Web Trackers Exploit Browser Password Managers and Steal Login Information From Browser

A known browser vulnerability exploits the default browser Password manager that abused by third-party scripts and exfiltrate the hidden user identities.

An attacker can be successfully gaining the information by tracking script that inserts an invisible login form in the user visiting website that is automatically filled by browser login manager.

Source: GBHackers

Three more Malicious Backdoored plugins with More than 89,000 Active Installs found in WordPress Repository

WordPress has such a massive ecosystem consist of a number of plugins and themes, threat actors involved in various malicious activities such as hiding the PHP backdoor scripts into the WordPress Security Plugin.

In this incident, the attackers sell existing unsupported plugins to new authors with backdoor code inserted and their goal is to insert SEO spam to the sites with the plugin installed.

Read More on GBHackers

USB Forensics – Reconstruction of Digital Evidence from USB Drive

Digitial Forensics analysis of USB forensics include preservation, collection, Validation,
Identification, Analysis, Interpretation, Documentation, and Presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal.

Disk Imaging – USB Forensics:-

• A Disk Image is defined as a computer file that contains the contents and structure of a data storage device such as a hard drive, CD drive, phone, tablet, RAM, or USB.
• The disk image consists of the actual contents of the data storage device, as well as the information necessary to replicate the structure and content layout of the device.
• However Wide ranging of well-known tools is used according to the court of law to perform the analysis.
• Standard tools are solely authorized as per law, Forensics examiners are disallowed to perform Imaging with Unknown Tools, New Tools.
• Standard Tools: Encase Forensic Imager and its extension (Imagename.E01)
  Forensic Toolkit Imaging & Analysis:
• Since Encase forensic software cost around $2,995.00 – $3,594.00, So In this Imaging and analysis will be performed with FTK Forensic software made by AccessData.
• FTK Includes standalone disk imager is simple but concise Tool.

Read Full article: GBHackers on security

Edward Snowden Privacy Protection app turns your Android phone Into A Security System

Edward Snowden privacy protection app Haven turns your Android phone into a motion, sound, vibration and light detector, watching for unexpected guests and unwanted intruders.

App once installed, use your smartphone’s sensors microphone, motion detector, the light detector, and the cameras — to monitor the room for changes, and it logs everything it notices.

READ GBHACKERS ON SECURITY

InSpy – Linkedin Information Gathering tool for Pentesters

The objective of this Information Gathering tool is to extract Linkedin users based on the organization, job description or email address.InSpy was written in python by gojhonny.

Multiple Functionalities

• TechSpy
• EmpSpy

TechSpy – Crawls LinkedIn job listings for technologies used by the provider company. It attempts to identify technologies by matching job descriptions to keywords from a new line delimited file.

READ More: GBHackers On Security

Email Spoofing – Exploiting Open Relay configured Public Mailservers

Email spoofing is the way of delivering forged emails to recipients.These methods are used by criminals to launch attacks like phishing or spams to provide persistent backdoors with legitimate behavior.

Publicly available email servers can be used for spoofing attack.If you have configured your mail server with OPEN RELAY, this dangerous email spoofing attack can be performed by attackers.

READ: GBHackers On Security

Safehats – The Best Alternative Bug Bounty Program for HackerOne and Bugcrowd

A Bug bounty program also known as vulnerability rewards program (VRP) is the one where security researchers can disclose vulnerabilities and can receive recognition and compensation for reporting bugs.

Bug bounty program is suitable for organizations of all sizes; it is a part of organization’s penetration testing plan.

READ More: GBHackers ON Security

Windows Default Password Manager Keeper Leaked Saved Passwords From Browser

keeper password manager preinstalled with fresh Windows 10 OS which contains a serious security flaw that discovered by Google most respective security researcher Tavis Ormandy who is working a part of Google Zero Project.

This Critical security flaw from password manager leads to escalating the privileges of windows and leaked the saved password from the browser.

Read : GBhackers On Secutity

Parrot Security OS 3.10 Released with New Powerful Hacking Tools

The first big news is the introduction of a full firejail+apparmor sandboxing system to proactively protect the OS by isolating its components with the combination of different techniques which already has been released in 3.9 version.

The new version of Parrot Security OS 3.10 comes with Linux Kernel 4.14 LTS, awesome features of this new kernel release, as well as the Mozilla Firefox Quantum (57.0).

READ: GBHackers On Security

New BlackArch Penetration Testing Linux ISOs Released with More Hacking Tools

BlackArch Linux based Arch Linux. Lightweight Penetration Testing Distro designed for Professional & Elite Hackers who have the ability to work with Linux like a Pro.

Used to use Fluxbox & OpenBox as a Desktop Environment with other DE’s. It has huge tools in the repository more than 1500+ hacking tool included in the Distro & Repo.

READ: GBHackers On Security

A new Hacker Group ‘MoneyTaker’ uncovered by Group-IB Attacking Banks in the USA and Russia

A new Hacker Group ‘MoneyTaker’ uncovered by Group-IB targetting financial institutions and law firms in the USA, UK, and Russia. They are very successful in targetting a number of banks in different countries and they remain anonymous.

Security researchers from Group-IB uncovered the operations and the Hacker Group found targetting mainly on card payments including the AWS CBR (Russian Interbank System) and purportedly SWIFT (US).

They remain anonymous by constantly changing their methods and tools to bypass security products and to remove their tracks after completing their attack.

READ: GBHackers On Security

testssl.sh – Tool to check cryptographic flaws and TLS/SSL Ciphers on any Ports

testssl.sh is a free command line tool which checks a server’s administration on any port for the help of TLS/SSL ciphers, protocols and some TLS/SSL vulnerabilities.

Key features

1. Easy to install.
2. You can check with all port not only with 443.
3. Warnings if there is an issue with tests performed.
4. Compatible with Linux/BSD distribution
5. Supports more TLS extensions via sockets
6. TLS 1.3 support
7. Check for CAA RR
8. Check for OCSP must staple
9. Check for Certificate Transparency
10.Expect-CT Header Detection

Read More : GBHackers On Security

Process Doppelgänging Attack Works on all version of Windows Evade AV products and Forensics tools

Security researchers from Endpoint Security firm Ensilo discovered a new Evasion technique dubbed Process Doppelgänging which works with all the versions of windows and can Evade well-known security products forensics tools.

Doppelgänging introduced in BLACKHAT EUROPE 2017, with Doppelgänging they load and execute an arbitrary as, like a legitimate process, it is similar to Process Hollowing, but it uses NTFS Transactions.

READ MORE: GBHackers On Security

DOWNAD Malware using Dictionary Attack to Control the Servers & Remotely Execute Code

A Banking Trojan called DOWNAD has been discovered after 9 years that is capable of remotely inject malicious code into a server and also performing Dictionary Attack which is Considering as one of world’s most prevalent malware.

DOWNAD Malware family first Discovered in 2008 it managed to be one of the most destructive malware at the time, infecting up to 9 million computers.

READ MORE: GBHackers On Security

TeamViewer Fixed Critical Vulnerability that allows Clients to take Full Control of PC

TeamViewer is a well know software for desktop support and remote control over the Internet; it suffers a critical vulnerability which allows clients to take control over the computer remotely without any permission.

The bug impacted TeamViewer versions with Windows, macOS, and Linux.Now the patches available for windows and soon we can expect for macOS and Linux.

Read More: GBHackers On Security

Largest Crypto-Mining Market Hacked – Hackers may be Stolen $68M

On Wednesday a hacker compromised Nicehash marketplace payment system and an unknown amount of Bitcoins stolen from the wallets.NiceHash not yet disclosed any amount that stolen.

According to their company statement, there has been a security breach involving NiceHash website. Importantly, our payment system was compromised, and the contents of the NiceHash Bitcoin wallet have been stolen.

Read More: GBHackers On Security

31 Million Data Leaked Online Reveal that keyboard App Collects Everything from Contacts to Keystrokes

Millions of customer personal data exposed online due to a Misconfiguration with MongoDB that belongs to Ai.Type, the company that well know for developing the personalized virtual keyboard app for Android and iOS.

Security researchers from Kromtech Security Center identified that the company exposed their entire 577GB Mongo-hosted in public, anyone with internet connection can access the database.

