en
Feedback
TECHZONE™

TECHZONE™

Open in Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Show more
594
Subscribers
No data24 hours
No data7 days
-630 days
Posts Archive
4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets https://thehackernews.com/2024/05/4-step-approach-to-mapping-and-securing.html You’re probably familiar with the term “critical assets”. These are the technology assets within your company's IT infrastructure that are essential to the functioning of your organization. If anything happens to these assets, such as application servers, databases, or privileged identities, the ramifications to your security posture can be severe.  But is every technology asset considered

Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique https://thehackernews.com/2024/05/researchers-warn-of-catddos-botnet-and.html The threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks. "CatDDoS-related gangs' samples have used a large number of known vulnerabilities to deliver samples," the QiAnXin XLab team 

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites https://thehackernews.com/2024/05/wordpress-plugin-exploited-to-steal.html Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called Dessky Snippets, which allows users to add custom PHP code. It has over 200 active installations.

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks https://thehackernews.com/2024/05/tp-link-gaming-router-vulnerability.html A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests. The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has&nbsp

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud https://thehackernews.com/2024/05/moroccan-cybercrime-group-steals-up-to.html Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the company said in its latest Cyber Signals report. "We've seen some examples where

Report: The Dark Side of Phishing Protection https://thehackernews.com/2024/05/report-dark-side-of-phishing-protection.html The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector. A new report by LayerX explores the state of

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI https://thehackernews.com/2024/05/new-tricks-in-phishing-playbook.html Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle (AitM) phishing, "uses Cloudflare Workers to act as a reverse proxy server for a

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets https://thehackernews.com/2024/05/pakistan-linked-hackers-deploy-python.html The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to persist," the BlackBerry Research and Intelligence Team said in a technical report

Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data https://thehackernews.com/2024/05/experts-find-flaw-in-replicate-ai.html Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed unauthorized access to the AI prompts and results of all Replicate's platform customers,"

Mandatory reporting for ransomware attacks? – Week in security with Tony Anscombe https://www.welivesecurity.com/en/videos/mandatory-reporting-ransomware-attacks-week-security-tony-anscombe/ As the UK mulls new rules for ransomware disclosure, what would be the wider implications of such a move, how would cyber-insurance come into play, and how might cybercriminals respond?

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack https://thehackernews.com/2024/05/hackers-created-rogue-vms-to-evade.html The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure (ICS) involved the actor creating rogue virtual machines (VMs) within its VMware environment. "The adversary created their own rogue VMs within the VMware environment, leveraging compromised vCenter Server access," MITRE

Fake Antivirus Websites Deliver Malware to Android and Windows Devices https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. "Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices

How Do Hackers Blend In So Well? Learn Their Tricks in This Expert Webinar https://thehackernews.com/2024/05/how-do-hackers-blend-in-so-well-learn.html Don't be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they're getting smarter every day. Join our FREE webinar "Navigating the SMB Threat Landscape: Key Insights from Huntress' Threat Report," in which Jamie Levy — Director of Adversary Tactics at Huntress, a renowned

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed? https://thehackernews.com/2024/05/devops-dilemma-how-can-cisos-regain.html Introduction The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over cloud security in the accelerating world of DevOps.

Google Detects 4th Chrome Zero-Day in May Actively Under Attack - Update ASAP https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.html Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of

Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack https://thehackernews.com/2024/05/courtroom-software-backdoored-to.html Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known backdoor called RustDoor. The software supply chain attack, tracked as CVE-2024-4978, impacts JAVS Viewer v8.3.7, a component of the JAVS Suite 8 that allows users to create, manage, publish,

Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies https://thehackernews.com/2024/05/japanese-experts-warn-of-bloodalchemy.html Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad. "The origin of BLOODALCHEMY and Deed RAT is ShadowPad and given the history of ShadowPad being utilized in numerous APT

Introducing Nimfilt: A reverse-engineering tool for Nim-compiled binaries https://www.welivesecurity.com/en/eset-research/introducing-nimfilt-reverse-engineering-tool-nim-compiled-binaries/ Available as both an IDA plugin and a Python script, Nimfilt helps to reverse engineer binaries compiled with the Nim programming language compiler by demangling package and function names, and applying structs to strings

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern https://thehackernews.com/2024/05/ransomware-attacks-exploit-vmware-esxi.html Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,"

CISA Warns of Actively Exploited Apache Flink Security Vulnerability https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-apache.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that