There was an advertisement by a discord user with the handle “Portu” that exploded over the internet on April 23rd, 2022 for a new password-stealing malware builder. It is a sort of program that enables so-called script kiddie hackers, to construct their own executables from scratch. Recently, the threats analysts at Uptycs have discovered, in […]

The post KurayStealer – Tool Sold to Criminals that Have Password Stealing and Screenshot Capabilities appeared first on GBHackers On Security.

The majority of top-ranked websites (100,000 websites) include malicious keyloggers that are designed to capture every single character that you type or enter in forms before submitting like:- Signing up for a Newsletter Making a hotel reservation Checking out online The top 100,000 websites were crawled and analyzed by researchers at the following universities:- The […]

The post Some Top 100,000 Websites Placing Keylogger to Collect Everything You Type appeared first on GBHackers On Security.

Several hackers have newly begun exploiting a recently patched critical vulnerability, identified as CVE-2022-30525, which is affecting business firewall and VPN devices from Zyxel. In response to this vulnerability, the cybersecurity experts at Rapid7 have discovered that a number of Zyxel firewalls supporting ZTP like the ATP series, the VPN series, and the USG FLEX […]

The post Hackers Exploiting a Critical Vulnerability in Zyxel Firewall & VPN Devices appeared first on GBHackers On Security.

Chinese real estate biz giant Lianjia’s former database administrator, Han Bing (40-year-old), has been sentenced to 7 years in prison for hacking the corporate company’s systems and wiping their data. Bing allegedly deleted all stored data from two database servers and two application servers using his administrative privileges and a “root” account in June 2018. […]

The post Frustrated IT Admin Gets 7 Years in Prison for Wiping Employer’s Databases appeared first on GBHackers On Security.

The focus of an ongoing attack against Israeli, American, European, and Australian organizations has been reported to have been provided by a ransomware group with an Iranian operational link. Secureworks, a security firm has correlated the intrusions to a threat actor tracked with “Cobalt Mirage” alias, which is allegedly linked to an Iranian hacking  group […]

The post Iranian Hackers Using BitLocker & DiskCryptor to Conduct Ransomware Attacks in U.S. appeared first on GBHackers On Security.

Using vulnerabilities in Web frameworks and WordPress, the Sysrv botnet now targets vulnerable Windows and Linux servers to deploy crypto-mining malware. This new variant (tracked as Sysrv-K) discovered by Microsoft may now scan WordPress and Spring deployments for unpatched code. Here’s what the Microsoft Security Intelligence team stated:- “The new variant, which we call Sysrv-K, […]

The post Sysrv botnet Attack Windows, Linux Servers with New Exploits – Microsoft appeared first on GBHackers On Security.

On Thursday, a Ukrainian man (a 28-year-old) was sentenced to four years in federal prison for selling decrypted usernames and passwords online and ordered to pay back illegal profits. In an interview with some of his co-conspirators, Glib Oleksandr Ivanov-Tolpintsev from Chernivtsi in southwest Ukraine asserted that he was able to breach the security mechanisms […]

The post Ukrainian Imprisoned for Stealing Thousands of Login Credentials Per Week & Selling appeared first on GBHackers On Security.

The latest reports observe a rise in malicious cyber activity targeting managed service providers (MSPs) and anticipate this trend to continue. The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory along with Federal law enforcement partners and international allies that warn of an increase in malicious cyber activity targeting MSPs. “The UK, […]

The post FBI, CISA, and NSA Warns of Cyberattacks Targeting MSPs appeared first on GBHackers On Security.

Google introduced virtual cards on Chrome and Android to keep payment information safe and secure in online payments. At present, more cyberattacks than ever are happening on a broader, global scale. The targets of these attacks are not just major companies or government agencies, but hospitals, energy providers, banks, schools, and individuals. With virtual cards, […]

The post Android and Chrome to Generate Virtual Cards to Keep Payment Information Safe appeared first on GBHackers On Security.

