#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

The Hacker News | #1 Trusted Cybersecurity News Site

E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials

E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials
Mar 19, 2024 Threat Intel / Cybercrime
A 31-year-old Moldovan national has been sentenced to 42 months in prison in the U.S. for operating an illicit marketplace called E-Root Marketplace that offered for sale hundreds of thousands of compromised credentials, the Department of Justice (DoJ) announced. Sandu Boris Diaconu was charged with conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized access devices. He pleaded guilty on December 1, 2023. "The E-Root Marketplace operated across a widely distributed network and took steps to hide the identities of its administrators, buyers, and sellers," the DoJ  said  last week. "Buyers could search for compromised computer credentials on E-Root, such as usernames and passwords that would allow buyers to access remote computers for purposes of stealing private information or manipulating the contents of the remote computer." Prospective customers could also search for RDP and SSH credentials based on various filter c

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics

New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics
Mar 18, 2024 Cybercrime / Cryptocurrency
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group tracked as  Kimsuky . "The malware payloads used in the  DEEP#GOSU  represent a sophisticated, multi-stage threat designed to operate stealthily on Windows systems especially from a network-monitoring standpoint," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a technical analysis shared with The Hacker News. "Its capabilities included keylogging, clipboard monitoring, dynamic payload execution, and data exfiltration, and persistence using both RAT software for full remote access, scheduled tasks as well as self-executing PowerShell scripts using jobs." A notable aspect of the infection procedure is that it leverages legitimate services such a

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Mar 18, 2024 Vulnerability / Threat Mitigation
Fortra has released details of a now-patched critical security flaw impacting its  FileCatalyst  file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a maximum of 10. "A directory traversal within the 'ftpservlet' of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended 'uploadtemp' directory with a specially crafted POST request," the company  said  in an advisory last week. "In situations where a file is successfully uploaded to web portal's DocumentRoot, specially crafted JSP files could be used to execute code, including web shells." The vulnerability, the company said, was first reported on August 9, 2023, and addressed two days later in FileCatalyst Workflow version 5.1.6 Build 114 without a CVE identifier. Fortra was  authorized  as a CVE Numbering Authorit

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

cyber security
websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites
Mar 18, 2024 Cryptocurrency / Malspam
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called  AZORult  in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is embedded in a separate JSON file hosted on an external website," Netskope Threat Labs researcher Jan Michael Alcantara  said  in a report published last week. The phishing campaign has not been attributed to a specific threat actor or group. The cybersecurity company described it as widespread in nature, carried out with an intent to collect sensitive data for selling them in underground forums. AZORult, also called PuffStealer and Ruzalto, is an  information stealer  first detected around 2016. It's typically distributed via phishing and malspam campaigns, trojanized installers for pirated software or media, and malvertising. Once installed, it's capable of gathering cr

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw
Mar 18, 2024 Website Security / Vulnerability
WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw. The flaw, tracked as  CVE-2024-2172 , is rated 9.8 out of a maximum of 10 on the CVSS scoring system and discovered by Stiofan . It impacts the following versions of the two plugins - Malware Scanner  (versions <= 4.7.2) Web Application Firewall  (versions <= 2.1.1) It's worth noting that the plugins have been permanently closed by the maintainers as of March 7, 2024. While Malware Scanner has over 10,000 active installs, Web Application Firewall has more than 300 active installations. "This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by updating the user password," Wordfence  reported  last week.  The issue is the result of a missing capability check in the function mo_wpns_init() that enables an unau

APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme

APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme
Mar 18, 2024 Cyber Warfare / Malware
The Russia-linked threat actor known as  APT28  has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production," IBM X-Force  said  in a report published last week. The tech company is tracking the activity under the moniker  ITG05 , which is also known as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Pawn Storm, Sednit, Sofacy, TA422, and UAC-028. The disclosure comes more than three months after the adversary was spotted using decoys related to the ongoing I

How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive
Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ

Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer

Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer
Mar 16, 2024 Malware / Cybercrime
Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed  gitgub , includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary. "The repositories look similar, featuring a README.md file with the promise of free cracked software," the German cybersecurity company  said . "Green and red circles are commonly used on Github to display the status of automatic builds. Gitgub threat actors added four green Unicode circles to their README.md that pretend to display a status alongside a current date and provide a sense of legitimacy and recency." The list of repositories is as follows, with each of them pointing to a download link ("digitalxnetwork[.]com") containing a RAR archive file - andreastanaj/AVAST andreastanaj

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

GhostRace – New Data Leak Vulnerability Affects Modern CPUs
Mar 15, 2024 Hardware Security / Data Protection
A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed  GhostRace  ( CVE-2024-2193 ), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. "All the common synchronization primitives implemented using conditional branches can be microarchitecturally bypassed on speculative paths using a branch misprediction attack, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs), allowing attackers to leak information from the target," the researchers  said . The findings from the Systems Security Research Group at IBM Research Europe and VUSec, the latter of which disclosed another side-channel attack called  SLAM  targeting modern processors in December 2023. Spectre refers to a  class of side-channel attacks  that exploit branch prediction and s

Third-Party ChatGPT Plugins Could Lead to Account Takeovers

Third-Party ChatGPT Plugins Could Lead to Account Takeovers
Mar 15, 2024 Data Privacy / Artificial Intelligence
Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to  new research  published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users' consent and hijack accounts on third-party websites like GitHub. ChatGPT plugins , as the name implies, are tools designed to run on top of the large language model (LLM) with the aim of accessing up-to-date information, running computations, or accessing third-party services. OpenAI has since also introduced  GPTs , which are bespoke versions of ChatGPT tailored for specific use cases, while reducing third-party service dependencies. As of March 19, 2024, ChatGPT users  will no longer  be able to install new plugins or create new conversations with existing plugins. One of the flaws unearthed by Salt

Google Introduces Enhanced Real-Time URL Protection for Chrome Users

Google Introduces Enhanced Real-Time URL Protection for Chrome Users
Mar 15, 2024 Browser Security / Phishing Attack
Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. "The  Standard protection mode for Chrome  on desktop and iOS will check sites against Google's server-side list of known bad sites in real-time," Google's Jonathan Li and Jasika Bawa  said . "If we suspect a site poses a risk to you or your device, you'll see a warning with more information. By checking sites in real time, we expect to block 25% more phishing attempts." Up until now, the Chrome browser used a locally-stored list of known unsafe sites that's updated every 30 to 60 minutes, and then leveraging a  hash-based approach  to compare every site visited against the database. Google  first revealed  its plans to switch to real-time server-side checks without sharing users' browsing history with the company in September 2023. The reason for the change, the search giant said, is motivated b
Cybersecurity Resources