A recently discovered vulnerability in Bitdefender’s GravityZone Update Server has raised significant security concerns. Identified as CVE-2024-6980, this flaw allows attackers to execute server-side request forgery (SSRF) attacks, potentially compromising sensitive data and systems. With a CVSS score of 9.2,…
Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Beware Of Malicious Crypto Management App That Drains Your Wallet
A forwarded Telegram video advertises heavily discounted, high-profile cryptocurrency projects, enticing viewers with links to a seemingly legitimate second-tier exchange and a concealed malicious link. Through the use of this social engineering strategy, which is intended to lull victims into…
CrowdStrike & Microsoft to Face Lawsuit from Delta Air Lines Following System Crash
Delta Air Lines has enlisted the legal expertise of David Boies, chairman of Boies Schiller Flexner, to seek damages from cybersecurity firm CrowdStrike and tech giant Microsoft. This follows a catastrophic system crash on July 19 that resulted in the…
Voice Over Wi-Fi Vulnerability Let Attackers Eavesdrop Calls And SMS
Users use Voice Over Wi-Fi (VoWiFi) quite frequently nowadays, as it’s a technology that enables them to make voice calls over a Wi-Fi network. This technology does so without relying on traditional cellular networks. Besides this, doing so allows the…
Germany has accused China of Attack on Critical Infrastructure Since 2021
Following extensive analyses and investigations by German security authorities, the Federal Government has officially attributed responsibility for a significant cyberattack on the Federal Office of Cartography and Geodesy (BKG) at the end of 2021 to Chinese state actors. The federal…
OAuth Vulnerability Exposes 1 Million Websites To XSS Attacks
Despite robust defenses, Cross-Site Scripting (XSS) remains a persistent web vulnerability, as its exploitation has become increasingly challenging. A recent discovery highlights how integrating OAuth, a modern authentication standard, with vulnerable websites can resurrect XSS risks. By manipulating OAuth flows…
World Wide Web Consortium Opposed Google’s Decision on Third-party cookies
The World Wide Web Consortium (W3C) has strongly opposed Google’s decision to halt the deprecation of third-party cookies. The W3C has updated its Technical Architecture Group (TAG) finding to emphasize the necessity of removing third-party cookies due to their inherent…
New Specula Tool Turning Outlook as a C2 Server by Leveraging Registry
Cybersecurity firm TrustedSec has unveiled a powerful new tool called Specula. It exploits a longstanding vulnerability in Microsoft Outlook to transform it into a Command and Control (C2) server. This revelation has sent shockwaves through the cybersecurity community, highlighting a…
Meta paid a $1.4 Billion Settlement for the Unauthorized Capture of Personal Biometric Data
Texas Attorney General Ken Paxton has secured a $1.4 billion settlement with Meta Platforms Inc. (formerly known as Facebook) over the unauthorized capture and use of millions of Texans’ personal biometric data. This settlement marks the largest privacy settlement ever…
Chrome Security Update: Patch for Critical Flaw that Leads to Exploitation
Google has rolled out a new security update for its Chrome browser, addressing several critical vulnerabilities. The update on the Stable channel brings Chrome to version 127.0.6533.88/89 for Windows and Mac, and 127.0.6533.88 for Linux. The update will be distributed…