TECHZONE™
Ir al canal en Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Mostrar más593
Suscriptores
-124 horas
-27 días
-830 días
Archivo de publicaciones
593
DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking
https://thehackernews.com/2024/02/dirtymoe-malware-infects-2000-ukrainian.html
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe.
The agency attributed the campaign to a threat actor it calls UAC-0027.
DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March
593
Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents
https://thehackernews.com/2024/02/former-cia-engineer-sentenced-to-40.html
A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material.
Joshua Adam Schulte, 35, was originally charged in June 2018. He was found guilty in July 2022. On September 13, 2023, he was&
593
Cloudzy Elevates Cybersecurity: Integrating Insights from Recorded Future to Revolutionize Cloud Security
https://thehackernews.com/2024/02/cloudzy-elevates-cybersecurity.html
Cloudzy, a prominent cloud infrastructure provider, proudly announces a significant enhancement in its cybersecurity landscape. This breakthrough has been achieved through a recent consultation with Recorded Future, a leader in providing real-time threat intelligence and cybersecurity analytics. This initiative, coupled with an overhaul of Cloudzy's cybersecurity strategies, represents a major
593
INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs
https://thehackernews.com/2024/02/interpol-arrests-31-in-global-operation.html
An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs.
The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the "growth, escalation and professionalization of transnational cybercrime."
Involving 60 law
593
Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs
https://thehackernews.com/2024/02/cloudflare-breach-nation-state-hackers.html
Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code.
The intrusion, which took place between November 14 and 24, 2023, and detected on November 23, was carried out "with the goal of
593
FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network
https://thehackernews.com/2024/02/fritzfrog-returns-with-log4shell-and.html
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network.
"The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security
593
Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign
https://thehackernews.com/2024/02/exposed-docker-apis-under-attack-in.html
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat.
"The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today. "The attacker escapes this container and runs multiple payloads on the
593
U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers
https://thehackernews.com/2024/02/us-feds-shut-down-china-linked-kv.html
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign.
The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at
593
HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining
https://thehackernews.com/2024/02/headcrab-20-goes-fileless-targeting.html
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021.
The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and
593
Why the Right Metrics Matter When it Comes to Vulnerability Management
https://thehackernews.com/2024/02/why-right-metrics-matter-when-it-comes.html
How’s your vulnerability management program doing? Is it effective? A success? Let’s be honest, without the right metrics or analytics, how can you tell how well you’re doing, progressing, or if you’re getting ROI? If you’re not measuring, how do you know it’s working?
And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to
593
Warning: New Malware Emerges in Attacks Exploiting Ivanti VPN Vulnerabilities
https://thehackernews.com/2024/02/warning-new-malware-emerges-in-attacks.html
Google-owned Mandiant said it identified new malware employed by a China-nexus espionage threat actor known as UNC5221 and other threat groups during post-exploitation activity targeting Ivanti Connect Secure VPN and Policy Secure devices.
This includes custom web shells such as BUSHWALK, CHAINLINE, FRAMESTING, and a variant of LIGHTWIRE.
"CHAINLINE is a Python web shell backdoor that is
593
CISA Warns of Active Exploitation of Critical Vulnerability in iOS, iPadOS, and macOS
https://thehackernews.com/2024/02/cisa-warns-of-active-exploitation-of.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component.
"An attacker with
593
ESET Research Podcast: ChatGPT, the MOVEit hack, and Pandora
https://www.welivesecurity.com/en/eset-research/eset-research-podcast-chatgpt-moveit-hack-pandora/
An AI chatbot inadvertently kindles a cybercrime boom, ransomware bandits plunder organizations without deploying ransomware, and a new botnet enslaves Android TV boxes
593
RunC Flaws Enable Container Escapes, Granting Attackers Host Access
https://thehackernews.com/2024/02/runc-flaws-enable-container-escapes.html
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
"These container
593
Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
https://thehackernews.com/2024/01/alert-ivanti-discloses-2-new-zero-day.html
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild.
The list of vulnerabilities is as follows -
CVE-2024-21888 (CVSS score: 8.8) - A privilege escalation vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows
593
Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware
https://thehackernews.com/2024/01/telegram-marketplaces-fuel-phishing.html
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230.
"This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and
593
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
https://thehackernews.com/2024/01/italian-businesses-hit-by-weaponized.html
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy.
Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics.
"UNC4990 operations generally involve widespread USB infection followed by the deployment of the
593
The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity Rules
https://thehackernews.com/2024/01/the-sec-wont-let-cisos-be-understanding.html
The SEC isn’t giving SaaS a free pass. Applicable public companies, known as “registrants,” are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them.
The new cybersecurity mandates make no distinction between data exposed in a breach that was stored on-premise, in the
593
Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware
https://thehackernews.com/2024/01/chinese-hackers-exploiting-critical-vpn.html
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool.
The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused
593
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
https://thehackernews.com/2024/01/new-glibc-flaw-grants-attackers-root.html
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc).
Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have been accidentally
