Several popular video games are now being infected with the brand new Erbium malware, which steals personal and sensitive information.  The spread of this malware is happening because hackers are disguised as cracks and cheats for popular video games. Hackers are using them to steal the credentials and cryptocurrency wallets of victims. In the cybercrime […]

The post Hackers Deliver Erbium Password-Stealing Malware Through Fake Cracks and Cheats appeared first on GBHackers On Security.

Researchers from HUMAN’s Satori Threat Intelligence team found a new adware operation named ‘Scylla’, which is the third wave of an attack reported in August 2019 dubbed ‘Poseidon’. The second wave, indeed from the same threat actor, was called ‘Charybdis’ and cropped up in late 2020. Reports say Apps related with Scylla operation have been […]

The post Over 75 Applications on Google Play with 13M Installations Deliver Adware appeared first on GBHackers On Security.

The ISC (Internet Systems Consortium) released a security patch this week in an attempt to address six vulnerabilities that could allow remote attackers to take control of BIND DNS servers. In total, four of the six vulnerabilities were rated as ‘high severity’ due to their denial of service (DoS) nature. Vulnerabilities Here below we have […]

The post BIND DNS Software High-Severity Flaws Let Hackers Remotely Trigger the Attack appeared first on GBHackers On Security.

Microsoft 365 Defender Research Team analysed the new version of previously reported info-stealing Android malware, delivered through an SMS campaign. This new version has remote access trojan (RAT) capabilities, targeting the customers of Indian banks. The Message contains links that points to the info-stealing Android malware, leading the user to download a fake banking rewards […]

The post Beware of Fake Indian Rewards Apps That Installs Malware on Your Devices appeared first on GBHackers On Security.

WhatsApp silently fixed two critical zero-day vulnerabilities that affect both Android & iOS versions allowing attackers to execute an arbitrary code remotely. Facebook-owned privacy-oriented messenger WhatsApp is one of the Top-ranked Messenger apps with more than Billion users around the world in both Android and iPhone. Both vulnerabilities are marked under “critical” severity with a […]

The post New WhatsApp 0-Day Bug Let Hackers Execute a Code & Take Full App Control Remotely appeared first on GBHackers On Security.

A British 17-year-old teen has been detained recently (Thursday 22 September 2022) by the City of London Police in connection with recent cyberattacks that have been reported by authorities. While this arrest was officially announced by London Police on Twitter. The National Crime Agency of the UK supported the hacking investigation that led to the […]

The post UK Police Arrests 17-Yr-Old Teen Hacker Believed to be Behind Uber & Rockstar Hacks appeared first on GBHackers On Security.

CISA’s bug catalog has been updated with a new vulnerability related to Java deserialization, which has been exploited in the wild by malicious threat actors. As this vulnerability affects multiple Zoho ManageEngine products that are affected. CVE-2022-35405 has been assigned to this vulnerability and is exploitable via low-complexity attacks that do not require the interaction […]

The post RCE Bug in ZOHO Products Let Hackers Execute Arbitrary Code Remotely appeared first on GBHackers On Security.

Sansec Threat Research Team noticed a surge in Magento 2 template attacks. This critical template vulnerability in Magento 2 tracked as (CVE-2022-24086) is increasing among eCommerce cyber criminals. The vulnerability allows unauthenticated attackers to execute code on unpatched sites. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. More than 150,000 […]

The post Critical Magento Vulnerability Let Unauthenticated Attackers to Execute Code appeared first on GBHackers On Security.

Cyber Security operations center is protecting organizations and sensitive business data of customers. It ensures active monitoring of valuable assets of business with visibility, alerting and investigating threats and a holistic approach to managing risk. Analytics service can be in-house or managed security service. Collecting event logs and analyzing logs with real-world attacks is the […]

The post Diving Deeper to Understand the Windows Event logs for Cyber Security Operation Center (SOC) appeared first on GBHackers On Security.

The cybersecurity researchers at Trellix have recently identified a 15-year-old Python bug that has been found to potentially impact 350,000 open-source repositories. There is a possibility that this bug could lead to the execution of code. This 15-year-old Python bug was disclosed in 2007 and has been tracked as CVE-2007-4559. Despite this, no patch was […]

The post 15-Year-Old Python Bug Let Hacker Execute Code in 350k Python Projects appeared first on GBHackers On Security.

