

When moving to a cloud infrastructure, businesses should be looking toward a Zero Trust strategy. This security model protects the cloud from the inside out using the principle of least privilege to grant secure access to any company resource. Eliminating…

Read more →

Cybersecurity experts at Cyble Research and Intelligence Labs (CRIL) have recently identified a fake AnyDesk website (hxxp://anydesk[.]ml).  They found this website was spreading Mitsu Stealer, and it’s a sophisticated custom-made 64-bit malware. This malware is primarily designed to steal all…

Read more →

Verizon notified its prepaid customers of the recent cyberattack that threat actors gained access to Verizon accounts and used exposed credit card information. The company says during regular account monitoring, they were able to notice an abnormal activity on the…

Read more →

Recently, a brand-new out-of-band security update (Cobalt Strike 4.7.2) has been released by HelpSystems to fix an RCE vulnerability in the post-exploitation Cobalt Strike toolkit. The RCE vulnerability has been identified and reported by the security experts from the X-Force…

Read more →

The distribution of QAKBOT malware is resurrected once again by operators of the Black Basta ransomware group on September 8, 2022, after a short leisure break. While the latest distribution mechanism and campaign were identified by cybersecurity researchers at Trend…

Read more →

Operation CuckooBees is still active and has been detected by Symantec recently. While this time it has been found that the operators of CuckooBees, APT41 (aka Winnti, Barium, Bronze Atlas, and Wicked Panda) are targeting Hong Kong-based companies and organizations.…

Read more →

As part of the criminal case against a former student of the University of Puerto Rico (UPR), a judge in Puerto Rico sentenced him to serve 13 months in federal prison.  The former student, Iván Santell-Velázquez (aka Slay3r_r00t) was accused…

Read more →

A new open-source analytical tool dubbed RedEye designed to make it easier for operators to visualize and report activities associated with C2 communication has been released by CISA. Both the red and blue teams can benefit from RedEye, as it…

Read more →

The Zscaler ThreatLabz research team observed a PHP version of ‘Ducktail’ Infostealer distributed in the form of cracked application installer for a variety of applications including games, Microsoft Office applications, Telegram, and others.   Notably, Ducktail has been active since 2021;…

Read more →

The cybersecurity company Kaspersky detected almost 900 servers being compromised by sophisticated attackers leveraging the critical Zimbra Collaboration Suite (ZCS), which at the time was a zero-day without a patch for nearly 1.5 months. “We investigated the threat and was…

Read more →

When moving to a cloud infrastructure, businesses should be looking toward a Zero Trust strategy. This security model protects the cloud from the inside out using the principle of least privilege to grant secure access to any company resource. Eliminating…

Read more →

Verizon notified its prepaid customers of the recent cyberattack that threat actors gained access to Verizon accounts and used exposed credit card information. The company says during regular account monitoring, they were able to notice an abnormal activity on the…

Read more →

Microsoft Threat Intelligence Center (MSTIC) found a new ransomware named “Prestige” ransomware targeting organizations in the transportation and associated logistics industries in Ukraine and Poland. Researchers say this novel ransomware campaign was first deployed on October 11 in attacks occurring…

Read more →

Recently, a brand-new out-of-band security update (Cobalt Strike 4.7.2) has been released by HelpSystems to fix an RCE vulnerability in the post-exploitation Cobalt Strike toolkit. The RCE vulnerability has been identified and reported by the security experts from the X-Force…

Read more →

The distribution of QAKBOT malware is resurrected once again by operators of the Black Basta ransomware group on September 8, 2022, after a short leisure break. While the latest distribution mechanism and campaign were identified by cybersecurity researchers at Trend…

Read more →

As part of the criminal case against a former student of the University of Puerto Rico (UPR), a judge in Puerto Rico sentenced him to serve 13 months in federal prison.  The former student, Iván Santell-Velázquez (aka Slay3r_r00t) was accused…

Read more →

A new open-source analytical tool dubbed RedEye designed to make it easier for operators to visualize and report activities associated with C2 communication has been released by CISA. Both the red and blue teams can benefit from RedEye, as it…

Read more →

The Zscaler ThreatLabz research team observed a PHP version of ‘Ducktail’ Infostealer distributed in the form of cracked application installer for a variety of applications including games, Microsoft Office applications, Telegram, and others.   Notably, Ducktail has been active since 2021;…

Read more →

The cybersecurity company Kaspersky detected almost 900 servers being compromised by sophisticated attackers leveraging the critical Zimbra Collaboration Suite (ZCS), which at the time was a zero-day without a patch for nearly 1.5 months. “We investigated the threat and was…

Read more →

Microsoft Threat Intelligence Center (MSTIC) found a new ransomware named “Prestige” ransomware targeting organizations in the transportation and associated logistics industries in Ukraine and Poland. Researchers say this novel ransomware campaign was first deployed on October 11 in attacks occurring…

Read more →

The Dutch National Police in cooperation with cybersecurity firm Responders.NU, managed to obtain over 150 decryption keys from ransomware group ‘Deadbolt’ due to fake bitcoin payments. “The police paid, received the decryption keys and then withdrew the payments. These keys…

Read more →

Cybersecurity researchers at Kaspersky Security Labs have recently identified an unofficial version of WhatsApp for Android, which is dubbed by experts “YoWhatsApp.” This unofficial version of WhatsApp is mainly designed to steal users’ account access keys or login credentials. There…

