TECHZONE™
Open in Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Show more595
Subscribers
No data24 hours
No data7 days
-1030 days
Posts Archive
595
5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage
https://thehackernews.com/2024/10/5-actionable-steps-to-prevent-genai.html
Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security
595
Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials
https://thehackernews.com/2024/10/free-sniper-dz-phishing-tools-fuel.html
More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft.
"For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,
595
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
https://thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor.
This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis.
The attacks
595
U.K. Hacker Charged in $3.75 Million Insider Trading Scheme Using Hacked Executive Emails
https://thehackernews.com/2024/10/uk-hacker-charged-in-375-million.html
The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits.
Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud.
According to the court
595
THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 23-29)
https://thehackernews.com/2024/09/thn-cybersecurity-recap-last-weeks-top_30.html
Hold onto your hats, folks, because the cybersecurity world is anything but quiet! Last week, we dodged a bullet when we discovered vulnerabilities in CUPS that could've opened the door to remote attacks. Google's switch to Rust is paying off big time, slashing memory-related vulnerabilities in Android.
But it wasn't all good news – Kaspersky's forced exit from the US market left users with more
595
Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks
https://thehackernews.com/2024/09/critical-flaws-in-tank-gauge-systems.html
Critical security vulnerabilities have been disclosed in six different Automatic Tank Gauge (ATG) systems from five manufacturers that could expose them to remote attacks.
"These vulnerabilities pose significant real-world risks, as they could be exploited by malicious actors to cause widespread damage, including physical damage, environmental hazards, and economic losses," Bitsight researcher
595
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
https://thehackernews.com/2024/09/session-hijacking-20-latest-way-that.html
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as:
147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).
Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google).
But session hijacking isn’t a new technique – so
595
A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme
https://thehackernews.com/2024/09/why-microsoft-365-protection-reigns-supreme.html
Imagine a sophisticated cyberattack cripples your organization’s most critical productivity and collaboration tool — the platform you rely on for daily operations. In the blink of an eye, hackers encrypt your emails, files, and crucial business data stored in Microsoft 365, holding it hostage using ransomware. Productivity grinds to a halt and your IT team races to assess the damage as the clock
595
Meta Fined €91 Million for Storing Millions of Facebook and Instagram Passwords in Plaintext
https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html
The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems.
The investigation, launched by the DPC the next month, found that the social media giant violated four different articles under the European Union's
595
Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign
https://thehackernews.com/2024/09/crypto-scam-app-disguised-as.html
Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months.
The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it.
"Fake
595
Gamaredon's operations under the microscope – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/gamaredons-operations-under-microscope-week-security-tony-anscombe/
ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two years
595
U.S. Charges Three Iranian Nationals for Election Interference and Cybercrimes
https://thehackernews.com/2024/09/us-charges-three-iranian-nationals-for.html
U.S. federal prosecutors on Friday unsealed criminal charges against three Iranian nationals who are allegedly employed with the Islamic Revolutionary Guard Corps (IRGC) for their targeting of current and former officials to steal sensitive data.
The Department of Justice (DoJ) accused Masoud Jalili, 36, Seyyed Ali Aghamiri, 34, and Yasar (Yaser) Balaghi, 37, of participating in a conspiracy
595
Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now
https://thehackernews.com/2024/09/progress-software-releases-patches-for.html
Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities.
The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers -
CVE-2024-46905 (CVSS score: 8.8)
595
U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering
https://thehackernews.com/2024/09/us-sanctions-two-crypto-exchanges-for.html
The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals.
The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through
595
Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers
https://thehackernews.com/2024/09/critical-nvidia-container-toolkit.html
A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to break out of the confines of a container and gain full access to the underlying host.
The vulnerability, tracked as CVE-2024-0132, carries a CVSS score of 9.0 out of a maximum of 10.0. It has been addressed in NVIDIA Container Toolkit version v1.16.2 and
595
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023
https://www.welivesecurity.com/en/eset-research/cyberespionage-gamaredon-way-analysis-toolset-used-spy-ukraine-2022-2023/
ESET Research has conducted a comprehensive technical analysis of Gamaredon’s toolset used to conduct its cyberespionage activities focused in Ukraine
595
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html
Cybersecurity researchers have disclosed a set of now patched vulnerabilities in Kia vehicles that, if successfully exploited, could have allowed remote control over key functions simply by using only a license plate.
"These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless of whether it had an active Kia Connect subscription," security
595
N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks
https://thehackernews.com/2024/09/n-korean-hackers-deploy-new-klogexe-and.html
Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy.
The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet (formerly Thallium), Sparkling Pisces, Springtail, and Velvet Chollima.
"These samples enhance Sparkling Pisces' already extensive arsenal
595
Overloaded with SIEM Alerts? Discover Effective Strategies in This Expert-Led Webinar
https://thehackernews.com/2024/09/overloaded-with-siem-alerts-discover.html
Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That's what dealing with security alerts can feel like.
SIEM was supposed to make this easier, but somewhere along the way, it became part of the problem. Too many alerts, too much noise, and not enough time to actually stop threats.
It's time for a change.
595
Don’t panic and other tips for staying safe from scareware
https://www.welivesecurity.com/en/cybersecurity/dont-panic-tips-staying-safe-scareware/
Keep your cool, arm yourself with the right knowledge, and other tips for staying unshaken by fraudsters’ scare tactics
Available now! Telegram Research 2025 — the year's key insights 