The government of Bangladesh has been targeted more than once by Bitter, an APT group that focuses on cyberespionage. It has developed a new malware that enables it to download and execute remote files. A typical example of Bitter’s targeting scope, which has not changed since 2013, is the campaign, which has been ongoing since […]

The post Bitter APT Hackers Uses Non-existent Email Account/Domain To Send Weaponized Emails appeared first on GBHackers On Security.

There has been the discovery of a new remote access trojan called Nerbian RAT by the researchers at Proofpoint, which has a number of advanced features. There are a number of features included in this new RAT that helps it avoid analysis by researchers and detection as well. Go is the programming language of this […]

The post Nerbian RAT Malware Delivered Using Word Documents That Include Malicious Macro Code appeared first on GBHackers On Security.

The Microsoft Azure Synapse service has been identified as unsafe to use, and Orca Security has issued a security advisory for CVE-2022-29972.  It was found that the integration runtime (IR) used by the Azure-affected services to connect to Amazon Redshift is vulnerable to this security hole in the third-party Open Database Connectivity (ODBC) data connector. […]

The post Critical Vulnerability in Azure Synapse Let Attackers Control other Customers’ Workspaces appeared first on GBHackers On Security.

The database containing 10GB worth of user information of three VPN services such as ChatVPN, SuperVPN, and GeckoVPN was leaked in the Telegram Groups. On May 7th, 2022, the data of 21 million users was leaked, exposing the personal details and login credentials of the users. The Data Breach: Telegram uses encryption and offers its […]

The post 21 Million Records of VPN Users Leaked on Telegram appeared first on GBHackers On Security.

Dell LLC has reportedly been ordered to pay almost $11 million to a local integrator by a Moscow arbitration court after failing to provide paid services. While Dell refused to provide technical support to VMware as previously promised, prompting a lawsuit by IT systems integrator Talmer early last month. Until March 1, 2022, it was […]

The post Dell & Apple to Face Lawsuit After the Company Failed to Provide paid-for Services appeared first on GBHackers On Security.

Lincoln College is a private college in Lincoln, Illinois, United States, declared that it will be closing its doors because of a cascade of problems brought on by a recent cyberattack. It has been serving students from across the globe for more than 157 years. According to the announcement published on the college website, “Lincoln […]

The post Lincoln College Closed its Doors after 157 Due to Recent Cyber Attack appeared first on GBHackers On Security.

NAS device maker QNAP released software updates for its network-attached storage (NAS) products on Friday. While this updated software package is focused on patching multiple security flaws. All these flaws could enable the threat actors to get access and steal sensitive data. Among all the detected vulnerabilities, there is one that could allow the threat […]

The post Multiple QNAP Flaws Let attackers to Access and Read Sensitive Data appeared first on GBHackers On Security.

It seems that credit card theft services are getting increasingly popular, and among them, one of the new in the market that is gaining massive popularity, is Caramel Skimmer.  The increasing popularity of such services may imply that low-skilled fraudulent actors will have easy and automated access to banking services in the future. A credit […]

The post Caramel Skimmer – Credit Card Stealing Service Sells 2,000 USD For Lifetime Subscription appeared first on GBHackers On Security.

Cybersecurity analysts have discovered an unknown malware campaign combining two methods never before employed by the cybercriminals to infect victims’ machines with fileless malware. Shellcode can be injected directly into Windows event log files using this technique. The Windows event logs can thus be used by adversaries to hide their malicious Trojans in the process […]

The post Attackers Inject Fileless Malware Directly into Windows Event Logs appeared first on GBHackers On Security.

Experts from Trellix discovered that VHD Ransomware was linked to North Korea’s cyber army. The cyber-army of North Korea has been divided into several units, all of which have different tasks and report to ‘Bureau (or Lab) 121’. Unit 180, also known as APT38 is responsible for the attacks on foreign financial systems, including banks […]

The post VHD Ransomware Linked to North Korea’s Cyber-Army Targets Financial Institutions appeared first on GBHackers On Security.

Apple, Google, and Microsoft announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. This allows websites and apps to offer consistent, secure, and easy passwordless sign-ins to consumers across devices and platforms.  Google says, “This will simplify sign-ins across devices, websites, and […]

The post Google to Implement Passwordless Logins in Android and the Chrome Web Browser appeared first on GBHackers On Security.