TECHZONE™
前往频道在 Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
显示更多595
订阅者
无数据24 小时
无数据7 天
-730 天
帖子存档
595
Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans
https://thehackernews.com/2024/06/learn-to-secure-petabyte-scale-data-in.html
Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes.
But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed, shared, and even used to train the next wave of AI.
This creates a huge challenge: how do you
595
Why Regulated Industries are Turning to Military-Grade Cyber Defenses
https://thehackernews.com/2024/06/why-regulated-industries-are-turning-to.html
As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.
Which is why many highly regulated sectors, from finance to utilities, are turning to military-grade cyber defenses to safeguard
595
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws
https://thehackernews.com/2024/06/zkteco-biometric-system-found.html
An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors.
"By adding random user data to the database or using a fake QR code, a nefarious actor can easily bypass the verification process and gain unauthorized access,"
595
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
https://thehackernews.com/2024/06/north-korean-hackers-target-brazilian.html
Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups.
"North Korean government-backed actors have targeted the Brazilian government and Brazil's aerospace, technology, and financial services sectors," Google's Mandiant and
595
Microsoft Delays AI-Powered Recall Feature for Copilot+ PCs Amid Security Concerns
https://thehackernews.com/2024/06/microsoft-delays-ai-powered-recall.html
Microsoft on Thursday revealed that it's delaying the rollout of the controversial artificial intelligence (AI)-powered Recall feature for Copilot+ PCs.
To that end, the company said it intends to shift from general availability to a preview available first in the Windows Insider Program (WIP) in the coming weeks.
"We are adjusting the release model for Recall to leverage the expertise of the
595
Arid Viper poisons Android apps with AridSpy
https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/
ESET researchers discovered Arid Viper espionage campaigns spreading trojanized apps to Android users in Egypt and Palestine
595
New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models
https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html
The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning (ML) model exploitation technique" dubbed Sleepy Pickle.
The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning (ML) models to corrupt the model itself, posing a severe supply chain risk to an
595
Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware
https://thehackernews.com/2024/06/arid-viper-launches-mobile-espionage.html
The threat actor known as Arid Viper has been attributed to a mobile espionage campaign that leverages trojanized Android apps to deliver a spyware strain dubbed AridSpy.
"The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a Palestinian Civil Registry app," ESET researcher Lukáš Štefanko said in a report published today. "Often
595
Why SaaS Security is Suddenly Hot: Racing to Defend and Comply
https://thehackernews.com/2024/06/why-saas-security-is-suddenly-hot.html
Recent supply chain cyber-attacks are prompting cyber security regulations in the financial sector to tighten compliance requirements, and other industries are expected to follow. Many companies still don’t have efficient methods to manage related time-sensitive SaaS security and compliance tasks. Free SaaS risk assessment tools are an easy and practical way to bring visibility and initial
595
Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS
https://thehackernews.com/2024/06/pakistan-linked-malware-campaign.html
Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018.
The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin.
The
595
Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware
https://thehackernews.com/2024/06/cybercriminals-employ-phantomloader-to.html
The nascent malware known as SSLoad is being delivered by means of a previously undocumented loader called PhantomLoader, according to findings from cybersecurity firm Intezer.
"The loader is added to a legitimate DLL, usually EDR or AV products, by binary patching the file and employing self-modifying techniques to evade detection," security researchers Nicole Fishbein and Ryan Robinson said in
595
Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups
https://thehackernews.com/2024/06/ukraine-police-arrest-suspect-linked-to.html
The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups.
The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious payloads in order to evade detection by security programs.
The product is believed to have been
595
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day
https://thehackernews.com/2024/06/google-warns-of-pixel-firmware-security.html
Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day.
The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware.
The company did not share any additional details related to the nature of attacks exploiting it, but noted "there are indications that CVE-2024-32896 may be
595
New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems
https://thehackernews.com/2024/06/new-cross-platform-malware-noodle-rat.html
A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years.
While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara Hiroaki said "this backdoor is not merely a variant of existing malware, but is a new type altogether."
595
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
https://thehackernews.com/2024/06/cryptojacking-campaign-targets.html
Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency.
Cloud security firm Wiz, which shed light on the activity, said it's an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023.
"In this incident, the threat actor abused anonymous access to an
595
Lessons from the Ticketmaster-Snowflake Breach
https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html
Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million Ticketmaster users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of the live event company's clientele, igniting a firestorm of concern and outrage.
A massive data breach
Let’s
595
Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw
https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html
Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as zero-day, according to new findings from Symantec.
The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve SYSTEM
595
New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers
https://thehackernews.com/2024/06/new-phishing-campaign-deploys.html
Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE.
"WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads," Elastic Security Labs researcher Daniel Stepanic said in a new analysis. "Each sample is compiled
595
China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally
https://thehackernews.com/2024/06/china-backed-hackers-exploit-fortinet.html
State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known.
"The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the
595
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
https://thehackernews.com/2024/06/microsoft-issues-patches-for-51-flaws.html
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024.
Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month.
None of the security flaws have been actively exploited in the wild, with one of them listed as
