en
Feedback
TECHZONE™

TECHZONE™

Open in Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Show more
594
Subscribers
No data24 hours
No data7 days
-630 days
Posts Archive
Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox https://thehackernews.com/2024/05/researchers-uncover-flaws-in-python.html A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If exploited, it could allow attackers to execute arbitrary code on your system,

Streamlining IT Security Compliance Using the Wazuh FIM Capability https://thehackernews.com/2024/05/streamlining-it-security-compliance.html File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of FIM for businesses to ensure the integrity of their data. IT security compliance involves adhering to

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses https://thehackernews.com/2024/05/windows-11-to-deprecate-ntlm-add-ai.html  Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. "Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024," the

NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning https://thehackernews.com/2024/05/nextgen-healthcare-mirth-connect-under.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2023-43208 (CVSS score: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit https://thehackernews.com/2024/05/linguistic-lumberjack-vulnerability.html Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution. The vulnerability, tracked as CVE-2024-4323, has been codenamed Linguistic Lumberjack by Tenable Research. It impacts versions from 2.0.7 through

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel https://thehackernews.com/2024/05/iranian-mois-linked-hackers-behind.html An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under the moniker Void Manticore, which is also known as Storm-0842 (formerly DEV-0842) by

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal https://thehackernews.com/2024/05/foxit-pdf-reader-flaw-exploited-by.html Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands," Check Point said in a technical report. "This exploit has been used by multiple

Defending Your Commits From Known CVEs With GitGuardian SCA And Git Hooks https://thehackernews.com/2024/05/defending-your-commits-from-known-cves.html All developers want to create secure and dependable software. They should feel proud to release their code with the full confidence they did not introduce any weaknesses or anti-patterns into their applications. Unfortunately, developers are not writing their own code for the most part these days. 96% of all software contains some open-source components, and open-source components make

Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware https://thehackernews.com/2024/05/cyber-criminals-exploit-github-and.html A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar, Lumma (aka LummaC2), and Octo by impersonating credible software like 1Password, Bartender 5, and Pixelmator Pro. "The presence of multiple malware variants suggests a broad cross-platform targeting

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns https://thehackernews.com/2024/05/latrodectus-malware-loader-emerges-as.html Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized JavaScript files that utilize WMI's ability to invoke msiexec.exe and install a remotely-hosted MSI

Chinese Nationals Arrested for Laundering $73 Million in Pig Butchering Crypto Scam https://thehackernews.com/2024/05/chinese-nationals-arrested-for.html The U.S. Department of Justice (DoJ) has charged two arrested Chinese nationals for allegedly orchestrating a pig butchering scam that laundered at least $73 million from victims through shell companies. The individuals, Daren Li, 41, and Yicheng Zhang, 38, were arrested in Atlanta and Los Angeles on April 12 and May 16, respectively. The foreign nationals have been "charged for leading a scheme

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide https://thehackernews.com/2024/05/grandoreiro-banking-trojan-resurfaces.html The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South

The who, where, and how of APT attacks – Week in security with Tony Anscombe https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-week-security-tony-anscombe/ This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking https://thehackernews.com/2024/05/kinsing-hacker-group-exploits-more.html The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which described the threat actor as actively orchestrating illicit cryptocurrency mining

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs https://thehackernews.com/2024/05/new-xm-cyber-research-80-of-exposures.html A new report from XM Cyber has found – among other insights - a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber

China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT https://thehackernews.com/2024/05/china-linked-hackers-adopt-two-stage.html Cybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year. "Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks https://thehackernews.com/2024/05/kimsuky-apt-deploying-linux-backdoor.html The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations. The backdoor, codenamed Gomir, is "structurally almost identical to GoBear, with extensive sharing of code between

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2014-100005 - A cross-site request forgery (CSRF) vulnerability impacting D-Link DIR-600 routers that allows an

New Wi-Fi Vulnerability Enables Network Eavesdropping via Downgrade Attacks https://thehackernews.com/2024/05/new-wi-fi-vulnerability-enabling.html Researchers have discovered a new security vulnerability stemming from a design flaw in the IEEE 802.11 Wi-Fi standard that tricks victims into connecting to a less secure wireless network and eavesdrop on their network traffic. The SSID Confusion attack, tracked as CVE-2023-52424, impacts all operating systems and Wi-Fi clients, including home and mesh networks that are based on

North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign https://thehackernews.com/2024/05/north-korean-hackers-exploit-facebook.html The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs fictitious Facebook accounts to targets via Messenger and ultimately delivers malware. "The threat actor created a Facebook account with a fake identity disguised as a public official working in the North Korean human rights field," South Korean cybersecurity company Genians