GBHackers On Security
27,755 FOLLOWERS
GBHackers on Security is a Cyber Security platform that covers daily Cyber Security News, Hacking News, Technology updates, and SOC Resources, Kali Linux tutorials. Their mission is to keep the community up to date with happenings in the Cyber World. Their blog features technological articles, cyber security, AI, and more.
GBHackers On Security
11h ago
AI-powered generative tools have supercharged phishing threats, so even newbie attackers can effortlessly create refined, individualized campaigns.
Protecting data and systems from this democratization of phishing abilities gives a new challenge for the defenders.
Zscaler’s Phishing Report 2024 is based on an analysis of more than 2 billion phishing reports that occurred in 2023 and provides insights into future trends, current campaigns, prime targets within various regions/industries/brands as well as threat actors using AI.
This report demonstrates the need for constant alertness and zero t ..read more
GBHackers On Security
11h ago
The widely used MySQL2 has been discovered to have three critical vulnerabilities: remote Code execution, Arbitrary code injection, and Prototype Pollution.
These vulnerabilities have been assigned with CVE-2024-21508, CVE-2024-21509, and CVE-2024-21511.
The severity of these vulnerabilities ranges from 6.5 (Medium) to 9.8 (Critical). While only one of these vulnerabilities has been patched, the other two remain and must be fixed by the Vendor.
MySQL2 Flaw Vulnerability
According to the reports shared with Cyber Security News, the node-mysql2 library allows users to connect to the databa ..read more
GBHackers On Security
11h ago
This campaign is observed to be targeting multiple countries, including the U.S., Nigeria, Germany, Egypt, the U.K., Poland, the Philippines, Norway, and Japan.
The threat actor behind this ongoing campaign has been identified as “CoralRaider, ” whose Tactics, Techniques, and Procedures (TTPs) overlap with the current campaign.
The threat actor’s previous campaigns, which included using a Windows Shortcut file, identical PowerShell Decryptor and Payload download scripts, and FoDHelper techniques for bypassing UAC (User Access Control) on the victim machine, are similar.
CoralRaider Hacke ..read more
GBHackers On Security
13h ago
A new type of Remote Access Trojan (RAT) named Spyroid has been identified.
This malicious software is specifically designed to infiltrate Android systems, stealing confidential data and compromising user privacy.
What is Spyroid RAT?
Spyroid RAT is a sophisticated malware that targets Android devices.
Once installed, it grants cybercriminals unauthorized access to the device.
This access allows them to steal sensitive information such as login credentials, financial data, and personal messages.
The Trojan operates silently, making it difficult for users to detect its presence until it’s too l ..read more
GBHackers On Security
14h ago
Analysts from Silent Push, a data analytics firm, have uncovered several UK government websites sending user data to a controversial Chinese advertising technology vendor, Yeahmobi.
This discovery raises significant concerns about privacy and the integrity of data handling by public sector organizations.
Data Collection Methods
Silent Push’s investigation began with implementing three core ad tech standards—ads.txt, app-ads.txt, and sellers.json—into their data collection practices.
These standards are crucial for transparency in digital advertising, providing clear information about which com ..read more
GBHackers On Security
16h ago
Law enforcement operations disrupted BlackCat and LockBit RaaS operations, including sanctions on LockBit members aiming to undermine affiliate confidence.
In response, LockBit publicly exposed an affiliate payment dispute, potentially causing further affiliate migration.
The behavior of a major RaaS group is puzzling, as the financial loss from the dispute seems insignificant compared to the reputational damage.
The disappearance of RaaS groups like BlackCat disrupts ransomware affiliates, forcing them to decide their next steps.
Some may exit cybercrime entirely, while others may ..read more
GBHackers On Security
16h ago
IBM is reportedly close to finalizing negotiations to acquire HashiCorp, a prominent cloud infrastructure software market player.
This potential acquisition is part of IBM’s transformation into a hybrid cloud and AI-focused enterprise.
Potential Acquisition Details
Sources close to the matter indicate that IBM could soon reach an agreement to acquire San Francisco-based HashiCorp.
While the discussions are advanced, there remains a possibility that the talks could fall through without resulting in a deal.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Down ..read more
GBHackers On Security
18h ago
The United States Justice Department has announced big rewards for information leading to the capture of four Iranian nationals.
These individuals are accused of conducting a sophisticated multi-year cyber campaign against American companies.
The announcement underscores the gravity of cyber threats and the U.S. government’s commitment to countering such illegal activities.
The indictment, unsealed in a Manhattan federal court, names Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab as the perpetrators behind a concerted effort to compromise the U.S. governmen ..read more
GBHackers On Security
2d ago
When cyber attacks strike, it’s rarely a single computer that suffers. Nowadays, cybercriminals set their sights on corporate networks, aiming to infiltrate and compromise multiple systems. But how do these bad actors manage to breach large networks?
It all starts with a foothold. Whether through brute-force attacks on remote desktop protocols, exploiting vulnerabilities in public-facing applications, or cleverly crafted phishing emails that lure unsuspecting employees, cybercriminals find their way in. Once inside, they start their lateral movement—exploring the network, seeking out valuable ..read more
GBHackers On Security
2d ago
To combat the misuse of commercial spyware, the United States Department of State has announced visa restrictions on 13 individuals linked to developing and selling these invasive technologies.
This decision underscores a broader initiative by the U.S. government to address the proliferation of spyware that threatens personal privacy, national security, and human rights.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide
Crackdown on Spyware Misuse
Matthew Miller, the Department Spokesperson, revealed the new measures in a press statement d ..read more