en
Feedback
TECHZONE™

TECHZONE™

Open in Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Show more
593
Subscribers
No data24 hours
-37 days
-730 days
Posts Archive
Google's New Tracking Protection in Chrome Blocks Third-Party Cookies https://thehackernews.com/2023/12/googles-new-tracking-protection-in.html Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy

New NKAbuse Malware Exploits NKN Blockchain Tech for DDoS Attacks https://thehackernews.com/2023/12/new-nkabuse-malware-exploits-nkn.html A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications channel. "The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities," Russian

OilRig’s persistent attacks using cloud service-powered downloaders https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/ ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications

116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems https://thehackernews.com/2023/12/116-malware-packages-found-on-pypi.html Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor. "In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both," ESET researchers Marc-Etienne M.Léveillé and Rene

New Pierogi++ Malware by Gaza Cyber Gang Targeting Palestinian Entities https://thehackernews.com/2023/12/new-pierogi-malware-by-gaza-cyber-gang.html A pro-Hamas threat actor known as Gaza Cyber Gang is targeting Palestinian entities using an updated version of a backdoor dubbed Pierogi. The findings come from SentinelOne, which has given the malware the name Pierogi++ owing to the fact that it's implemented in the C++ programming language unlike its Delphi- and Pascal-based predecessor. "Recent Gaza Cybergang activities show

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader

Reimagining Network Pentesting With Automation https://thehackernews.com/2023/12/reimagining-network-pentesting-with.html Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making.  This blog acts as a quick guide on network penetration testing, explaining what it is, debunking common myths and reimagining its role in

Russian SVR-Linked APT29 Targets JetBrains TeamCity Servers in Ongoing Attacks https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html Threat actors affiliated with the Russian Foreign Intelligence Service (SVR) have targeted unpatched JetBrains TeamCity servers in widespread attacks since September 2023. The activity has been tied to a nation-state group known as APT29, which is also tracked as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. It's notable for the supply chain

New Hacker Group 'GambleForce' Tageting APAC Firms Using SQL Injection Attacks https://thehackernews.com/2023/12/new-hacker-group-gambleforce-tageting.html A previously unknown hacker outfit called GambleForce has been attributed to a series of SQL injection attacks against companies primarily in the Asia-Pacific (APAC) region since at least September 2023. "GambleForce uses a set of basic yet very effective techniques, including SQL injections and the exploitation of vulnerable website content management systems (CMS) to steal sensitive

Microsoft Takes Legal Action to Crack Down on Storm-1152's Cybercrime Network https://thehackernews.com/2023/12/microsoft-takes-legal-action-to-crack.html Microsoft on Wednesday said it obtained a court order to seize infrastructure set up by a group called Storm-1152 that peddled roughly 750 million fraudulent Microsoft accounts and tools through a network of bogus websites and social media pages to other criminal actors, netting them millions of dollars in illicit revenue. "Fraudulent online accounts act as the gateway to a host of cybercrime,

Delivering trust with DNS security https://www.welivesecurity.com/en/business-security/delivering-trust-with-dns-security/ Can DNS protection technology transform consumers’ worries about cybercrime with a trust-based approach?

BazaCall Phishing Scammers Now Leveraging Google Forms for Deception https://thehackernews.com/2023/12/bazacall-phishing-scammers-now.html The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a report published today. BazaCall (aka BazarCall), which was first

Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities https://thehackernews.com/2023/12/google-using-clang-sanitizers-to.html Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of

How to Analyze Malware’s Network Traffic in A Sandbox https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it's crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you'll need to address them. Decrypting HTTPS traffic Hypertext Transfer Protocol Secure (HTTPS), the protocol for secure

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing https://thehackernews.com/2023/12/microsoft-warns-of-hackers-exploiting.html Microsoft has warned that adversaries are using OAuth applications as an automation tool to deploy virtual machines (VMs) for cryptocurrency mining and launch phishing attacks. "Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious activity," the Microsoft Threat Intelligence team said in an

Major Cyber Attack Paralyzes Kyivstar - Ukraine's Largest Telecom Operator https://thehackernews.com/2023/12/major-cyber-attack-paralyzes-kyivstar.html Ukraine's biggest telecom operator Kyivstar has become the victim of a cyber attack, disrupting customer access to mobile and internet services. "The cyberattack on Ukraine's #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with knock-on impacts reported to air raid alert network and banking sector as work continues

A pernicious potpourri of Python packages in PyPI https://www.welivesecurity.com/en/eset-research/pernicious-potpourri-python-packages-pypi/ The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository

Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical https://thehackernews.com/2023/12/microsofts-final-2023-patch-tuesday-33.html Microsoft released its final set of Patch Tuesday updates for 2023, closing out 33 flaws in its software, making it one of the lightest releases in recent years. Of the 33 shortcomings, four are rated Critical and 29 are rated Important in severity. The fixes are in addition to 18 flaws Microsoft addressed in its Chromium-based Edge browser since the release of Patch

iQOO 12 series launched in China Specs: • 144Hz Variable refresh rate • 3000nits peak brightness • USB 2.0 port • Snapdragon
iQOO 12 series launched in China Specs: • 144Hz Variable refresh rate • 3000nits peak brightness • USB 2.0 port • Snapdragon 8 Gen 3 SoC • LPDDR5X RAM; UFS 4.0 storage • Ultra-large VC vapor chamber • 11 temperature sensors • In-display fingerprint scanner • 50MP main (OV50H, OIS) • 50MP UltraWide • 64MP 3x telephoto(OV64B, OIS) • 100x digital zoom • Vivo V3 imaging chip • 16MP Front camera • IR Blaster; Hi-Fi Audio • Ultra-wide vibration motor • 3D dual speakers • 120W wired+ 50W wireless+ 10W Reverse charging Colors: White with BMW logo Black & Red in Leather-back iQOO 12 Pro: • 6.78" (3200x1440 px) Curved Samsung E7 LTPO AMOLED display • 1440Hz PWM dimming • IP68 rated • 5100mAh battery • 16GB+256GB= 4999 CNY (~685) • 16GB+512GB= 5499 CNY (~755) • 16GB+1TB= 5999 CNY (~825) iQOO 12: • 6.78" (2800×1260 px) 1.5K Flat LTPO AMOLED display • 2160Hz PWM dimming • IP64 rated • 5000mAh battery • 12GB+256GB= 3999 CNY (~550) • 16GB+512GB= 4299 CNY (~590) • 16GB+1TB= 4699 CNY (~645)

Unveiling the Cyber Threats to Healthcare: Beyond the Myths https://thehackernews.com/2023/12/unveiling-cyber-threats-to-healthcare.html Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum?  Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social