Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

The allure of NFTs, those shimmering digital tokens holding unique artworks and promises of fortune, has captivated the world.  But amidst the buzz lurks a sinister shadow: the NFT scam.  Recently, Check Point Research exposed a sophisticated airdrop scam targeting…

Read more →

OSINVGPT is an AI-based system that helps security analysts with open-source investigations and tool selection. While this tool was developed by “Very Simple Research.” This tool can assist security analysts in gathering relevant information, sources, and tools for their investigations.…

Read more →

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have raised a red flag: Chinese-made drones pose a significant risk to the security of critical infrastructure in the United States. While any UAS can harbor…

Read more →

Android TVs are widely used, and due to their wide adoption, threat actors frequently target them for unauthorized access or data theft. In Android smart TVs, the vulnerabilities in outdated software or third-party apps can be exploited. The interconnected nature…

Read more →

A cryptocurrency-related phishing scam that uses malware called a drainer is one of the most widely used tactics these days. From November 2022 to November 2023, ‘Inferno Drainer’, a well-known multichain cryptocurrency drainer, was operational under the scam-as-a-service paradigm. On sophisticated…

Read more →

Today, DDoS attacks stand out as the most widespread cyber threat, extending their impact to APIs.  When successfully executed, these attacks can cripple a system, presenting a more severe consequence than DDoS incidents targeting web applications.  The increased risk amplifies…

Read more →

Cisco NetScaler ADC and NetScaler Gateway have been discovered to have two vulnerabilities, which were associated with remote code execution and denial of service. The CVEs for these vulnerabilities were CVE-2023-6548 and CVE-2023-6549, and the severity has been given as…

Read more →

Threat actors use botnet malware to gain access to the network of compromised systems that enable them to perform several types of illicit activities. They get attracted to botnet malware due to its distributed and anonymous infrastructure, which makes it…

Read more →

Ever since the beginning of 2023, infostealers targeting macOS have been on the rise with many threat actors actively targeting Apple devices. As of last year, many variants of Atomic Stealer, macOS meta stealer, RealStealer, and many others were discovered.…

Read more →

Google Chrome has released its stable channel update version 20.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 for Windows. However, Google stated that this new security update will roll out in the upcoming days/weeks. The extended stable channel has also…

Read more →

GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesting operations. PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is…

Read more →

GitHub has become a major platform that cybercriminals use for various attack methods such as payload delivery, dead drop resolution (DDR), C2 (Command and Control) and exfiltration. T This is because GitHub is considered legitimate traffic, which threat actors can…

Read more →

The 29-year-old man was arrested in Mykolaiv, Ukraine, for using hacked accounts to create 1 million virtual servers to illegally mine cryptocurrency. It is estimated that the suspect has mined cryptocurrency worth over USD 2 million (or EUR 1.8 million). The…

Read more →

Network Penetration Testing checklist determines vulnerabilities in the network posture by discovering open ports, troubleshooting live systems, and services, and grabbing system banners. The pen-testing helps the administrator close unused ports, add additional services, hide or customize banners, troubleshoot services, and…

Read more →

Web server pentesting is performed under three significant categories: identity, analysis, and reporting vulnerabilities such as authentication weaknesses, configuration errors, and protocol relationship vulnerabilities.  1.  “Conduct a series of methodical and repeatable tests ” is the best way to test the webserver…

Read more →

Web server pentesting is performed under 3 significant categories: Identity, Analyse, and Report Vulnerabilities such as authentication weakness, configuration errors, and protocol Relation vulnerabilities.  1.  “Conduct a series of methodical and Repeatable tests ” is the best way to test the webserver…

Read more →

Hackers target vulnerable WordPress plugins as they provide a potential entry point to exploit website security weaknesses.  These plugins often have outdated code or known vulnerabilities, which make them attractive targets for malicious actors seeking:- Recently, on December 14th, 2023,…

