A critical vulnerability in Ray, an open-source AI framework that is widely utilized across various sectors, including education, cryptocurrency, and biopharma. This vulnerability, known as CVE-2023-48022, has been under active exploitation for the past seven months, allowing attackers to hijack…
Tag: GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
Chinese Hackers Attacking Southeast Asian Nations With Malware Packages
Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two Chinese Advanced Persistent Threat (APT) groups targeting entities and member countries of the Association of Southeast Asian Nations (ASEAN). This alarming development underscores the escalating cyber…
Microsoft Expands Edge Bounty Program to Include WebView2!
Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included in the Edge Bounty Program. The Microsoft Edge Bounty Program aims to find vulnerabilities that are specific to the upcoming Chromium-based Microsoft Edge, and that instantly affect…
CISA Warns of Hackers Exploiting Microsoft SharePoint Server
Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft SharePoint Server, CVE-2023-24955. This vulnerability poses a significant risk to organizations using the platform. It allows attackers with certain privileges to execute code remotely, potentially leading…
Beware of Free Android VPN Apps that Turn Your Device into Proxies
Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user devices into proxy nodes, potentially engaging in malicious activities without their knowledge. This discovery has raised significant concerns about the safety of free VPN apps on…
ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms
Despite AMD’s growing market share with Zen CPUs, Rowhammer attacks were absent due to challenges in reverse engineering DRAM addressing, synchronizing with refresh commands, and achieving sufficient row activation throughput. Researchers addressed these through ZENHAMMER, the first Rowhammer attack on…
17,000+ Microsoft Exchange Servers Vulnerable to Multiple Critical Vulnerabilities
Federal Office for Information Security (BSI) in Germany has announced that at least 17,000 Microsoft Exchange servers across the country are exposed to one or more critical vulnerabilities. This figure only scratches the surface, as several servers remain unaccounted for,…
Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio
Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions provider in Germany. This acquisition marks a step for Airbus as it aims to enhance the security of its digital infrastructure amidst the growing cyber threats…
Metasploit Framework 6.4 Released: What’s New!
Metasploit Framework 6.4 introduces significant improvements to Kerberos authentication. The auxiliary/admin/kerberos/forge_ticket module now supports diamond and sapphire techniques alongside golden and silver tickets and is compatible with Windows Server 2022. A new post/windows/manage/kerberos_tickets module allows Kerberos tickets to be dumped…
Microsoft Releases Out-of-band Update to Fix Windows Server Memory Leak Flaw
Microsoft released an out-of-band update, KB5037422, on March 22, 2024, specifically for Windows Server 2022 (OS Build 20348.2342) to address a critical memory leak issue in the Local Security Authority Subsystem Service (LSASS). The leak occurred on domain controllers (DCs)…