TECHZONE™
前往频道在 Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
显示更多594
订阅者
无数据24 小时
无数据7 天
-630 天
帖子存档
594
Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds
https://thehackernews.com/2024/05/bitcoin-forensic-analysis-uncovers.html
A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet market.
The findings come from Elliptic in collaboration with researchers from the&
594
Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers
https://thehackernews.com/2024/05/android-malware-wpeeper-uses.html
Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion.
The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications.
"Wpeeper is a typical backdoor Trojan for Android
594
Everyone's an Expert: How to Empower Your Employees for Cybersecurity Success
https://thehackernews.com/2024/05/everyones-expert-how-to-empower-your.html
There’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats.
As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard,
594
ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan
https://thehackernews.com/2024/05/zloader-malware-evolves-with-anti.html
The authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it's based on, indicating that it's being actively developed.
"The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection," Zscaler ThreatLabz researcher Santiago
594
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia
https://thehackernews.com/2024/05/ex-nsa-employee-sentenced-to-22-years.html
A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia.
"This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust," said FBI Director Christopher Wray.
594
MDR: Unlocking the power of enterprise-grade security for businesses of all sizes
https://www.welivesecurity.com/en/business-security/mdr-unlocking-the-power-of-enterprise-grade-security-for-businesses-of-all-sizes/
Faced with expanding attack surfaces and a barrage of threats, businesses of all sizes are increasingly looking to unlock the manifold capabilities of enterprise-grade security
594
Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years
https://thehackernews.com/2024/04/millions-of-malicious-imageless.html
Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks.
"Over four million of the repositories in Docker Hub are imageless and have no content except for the repository
594
U.S. Government Releases New AI Security Guidelines for Critical Infrastructure
https://thehackernews.com/2024/04/us-government-releases-new-ai-security.html
The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats.
"These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department of Homeland Security (DHS)&
594
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024
https://thehackernews.com/2024/04/new-uk-law-bans-default-passwords-on.html
The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024.
"The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to
594
Why space exploration is important for Earth and its future: Q&A with David Eicher
https://www.welivesecurity.com/en/we-live-science/space-exploration-earth-future-qa-david-eicher/
We caught up with Astronomy magazine editor-in-chief David Eicher to talk about key challenges facing our planet, the benefits of space exploration, and the possibility of life beyond Earth
594
Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023
https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html
Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year.
The tech giant also said it blocked 333,000 bad accounts from the app storefront in 2023 for attempting to distribute malware or for repeated policy violations.
"In 2023,
594
China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale
https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html
A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019.
Cloud security firm Infoblox described the threat actor as likely affiliated with the
594
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM
https://thehackernews.com/2024/04/navigating-threat-landscape.html
It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many
594
Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover
https://thehackernews.com/2024/04/sandbox-escape-vulnerabilities-in.html
Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system.
The three flaws, all critical in nature, allow an "adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine," Australian
594
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html
Identity and access management (IAM) services provider Okta has warned of a spike in the "frequency and scale" of credential stuffing attacks aimed at online services.
These unprecedented attacks, observed over the last month, are said to be facilitated by "the broad availability of residential proxy services, lists of previously stolen credentials ('combo lists'), and scripting tools," the
594
Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/major-phishing-as-a-service-platform-disrupted-week-security-tony-anscombe/
The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive details
594
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
https://thehackernews.com/2024/04/ukraine-targeted-in-cyberattack.html
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems.
The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with
594
Bogus npm Packages Used to Trick Software Developers into Installing Malware
https://thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor.
Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.
"During these fraudulent interviews, the developers are often asked
594
Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals
https://www.welivesecurity.com/en/secure-coding/python-5-reasons-popular-cybersecurity-professionals/
Python’s versatility and short learning curve are just two factors that explain the language’s 'grip' on cybersecurity
594
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances.
The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them.
The issues range from incorrect firewall rules,