Read more →

Several vulnerabilities have been discovered in Splunk Enterprise Security and Splunk User Behavior Analytics (UBA), which existed in several third-party packages. The third-party package includes Splunk, which includes babel/traverse, handsontable, semver, loader-utils, json5, socket.io-parser, protobuf, and Guava. However, Splunk has…

Read more →

Hackers use Qbot malware for its advanced capabilities, including keylogging, credential theft, and backdoor functionality. Previously distributed Qakbot malware campaign was capable of monitoring the browsing activities of the infected computer and logs all information related to finance-related websites. Qbot…

Read more →

Invati Connect Secure (ICS) and Ivanti Policy Secure Gateways have been discovered with two new vulnerabilities associated with authentication bypass and command injection. The CVEs for these vulnerabilities have been assigned as CVE-2023-46805 and CVE-2024-21887. The severity of these vulnerabilities…

Read more →

AgentTesla is a notorious malware that functions as a keylogger and information stealer.  By logging keystrokes and capturing screenshots on infected systems, this notorious malware targets sensitive data like:- Recently, the cybersecurity researchers at BitSight Security discovered that AgentTesla malware…

Read more →

AgentTesla is a notorious malware that functions as a keylogger and information stealer.  By logging keystrokes and capturing screenshots on infected systems, this notorious malware targets sensitive data like:- Recently, the cybersecurity researchers at BitSight Security discovered that AgentTesla malware…

Read more →

Hackers use the Mirai botnet to launch large-scale Distributed Denial of Service (DDoS) attacks by exploiting vulnerable Internet of Things (IoT) devices.  Mirai’s ability to recruit a massive number of compromised devices allows attackers to do the following things to…

Read more →

Adobe has released a security update that fixes “Important-severity” vulnerabilities in its Substance 3D Stager product. The successful exploitation of these issues could result in a memory leak and arbitrary code execution in the current user’s context. Adobe Substance 3D…

Read more →

AirDrop was introduced in iOS 7, which allows Apple users to transmit files between iOS and macOS systems. Moreover, this does not require an internet connection or a phone book contact for the receiver to receive files.  However, it has…

Read more →

Pikabot is a loader malware that is active in spam campaigns and has been used by the threat group Water Curupira, which has been paused from June to September 2023 after Qakbot’s takedown.  However, the surge in Pikabot phishing campaigns…

Read more →

Hackers use YouTube channels to deliver malware due to the huge user base of the platform. By using YouTube channels, hackers disguise their malicious content as:- Besides this, the popularity of YouTube also gives the threat actors the ability to…

Read more →

Qakbot is a sophisticated banking trojan and malware that primarily targets financial institutions. This sophisticated malware steals sensitive information such as:- While hackers exploit Qakbot to conduct:- Qakbot malware returns after the “Duck Hunt” bust. Not only that, even Microsoft…

Read more →

Cacti, the performance and fault management framework, has been discovered with a blind SQL injection vulnerability, which could reveal Cacti database contents or trigger remote code execution.  The CVE for this vulnerability has been assigned with CVE-2023-51448, and the severity…

Read more →

Cacti, the performance and fault management framework, has been discovered with a blind SQL injection vulnerability, which could reveal Cacti database contents or trigger remote code execution.  The CVE for this vulnerability has been assigned with CVE-2023-51448, and the severity…

Read more →

QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent.  QNAP has also stated all the affected products and their versions and the…

Read more →

Accenture, a global professional services company, has made a strategic move in the U.K. market by acquiring 6point6, a leading technology consultancy specializing in cloud, data, and cybersecurity.  This acquisition, announced on October 31, 2023, significantly enhances Accenture’s capabilities in…

Read more →

Over the decade, Python has been dominating the programming languages and consistently growing with open-source love.  Numerous popular Python projects exist that are used by millions of users. However, besides this, in recent times, it’s been noted that open-source malware…

Read more →

In recent years, we have seen a significant shift in the global workforce. With the proliferation of high-speed internet and advanced communication tools, remote work has become the new norm for countless professionals. This transition hasn’t just been about convenience;…