Read More: GBHackers On Security

Global Law Enforcement Agencies shutdown the Largest and Dangerous Andromeda Botnet

Andromeda Botnet dismantled after the joint investigation with law enforcement agencies around the Globe.The takedown took place on 29 November 2017, Andromeda knew as Gamarue, and ESET detected it as Win32/TrojanDownloader.Wauchos.

FBI started their initial investigation in 2015 and worked closely with Microsoft in this; Andromeda spread through exploit kits or spam emails. It involves in Financial crimes, data exfiltration and it also has more than 80 Malware families to infect victim machine.

READ MORE AT GBHACKERS ON SECURITY 

Beware : Sarahah App Secretly Spying Your Mobile and Steal Your Email & Contact List

Recently Most Trending Mobile Application “Sarahah” Secretly Spying users Mobile and uploading their contacts list into sarahah database.

Sarahah App uses to receive feedback from friends and employees which are impressed more than 15 million users Download estimated both apple store and google Play Store in world wide.

we GBHackers On Security  also have Investigated with our Lab Enviroment  and we have Found another information that, Sarahah App Transfering the Log in Credentials in Plain Text Apart from Contacts Information that has been Discovered by bishopfox Senior Security Analyst Zach Julian.

Read More at GBHackers On Security

Now attackers can Modify Email content- Even after the Email Delivery

We do believe Email is like a physical letter once it dropped it cannot be changed,but it is not true anymore here you can see a new technique called ROPEMAKER.

ROPEMAKER stands for Remotely Originated Post-delivery Email Manipulation Attacks which allows changing the content of Email after post delivery even if they use S/MIME or PGP for signing.

Ropemaker originates between the intersection of email and web technologies.Web technologies introduced in Email to make it more dynamic which also leads to this attack vector.

Read More at GBHackers On Security

AccuWeather found Sending User Location Details Even if Location Sharing Turned Off

Security researcher Will Strafach identified that famous Weather App AccuWeather sending geolocation data to third party data mining firm.

He intercepted the traffic with the latest version of AccuWeather from his iPhone and it appears Wi-Fi router name and its unique MAC address to the servers of data monetization even if the App not permitted for sharing location OR even when the user has switched off location sharing.

Read More at GBHackers On Security

New DDoS Attack Pattern to Pin Down Multiple Targets – Pulse wave

A new method of DDOS attack called as Pulse wave emerging as a nightmare for DDOS protection solutions.With this method, attackers can bring down systems that previously thought to be protected.

Generally, DDoS assault pattern can be characterized as a continued wave with a gradual ramp-up that drives to a peak and is accompanied by either a slow or sudden drop. 

Read More at GBHackers On Security

Now Industrial Control Systems (ICS) Become Prime Target for Cyber Attackers

Industrial management systems (ICS/SCADA) are now the prime target for cyber attackers seeking to compromise the production base and public utilities.

The gift of previous embedded Microsoft® operational systems gives attackers a well-protected supported provision to launch their attack and establish “backdoors” to compromise the enterprise systems.

Manufacturing sector firms, despite seeing a reduction in attacks and security incidents in 2016 still experienced a number of the foremost serious and compromising attacks.

Read More at GBHackers On Security

Adobe Flash Player Bug that can Leak Windows User Credentials

Adobe published a new version of Flash player in the middle of this week covering the Security issues under CVE-2017-3085 that affects all the platforms of windows(Windows XP, Vista, 7, 8.x and 10).

This flaw was identified by Security researcher Ruytenberg and it was derived from the old vulnerability(CVE-2016-4271) which Adobe patched on September 2016.

The previous flaw occurs in handling the input validation which leads to exfiltrate data and disclose them through SMB, and Adobe fixed the same with version 23 by dropping local-with-file-system sandbox and rejects UNC and File-style paths schemes (\\10.0.0.1\some\file.txt file://///10.0.0.1/some/file.txt.).

Read More at GBHackers On Security

Microsoft Introduced a Control Folder Access to Prevent Data From Ransomware and other Malicious Apps and Threats in Windows 10 Insider Release

Microsoft Windows OS facing Many Cyber Attacks in past few Month Especially  Wannacryand Petya caused many damages around the globe. Finally, Microsoft announced  Windows 10 Insider Preview Build 16232 for PC and including Many security  Futures within it.

