Recent Security News
-
New Attack Shows Risks of Browsers Giving Websites Access to GPU
March 18, 2024 at 09:15AM Researchers from Graz University of Technology in Austria and the University of Rennes in France discovered a new graphics processing unit (GPU) attack on popular browsers and graphics cards. By using the WebGPU API, they demonstrated an attack from within a web browser using JavaScript, showing potential risks and implications…
-
Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites
March 18, 2024 at 08:45AM A new malware campaign using bogus Google Sites and HTML smuggling to distribute the AZORult malware for information theft has been discovered by cybersecurity researchers. The campaign employs stealthy tactics to bypass security controls, with findings revealing similar techniques used in recent phishing campaigns to disseminate other malware like Agent…
-
Moldovan Operator of Credential Marketplace Sentenced to US Prison
March 18, 2024 at 06:45AM Moldovan national Sandu Boris Diaconu, 31, has been sentenced to 42 months in prison in the US for operating the illicit E-Root Marketplace, selling more than 350,000 compromised credentials. The marketplace facilitated the sale of stolen information, offering buyers access to victim computers and facilitating ransomware attacks and stolen identity…
-
PoC Published for Critical Fortra Code Execution Vulnerability
March 18, 2024 at 06:45AM The PoC code is available for a critical vulnerability (CVE-2024-25153, CVSS score 9.8) in Fortra FileCatalyst Workflow. Attackers can execute arbitrary code through a directory traversal bug in the ‘ftpservlet’ component, potentially leading to web shell execution. SOCRadar warns of threat actor exploitation and advises prompt system updates. Additional details…