en
Feedback
TECHZONE™

TECHZONE™

Open in Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Show more
593
Subscribers
No data24 hours
-27 days
-830 days
Posts Archive
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa https://thehackernews.com/2023/12/iranian-hackers-using-muddyc2go-in-new.html The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under the name Seedworm, which is also tracked under the monikers Boggy Serpens, Cobalt

ESET Research Podcast: Neanderthals, Mammoths and Telekopye https://www.welivesecurity.com/en/podcasts/eset-research-podcast-neanderthals-mammoths-telekopye/ ESET researchers discuss the dynamics within and between various groups of scammers who use a Telegram bot called Telekopye to scam people on online marketplaces

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software https://thehackernews.com/2023/12/new-malvertising-campaign-distributing.html The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes' Jérôme Segura said. The malware family,

8220 Gang Exploiting Oracle WebLogic Server Vulnerability to Spread Malware https://thehackernews.com/2023/12/8220-gang-exploiting-oracle-weblogic.html The threat actors associated with the 8220 Gang have been observed exploiting a high-severity flaw in Oracle WebLogic Server to propagate their malware. The security shortcoming is CVE-2020-14883 (CVSS score: 7.2), a remote code execution bug that could be exploited by authenticated attackers to take over susceptible servers. "This vulnerability allows remote authenticated

Double-Extortion Play Ransomware Strikes 300 Organizations Worldwide https://thehackernews.com/2023/12/double-extortion-play-ransomware.html The threat actors behind the Play ransomware are estimated to have impacted approximately 300 entities as of October 2023, according to a new joint cybersecurity advisory from Australia and the U.S. "Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits https://thehackernews.com/2023/12/beware-experts-reveal-new-details-on.html Technical details have emerged about two now-patched security flaws in Microsoft Windows that could be chained by threat actors to achieve remote code execution on the Outlook email service sans any user interaction. "An attacker on the internet can chain the vulnerabilities together to create a full, zero-click remote code execution (RCE) exploit against Outlook clients," Akamai security

Top 7 Trends Shaping SaaS Security in 2024 https://thehackernews.com/2023/12/top-7-trends-shaping-saas-security-in.html Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud.  These applications contain a wealth of data, from minimally sensitive general

Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges https://thehackernews.com/2023/12/rhadamanthys-malware-swiss-army-knife.html The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of delivering "specific distributor needs," but also makes it more potent, Check Point said&

Four U.S. Nationals Charged in $80 Million Pig Butchering Crypto Scam https://thehackernews.com/2023/12/four-us-nationals-charged-in-80-million.html Four U.S. nationals have been charged for participating in an illicit scheme that earned them more than $80 million via cryptocurrency investment scams. The defendants – Lu Zhang, 36, of Alhambra, California; Justin Walker, 31, of Cypress, California; Joseph Wong, 32, Rosemead, California; and Hailong Zhu, 40, Naperville, Illinois – have been charged with conspiracy to commit money laundering,

Unmasking the Dark Side of Low-Code/No-Code Applications https://thehackernews.com/2023/12/unmasking-dark-side-of-low-codeno-code.html Low-code/no-code (LCNC) and robotic process automation (RPA) have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using platforms like Microsoft PowerApps, UiPath, ServiceNow, Mendix, and OutSystems? The simple truth is often swept under

QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry https://thehackernews.com/2023/12/qakbot-malware-resurfaces-with-new.html A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Microsoft, which made the discovery, described it as a low-volume campaign that began on December 11, 2023, and targeted the hospitality industry. "Targets

CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats https://thehackernews.com/2023/12/cisa-urges-manufacturers-eliminate.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations. In an alert published last week, the agency called out Iranian threat actors affiliated with

MongoDB Suffers Security Breach, Exposing Customer Data https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information. The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response

New iOS feature to thwart eavesdropping – Week in security with Tony Anscombe https://www.welivesecurity.com/en/videos/new-ios-feature-thwart-eavesdropping-week-security-tony-anscombe/ Your iPhone has just received a new feature called iMessage Contact Key Verification that is designed to help protect your messages from prying eyes

China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents https://thehackernews.com/2023/12/chinas-miit-introduces-color-coded.html China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensure timely and effective control, mitigation and elimination of hazards and losses caused

Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds https://thehackernews.com/2023/12/microsoft-warns-of-storm-0539-rising.html Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM

New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks https://thehackernews.com/2023/12/new-kv-botnet-targeting-cisco-draytek.html A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the malicious network is an amalgamation of two complementary activity

Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft https://thehackernews.com/2023/12/crypto-hardware-wallet-ledgers-supply.html Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishing attack, the company said in a statement. This allowed the attackers to gain

Bug or Feature? Hidden Web Application Vulnerabilities Uncovered https://thehackernews.com/2023/12/bug-or-feature-hidden-web-application.html Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and email clients saturating the internet

New Security Vulnerabilities Uncovered in pfSense Firewall Software - Patch Now https://thehackernews.com/2023/12/new-security-vulnerabilities-uncovered.html Multiple security vulnerabilities have been discovered in the open-source Netgate pfSense firewall solution called pfSense that could be chained by an attacker to execute arbitrary commands on susceptible appliances. The issues relate to two reflected cross-site scripting (XSS) bugs and one command injection flaw, according to new findings from Sonar. "Security inside a local network is often