New Futures including with updates helps to Prevent Browser based Attacks, Exploit Protection, Control Folder Access to Prevent from Malicious Application, unknown threats and especially Ransomware.

Read More at GBHackers On Security

CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

Wikileaks Revealed Next CIA Hacking Tool called “Brutal Kangaroo” under Vault 7 Projects that Consists of 4 Powerful Malware Components which targets closed networks by air gapjumping using thumbdrives.

WiliLeaks Vault 7 Project Revealed Few days Before CIA Cyber weapon CherryBlossom which is Specially Developed to compromise the Wireless Network Devices including wireless routers and access points.

Read More at GBHackers On Security

Hackers Steal the Credit Cards Information of Buckle, Inc by Injecting Malware in Their Payment Data Systems

One of the biggest Retailer in US Buckle, Inc under Cyber Attack in their Payment Card Data systems where hacker injects a Malware to steal the Customers Credit card data and company operates 465 stores in 44 U.S .

This Malicious Software was identified Buckle retail store location point-of-sale (POS) system.according to the forensic report, this Malware silently record the customers Credit card information including Account number, account holder’s name, and expiration date.

Read More at GBHackers On Security

Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Wikileaks Revealed another CIA Cyber weapon called “CherryBlossom” which is Specially Developed to compromise the Wireless Network Devices including wireless routers and access points (APs) by helping of Stanford Research Institute (SRI International).

Wikileaks Vault 7 leads earlier Released Hacking tool was Pandemic, that has the ability to Replaced Target files where remote users use SMB to Download.

“CherryBlossom” is capable of performing exploits in software and Monitoring the Internet Activities in the Targeting Victims such as commonly used WIFI Devices in private and public places including small and medium-sized companies as well as enterprise offices.

Read More at GBHackers On Security

All that You Should Know about Bitcoins and its Exchange – A Detailed Overview

Bitcoin is a pure peer-to-peer form of electronic money that would permit the online payments to be sent directly from one party to another without going through a financial organization.

These transactions are validated by network nodes and published in a public shared record called a blockchain.

The blockchain is a distributed database that records bitcoin transactions, maintenance of the blockchain is performed by a network of communicating nodes running bitcoin software system.

Read More at GBHackers On Security

SambaCry Vulnerability used by Hackers to attack Linux Servers and Mine’s Cryptocurrency

Linux Machine’s are Hijacked by unknown Vulnerability by using SambaCry Flow and it has cryptocurrency mining utility. This Vulnerability Exploit by using unauthorized Write Permission in Network Drive in Linux Machines.

The Legitimate Text File writes by the attacker which Consists of 8 Random symbols in Samba.Suddenly attacker deletes the file Once Attempt has been successfully done.

Read More at GBHackers On Security

Linux malware that Targets Raspberry Pi for Mining Cryptocurrency

Attackers distributing malicious Trojan that infects only Raspberry Pi Minicomputers. These Trojans have a compressed and encrypted application to generate cryptocurrency.

Named as Linux.MulDrop.1, Linux.ProxyM.

Both of the malicious Trojans are examined by Dr.Web Security researchers.

Linux.MulDrop.14

Distribution started in late of may. Once the malware executed it will change the system password as below and then unpack the cryptocurrency miner.

Read More at GBHackers On Security

TOP 10 Deep Web Search Engines which Gives Deep information that you Can’t get it in Google and Bing

When we need to search something ,then Google or Bing  will the  first thing hit in mind suddenly. But Google and Bing will not give all the Hidden information which is served under the Deep web.

Google have ability to track your each and every move in the Internet while you are searching via Google .if  you don’t want google to collect your personal informations and your online activities  you should maintain your Anonymity in online.

Read More at GBHackers On Security

Windows Registry Analysis – Tracking Everything You Do on the System

The purpose of this article is to provide you with a depth understanding of the Registry and Wealth of information it holds.Today most administrators and forensic analysts, the registry probably looks like the entrance to a dark.

Besides Configuration information,  the Windows Registry holds information regarding recently accessed files and considerable information about user activities.

Read More at GBHackers On Security

Millions of Android Phones including latest Versions Vulnerable to Cloak & Dagger attack

Cloak & Dagger attack discovered by security experts from Georgia Institute of Technology, which allows attackers to get complete control over your device.

These attack just require two permission that, in the event that the application is installed from the Play Store, the client does not require to grant permission and even the users are not notified.

Users don’t get notified about this malicious activity, and it will affect all the versions of Android including (including the latest version, Android 7.1.2).

Read More at GBHackers On Security

A Malvertiser called “RoughTed” Bypass Ad-blocker and Get Half a Billion visits in 3 Months

A Malvertiser called “RoughTed” Successfully Bypass the Ad-Blockers and Delivery Malicious  Payloads into the visitors Operating Systems and Browsers which is used to visit the “RoughTed” Malvertiser Contain websites.

RoughTed used to Generate a huge amount of traffic by Bypass the Ad-Blockers and it contains many malicious Payloads to inject into visitors host.

RoughTed related domains used to generate half a billion hits and many successful Compromises has been identified within 3 months and Traffic comes from thousands of publishers, some ranked in Alexa’s top 500 websites by Malwarebytes Research Team.

Read More at GBHackers On Security

Android Application Penetration Testing Part – 4

As per my last article(Android Application Penetration testing Part 1), (Android Application Penetration testing Part 2), (Android Application Penetration test part-3) we had look on basic architecture and penetration testing tools and ADB. Now let’s see some entry points for android application Penetration testing.

From the perspective of security the manifest file is usually the first thing that a penetration tester will check on an engagement.

Android Manifest File

• It provides all details about android application
• It names the java package for the application
• It declares all permissions
• It describes android applications components
• It contains declaration of minimum level of API which application requires
• minimum Android version required to run the program
• services

Read More at GBHackers On Security

Decryptor tool for BTC ransomware released – Avast

BTC ransomware was distributed using traditional methods embedding the malicious file in the body of the email or sending them directly as an attachment.

It doesn’t use any well-known vulnerabilities to replicate as like we saw with WannaCry and EternalRocks.

This ransomware was distributed through well know file extensions like (.doc,.jpg,.jpeg,.mp4,.PSD,.pfx,.pdf) and so on. Once it infected it will rename the file in following format FileName.Extension.[Email].Ext2.

Read more at GBHackers ON Security

Trend Micro ServerProtect Contains Multiple Critical Arbitrary Code Execution Vunerabilities including XSS and CSRF

A Trend Micro product ServerProtect for Linux 3.0 Contain 6 Major and very critical vulnerabilities Discovered. ServerProtect Protecting against viruses, rootkits, and data-stealing malware while simplifying and automating security operations on servers and storage systems.

This 6 vulnerabilities allowing  remote code execution as root in the Victims Machine by via Man-in-the-Middle Attack and exploiting vulnerabilities in the Web-based Management Console.

Read More at GBHackers On Security

New Burp Suite Version 1.7.23 adds support for 5 new Vulnerabilities

Burp Suite is a graphical tool for testing Web application security. The tool is composed in Java and created by PortSwigger Security.

Burp Scanner is composed by industry-driving penetration testers. Burp Scanner incorporates a full static code investigation engine for the discovery of security vulnerabilities.

Burp’s scanning logic is persistently refreshed with upgrades to guarantee it can locate the most recent vulnerabilities.

Read More at GBHackers On Security

Samsung Galaxy iris recognition can be Hacked simply with Owner’s Photo

Security specialists from Chaos Computer Clubs found basic strides to break iris recognition system scanner of the new Samsung Galaxy S8.

Samsung Galaxy S8 system guarantees secure individual client verification by utilizing the unique pattern of the human iris. But from the test directed by CCC demonstrates that this guarantee can’t be kept.

To note the Samsung Galaxy S8 is the first flagship smartphone with iris acknowledgment.They provide a video demonstration with simple steps.The biometric system is manufactured by the organization Princeton Identity Inc.

Read More at GBHackers On Security

200 Million Downloaded video players including VLC Player are vulnerable to Malicious subtitles Attack -A Complete Takeover Attack

A new Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by  Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to complete take over to the infected machine.

This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is delivering by tricks victims.

Attackers used two Major Attack Vectors to spreading crafting malicious subtitle files into Victims Media Player.

