TECHZONE™
前往频道在 Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
显示更多595
订阅者
无数据24 小时
-17 天
-1030 天
帖子存档
595
Here's a TL;DR
The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' and used it to spy on activists, journalists, and protestors.
The spyware was discovered by Amnesty International's Security Lab on a journalist's phone after police returned it. Google's TAG (Threat Analysis Group) received kernel panic logs generated by exploits & worked backwards to identify SIX Vulnerabilities in Qualcomm's (DSP driver) adsprpc driver, used in millions of Android devices.
While Google is unsure about which vulnerabilities are leveraged by NoviSpy, the evidence suggests that the spyware employs an exploit chain to bypass Android security mechanisms and install itself persistently at the kernel level.
Qualcomm has not released a patch for CVE-2024-49848, despite Google having reported the issue to them 145 days back.
Google also noted that Qualcomm delayed patching CVE-2024-49848 and CVE-2024-21455 over the industry-standard period of 90 days.
595
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
https://thehackernews.com/2024/12/thousands-download-malicious-npm.html
Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry.
The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and retrieve second-stage payloads, respectively.
"While typosquatting attacks are
595
Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords
https://thehackernews.com/2024/12/juniper-warns-of-mirai-botnet-targeting.html
Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malicious campaign that deploys the Mirai botnet malware.
The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024.
"These systems have been infected with the Mirai
595
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html
Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information.
The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0.
"A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files," the
595
CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
https://thehackernews.com/2024/12/cisa-mandates-cloud-security-for.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive (BOD) 25-01, ordering federal civilian agencies to secure their cloud environments and abide by Secure Cloud Business Applications (SCuBA) secure configuration baselines.
"Recent cybersecurity incidents highlight the significant risks posed by misconfigurations and weak security controls,
595
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency
https://thehackernews.com/2024/12/dutch-dpa-fines-netflix-475-million-for.html
The Dutch Data Protection Authority (DPA) on Wednesday fined video on-demand streaming service Netflix €4.75 million ($4.93 million) for not giving consumers enough information about how it used their data between 2018 and 2020.
An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data
595
UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App
https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless.
Users who visit the
595
HubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential Theft
https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html
Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure.
The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,
595
INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse
https://thehackernews.com/2024/12/interpol-pushes-for-romance-baiting-to.html
INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship.
"The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming
595
Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts
https://thehackernews.com/2024/12/meta-fined-251-million-for-2018-data.html
Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws.
The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million
595
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html
A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate.
"An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said.
"The attacker failed to install a
595
Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks
https://thehackernews.com/2024/12/hackers-use-microsoft-msc-files-to.html
A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan.
Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn't obtain the original email used to launch the attack.
"One of the
595
Even Great Companies Get Breached — Find Out Why and How to Stop It
https://thehackernews.com/2024/12/even-great-companies-get-breached-find.html
Even the best companies with the most advanced tools can still get hacked. It’s a frustrating reality: you’ve invested in the right solutions, trained your team, and strengthened your defenses. But breaches still happen.
So, what’s going wrong? The truth is, that attackers are constantly finding new ways to slip through cracks that often go unnoticed—even in well-prepared organizations. The good
595
Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware
https://thehackernews.com/2024/12/bitter-apt-targets-turkish-defense.html
A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT.
"The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine to pull down further payloads," Proofpoint
595
5 Practical Techniques for Effective Cyber Threat Hunting
https://thehackernews.com/2024/12/5-practical-techniques-for-effective.html
Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and end up with no relevant intel.
To avoid this, use these five battle-tested techniques that are
595
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection
https://thehackernews.com/2024/12/hackers-exploit-webview2-to-deploy.html
Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker.
"Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber said in a technical report published Monday.
The attacks make use of fake update alerts that employ
595
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
https://thehackernews.com/2024/12/the-mask-apt-resurfaces-with.html
A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022.
"The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007," Kaspersky researchers Georgy Kucherin and Marc Rivero said in an analysis published last week. "Their targets
595
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
https://thehackernews.com/2024/12/cisa-and-fbi-raise-alerts-on-exploited.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The list of flaws is below -
CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted
595
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
https://thehackernews.com/2024/12/deceptionads-delivers-1m-daily.html
Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds.
"Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over
595
NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool
https://thehackernews.com/2024/12/novispy-spyware-installed-on.html
A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International.
"NoviSpy allows for capturing sensitive personal data from a target's phone after infection and provides the ability to turn on the phone's microphone or camera remotely," the
现已上线!2025 年 Telegram 研究 — 年度关键洞察 
