The Hacker News
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals.
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Toolby info@thehackernews.com (The Hacker News) on March 18, 2024 at 12:58 pm
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. “A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sitesby info@thehackernews.com (The Hacker News) on March 18, 2024 at 12:35 pm
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. “It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website,” Netskope Threat Labs
- WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flawby info@thehackernews.com (The Hacker News) on March 18, 2024 at 9:46 am
WordPress users of miniOrange’s Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and discovered by Stiofan. It impacts the following versions of the two plugins – Malware Scanner (
- APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Schemeby info@thehackernews.com (The Hacker News) on March 18, 2024 at 5:59 am
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. “The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated
- Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealerby info@thehackernews.com (The Hacker News) on March 16, 2024 at 12:31 pm
Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary. “The repositories look
Security Magazine
Security magazine provides security industry news and trends on video surveillance, cyber security, physical security, security guards, access management and more for security executives and the security industry.
- Report reveals an increase in cloud account compromise incidentson March 18, 2024 at 4:00 pm
A new report highlights new and continuing threat trends that security leaders must prepare to face in the coming years.
- Charles Henderson hired as EVP of Cyber Security at Coalfireon March 18, 2024 at 3:34 pm
Charles Henderson was hired as EVP of Cyber Security at Coalfire with experience in threat intelligence, incident response and penetration testing.
- Open source developer tools have won: That’s a supply chain riskon March 18, 2024 at 4:00 am
Maintainers of open source developer tools will need to work doubly hard to ensure that they maintain software supply security.
- Understanding the importance of vendor employee trainingon March 15, 2024 at 4:00 pm
Security talks with John Blackmon about how to prepare employees amidst the rise of generative AI and other sophisticated cyber threats.
- Security experts weigh in on Tik Tok banon March 15, 2024 at 4:00 pm
Security leaders offer their insights now that the proposed TikTok ban has passed in the House of Representatives.
Threatpost
The first stop for security news.
- Student Loan Breach Exposes 2.5M Recordsby Nate Nelson on August 31, 2022 at 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keyloggerby Nate Nelson on August 30, 2022 at 4:00 pm
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmsby Nate Nelson on August 29, 2022 at 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Riseby Nate Nelson on August 26, 2022 at 4:44 pm
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Camerasby Nate Nelson on August 25, 2022 at 6:47 pm
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
Security Weekly
Connecting the Security Industry with the Security Community