TECHZONE™
Open in Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Show more595
Subscribers
No data24 hours
No data7 days
-930 days
Posts Archive
595
Webinar: How to Protect Your Company from GenAI Data Leakage Without Losing It’s Productivity Benefits
https://thehackernews.com/2024/09/webinar-how-to-protect-your-company.html
GenAI has become a table stakes tool for employees, due to the productivity gains and innovative capabilities it offers. Developers use it to write code, finance teams use it to analyze reports, and sales teams create customer emails and assets. Yet, these capabilities are exactly the ones that introduce serious security risks.
Register to our upcoming webinar to learn how to prevent GenAI data
595
Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free
https://thehackernews.com/2024/09/wing-security-saas-pulse-continuous.html
Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free!
Introducing SaaS Pulse: Free Continuous SaaS Risk Management
Just like waiting for a medical issue to become critical before seeing a doctor, organizations can’t afford to overlook the constantly
595
Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor
https://thehackernews.com/2024/09/progress-software-issues-patch-for.html
Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that could result in the execution of arbitrary operating system commands.
Tracked as CVE-2024-7591 (CVSS score: 10.0), the vulnerability has been described as an improper input validation bug that results in OS command injection.
"It is possible for unauthenticated, remote
595
New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys
https://thehackernews.com/2024/09/new-android-spyagent-malware-uses-ocr.html
Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent.
The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu said in an analysis, adding the targeting footprint has broadened in scope to include the U.K.
The campaign makes use
595
TIDRONE Espionage Group Targets Taiwan Drone Makers in Cyber Campaign
https://thehackernews.com/2024/09/tidrone-espionage-group-targets-taiwan.html
A previously undocumented threat actor with likely ties to Chinese-speaking groups has predominantly singled out drone manufacturers in Taiwan as part of a cyber attack campaign that commenced in 2024.
Trend Micro is tracking the adversary under the moniker TIDRONE, stating the activity is espionage-driven given the focus on military-related industry chains.
The exact initial access vector used
595
U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks
https://thehackernews.com/2024/09/us-offers-10-million-for-info-on.html
The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet Blizzard to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155).
"These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm
595
Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/bitcoin-atm-scams-skyrocket-week-security-tony-anscombe/
The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams
595
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams
https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html
Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation.
These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector.
"After an initial chat conversation, the attacker sent a ZIP file that contained
595
FBI Cracks Down on Dark Web Marketplace Managed by Russian and Kazakh Nationals
https://thehackernews.com/2024/09/fbi-cracks-down-on-dark-web-marketplace.html
Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketplace called WWH Club that specializes in the sale of sensitive personal and financial information.
Alex Khodyrev, a 35-year-old Kazakhstan national, and Pavel Kublitskii, a 37-year-old Russian national, have been charged with conspiracy to commit access device fraud and conspiracy to commit wire
595
ESET Research Podcast: HotPage
https://www.welivesecurity.com/en/podcasts/eset-research-podcast-hotpage/
ESET researchers discuss HotPage, a recently discovered adware armed with a highest-privilege, yet vulnerable, Microsoft-signed driver
595
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
https://thehackernews.com/2024/09/sonicwall-urges-users-to-patch-critical.html
SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible.
The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.
"An improper access control vulnerability has been identified in the SonicWall SonicOS management
595
GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware
https://thehackernews.com/2024/09/geoserver-vulnerability-targeted-by.html
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk.
The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances.
In
595
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
https://thehackernews.com/2024/09/github-actions-vulnerable-to.html
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages.
These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com).
Adversaries targeting open-source repositories across
595
The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2025
https://thehackernews.com/2024/09/the-state-of-virtual-ciso-report.html
The 2024 State of the vCISO Report continues Cynomi’s tradition of examining the growing popularity of virtual Chief Information Security Officer (vCISO) services. According to the independent survey, the demand for these services is increasing, with both providers and clients reaping the rewards. The upward trend is set to continue, with even faster growth expected in the future. However,
595
Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress
https://thehackernews.com/2024/09/critical-security-flaw-found-in.html
Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts.
The vulnerability, tracked as CVE-2024-44000 (CVSS score: 7.5), impacts versions before and including 6.4.1. It has been addressed in version 6.5.0.1.
"The plugin suffers from an
595
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
https://thehackernews.com/2024/09/apache-ofbiz-update-fixes-high-severity.html
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows.
The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16.
"An attacker with no valid
595
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity
https://thehackernews.com/2024/09/paul-durov-criticizes-outdated-laws.html
Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided.
"If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account.
"Using laws from the pre-smartphone era to charge a CEO with crimes committed
595
Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East
https://thehackernews.com/2024/09/chinese-speaking-hacker-group-targets.html
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023.
"Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky
595
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
https://thehackernews.com/2024/09/veeam-releases-security-updates-to-fix.html
Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution.
The list of shortcomings is below -
CVE-2024-40711 (CVSS score: 9.8) - A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.
CVE-2024-42024 (CVSS score: 9.1
595
The key considerations for cyber insurance: A pragmatic approach
https://www.welivesecurity.com/en/business-security/the-key-considerations-for-cyber-insurance-a-pragmatic-approach/
Would a more robust cybersecurity posture impact premium costs? Does the policy offer legal cover? These are some of the questions organizations should consider when reviewing their cyber insurance options
Available now! Telegram Research 2025 — the year's key insights 
