A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software’s web-based management interface. This vulnerability could potentially allow authenticated, remote attackers to conduct SQL injection attacks on affected systems. This vulnerability, tracked as CVE-2024-20360, poses significant risks,…
Category: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Hackers Exploit WordPress Plugin to Steal Credit Card Data
Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting WooCommerce online stores to steal credit card information. This alarming trend highlights the persistent threat cybercriminals pose and the need for robust security measures in the…
Google Patches Chrome Zero-Day: Type Confusion in V8 JavaScript
Google has released a patch for a zero-day exploit in its Chrome browser. The vulnerability, identified as CVE-2024-5274, involves a confusion issue in the V8 JavaScript engine, which could allow attackers to execute arbitrary code on affected systems. CVE-2024-5274 –…
Hackers Created Rogue VMs in Recent MITRE’s Cyber Attack
State-sponsored hackers recently exploited vulnerabilities in MITRE’s Networked Experimentation, Research, and Virtualization Environment (NERVE). They used rogue virtual machines (VMs) to evade detection and maintain persistence in a cyberattack. The attack, attributed to a China-linked group tracked as UNC5221, underscores…
Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program
In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing ZIP and RAR attachments to distribute SMOKELOADER malware. The most recent attacks involve emails that carry Microsoft Access files and ZIP archives that, when opened, install…
Chinese Hackers Stay Hidden On Military And Government Networks For Six Years
Hackers target military and government networks for varied reasons, primarily related to spying, which involves interference in the functioning of critical infrastructure. This is mainly because these networks hold sensitive data and command systems that if tampered with can be…
NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers
Zero Trust Maturity measures the extent to which an organization has adopted and implemented the Zero Trust security model. It calculates how fully a company has adopted Zero Trust’s foundational concepts, such as stringent authentication of each user, device, and…
Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities
The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining attacks in the cloud. Unlike on-premises infrastructure, whereby it is difficult to scale up resources, cloud environments enable attackers to deploy resources for cryptomining rapidly, making…
Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft
Gift cards are attractive to hackers since they provide quick monetization for stolen data or compromised systems. Reselling gift cards is simple, and they can also be converted into money, which makes them a comparatively risk-free means of ensuring threat…
DNSBomb : A New DoS Attack That Exploits DNS Queries
A new practical and powerful Denial of service attack has been discovered that exploits DNS queries and responses. This new attack has been termed “DNSBomb,” which transforms different security mechanisms employed by DNS, including reliability enhancement, security protection, timeout, query…