TECHZONE™
الذهاب إلى القناة على Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
إظهار المزيد593
المشتركون
-124 ساعات
-17 أيام
-730 أيام
أرشيف المشاركات
593
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks
https://thehackernews.com/2024/03/chinese-state-hackers-target-tibetans.html
The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023.
The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and a previously undocumented Windows implant known as Nightdoor.
The findings come from ESET, which
593
Human vs. Non-Human Identity in SaaS
https://thehackernews.com/2024/03/human-vs-non-human-identity-in-saas.html
In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity (dormant, active, hyperactive), their type (internal/ external), whether they are joiners, movers, or leavers, and more.
Not
593
Ex-Google Engineer Arrested for Stealing AI Technology Secrets for China
https://thehackernews.com/2024/03/ex-google-engineer-arrested-for.html
The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly working for two China-based tech companies.
Linwei Ding (aka Leon Ding), a former Google engineer who was arrested on March 6, 2024, "transferred sensitive Google trade secrets and other confidential
593
New Python-Based Snake Info Stealer Spreading Through Facebook Messages
https://thehackernews.com/2024/03/new-python-based-snake-info-stealer.html
Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data.
“The credentials harvested from unsuspecting users are transmitted to different platforms such as Discord, GitHub, and Telegram,” Cybereason researcher Kotaro Ogino said in a technical report.
Details about the campaign&
593
Watch Out for Spoofed Zoom, Skype, Google Meet Sites Delivering Malware
https://thehackernews.com/2024/03/watch-out-for-spoofed-zoom-skype-google.html
Threat actors have been leveraging fake websites advertising popular video conferencing software such as Google Meet, Skype, and Zoom to deliver a variety of malware targeting both Android and Windows users since December 2023.
“The threat actor is distributing Remote Access Trojans (RATs) including SpyNote RAT for Android platforms, and NjRAT and DCRat for Windows
593
Irresistible: Hooks, habits and why you can’t put down your phone
https://www.welivesecurity.com/en/we-live-progress/irresistible-hooks-habits-why-you-cant-put-down-your-phone/
Struggle to part ways with your tech? You’re not alone. Here’s why your devices are your vices.
593
Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining
https://thehackernews.com/2024/03/hackers-exploit-misconfigured-yarn.html
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access.
“The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and
593
Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout
https://thehackernews.com/2024/03/exit-scam-blackcat-ransomware-group.html
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner.
"ALPHV/BlackCat did not get seized. They are exit scamming their affiliates," security researcher Fabian Wosar said. "It is blatantly obvious when you check the source code of the new takedown notice."
"There
593
A New Way To Manage Your Web Exposure: The Reflectiz Product Explained
https://thehackernews.com/2024/03/a-new-way-to-manage-your-web-exposure.html
An in-depth look into a proactive website security solution that continuously detects, prioritizes, and validates web threats, helping to mitigate security, privacy, and compliance risks.
[Reflectiz shields websites from client-side attacks, supply chain risks, data breaches, privacy violations, and compliance issues]
You Can’t Protect What You Can’t See
Today’s websites are connected
593
How to Find and Fix Risky Sharing in Google Drive
https://thehackernews.com/2024/03/how-to-find-and-fix-risky-sharing-in.html
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it’s inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.
For Security & Risk Management teams, the untenable risk of any Google Drive footprint
593
U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists
https://thehackernews.com/2024/03/us-cracks-down-on-predatory-spyware.html
The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two individuals and five entities associated with the Intellexa Alliance for their role in “developing, operating, and distributing” commercial spyware designed to target government officials, journalists, and policy experts in the country.
“The proliferation of commercial spyware poses distinct and growing
593
VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws
https://thehackernews.com/2024/03/vmware-issues-security-patches-for-esxi.html
VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code execution.
Tracked as CVE-2024-22252 and CVE-2024-22253, the vulnerabilities have been described as use-after-free bugs in the XHCI USB controller. They carry a CVSS score of 9.3 for Workstation and Fusion, and 8.4 for ESXi systems.
"A
593
Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
https://thehackernews.com/2024/03/alert-ghostsec-and-stormous-launch.html
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker.
“TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries,” Cisco Talos researcher Chetan Raghuprasad said in a report shared with The Hacker News.
“GhostLocker and
593
New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities
https://thehackernews.com/2024/03/new-apt-group-lotus-bane-behind-recent.html
A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023.
Singapore-headquartered Group-IB described the hacking outfit as an advanced persistent threat group that's believed to have been active since at least 2022.
The exact specifics of the infection chain remain unknown as yet, but it involves the
593
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws
https://thehackernews.com/2024/03/urgent-apple-issues-critical-updates.html
Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild.
The shortcomings are listed below -
CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections
CVE-2024-23296 - A memory
593
Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
https://thehackernews.com/2024/03/hackers-exploit-connectwise.html
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK.
According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark.
“The threat actor gained access to the victim workstation by exploiting the exposed setup wizard
593
What is Exposure Management and How Does it Differ from ASM?
https://thehackernews.com/2024/03/what-is-exposure-management-and-how.html
Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem assets.
While there has been a bit of a backswing against the pricing and lock-in presented when using
593
Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams
https://thehackernews.com/2024/03/cybercriminals-using-novel-dns.html
A new DNS threat actor dubbed Savvy Seahorse is leveraging sophisticated techniques to entice targets into fake investment platforms and steal funds.
“Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, and then transfers those deposits to a bank in Russia,” Infoblox said in a report
593
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets
https://thehackernews.com/2024/03/over-225000-compromised-chatgpt.html
More than 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets between January and October 2023, new findings from Group-IB show.
These credentials were found within information stealer logs associated with LummaC2, Raccoon, and RedLine stealer malware.
“The number of infected devices decreased slightly in mid- and late
593
Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes
https://thehackernews.com/2024/03/warning-thread-hijacking-attack-targets.html
The threat actor known as TA577 has been observed using ZIP archive attachments in phishing emails with an aim to steal NT LAN Manager (NTLM) hashes.
The new attack chain “can be used for sensitive information gathering purposes and to enable follow-on activity,” enterprise security firm Proofpoint said in a Monday report.
At least two campaigns taking advantage of this
