TECHZONE™
Open in Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Show more595
Subscribers
-124 hours
No data7 days
-930 days
Posts Archive
595
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP
https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks.
Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API.
"Users are
595
Hello, is it me you’re looking for? How scammers get your phone number
https://www.welivesecurity.com/en/scams/hello-is-it-me-youre-looking-for-how-scammers-get-your-phone-number/
Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.
595
'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins
https://thehackernews.com/2024/07/konfety-ad-fraud-uses-250-google-play.html
Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities.
The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds.
"Konfety represents a new form of
595
Threat Prevention & Detection in SaaS Environments - 101
https://thehackernews.com/2024/07/threat-prevention-detection-in-saas.html
Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and
595
Malicious npm Packages Found Using Image Files to Hide Backdoor Code
https://thehackernews.com/2024/07/malicious-npm-packages-found-using.html
Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server.
The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team.
"They
595
Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks
https://thehackernews.com/2024/07/iranian-hackers-deploy-new-bugsleep.html
The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access.
That's according to independent findings from cybersecurity firms Check Point and Sekoia, which have
595
Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer
https://thehackernews.com/2024/07/void-banshee-apt-exploits-microsoft.html
An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida.
Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, the vulnerability – tracked as CVE-2024-38112 – was used as part of a multi-stage attack
595
Kaspersky Exits U.S. Market Following Commerce Department Ban
https://thehackernews.com/2024/07/kaspersky-exits-us-market-following.html
Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk.
News of the closure was first reported by journalist Kim Zetter.
The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect. It's also
595
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
https://thehackernews.com/2024/07/cisa-warns-of-actively-exploited-rce.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open
595
GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks
https://thehackernews.com/2024/07/github-token-leak-exposes-pythons-core.html
Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories.
JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub.
"This
595
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit
https://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit.
Over the last few years, the problem has grown bigger and bigger, and only now are we
595
CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool
https://thehackernews.com/2024/07/crystalray-hackers-infect-over-1500.html
A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims.
Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software]
595
Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months
https://thehackernews.com/2024/07/singapore-banks-to-phase-out-otps-for.html
Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks.
The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) on July 9, 2024.
"Customers who have activated their digital
595
New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection
https://thehackernews.com/2024/07/new-hardbit-ransomware-40-uses.html
Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts.
"Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis.
"The passphrase needs to be provided during
595
AT&T Confirms Data Breach Affecting Nearly All Wireless Customers
https://thehackernews.com/2024/07/at-confirms-data-breach-affecting.html
American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network.
"Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated
595
Should ransomware payments be banned? – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/should-ransomware-payments-be-banned-week-security-tony-anscombe/
The issue of whether to ban ransomware payments is a hotly debated topic in cybersecurity and policy circles. What are the implications of outlawing these payments, and would the ban be effective?
595
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign
https://thehackernews.com/2024/07/darkgate-malware-exploits-samba-file.html
Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections.
Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North
595
Australian Defence Force Private and Husband Charged with Espionage for Russia
https://thehackernews.com/2024/07/australian-defence-force-private-and.html
Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA.
This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media reports have identified them as Kira Korolev and Igor Korolev,
595
Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar
https://thehackernews.com/2024/07/ever-wonder-how-hackers-really-steal.html
In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability.
Most people don't realize their credentials have been compromised until the damage is done.
Imagine waking up to drained bank accounts, stolen identities, or a company's
595
Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments
https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes.
The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98.
"Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass
