In a groundbreaking stride towards fortifying cloud security, the Cybersecurity and Infrastructure Security Agency (CISA) unveils the Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines. This architectural marvel establishes a robust groundwork, elevating data security across nine…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Quishing: New Sophisticated Phishing Attacks on the Rise
Phishing, a persistent cyberthreat, has evolved with the times. Once a symbol of convenience, QR codes are now being weaponized by attackers through Quishing. This alarming trend demands attention, as it exposes both individuals and organizations to significant risks. Interpol’s…
Sophos Firewall Code Injection Flaw: Let Attackers Execute Remote Code
A critical security flaw has been discovered in the Sophos Firewall User Portal and Webadmin, allowing hackers to execute malicious code remotely. The vulnerability enables attackers to inject harmful code into the software, which if exploited, can result in a…
Microsoft’s 2023 Final Patch: 34 Vulnerabilities Including Critical 0-Day Fixed
Microsoft has released their patches for December 2023 as part of their Patch Tuesday. In this release, they have patched more than 34 vulnerabilities and one zero-day. Among the 34 vulnerabilities patched, there were 4 Critical severity vulnerabilities and 30…
Cloud Engineer Sentenced for Deleting Ex-employer’s Code Repos & Logs
San Francisco resident Miklos Daniel Brody, 38, took revenge on his former employer, a bank, by hacking valuable computer code and damaging the bank’s cloud system. And the Cloud Engineer Sentenced. After stealing information from and purposefully damaging a protected computer, he…
1,450+ pfSense Servers Vulnerable to Remote Code Execution Attacks via Exploit Chain
Researchers discovered two vulnerabilities in pfSense CE related to Cross-Site Scripting (XSS) and Command Injection that allow an attacker to execute arbitrary commands on a pfSense appliance. An attacker with RCE capabilities can control the firewall, monitor traffic on the…
Rhysida Ransomware Attacking Government & IT Industries Worldwide
Hackers use ransomware to encrypt victims’ files and demand payment (usually in cryptocurrency) for the decryption key. This malicious tactic allows them to extort money from the following entities by exploiting vulnerabilities in their digital systems:- In May 2023, this…
Toyota Ransomware Attack Exposes Customers Personal Data
Toyota Financial Services (TFS) notifies customers after a data breach that exposed personal and sensitive financial information. In a limited number of locations, including Toyota Kreditbank GmbH in Germany, Toyota Financial Services Europe & Africa has discovered unauthorized activity on…
What is CloudSecOps? – A Complete Security Operations Guide – 2024
Cloud security is becoming a central part of any organization’s cybersecurity strategy. However, in most organizations, the teams managing cloud operations work separately from those that manage security. CloudSecOps is setting out to change that. CloudSecOps is about integrating security…
WordPress Plugin Flaw Exposes 90K+ Websites to Hack Attack
Over 90,000 websites are currently at risk due to a vulnerability found in the WordPress Backup Migration Plugin. This vulnerability has enabled unauthenticated remote code execution, making it possible for potential attackers to gain access to these websites. A group…