What is the biggest security threat in your company? As it turns out, it’s not some AI-powered machine learning super virus or pernicious and anonymous cybercrime syndicate. It’s not the latest and greatest in botnets, malware, or spyware either. Sure, these can be scary, and they are worth protecting against. The headlines report the increased […]

The post How to Spot Your Biggest Security Threat? Just Look out for the Humans appeared first on GBHackers On Security.

On the day of June 27, 2022, Imperva, an internet cybersecurity company mitigated over 25.3 billion requests as part of a DDoS attack. A new record in the field of DDoS mitigation has been set by its solution. A Chinese telecommunications company that has not been named was targeted in the attack. This furious attack […]

The post Hackers Launched Record DDoS Attack with 25.3 Billion Requests in 4 Hours appeared first on GBHackers On Security.

Oxeye, the provider of award-winning cloud-native application security, today announced that its security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware.  Harbor is an open-source cloud native registry project that stores, signs and scans content. It […]

The post High Severity IDOR Bugs inCNCF ‘Harbor’ Project by VMware appeared first on GBHackers On Security.

Many will likely think that the answer to this question is a no-brainer. After all, reminders about preparing for cyberattacks are part of the endless stream of cybersecurity-related content posted online. Ads on addressing threats are also ubiquitous. There is more than enough information about attaining proactive security being freely shared online. However, cybersecurity management […]

The post How To Optimize and Modernize Threat Exposure Management appeared first on GBHackers On Security.

An ongoing, widespread Chromeloader malware campaign has been warned by Microsoft and VMware. It has been identified that this malicious campaign is dropping node-WebKit malware and ransomware, as well as dangerous browser extensions. ChromeLoader was observed in the wild for the first time in January 2022 for Windows users and in March 2022 for Mac […]

The post Chromeloader Malware Drops Malicious Browser Extensions to Track User’s Online Activity appeared first on GBHackers On Security.

After hackers compromised an undisclosed number of employee email accounts and accessed sensitive personal information, American Airlines has informed its customers that they have been the victim of a recent data breach. It was revealed via notification letters that were sent to customers that the airline did not have any clue regarding the exposure and […]

The post American Airlines Hacked – Email Accounts Compromised to Gain Personal Data Access appeared first on GBHackers On Security.

It has been discovered recently by the European security and compliance assessment company Onekey that arbitrary code may be injected into multiple Netgear router models through FunJSQ in a malicious manner. In order to accelerate online games, Xiamen Xunwang Network Technology has developed a third-party module known as FunJSQ. In short, FunJSQ is a third-party […]

The post Netgear Router Models With FunJSQ Let Attackers Execute Arbitrary Code appeared first on GBHackers On Security.

Two critical vulnerabilities have been found recently in the wireless LAN devices of Contec. These critical vulnerabilities were discovered by the cybersecurity analysts, Samy Younsi and Thomas Knudsen of Necrum Security Lab. There are two models of the FLEXLAN FXA2000 and FXA3000 series from CONTEC which are primarily used in airplane installations as WiFi access […]

The post Critical Flaws in Airplanes WiFi Access Point Let Attackers Gain Root Access appeared first on GBHackers On Security.

In order to deliver cryptocurrency mining malware, the threat actors are actively exploiting both old and newly discovered vulnerabilities in Oracle WebLogic Server. Recent research by Trend Micro has identified that there is a financially motivated group using Python scripts to exploit the vulnerabilities in Oracle WebLogic Server.  The Security-Enhanced Linux (SELinux) and other OS […]

The post Hackers Exploit WebLogic Vulnerabilities to Deliver Cryptocurrency-Mining Malware appeared first on GBHackers On Security.

Microsoft Edge News Feed is currently being flooded with ads that appear to be sponsored by a widespread malvertising campaign that pushes tech support scams into potential victims’ news streams. Currently, Windows OS computers come with the Microsoft Edge web browser installed as the default web browser.  A global share of 4.3% is currently held […]

The post Hackers Use Microsoft Edge’s News Feed to Redirect Websites Pushing Tech Support Scams appeared first on GBHackers On Security.