Read more →

In a landmark victory for cybersecurity, the xDedic Marketplace, a notorious haven for cybercrime, has been shut down.  This international operation, spearheaded by the U.S. Attorney’s Office, FBI, IRS-CI, and a consortium of law enforcement agencies from Belgium, Ukraine, and…

Read more →

AsyncRAT is an open-source remote access Trojan (RAT) malware known for its ability to provide unauthorized access and control over infected systems. It was released in 2019.  Hackers use it actively for various malicious purposes, including:- Cybersecurity researchers at AT&T…

Read more →

Researchers identified three malicious PyPI (Python Package Index) packages that deploy a CoinMiner executable on Linux devices, affecting latency in device performance. These packages, namely modular even-1.0, driftme-1.0, and catme-1.0, come from a recently established author account called “sastra” and exhibit an intricate…

Read more →

Remcos RAT (Remote Control and Surveillance) is a type of Remote Access Trojan used for unauthorized access and control of a computer system.  It allows threat actors to perform various malicious activities like:- Cybersecurity researchers at Uptycs recently discovered that…

Read more →

The latest stable channel update for Google Chrome, version 120.0.6099.199 for Mac and Linux and 120.0.6099.199/200 for Windows, is now available and will shortly be rolled out to all users. Furthermore, the Extended Stable channel has been updated to 120.0.6099.200 for…

Read more →

A vulnerability in the encryption algorithm used by the Black Basta ransomware has led researchers to develop a free decryptor tool. Active since April 2022, the Black Basta ransomware group employs a double extortion strategy, encrypting the vital servers and…

Read more →

Four Chinese cybercriminals were taken into custody after using ChatGPT to create ransomware. The lawsuit is the first of its sort in China, where OpenAI’s popular chatbot is not legally available, and Beijing has been tightening down on foreign AI.…

Read more →

Active Directory infiltration methods exploit vulnerabilities or weaknesses in Microsoft’s Active Directory to gain unauthorized access. Active Directory is a central component in many organizations, making it a valuable target for attackers seeking access to:- While successful infiltration allows threat…

Read more →

Wireshark is a popular open-source network protocol analyzer that allows users to inspect and capture data on a network in real time.  It enables detailed examination of network traffic for the following purposes:- Several key factors make Wireshark one of…

Read more →

A Critical Google Cookies exploit involves manipulating or stealing user cookies, which store authentication information, to gain unauthorized access to accounts.  Hackers exploit this illicit mechanism to:- A developer, PRISMA, discovered a major Google cookie exploit in Oct 2023 that…

Read more →

DLL hijacking is a technique where a malicious DLL (Dynamic Link Library) is placed in a directory that a vulnerable application searches before the legitimate one.  When the application is launched, it unknowingly loads the malicious DLL instead, allowing attackers…

Read more →

DLL hijacking is a technique where a malicious DLL (Dynamic Link Library) is placed in a directory that a vulnerable application searches before the legitimate one.  When the application is launched, it unknowingly loads the malicious DLL instead, allowing attackers…

Read more →

Google Kubernetes Engine (GEK) has been detected with two flaws that a threat actor can utilize to create significant damage in case the threat actor already has access inside the Kubernetes cluster. The first issue was associated with FluentBit with…

Read more →

Cyber attacks are evolving rapidly with advancements in technology, as threat actors exploit new vulnerabilities in:- The rise of the following sophisticated techniques demonstrates a growing level of complexity:- Moreover, the expansion of Internet of Things (IoT) devices provides new…

Read more →

Hackers abuse the ChatGPT name for malicious domains to exploit the credibility associated with the ChatGPT model, deceiving users into trusting fraudulent websites.  Leveraging the model’s reputation enables them to trick individuals into:- H2 2023’s ransomware from ESET highlight isn’t…

Read more →

Network Security tools for Penetration testing is more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Network Security Tools list that covers Performing Penetration testing Operations in all Environments.…

