ch
Feedback
TECHZONE™

TECHZONE™

前往频道在 Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

显示更多
595
订阅者
无数据24 小时
无数据7
-1030
帖子存档
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage https://thehackernews.com/2024/10/5-actionable-steps-to-prevent-genai.html Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials https://thehackernews.com/2024/10/free-sniper-dz-phishing-tools-fuel.html More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks

U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails https://thehackernews.com/2024/10/uk-hacker-charged-in-375-million.html The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29) https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top_30.html Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android. But it wasn't all good news – Kaspersky's forced exit from the US market left users with more

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks https://thehackernews.com/2024/09/critical-flaws-in-tank-gauge-systems.html Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks. "These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA https://thehackernews.com/2024/09/session-hijacking-20-latest-way-that.html Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).  Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google). But session hijacking isn’t a new technique – so

A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme https://thehackernews.com/2024/09/why-microsoft-365-protection-reigns-supreme.html Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock

Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems. The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign https://thehackernews.com/2024/09/crypto-scam-app-disguised-as.html Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months. The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it. "Fake

Gamaredon's operations under the microscope – Week in security with Tony Anscombe https://www.welivesecurity.com/en/videos/gamaredons-operations-under-microscope-week-security-tony-anscombe/ ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years

U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes https://thehackernews.com/2024/09/us-charges-three-iranian-nationals-for.html U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data. The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now https://thehackernews.com/2024/09/progress-software-releases-patches-for.html Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8) 

U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering https://thehackernews.com/2024/09/us-sanctions-two-crypto-exchanges-for.html The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host. The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and

Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023 https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-way-analysis-toolset-used-spy-ukraine-2022-2023/ ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate. "These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks https://thehackernews.com/2024/09/n-korean-hackers-deploy-new-klogexe-and.html Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima. "These samples enhance Sparkling Pisces' already extensive arsenal

Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar https://thehackernews.com/2024/09/overloaded-with-siem-alerts-discover.html Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like. SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats. It's time for a change.

Don’t panic and other tips for staying safe from scareware https://www.welivesecurity.com/en/cybersecurity/dont-panic-tips-staying-safe-scareware/ Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics