TECHZONE™
الذهاب إلى القناة على Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
إظهار المزيد594
المشتركون
لا توجد بيانات24 ساعات
لا توجد بيانات7 أيام
-630 أيام
أرشيف المشاركات
594
10 Critical Endpoint Security Tips You Should Know
https://thehackernews.com/2024/04/10-critical-endpoint-security-tips-you.html
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets.
According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT
594
New 'Brokewell' Android Malware Spread Through Fake Browser Updates
https://thehackernews.com/2024/04/new-brokewell-android-malware-spread.html
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell.
"Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday.
The malware is said to be in active development,
594
Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack
https://thehackernews.com/2024/04/palo-alto-networks-outlines-remediation.html
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation.
The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in
594
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html
Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
"This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as
594
What makes Starmus unique? – A Q&A with award-winning filmmaker Todd Miller
https://www.welivesecurity.com/en/we-live-science/what-makes-starmus-unique-qa-award-winning-filmmaker-todd-miller/
The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges as well as why he became involved with Starmus.
594
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT.
The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL binary from [command-and-control] server," Avast security researcher Luigino
594
Network Threats: A Step-by-Step Attack Demonstration
https://thehackernews.com/2024/04/network-threats-step-by-step-attack.html
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy.
Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit
594
DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions
https://thehackernews.com/2024/04/doj-arrests-founders-of-crypto-mixer.html
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds.
To that end, Keonne Rodriguez, 35, and William Lonergan Hill, 65, have been charged
594
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny
https://thehackernews.com/2024/04/google-postpones-third-party-cookie.html
Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative.
The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.
As part of the
594
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage
https://thehackernews.com/2024/04/state-sponsored-hackers-exploit-two.html
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.
Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).
"
594
How technology drives progress – A Q&A with Nobel laureate Michel Mayor
https://www.welivesecurity.com/en/we-live-science/how-technology-drives-progress-qa-nobel-laureate-michel-mayor/
We spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planet
594
The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian
https://www.welivesecurity.com/en/we-live-science/vision-behind-starmus-qa-festivals-cofounder-garik-israelian/
Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universe
594
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
https://thehackernews.com/2024/04/us-treasury-sanctions-iranian-firms-and.html
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021.
This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh
594
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
https://thehackernews.com/2024/04/researchers-detail-multistage-attack.html
Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad.
The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.
"SSLoad is designed to stealthily infiltrate systems, gather sensitive
594
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
https://thehackernews.com/2024/04/major-security-flaws-expose-keystrokes.html
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors.
The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any security
594
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
https://thehackernews.com/2024/04/escan-antivirus-update-mechanism.html
A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks.
Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed
594
CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers
https://thehackernews.com/2024/04/coralraider-malware-campaign-exploits.html
A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.
Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin
594
Apache Cordova App Harness Targeted in Dependency Confusion Attack
https://thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html
Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness.
Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository.
This&
594
Webinar: Learn Proactive Supply Chain Threat Hunting Techniques
https://thehackernews.com/2024/04/webinar-learn-proactive-supply-chain.html
In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could turn the tables and proactively hunt these threats before they wreak havoc?
We invite you to join us for an
594
Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases
https://thehackernews.com/2024/04/police-chiefs-call-for-solutions-to.html
European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE).
They called on the industry and governments to take urgent action to ensure public safety across social media platforms.
"Privacy measures currently being rolled out, such as end-to-end encryption, will stop tech companies
