CYBERSECURITY / DEFENSE / INTELLIGENCE

1010.TEAM πŸ‡ΊπŸ‡¦

/

Archive

/

Tag: CVE/vulnerability

  • Threat actors use weaponized PDF files for initial infection. This is because they can be embedded with malicious code, PDF readers’ vulnerabilities are exploited, and users are tricked into activating the payload. Since they are common trusted file types, PDFs have also become an effective vehicle for delivering malware that initiates the infection chain. Cybersecurity […] The post Hackers Using Weaponized PDF Files To Kickstart Infection Chain appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News…

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Hackers have exploited a vulnerability in a 14-year-old Content Management System (CMS) editor, FCKeditor, to launch SEO poisoning attacks against government and educational websites worldwide. This campaign has compromised numerous sites, redirecting unsuspecting users to malicious or scam websites through open redirects and poisoned search results. Open redirects are a critical flaw where websites redirect […] The post 14-Year-Old CMS Editor Flaw Exploited to Hack Govt & Edu Sites appeared first on GBHackers on Security | #1 Globally Trusted Cyber…

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access point (AP) versions that are associated with Denial of Service, OS Command Injection, and Remote code execution. These vulnerabilities have been assigned with CVE-2023-6397, CVE-2023-6398, CVE-2023-6399, and CVE-2023-6764. The severity of these vulnerabilities ranges between 6.5 (Medium) and 8.1 (High). However, […] The post Zyxel Firewall Flaw Let Attackers Execute Remote Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • A critical security flaw has been identified in the Ultimate Member plugin for WordPress, which could potentially put over 200,000 websites at risk. The vulnerability was discovered by Christiaan Swiers and reported through the Wordfence Bug Bounty Program, earning him a bounty of $2,063.00. The flaw in question is an unauthenticated SQL Injection vulnerability that […] The post WordPress Plugin Flaw Exposes 200,000+ Websites for Hacking appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • A critical security flaw has been identified in the Ultimate Member plugin for WordPress, which could potentially put over 200,000 websites at risk. The vulnerability was discovered by Christiaan Swiers and reported through the Wordfence Bug Bounty Program, earning him a bounty of $2,063.00. The flaw in question is an unauthenticated SQL Injection vulnerability that […] The post WordPress Plugin Flaw Exposes 200,000+ Websites for Hacking appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • ConnectWise, a prominent software company, issued an urgent security bulletin on February 19, 2024, revealing two significant vulnerabilities in its self-hosted ScreenConnect servers. These vulnerabilities were initially reported on February 13 through a vulnerability disclosure program and were not actively exploited until February 20. The first vulnerability, identified as CVE-2024-1708, is a path traversal issue […] The post Hackers Actively Hijacking ConnectWise ScreenConnect server appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • ConnectWise, a prominent software company, issued an urgent security bulletin on February 19, 2024, revealing two significant vulnerabilities in its self-hosted ScreenConnect servers. These vulnerabilities were initially reported on February 13 through a vulnerability disclosure program and were not actively exploited until February 20. The first vulnerability, identified as CVE-2024-1708, is a path traversal issue […] The post Hackers Actively Hijacking ConnectWise ScreenConnect server appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Concerning a development for organizations leveraging Apache’s big-data solutions, a new variant of the Lucifer DDoS botnet malware targeting Apache Hadoop and Apache Druid servers has been identified. This sophisticated malware campaign exploits existing vulnerabilities and misconfigurations within these systems to execute malicious activities, including cryptojacking and distributed denial-of-service (DDoS) attacks. Document Live Account Takeover […] The post New DDoS malware Attacking Apache big-data stack, Hadoop, & Druid Servers appeared first on GBHackers on Security | #1 Globally Trusted Cyber…

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Outlook has identified a security flaw that affects how it handles certain hyperlinks.Β  Malware actors actively exploit the vulnerability in real-world attacks. The assigned CVE number for this vulnerability is CVE-2024-21413, with a severity rating of 9.8 (Critical). Microsoft has successfully resolved the vulnerability in question and implemented the fix in their February 2024 Patch […] The post Outlook Users Beware 0-Day Exploit Released On Hacking Forums appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News…

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Hackers target Apex code vulnerabilities in Salesforce to exploit security weaknesses, gain unauthorized access to sensitive data, or manipulate the system. Apex is a powerful language that enables the customization of Salesforce with Java-like syntax. It executes logic, controls transactions, and responds to system events.Β  This is primarily used for business logic and is triggered […] The post Apex Code Vulnerabilities Let Hackers Steal Salesforce Data appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Β·

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