Read more →

The Distributed Denial of Service (DDoS) attacks, hit 14 major US airport websites. The websites were temporarily shut down due to DDoS attacks led by pro-Russian hacker group ‘KillNet’, who hit back against the Western countries’ aggressive actions against Russia…

Read more →

A critical vulnerability has been identified recently in FortiGate firewalls and FortiProxy Web Proxy. While FortiGate has already alerted its customers about the issue.  If an attacker is able to successfully exploit this critical vulnerability, they would potentially be able…

Read more →

Recently, the security researchers at HP’s threat intelligence team have discovered a malicious campaign in which the threat actors are delivering Magniber ransomware and with the help of fraudulent security updates targeted Windows Home users. A number of fake websites…

Read more →

The installation of a VPN on your Android phone is supposed to ensure that all outgoing traffic is protected. This is what in the name of privacy the VPN providers claim at least. It was discovered by Mullvad VPN during…

Read more →

Cybersecurity researchers at Kaspersky Security Labs have recently identified an unofficial version of WhatsApp for Android, which is dubbed by experts “YoWhatsApp.” This unofficial version of WhatsApp is mainly designed to steal users’ account access keys or login credentials. There…

Read more →

The Distributed Denial of Service (DDoS) attacks, hit 14 major US airport websites. The websites were temporarily shut down due to DDoS attacks led by pro-Russian hacker group ‘KillNet’, who hit back against the Western countries’ aggressive actions against Russia…

Read more →

A critical vulnerability has been identified recently in FortiGate firewalls and FortiProxy Web Proxy. While FortiGate has already alerted its customers about the issue.  If an attacker is able to successfully exploit this critical vulnerability, they would potentially be able…

Read more →

With the release of the PhaaS platform called ‘Caffeine’, threat actors can now easily launch their own sophisticated phishing attacks. Anyone who wants to start their own phishing campaign will be able to register on this platform through an open…

Read more →

The installation of a VPN on your Android phone is supposed to ensure that all outgoing traffic is protected. This is what in the name of privacy the VPN providers claim at least. It was discovered by Mullvad VPN during…

Read more →

Trellix released a recent report on the evolution of BazarCall social engineering tactics. Initially BazarCall campaigns appeared in late 2020 and researchers at Trellix noticed a continuous growth in attacks pertaining to this campaign. Reports say at first, it delivered…

Read more →

The group behind a major ransomware attack, BlackByte ransomware gang has turned to a deadly new method of attack, “Bring Your Own Vulnerable Driver” (BYOVD).  The reason behind this is that it allows security products to be bypassed by attacks,…

Read more →

A critical vulnerability has been identified recently in FortiGate firewalls and FortiProxy Web Proxy. While FortiGate has already alerted its customers about the issue.  If an attacker is able to successfully exploit this critical vulnerability, they would potentially be able…

Read more →

The Distributed Denial of Service (DDoS) attacks, hit 14 major US airport websites. The websites were temporarily shut down due to DDoS attacks led by pro-Russian hacker group ‘KillNet’, who hit back against the Western countries’ aggressive actions against Russia…

Read more →

With the release of the PhaaS platform called ‘Caffeine’, threat actors can now easily launch their own sophisticated phishing attacks. Anyone who wants to start their own phishing campaign will be able to register on this platform through an open…

Read more →

Trellix released a recent report on the evolution of BazarCall social engineering tactics. Initially BazarCall campaigns appeared in late 2020 and researchers at Trellix noticed a continuous growth in attacks pertaining to this campaign. Reports say at first, it delivered…

Read more →

The group behind a major ransomware attack, BlackByte ransomware gang has turned to a deadly new method of attack, “Bring Your Own Vulnerable Driver” (BYOVD).  The reason behind this is that it allows security products to be bypassed by attacks,…

Read more →

In a recent press release from Meta Platforms, it was announced that over 400 malicious apps had been identified on both Android and iOS platforms.  The goal of these apps was to steal login information for Facebook accounts from online…

Read more →

In the private sector, hackers and cybercriminals are prone to leaving organizations with good security infrastructures alone. Because they often go after low-hanging fruit, hacking into a well-protected network is perceived as more trouble than it’s worth. But the public…

Read more →

An organization in the DIB sector was compromised by state-funded hackers using a custom malware program, CovalentStealer, and the Impacket framework. It took approximately ten months for the compromise to be resolved. There is a good chance that the organization…

Read more →

There are several open-source packet analyzers available, but Wireshark is among the most popular. Moreover, the application has been upgraded to version 4.0.0 and comes with multiple new features and fixes. It is not only network administrators who use Wireshark…

Read more →

Did you know that according to the FBI Internet Crime Center Report (2015-2020), cybercrime against children has risen by 144%, compared to 2019? Unfortunately, cybercriminals don’t target large corporations only. It’s very common for kids to fall victim to cybercrime.…

Read more →

A new Android spyware called RatMilad has been discovered by researchers at the security company Zimperium Labs. There have been observations of this spyware targeting enterprise mobile devices in the Middle East with the purpose of spying on and stealing…

Read more →

An intrusion detection system (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities such as DDOS Attacks or security policy violations. An IDS works…

Read more →

An Italian luxury sports car manufacturer, Ferrari was hit by ransomware. The RansomEXX gang claims to have hacked Ferrari, more than 7 GB of data, including internal documents, datasheets, and repair manuals have been stolen. The car manufacturer says that…

Read more →

There has been a discovery of a new type of malware by security researchers named, Maggie, which targets Microsoft SQL servers. Around the world, hundreds of computers have already become infected with the Maggie backdoor. Maggie is controlled by SQL…

Read more →