Below I’ve curated cyber security news from the world-wide-web – the lefthand column is from “The Hacker News” website and on the right is news from “Security Week”. Both are top cyber security news sites. In the very least this shows that threats are daily and they are very real.
Hacker News
- Severe Flaws Disclosed in Brocade SANnav SAN...by info@thehackernews.com (The Hacker News) on April 26, 2024 at 2:03 pm
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who […]
- 10 Critical Endpoint Security Tips You Should Knowby info@thehackernews.com (The Hacker News) on April 26, 2024 at 10:46 am
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints […]
- New 'Brokewell' Android Malware Spread Through...by info@thehackernews.com (The Hacker News) on April 26, 2024 at 10:42 am
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis […]
- Palo Alto Networks Outlines Remediation for...by info@thehackernews.com (The Hacker News) on April 26, 2024 at 10:18 am
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command […]
- Hackers Exploiting WP-Automatic Plugin Bug to...by info@thehackernews.com (The Hacker News) on April 26, 2024 at 5:49 am
Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior […]
- North Korea's Lazarus Group Deploys New Kaolin...by info@thehackernews.com (The Hacker News) on April 25, 2024 at 4:47 pm
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT as part of attacks targeting specific individuals in the Asia region in summer 2023. The malware could, "aside from standard RAT […]
- Network Threats: A Step-by-Step Attack...by info@thehackernews.com (The Hacker News) on April 25, 2024 at 11:13 am
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally […]
- DOJ Arrests Founders of Crypto Mixer Samourai for...by info@thehackernews.com (The Hacker News) on April 25, 2024 at 10:21 am
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that […]
- Google Postpones Third-Party Cookie Deprecation...by info@thehackernews.com (The Hacker News) on April 25, 2024 at 6:37 am
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative. The tech giant said it's working closely with the U.K. Competition and […]
- State-Sponsored Hackers Exploit Two Cisco...by info@thehackernews.com (The Hacker News) on April 25, 2024 at 5:50 am
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated […]
Security Week
- Powerful ‘Brokewell’ Android Trojan Allows...by Ionut Arghire on April 26, 2024 at 2:08 pm
A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices. The post Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices appeared first on SecurityWeek.
- Over 1,400 CrushFTP Instances Vulnerable to...by Ionut Arghire on April 26, 2024 at 1:44 pm
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published. The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek.
- Self-Spreading PlugX USB Drive Malware Plagues...by Ionut Arghire on April 26, 2024 at 1:41 pm
More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives. The post Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses appeared first on SecurityWeek.
- In Other News: China Hacked Volkswagen, DDoS...by SecurityWeek News on April 26, 2024 at 12:00 pm
Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO. The post In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO appeared first on SecurityWeek.
- Darktrace to be Taken Private in $5.3 Billion...by SecurityWeek News on April 26, 2024 at 11:32 am
UK cybersecurity firm Darktace has agreed to sell itself to private equity giant Thoma Bravo for approximately $5.32 million in cash. The post Darktrace to be Taken Private in $5.3 Billion Sale to Thoma Bravo appeared first on SecurityWeek.
- Critical WordPress Automatic Plugin Vulnerability...by Ionut Arghire on April 26, 2024 at 9:34 am
A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites. The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek.
- Predictive Security Startup BforeAI Raises $15...by Ionut Arghire on April 25, 2024 at 3:47 pm
Predictive attack intelligence and risk protection startup BforeAI has raised $15 million in a Series A funding round led by SYN Ventures. The post Predictive Security Startup BforeAI Raises $15 Million appeared first on SecurityWeek.
- Palo Alto Networks Shares Remediation Advice for...by Eduard Kovacs on April 25, 2024 at 1:24 pm
Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400. The post Palo Alto Networks Shares Remediation Advice for Hacked Firewalls appeared first on SecurityWeek.
- Autodesk Drive Abused in Phishing Attacks by Ionut Arghire on April 25, 2024 at 12:25 pm
A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive. The post Autodesk Drive Abused in Phishing Attacks appeared first on SecurityWeek.
- FTC Sending $5.6 Million in Refunds to Ring...by Ionut Arghire on April 25, 2024 at 12:10 pm
The FTC is sending a total of $5.6 million in refunds to over 117,000 Ring customers as result of a 2023 settlement. The post FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures appeared first on SecurityWeek.
WordPress News
- How WordPress Is Creating a Faster Webby Felix Arntz on April 15, 2024 at 2:00 pm
WordPress's massive reach of over 40% of the web comes with a similarly large responsibility. Read about what the WordPress project is doing to enhance performance for its users and the web.
- WP Briefing: Episode 77: Let’s Talk About Data...by Brett McSherry on April 15, 2024 at 12:00 pm
Explore the WordPress Data Liberation project in this exclusive behind-the-scenes episode discussing WordPress migrations. Joining us is WordPress Executive Director Josepha Haden Chomphosy, along with special guest and sponsored contributor Jordan Gillman. Together, they'll look at how the project […]
- WordPress 6.5.2 Maintenance and Security Releaseby Aaron Jorbin on April 9, 2024 at 10:00 pm
Note: Due to an issue with the initial package, WordPress 6.5.1 was not released. 6.5.2 is the first minor release for WordPress 6.5. This security and maintenance release features 2 bug fixes on Core, 12 bug fixes for the Block Editor, and 1 security fix. Because this is a security release, it is […]
- WP Briefing: Episode 76: A WordPress 6.5 Sneak...by Brett McSherry on April 2, 2024 at 8:18 pm
Join WordPress Executive Director, Josepha Haden Chomphosy, as she offers an exclusive preview of the upcoming WordPress 6.5 release, accompanied by special guest Dave Smith, one of the Editor Tech leads for this release. Don’t miss this opportunity for an insider’s look!
- WordPress 6.5 “Regina”by Matt Mullenweg on April 2, 2024 at 6:42 pm
WordPress 6.5 "Regina" is here! Named in honor of Regina Carter, renowned jazz violinist and educator, this release was made possible by over 700 contributors. Download WordPress 6.5 “Regina” today.
- WordPress 6.5 Release Candidate 4by Lauren Stein on March 28, 2024 at 4:34 pm
WordPress 6.5 RC4 is ready for download and testing. Reaching this phase of the release cycle is an important milestone. Check out what's coming in this release and how to get involved with the open source project.
- WordPress 6.5 Release Candidate 3by Lauren Stein on March 19, 2024 at 4:19 pm
WordPress 6.5 RC3 is ready for download and testing. Reaching this phase of the release cycle is an important milestone. Check out what's coming in this release and how to get involved with the open source project.
- WP Briefing: Episode 75: WordCamp Asia 2024...by Brett McSherry on March 18, 2024 at 12:00 pm
WordCamp Asia 2024 was a dynamic three-day celebration of collaboration, diversity, and innovation in the WordPress project. This week, Executive Director Josepha Haden Chomphosy shares her insights and experiences from the event, which featured one of the largest Contributor Days in the region, a […]
- WordPress 6.5 Release Candidate 2by Lauren Stein on March 12, 2024 at 4:58 pm
WordPress 6.5 RC2 is ready for download and testing. Reaching this phase of the release cycle is an important milestone. Check out what's coming in this release and how to get involved.
- Highlights from WordCamp Asia 2024by Reyes Martínez on March 9, 2024 at 1:39 pm
Over 1,300 attendees gathered at the Taipei International Convention Center in Taiwan for WordCamp Asia 2024. The three-day event emerged as a vibrant celebration showcasing the collaboration, diversity, and innovation that drive the world's most popular web platform.