Researchers uncover a sophisticated malware campaign using fake Google Sites pages and HTML smuggling to distribute AZORult, a notorious info stealer.

Learn more: https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html

Fortra has patched a critical flaw (CVE-2024-25153) in FileCatalyst file transfer, preventing unauthorized remote code execution and blocking attackers from taking full control of vulnerable servers.

Read details: https://thehackernews.com/2024/03/fortra-patches-critical-rce.html

Patch immediately.

🚨 New cyberattack campaign, DEEP#GOSU, uses PowerShell & VBScript to target Windows systems.

Likely linked to North Korean group Kimsuky, it's a sophisticated threat aiming to steal sensitive data.

Read more on this multi-stage malware attack: https://thehackernews.com/2024/03/new-deepgosu-malware-campaign-targets.html

🚨 A 31-year-old Moldovan national, Sandu Boris Diaconu, has been sentenced to 42 months in prison by a U.S. court for operating E-Root Marketplace, an illicit platform selling hundreds of thousands of compromised credentials.

Learn more: https://thehackernews.com/2024/03/e-root-marketplace-admin-sentenced-to.html

Operation PhantomBlu utilizes a clever trick to deliver the NetSupport RAT by exploiting Microsoft Office's OLE template manipulation, evading traditional detection methods.

Read details: https://thehackernews.com/2024/03/new-phishing-attack-uses-clever.html

🚨 A new variant of the data-wiping malware, AcidRain, has been detected in the wild, specifically designed to target Linux x86 devices. Its origins can be traced back to the early days of the Russo-Ukrainian conflict.

Learn more: https://thehackernews.com/2024/03/suspected-russian-data-wiping-acidpour.html

Cybercriminals are now using digital document publishing sites like FlipSnack, Issuu, and Marq for phishing and credential theft. These sites look legitimate, making them harder to detect.

Learn more: https://thehackernews.com/2024/03/hackers-exploiting-popular-document.html

🚨 New report reveals Artificial Intelligence tools like large language models could be exploited to create self-augmenting malware, evading detection methods like YARA rules.

Learn more: https://thehackernews.com/2024/03/from-deepfakes-to-malware-ais-expanding.html

APIs are the backbone of our digital world.

🚨 But with a staggering 71% of internet traffic being API calls, they're also a prime target for cyberattacks. Many are unmonitored or mismanaged, opening the door to sensitive data leaks.

Read: https://thehackernews.com/2024/03/apis-drive-majority-of-internet-traffic.html

Cybersecurity gap in the boardroom is real.

Boards often overlook risks like financial impacts, regulatory compliance, IP protection, APT resilience, cloud security, and AI utilization.

Learn transformative insights for a secure digital future: https://thehackernews.com/2024/03/crafting-and-communicating-your.html

🛡️ U.S. EPA creates 💧 Water Sector Cybersecurity Task Force to protect critical infrastructure against increasing cyberattacks.

Learn more: https://thehackernews.com/2024/03/us-epa-forms-task-force-to-protect.html

Ukraine Cyber Police have arrested three individuals linked to the hijacking of over 100 MILLION email and Instagram accounts worldwide and selling them on darkweb forums.

Read details here: https://thehackernews.com/2024/03/ukraine-arrests-trio-for-hijacking-over.html

🚨 New threat: BunnyLoader 3.0 malware variant emerges with advanced modules for data theft, keylogging, and evasion tactics.

Read details: https://thehackernews.com/2024/03/new-bunnyloader-malware-variant.html

⚠️ Alert: Multiple threat actors exploit security flaws in JetBrains TeamCity to deploy ransomware, crypto miners, Cobalt Strike beacons, and Spark RAT.

Read: https://thehackernews.com/2024/03/teamcity-flaw-leads-to-surge-in.html

Don't be the next victim – update your software!

New "Loop DoS" attack hits UDP-based protocols like DNS, NTP, and more, putting hundreds of thousands of hosts at risk.

Read: https://thehackernews.com/2024/03/new-loop-dos-attack-impacts-hundreds-of.html

Big players like Broadcom, Cisco, and Microsoft impacted.

🚨 Atlassian patched over 25 security issues, including a critical SQL injection bug (CVE-2024-1597) in Bamboo Data Center & Server.

Details: https://thehackernews.com/2024/03/atlassian-releases-fixes-for-over-2.html

Rated 10.0 CVSS score, this flaw requires no user interaction to exploit. Update now to safeguard your systems.

🚨Critical security alert - Ivanti Standalone Sentry users must patch immediately. Remote code execution flaw (CVE-2023-41724) could allow attackers full control of affected systems.

Details: https://thehackernews.com/2024/03/ivanti-releases-urgent-fix-for-critical.html

Get the patch ASAP!

🚨 U.S. Treasury sanctions Russian nationals Ilya Gambashidze & Nikolai Tupikin for running disinformation campaigns aimed at influencing European and US audiences.

Learn more: https://thehackernews.com/2024/03/us-sanctions-russians-behind.html

🚨 Cyber-attack hype vs. reality: Not all operational technology (OT) cyber-attacks are sophisticated threats.

It's time to break down the types and historical impacts to get a clearer picture.

Dive into the details with our latest post: https://thehackernews.com/2024/03/making-sense-of-operational-technology.html

🔥 GitHub introduces new autofix with CodeQL, Copilot APIs, and OpenAI GPT-4 to address 90% of alert types in JavaScript, TypeScript, Java, and Python, fixing two-thirds of vulnerabilities.

Find details here: https://thehackernews.com/2024/03/github-launches-ai-powered-autofix-tool.html