The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed that the North Korean hacker group Lazarus was using it to launder funds that had been stolen. Millions of dollars worth of virtual currency from Lazarus Group…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
CISA Warns Hackers Exploiting Wastewater Systems Logic Controllers
In a disconcerting turn of events, cyber threat actors have set their sights on Unitronics programmable logic controllers (PLCs) embedded in Water and Wastewater Systems (WWS). This perilous trend casts a looming shadow over the nation’s critical infrastructure, with the…
Zyxel Command Injection Flaws Let Attackers Run OS Commands
Three Command injection vulnerabilities have been discovered in Zyxel NAS (Network Attached Storage) products, which could allow a threat actor to execute system commands on successful exploitation of these vulnerabilities. Zyxel NAS (Network Attached Storage) devices provide fast, secure, and…
North Korean Hackers Attacking macOS Using Weaponized Documents
Hackers often use weaponized documents to exploit vulnerabilities in software, which enables the execution of malicious code. All these documents contain malicious code or macros, often disguised as familiar files, which help hackers gain unauthorized access and deliver malware to…
Most Popular Websites Still Allow Users To Have Weak Passwords
The latest analysis shows that tens of millions of people are creating weak passwords on three of the four most popular websites in the world, which do not fulfill the minimum required standards. Researchers also found that 12% of websites…
Iranian Mobile Banking Malware Steal Login Credentials & Steal OTP Codes
An Android malware campaign was previously discovered that distributed banking trojans targeting four major Iranian Banks: Bank Mellat, Bank Saderat, Resalat Bank, and Central Bank of Iran. There were 40 credential-harvesting applications circulated on Cafe Bazaar between December 2022 and…
Chrome Zero-Day Vulnerability That Exploited In The Wild
Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this year. The flaw, identified as CVE-2023-6345, is classified as an integer overflow in Skia, an open-source 2D graphics library written in C++. “Google is aware that an exploit…
BLUFFS: Six New Attacks that Break Secrecy of Bluetooth Sessions
Six novel Bluetooth attack methods have been discovered, which were named BLUFFS (Bluetooth Forward and Future Secrecy) attacks. These attacks could enable threat actors to impersonate devices or machine-in-the-middle attacks. These attacks have been reported to be at the architectural…
Google Workspace’s Design Flaw Allows Attacker Unauthorized Access
Recent years saw a surge in cloud tech adoption, highlighting the efficiency through tools like Google’s Domain-Wide Delegation. It enables GCP (Google Cloud Platform) identities to perform tasks in GWS (Google Workspace) apps on behalf of Workspace users, streamlining work…
Serial ‘SIM Swapper’ Sentenced to Eight Years in Prison
In a digital age marred by deceit, 25-year-old Amir Hossein Golshan stands as a testament to the dark underbelly of cyberspace. Hailing from downtown Los Angeles, Golshan’s intricate orchestration of fraudulent schemes has earned him a federal prison sentence of…