Read more →

While the world celebrated Christmas, the cybercrime underworld feasted on a different kind of treat: the release of Meduza 2.2, a significantly upgraded password stealer poised to wreak havoc on unsuspecting victims.  Cybersecurity researchers at Resecurity uncovered the details of…

Read more →

Hackers exploit Zero-Days because these vulnerabilities are unknown to software developers, making them valuable for launching attacks before developing patches.  Zero-day exploits provide an opportunity to:- Cybersecurity researchers at Securelist recently discovered a malicious operation dubbed “Triangulation,” in which threat…

Read more →

Barracuda Email Security Gateway (ESG) Appliance has been discovered with an Arbitrary code Execution vulnerability exploited by a China Nexus threat actor tracked as UNC4841. Additionally, the vulnerability targeted only a limited number of ESG devices.  However, Barracuda has deployed…

Read more →

A new vulnerability has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Apache OfBiz is used as a part of the software supply chain in Atlassian’s JIRA, which is predominantly used in several organizations. This vulnerability…

Read more →

The cybersecurity domain is undergoing rapid changes owing to the rise in frequency and complexity of cyber threats. As the digital world expands, the risk of cyberattacks is increasing, and security experts must stay vigilant to safeguard against potential breaches.…

Read more →

Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years.  Several techniques were used for…

Read more →

Ubisoft, the renowned video game developer behind iconic franchises like Assassin’s Creed and Far Cry, narrowly escaped a potentially devastating data breach.  On December 20th, an unidentified threat actor infiltrated their systems, gaining access for approximately 48 hours before Ubisoft’s…

Read more →

Hackers use weaponized Word documents to deliver malicious payloads through social engineering.  By embedding malware or exploiting vulnerabilities in these documents, attackers trick users into opening them and leading to the execution of malicious code.  While leveraging the familiarity and…

Read more →

In a strategic move destined to fortify its dominance in the ever-evolving realm of cloud security, Cisco has officially declared its intent to acquire Isovalent, a trailblazer in open-source cloud-native networking and security.  This bold acquisition underscores Cisco’s steadfast commitment…

Read more →

Android malware infects devices to take full control for various illicit purposes like:-  By gaining complete control, threat actors can exploit the device for their illicit activities, posing significant threats to:- Cybersecurity analysts at McAfee Mobile Research recently found an…

Read more →

Organizations face an escalating threat of bot attacks in the rapidly evolving digital landscape. As revealed in our latest AppSec report, there has been a staggering 56% increase in bot attacks compared to Q2 2023. Previously associated with DDoS attacks,…

Read more →

Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:- Cybersecurity researchers at AhnLab Security Emergency Response Center…

Read more →

In the shadowy realm of commercial spyware, the spotlight turns to the notorious Intellexa spyware and its Predator/Alien solution, as dissected by Cisco Talos in their comprehensive May 2023 report.  This expose navigates the labyrinthine intricacies and disconcerting features of…

Read more →

Hackers use PowerShell commands because they provide a powerful scripting environment on Windows systems, allowing them to stealthily execute malicious scripts and commands called Operation RusticWeb.  While besides this, the PowerShell’s capabilities make it an attractive tool for gaining:- Cybersecurity…

Read more →

Due to the widespread use and popularity of Windows and macOS, threat actors often target these platforms.  Windows is a common target because it dominates the global operating system market, while macOS is targeted because of its majority among:- Recently,…

Read more →

It has been reported that malicious individuals are utilizing a malware called Agent Tesla to target Microsoft Office users using versions affected by CVE-2017-11882 XLAM. This malware is taking advantage of a remote code execution vulnerability in Equation Editor, which…

Read more →

Threat actors engage in cyberespionage to gain the following advantages:- Hackers do so by stealing the following key things from the targeted organizations or nations:- Cybersecurity researchers at ESET recently identified that new OilRig downloaders are abusing Microsoft Cloud APIs…

Read more →

In the dynamic realm of IT, HCL Technologies, the Noida-based juggernaut, recently found itself navigating choppy digital waters.  The revelation of a targeted ransomware incident within an isolated cloud environment created industry ripples, yet the company’s adept response and ongoing…

