TECHZONE™
前往频道在 Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
显示更多593
订阅者
无数据24 小时
-37 天
-730 天
帖子存档
593
Google's New Tracking Protection in Chrome Blocks Third-Party Cookies
https://thehackernews.com/2023/12/googles-new-tracking-protection-in.html
Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser.
The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy
593
New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks
https://thehackernews.com/2023/12/new-nkabuse-malware-exploits-nkn.html
A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel.
"The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities," Russian
593
OilRig’s persistent attacks using cloud service-powered downloaders
https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/
ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications
593
116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems
https://thehackernews.com/2023/12/116-malware-packages-found-on-pypi.html
Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor.
"In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both," ESET researchers Marc-Etienne M.Léveillé and Rene
593
New Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian Entities
https://thehackernews.com/2023/12/new-pierogi-malware-by-gaza-cyber-gang.html
A pro-Hamas threat actor known as Gaza Cyber Gang is targeting Palestinian entities using an updated version of a backdoor dubbed Pierogi.
The findings come from SentinelOne, which has given the malware the name Pierogi++ owing to the fact that it's implemented in the C++ programming language unlike its Delphi- and Pascal-based predecessor.
"Recent Gaza Cybergang activities show
593
Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders
https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html
The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel.
The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader
593
Reimagining Network Pentesting With Automation
https://thehackernews.com/2023/12/reimagining-network-pentesting-with.html
Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.
This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in
593
Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks
https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html
Threat actors affiliated with the Russian Foreign Intelligence Service (SVR) have targeted unpatched JetBrains TeamCity servers in widespread attacks since September 2023.
The activity has been tied to a nation-state group known as APT29, which is also tracked as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. It's notable for the supply chain
593
New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks
https://thehackernews.com/2023/12/new-hacker-group-gambleforce-tageting.html
A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023.
"GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website content management systems (CMS) to steal sensitive
593
Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network
https://thehackernews.com/2023/12/microsoft-takes-legal-action-to-crack.html
Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting them millions of dollars in illicit revenue.
"Fraudulent online accounts act as the gateway to a host of cybercrime,
593
Delivering trust with DNS security
https://www.welivesecurity.com/en/business-security/delivering-trust-with-dns-security/
Can DNS protection technology transform consumers’ worries about cybercrime with a trust-based approach?
593
BazaCall Phishing Scammers Now Leveraging Google Forms for Deception
https://thehackernews.com/2023/12/bazacall-phishing-scammers-now.html
The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility.
The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a report published today.
BazaCall (aka BazarCall), which was first
593
Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities
https://thehackernews.com/2023/12/google-using-clang-sanitizers-to.html
Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities.
This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of
593
How to Analyze Malware’s Network Traffic in A Sandbox
https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html
Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it's crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you'll need to address them.
Decrypting HTTPS traffic
Hypertext Transfer Protocol Secure (HTTPS), the protocol for secure
593
Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing
https://thehackernews.com/2023/12/microsoft-warns-of-hackers-exploiting.html
Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks.
"Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an
593
Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator
https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html
Ukraine's biggest telecom operator Kyivstar has become the victim of a cyber attack, disrupting customer access to mobile and internet services.
"The cyberattack on Ukraine's #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with knock-on impacts reported to air raid alert network and banking sector as work continues
593
A pernicious potpourri of Python packages in PyPI
https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository
593
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical
https://thehackernews.com/2023/12/microsofts-final-2023-patch-tuesday-33.html
Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years.
Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity. The fixes are in addition to 18 flaws Microsoft addressed in its Chromium-based Edge browser since the release of Patch
593
iQOO 12 series launched in China
Specs:
• 144Hz Variable refresh rate
• 3000nits peak brightness
• USB 2.0 port
• Snapdragon 8 Gen 3 SoC
• LPDDR5X RAM; UFS 4.0 storage
• Ultra-large VC vapor chamber
• 11 temperature sensors
• In-display fingerprint scanner
• 50MP main (OV50H, OIS)
• 50MP UltraWide
• 64MP 3x telephoto(OV64B, OIS)
• 100x digital zoom
• Vivo V3 imaging chip
• 16MP Front camera
• IR Blaster; Hi-Fi Audio
• Ultra-wide vibration motor
• 3D dual speakers
• 120W wired+ 50W wireless+ 10W Reverse charging
Colors: White with BMW logo
Black & Red in Leather-back
iQOO 12 Pro:
• 6.78" (3200x1440 px) Curved Samsung E7 LTPO AMOLED display
• 1440Hz PWM dimming
• IP68 rated
• 5100mAh battery
• 16GB+256GB= 4999 CNY (~685)
• 16GB+512GB= 5499 CNY (~755)
• 16GB+1TB= 5999 CNY (~825)
iQOO 12:
• 6.78" (2800×1260 px) 1.5K Flat LTPO AMOLED display
• 2160Hz PWM dimming
• IP64 rated
• 5000mAh battery
• 12GB+256GB= 3999 CNY (~550)
• 16GB+512GB= 4299 CNY (~590)
• 16GB+1TB= 4699 CNY (~645)
593
Unveiling the Cyber Threats to Healthcare: Beyond the Myths
https://thehackernews.com/2023/12/unveiling-cyber-threats-to-healthcare.html
Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum?
Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social
