TECHZONE™
前往频道在 Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
显示更多593
订阅者
无数据24 小时
-27 天
-830 天
帖子存档
593
Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy
https://thehackernews.com/2024/01/unifying-security-tech-beyond-stack.html
Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, “only 59% of organizations say their cybersecurity strategy has changed over the past two years.” This stagnation in strategy adaptation can be traced back to several key issues.
Talent Retention Challenges: The cybersecurity field is rapidly advancing, requiring a
593
Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface
https://thehackernews.com/2024/01/webinar-leverage-zero-trust-security-to.html
Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact, Gartner&
593
NIST Warns of Security and Privacy Risks from Rapid AI System Deployment
https://thehackernews.com/2024/01/nist-warns-of-security-and-privacy.html
The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI) systems in recent years.
“These security and privacy challenges include the potential for adversarial manipulation of training data, adversarial exploitation of model vulnerabilities to
593
DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud
https://thehackernews.com/2024/01/doj-charges-19-worldwide-in-68-million.html
The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud.
In wrapping up its investigation into the dark web portal, the agency said the transnational operation was the result of close cooperation with law enforcement authorities from Belgium
593
North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023
https://thehackernews.com/2024/01/north-koreas-cyber-heist-dprk-hackers.html
Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023.
The DPRK "was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850 million haul in 2022," blockchain analytics firm TRM Labs said last week.
"Hacks
593
Cracking the 2023 SANS Holiday Hack Challenge
https://www.welivesecurity.com/en/cybersecurity/cracking-2023-sans-holiday-hack-challenge/
From ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of fun
593
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies
https://thehackernews.com/2024/01/sea-turtle-cyber-espionage-campaign.html
Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle.
"The infrastructure of the targets was susceptible to supply chain and island-hopping attacks, which the attack group
593
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware
https://thehackernews.com/2024/01/pro-iranian-hacker-group-targeting.html
The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice.
The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted."
The intrusions have been attributed to an Iranian "psychological operation group" called Homeland
593
Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/cybersecurity-trends-challenges-watch-out-for-2024/
What are some of the key cybersecurity trends that people and organizations should have on their radars this year?
593
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers
https://thehackernews.com/2024/01/spectralblur-new-macos-backdoor-threat.html
Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors.
“SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [
593
Exposed Secrets are Everywhere. Here's How to Tackle Them
https://thehackernews.com/2024/01/exposed-secrets-are-everywhere-heres.html
Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking the
593
Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware
https://thehackernews.com/2024/01/orange-spain-faces-bgp-traffic-hijack.html
Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol (BGP) traffic.
"The Orange account in the IP network coordination center (RIPE) has suffered improper access that has affected the browsing of some of our customers," the
593
Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution
https://thehackernews.com/2024/01/alert-ivanti-releases-patch-for.html
Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers.
Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5.
“If exploited, an
593
Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months
https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html
Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May 2023.
The development was first reported by Reuters.
The incident, described as a "powerful hacker attack," first came to light last month, knocking out access to mobile and internet services
593
New Bandook RAT Variant Resurfaces, Targeting Windows Machines
https://thehackernews.com/2024/01/new-bandook-rat-variant-resurfaces.html
A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware.
Fortinet FortiGuard Labs, which identified the activity in October 2023, said the malware is distributed via a PDF file that embeds a link to a password-protected .7z archive.
“
593
Lost and found: How to locate your missing devices and more
https://www.welivesecurity.com/en/how-to/lost-found-locate-missing-devices-more/
Losing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy
593
Three Ways To Supercharge Your Software Supply Chain Security
https://thehackernews.com/2024/01/three-ways-to-supercharge-your-software.html
Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and
593
Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners
https://thehackernews.com/2024/01/beware-3-malicious-pypi-packages-found.html
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices.
The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down.
“These packages, upon initial use, deploy a CoinMiner
593
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT
https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html
The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software.
"The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthick Kumar and Shilpesh Trivedi said in
593
Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack
https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html
American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam.
As of writing, the account has been restored on the social media platform.
It's currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@