Read more →

Predator, a bot protection tool designed to fight against bots and crawlers, has now been found to be abused by threat actors for malicious purposes. Threat actors have been using phishing emails with malicious links to lure users into a…

Read more →

Web injections involve injecting malicious code into websites to manipulate content or redirect users to fraudulent sites.  Threat actors use this technique to steal sensitive information, such as:- Cybersecurity researchers at Security Intelligence recently identified that hackers hijacked the banking…

Read more →

In a groundbreaking initiative spanning 34 countries, INTERPOL orchestrates Operation HAECHI IV, a relentless assault on online financial crime, yielding a formidable impact. Interpol, short for the International Criminal Police Organization, is a global entity dedicated to fostering international police…

Read more →

Researchers have discovered two novel techniques on GitHub: one exploits GitHub Gists, while the other involves sending commands through Git commit messages. Malware authors will occasionally upload samples to services such as Dropbox, Google Drive, OneDrive, and Discord to host second-stage malware…

Read more →

Recently, the Cybersecurity and Infrastructure Security Agency (CISA) has requested technology device manufacturers to take measures to eliminate default passwords due to the threats posed by IRGC actors. This step has been taken to ensure the security of tech devices…

Read more →

Sidewinder APT group’s sophisticated threat landscape reveals a skilled and persistent threat targeting the Nepalese Government entities.  Their focus extends to South Asian governments, with researchers also identifying a recent complex attack on Bhutan. Cybersecurity researchers at Cyfirma recently identified…

Read more →

SMTP (Simple Mail Transfer Protocol) smuggling is a technique where attackers exploit the inconsistencies in how proxy servers or firewalls analyze and handle the SMTP traffic.  Threat actors can smuggle malicious payloads or evade detection by exploiting these inconsistencies. This…

Read more →

Attackers have been exploiting the Apache ActiveMQ Vulnerability (CVE-2023-46604) to steal data and install malware constantly. Using the Apache ActiveMQ remote code execution vulnerability, the Andariel threat group was found to be installing malware last month. Their primary targets are national…

Read more →

QakBot (aka Qbot) primarily targets financial institutions since it is a sophisticated banking trojan and malware. This malware can facilitate more malicious acts, such as the following, by infecting Windows systems and stealing confidential data, such as banking credentials:- Besides…

Read more →

3CX, a VoIP communications firm, has advised customers to disable SQL Database integrations due to the risks posed by a potential vulnerability. A SQL Injection vulnerability in 3CX CRM Integration has been identified as CVE-2023-49954. An attacker can manipulate an application’s database…

Read more →

The 8220 hacker group, which was first identified in 2017 by Cisco Talos, is exploiting both Windows and Linux web servers with crypto-jacking malware. One of their recent activities involved the exploitation of Oracle WebLogic vulnerability (CVE-2017-3506) and Log4Shell (CVE-2021-44228).…

Read more →

Goodbye, third-party cookies. Hello, Tracking Protection!  Chrome, the world’s most popular browser, is taking a major step toward a privacy-first web with the launch of its Tracking Protection feature.  Starting January 4th, this limited rollout marks a turning point in Google’s…

Read more →

Threat actors target Linux systems due to their prevalence in server environments, and cron jobs offer a discreet means of maintaining unauthorized access over an extended period. Kaspersky experts discovered “NKAbuse,” a versatile malware using NKN tech for peer data…

Read more →

Recently, there has been a rise in incidences of hackers using “Remote Administration Tools” to control the infected system and bypass protection technologies. Remote administration tools are software that allows managing and controlling terminals from a remote location.  The tools can…

Read more →

Windows Defender is a built-in antivirus and anti-malware software developed by Microsoft for Windows operating systems.  It provides real-time protection against various threats, including:- Cybersecurity researchers at Fox-IT recently discovered that revived Windows Defender Quarantine folder metadata helps in boosting…