Read More at GBHackers On Security

Online Password Bruteforce Attack With THC-Hydra Tool -Tutorial

According to Kali, Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add.

This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

It supports: Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

Read More at GBHackers On Security

Bitcoin Price Climbs as high as Ever – History Created

Bitcoin Price Climbs as High as Ever reaches $2000 without precedent for history. The cash’s value ascended as much as 2.62% amid the session according to Coindesk’s BPI.

The cost has shot up by 60 percent in the course of the most recent month and that has pulled in numerous Indians to this digital money.

Bitcoin Value Climbs more than $1000 at the start of 2017 for the first time in last three years. At 09:00, the BPI( Bitstamp Price Index) saw bitcoin reach $1006.32.

Read More at GBHackers On Security

Android Application Penetration testing Part 3

With my last article(Android Application Penetration testing Part 1), (Android Application Penetration testing Part 2)we had look on basic architecture and penetration testing tools. Now Let’s dig dipper with ADB

Android Debug Bridge

Android Debug Bridge (adb) is a versatile command-line tool that lets you communicate with a device.

Adb install – It is used to install an apk file into an Emulated/Connected Device

Adb pull – It is used to fetch some data from Emulated device (remote) to local host (local).

Adb push – It is used to push some data from local host (local) to Emulated Device (remote).

Read More at GBHackers On Security

New SMB Network Worm “MicroBotMassiveNet” Using 7 NSA Hacking Tools , Wannacry using only Two

A New Network Worm called “MicroBotMassiveNet” (Nick Name:EternalRocks) Discovered Recently  which is also  Performing in SMB Exploit as Wannacry .“MicroBotMassiveNet” self Replicate with the targeting network and Exploit the SMB Vulnerability.

NSA Hacking tools are the major medium for “MicroBotMassiveNet” (Nick Name:EternalRocks) to Spread and Self Replicate Across the Network by using Remote Exploitation by the Help of 7 NSA Hacking tools which i have mentioned below.

Read More at GBHackers On Security

Offline Password Cracking with John the Ripper – Tutorial

John the Ripper is intended to be both elements rich and quick. It combines a few breaking modes in one program and is completely configurable for your specific needs.

John is accessible for several different platforms which empower you to utilize a similar cracker everywhere.John the Ripper Pro includes support for Windows NTLM (MD4-based) and Mac OS X 10.4+ salted SHA-1 hashes.

Extracting hashes From Linux

Every Linux user know that the passwords hashed are stored in /etc/passwd, one can see the file using command root@kali:~# cat /etc/passwd

Extracting hash dumps from Windows machine

Pwdump is a significant simple handy tool to yield the LM and NTLM secret word hashes of local client accounts from the Security Account Manager (SAM).

Read more at GBHackers On Security

Penetration Testing Checklist with Android ,windows ,Apple & Blackberry Phones

Here we are going to have a look about some of Common & important  Penetration Testing Checklist for widely used OS Platforms for mobile Devices – Android, Windows, Apple, Blackberry.

we have already posted an article for Deep Checklist of  Android Penetration testing checklist here we will see for other Platforms As well.

Read More at GBHackers On Security

ATM Black box attacks – ATM Jackpotting

Culprits in charge of this new and advanced technique for ATM jackpotting were distinguished in various nations over various timeframes in 2016 and 2017.

The attempts of some of the EU Member States and Norway, upheld by Europol’s European Cybercrime Center (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), finished in the capture of 27 people connected with purported ATM “Discovery” assaults crosswise over Europe.

Read More at GBHackers On Security

Zomato’s Massive Data Breach About 17 Million User Record Stolen and Revealed in Dark web

Zomato Reports a massive Data breach that, 17 Million user records were stolen. Zomato over 120 million active users in worldwide and Zomato offers details of best cities to people’s find food orders and Restaurants.

A Security team from Zomoto Discovered this biggest Data breach and reports to their registered users.

According to the report by Zomato, the Stolen data’s contain information’s such as Registered users USERNAME and  Hashed PASSWORD.

since all the password contains encrypted hash format Zomato believe and report that, there is no way to reversed and Decrypt to plain text.

Read More at GBHackers On Security