A new financially motivated threat group named “LUCR-3” has been discovered targeting organizations to steal intellectual property for extortion. This threat actor surpasses Scatter Spider, Oktapus, UNC3944, and Storm-0875. LUCR-3 is targeting Fortune 2000 companies in various sectors, which include…
Category: GBHackers – Latest Cyber Security News | Hacker News
Is QakBot Malware Officially Dead?
Only a few malware families can claim to have persisted for nearly twenty years, and QakBot (also referred to as QBot) stands among them as one of the most enduring. Since its first appearance in 2008, it has been deployed…
System Admin Pleads Guilty for Selling Pirated Business Phone Software Licenses
For taking part in a large international scheme to earn millions of dollars by selling pirated business telephone system software licenses, a computer system admin and his spouse pled guilty. Software licenses with a retail value of over $88 million are…
Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code
If you use Trend Micro Apex One, you should know that the third-party Antivirus uninstaller feature may have a security hole. This flaw could make it possible for random code to be run. Even though the National Vulnerability Database (NVD)…
T-Mobile App Glitch Exposes Other User’s Sensitive Data
The mobile application of T-Mobile has recently been a cause of concern among its customers due to issues concerning privacy. Users have reported accessing sensitive information belonging to other customers when logging into their own accounts. This alarming situation has…
China Accuses the US of Hacking Huawei Servers Since 2009
Huawei is known for its telecommunications equipment and consumer electronics, including smartphones, and the USA banned Huawei primarily due to national security concerns. As the Chinese government may utilize Huawei’s technology for spying, the U.S. government claimed that the business…
Bumblebee Malware Abuses WebDAV Protocol to Attack Organizations
In recent cybersecurity news, the notorious Bumblebee loader has made a resurgence in a new campaign, posing a significant threat to organizations’ digital security. This loader, often used as a stepping stone for ransomware attacks, had taken a pause but…
Nagios Monitoring Tool Vulnerabilities Let Attackers SQL Queries
Nagios XI is a prominent and frequently used commercial monitoring system for IT infrastructure and network monitoring. Vulnerability Research Engineer Astrid Tedenbrant found four distinct vulnerabilities in Nagios XI (version 5.11.1 and below) while conducting routine research. By making use…
Hackers Attacking Telecoms Servers With HTTPSnoop Malware
In 2022, state-sponsored actors and advanced adversaries consistently targeted telecoms globally, making it a top sector in Talos IR cases. Telecom firms with critical infrastructure assets are prime targets due to their role in national networks and as potential gateways…
Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code
Recent reports indicate that Fortinet FortiOS has been discovered with Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, which threat actors can use for malicious purposes. These vulnerabilities have been given the CVE IDs CVE-2023-29183 and CVE-2023-34984. The severity…