Read more →

In a recent turn of events, Ledger, a prominent hardware wallet provider, faced a security breach that sent shockwaves through the cryptocurrency community.  The breach, initiated by a malevolent version of the npm package @ledgerhq/connect-kit, posed a severe risk to…

Read more →

In early October 2023, a DNA testing company for ancestry discovery purposes, 23andMe, disclosed that it suffered a data breach. On the 5th of December 2023, the company shared that the data breach was more damaging than was initially reported.…

Read more →

Cybercriminals employ numerous tactics to infiltrate endpoints and scripts are among the most destructive. You can trigger an infection chain by clicking on a seemingly innocuous document, potentially compromising your entire network. To prevent this, analyzing suspicious files in malware…

Read more →

A new type of phishing attack known as BazarCall has emerged, and it’s using a clever technique to make it appear more legitimate. The attack utilizes a Google Form to trick unsuspecting victims into divulging sensitive information. The method of…

Read more →

Volt Typhoon, also known as the Bronze Silhouette, has been discovered to be linked with a complex botnet called “KV-botnet.” The threat actor has been using this botnet to target Small Office/Home Office routers since at least February 2022. Their…

Read more →

Red Balloon Security, Narf Industries, and MITRE collaborated to create the EMB3D Threat Model, which offers a shared knowledge of the risks embedded devices experience and the security measures needed. The EMB3D model is a comprehensive framework that focuses specifically…

Read more →

AI (Artificial Intelligence) has significantly revolutionized software engineering with several advanced AI tools like ChatGPT and GitHub Copilot, which help boost developers’ efficiency.  Besides this, two types of AI-powered coding assistant tools emerged in recent times, and here we have…

Read more →

The Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and other co-authoring agencies have issued a warning that Russian Foreign Intelligence Service (SVR) cyber actors are widely exploiting CVE-2023-42793, aiming their attacks at servers that host JetBrains TeamCity…

Read more →

In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) unveils the Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines.  This architectural marvel establishes a robust groundwork, elevating data security across nine…

Read more →

Phishing, a persistent cyberthreat, has evolved with the times. Once a symbol of convenience, QR codes are now being weaponized by attackers through Quishing.  This alarming trend demands attention, as it exposes both individuals and organizations to significant risks. Interpol’s…

Read more →

A critical security flaw has been discovered in the Sophos Firewall User Portal and Webadmin, allowing hackers to execute malicious code remotely. The vulnerability enables attackers to inject harmful code into the software, which if exploited, can result in a…

Read more →

Researchers discovered two vulnerabilities in pfSense CE related to Cross-Site Scripting (XSS) and Command Injection that allow an attacker to execute arbitrary commands on a pfSense appliance. An attacker with RCE capabilities can control the firewall, monitor traffic on the…

Read more →

Microsoft has released their patches for December 2023 as part of their Patch Tuesday. In this release, they have patched more than 34 vulnerabilities and one zero-day. Among the 34 vulnerabilities patched, there were 4 Critical severity vulnerabilities and 30…

Read more →

San Francisco resident Miklos Daniel Brody, 38, took revenge on his former employer, a bank, by hacking valuable computer code and damaging the bank’s cloud system. And the Cloud Engineer Sentenced. After stealing information from and purposefully damaging a protected computer, he…

Read more →

Hackers use ransomware to encrypt victims’ files and demand payment (usually in cryptocurrency) for the decryption key.  This malicious tactic allows them to extort money from the following entities by exploiting vulnerabilities in their digital systems:- In May 2023, this…

Read more →

Toyota Financial Services (TFS) notifies customers after a data breach that exposed personal and sensitive financial information. In a limited number of locations, including Toyota Kreditbank GmbH in Germany, Toyota Financial Services Europe & Africa has discovered unauthorized activity on…

Read more →

Cloud security is becoming a central part of any organization’s cybersecurity strategy. However, in most organizations, the teams managing cloud operations work separately from those that manage security. CloudSecOps is setting out to change that. CloudSecOps is about integrating security…

Read more →