Latest Google Dorks List Collection for SQL Injection – SQL Dorks 2018

Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google SQL dorks. More than a million of people searching for google dorks for various purposes for database queries, SEO and for SQL injection.

SQL injection is a technique which attacker takes non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.

Read More: GBHackers

A multi-platform APT CrossRAT Malware discovered with sophisticated surveillance operation that targeting Windows, OSX, and Linux computer globally both individuals and organizations.

It performed by Large-scale Dark Caracal cyber-espionage campaign and conducting advanced spying operation globally.

READ more at GBHackers

HNS IoT Botnet Compromised More than 14k Devices that Spreads from Asia to the United States

A new IoT Botnet dubbed HNS is growing phenomenally and spreads from Asia to the United States.The HNS IoT Botnet features a worm-like mechanism and embeds numerous commands such as data exfiltration, code execution and interference with a device’s operation.

The Bot was uncovered by Bitdefender Security researchers, they first spotted the bot by Jan. 10 and then it faded up and comes back significantly in more improved form by Jan. 20.

Read More: GBHackers

Firefox 58 Quantum Released with New Security Future & Faster for Windows, Linux and Mac

Firefox 58 Released(Quantum) with new privacy future and also much faster than old version along with this new Opt-in Tracking Protection future has been introduced with this release for high-speed browsing even in Tracking Protection mode.

Last November Firefox Quantum and began offering to users the option to turn on Tracking Protection all the time. 24-7. This new release enables users to browse Twice faster than the old version of Firefox and chrome.

Read More: GBhackers

WINSpect-Powershell based Windows Security Auditing Toolbox

WINSpect is the PowerShell based windows auditing tool to enumerate and identify security weaknesses with windows platform and results of this audit can be useful for further hardening.

Features of this script – Windows Auditing Tool

WINSpect script provides audit checks and enumeration

• Installed security products
• World-exposed local filesystem shares
• Domain users and groups with local group membership
• Registry autoruns
• Local services that are configurable by Authenticated Users group member.

Read : GBHackers

Oracle Weblogic Exploit to Deploy Monero Miner

Oracle WebLogic application server is vulnerable to cryptocurrency mining.The security researcher has found this exploit to mine monero coins in the compromised machine.

This critical bug allows hackers to run arbitrary commands with WebLogic server with user privileges.

The vulnerability (CVE 2017-10271) was present in the WebLogic Web Services component (wls-wsat) and due to lack of improperly user input sanitizing which allow an unauthenticated remote attacker to install and run crypto miners and hijacking their processing power to mine Monero coins makes the spike in CPU usage.

READ: GBHackers

macOS High Sierra’s App Store System Can be Unlocked by Any Password

New bug discovered in macOS High Sierra allows unlocking the App Store System Preferences by any password.

App Store System Preferences accept any password when system logged in with local admin Privilege.

This could be very dangerous if anyone already has your system permission and they can able to download any apps, modifying the apps store setting, also they can disable auto update for future macOS update.

Read : GBHackers

Security Flaws Identified in WhatsApp Could Allow Attackers to Spy on Group Chats

End-to-end encryption is the major security feature of secure instant messengers, among the most popular one is WhatsApp having more than one billion users.

Security researchers discovered vulnerabilities with Whatsapp and Signal which allows an attacker to add themselves to the group chat. But the risk associated with the attack is limited.

Read: GBhackers

New Programming Language “Kotlin” used for Developing an Android Malware

An Open-source Programming language “kotlin” has bee used to develop malicious Android apps that are capable of hijacking an Android mobile and as a similar malicious Android app called Swift Cleaner has discovered in Google Play store.

In May 2017 Google announced kotlin Programming language to Develop an Android application and the Android team has seen more than 17 percent of Android Studio projects use Kotlin.

Read : GBhackers

Phishing Campaign Targeting Companies Associated with Pyeongchang Olympics

Security researchers from McAfee spotted a Phishing campaign targeting companies associated with Pyeongchang Olympic 2018.The multi-sport event is to take place in South Korea.

Hackers primarily targetted icehockey@pyeongchang2018.com and several other Korean companies in BCC.And most of them associated in some way to Pyeongchang Olympic.

READ: GBHACKERS

Cracking WPA/WPA2 Passwords in Minutes with Fluxion

Fluxion repack of LINSET with minor bugs and with added features. It’s compatible with latest Kali Linux, Rolling Edition.

What is WPA/WPA2?

WPA: WPA defined as Wi-Fi Protected Access, is a security standard for users of devices with Wireless Internet Connection. WAP is the one replaced the original Wi-Fi security standard, Wired Equivalent Privacy (WEP).WPA provides more revealing data encryption than WEP.

Read more : GBHackers

fsociety a Complete Hacking Tools pack that a Hacker Needs – Penetration Testing Framework

fsociety is a penetration testing framework consists of all penetration testing tools that a hacker needs. It includes all the tools that involved in the Mr. Robot Series.The tool consist of a huge tools list starting form Information gathering to Post Exploitation.

Information gathering is a solid phase for every penetration testing, the package covers following tools Nmap, Setoolkit Port Scanning, Host To IP, WordPress user, CMS scanner, XSStrike, Dork

Read More: GBHackers On Security

Chrome Extension Caught Silently Mining CryptoCurrency without Users Knowledge

Cryptocurrency Miners are in the raise starting from last year, more than 500 millioncomputers are mining cryptoCurrency in their browsers without the user’s knowledge and now the chrome extension Archive Poster.

Now even the Chrome extension started mining cryptocurrency now, a chrome extension Archive Poster with more than 105,000 users Caught injecting an in-browser cryptocurrency miner.

ReadMore: GBHackers On Security