New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access

The Hacker News Daily Updates [Newsletter]( [cover]( [3 Real-World Challenges Facing Cybersecurity Organizations: How an Exposure Management Platform Can Help]( Security programs today are reactive when they should be proactive [Download Now]( Sponsored LATEST NEWS Mar 9, 2023 [Does Your Help Desk Know Who's Calling?]( Phishing, the theft of users' credentials or sensitive data using social engineering, has been a significant threat since the early days of the internet – and continues to plague organizations today, accounting for more than 30% of all known breaches. And with the mass migration to remote working during the pandemic, hackers have ramped up their efforts to steal login credentials as they ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Iranian Hackers Target Women Involved in Human Rights and Middle East Politics]( Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S. think tank. "Notably the targets in this instance were all women who are actively involved in political affairs and human rights in the Middle East region," Secureworks Counter Threat Unit (CTU) said in a report shared with The Hacker News. The ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [ICS Village & GRIMM Cyber Team Up for Interactive CyPhy™ Experience at RSAC]( GRIMM's interactive approach to learning, coupled with ICS Village's mission for awareness, delivers a compelling experience using real IT and industrial equipment. RSAC attendees can visit our ICS sandbox and explore our CyberTown virtual ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic]( The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt. Crypters are a type of software that can ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [New Critical Flaw in FortiOS and FortiProxy Could Give Hackers Remote Access]( Fortinet has released fixes to address 15 security flaws, including one critical vulnerability impacting FortiOS and FortiProxy that could enable a threat actor to take control of affected systems. The issue, tracked as CVE-2023-25610, is rated 9.3 out of 10 for severity and was internally discovered and reported by its security teams. "A buffer underwrite ('buffer underflow') vulnerability ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Jenkins Security Alert: New Security Flaws Could Allow Code Execution Attacks]( A pair of severe security vulnerabilities have been disclosed in the Jenkins open source automation server that could lead to code execution on targeted systems. The flaws, tracked as CVE-2023-27898 and CVE-2023-27905, impact the Jenkins server and Update Center, and have been collectively christened CorePlague by cloud security firm Aqua. All versions of Jenkins versions prior to 2.319.2 ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Syxsense Platform: Unified Security and Endpoint Management]( As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise's ability to identify devices that are accessing the network and in ensuring that those devices are compliant with security policies. These gaps are often seen in outdated spreadsheets ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity]( The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [3 Real-World Challenges Facing Cybersecurity Organizations: How an Exposure Management Platform Can Help]( Security programs today are reactive when they should be proactive [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India