A security flaw has been identified in Tinyproxy, a lightweight HTTP/HTTPS proxy daemon widely used in small network environments. The vulnerability, cataloged under CVE-2023-49606, allows remote attackers to execute arbitrary code on the host machine. This flaw poses a critical…
Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Ex-Cybersecurity Consultant Jailed For Trading Confidential Data
Vincent Cannady, a professional who used to work as a consultant in the cybersecurity field, has been taken into custody for allegedly trying to extort a sum of money that could go up to $1.5 million from an IT company…
Mal.Metrica Malware Hijacks 17,000+ WordPress Sites
Infected websites mimic legitimate human verification prompts (CAPTCHAs) to trick users, who often request seemingly innocuous clicks, resembling past CAPTCHA challenges. Clicking initiates a malicious redirect, exposing users to scams or malware exploiting user familiarity with CAPTCHAs, bypassing suspicion, and…
ApacheMQ Authentication Flaw Let Unauthorized Users Perform Multiple Actions
Apache ActiveMQ is a Java based communication management tool for communicating with multiple components in a server. It is an open-source widely used messaging service that can be used to send messages between two or more applications. However, Apache ActiveMQ…
Hackers Exploit Microsoft Graph API For C&C Communications
An emerging threat leverages Microsoft’s Graph API to facilitate command-and-control (C&C) communications through Microsoft cloud services. Recently, security analysts at Symantec discovered a previously undocumented malware called BirdyClient or OneDriveBirdyClient. This malware targeted an organization in Ukraine. It abused Microsoft…
68% of Data Breach Occurs Due to Social Engineering Attacks
In the latest edition of Verizon’s Data Breach Investigations Report (DBIR) for 2024, a concerning trend has been highlighted, a significant 68% of data breaches are now occurring due to social engineering attacks. This revelation underscores the increasing sophistication and…
U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers
The United States government has issued a stark warning about a new wave of social engineering attacks orchestrated by North Korean hackers. The Department of State, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have jointly…
Threat Actors Renting Out Compromised Routers To Other Criminals
APT actors and cybercriminals both exploit proxy anonymization layers and VPN nodes to mask their malicious activities, while Pawn Storm, a well-known APT group, infiltrated a cybercriminal botnet of compromised Ubiquiti EdgeRouters in 2022 and used it for espionage. The…
Cisco IP Phone Vulnerability Let Attackers Trigger DoS Attack
Cisco has disclosed multiple vulnerabilities in its IP Phone firmware that could severely impact users by allowing unauthenticated, remote attackers to perform denial of service (DoS) attacks, gain unauthorized access, and view sensitive information. These vulnerabilities affect several Cisco IP…
New “Goldoon” Botnet Hijacking D-Link Routers to Use for Other Attacks
Security researchers at FortiGuard Labs discovered a new botnet in April that exploits a weakness in D-Link devices. Dubbed “Goldoon,” this botnet has been observed exploiting a nearly decade-old security flaw, CVE-2015-2051, to gain unauthorized control over affected routers and…