es
Feedback
TECHZONE™

TECHZONE™

Ir al canal en Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Mostrar más
593
Suscriptores
Sin datos24 horas
-27 días
-830 días
Archivo de publicaciones
Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy https://thehackernews.com/2024/01/unifying-security-tech-beyond-stack.html Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, “only 59% of organizations say their cybersecurity strategy has changed over the past two years.” This stagnation in strategy adaptation can be traced back to several key issues. Talent Retention Challenges: The cybersecurity field is rapidly advancing, requiring a

Webinar – Leverage Zero Trust Security to Minimize Your Attack Surface https://thehackernews.com/2024/01/webinar-leverage-zero-trust-security-to.html Digital expansion inevitably increases the external attack surface, making you susceptible to cyberthreats. Threat actors increasingly exploit the vulnerabilities stemming from software and infrastructure exposed to the internet; this ironically includes security tools, particularly firewalls and VPNs, which give attackers direct network access to execute their attacks. In fact, Gartner&

NIST Warns of Security and Privacy Risks from Rapid AI System Deployment https://thehackernews.com/2024/01/nist-warns-of-security-and-privacy.html The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI) systems in recent years. “These security and privacy challenges include the potential for adversarial manipulation of training data, adversarial exploitation of model vulnerabilities to

DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud https://thehackernews.com/2024/01/doj-charges-19-worldwide-in-68-million.html The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace, which is estimated to have facilitated more than $68 million in fraud. In wrapping up its investigation into the dark web portal, the agency said the transnational operation was the result of close cooperation with law enforcement authorities from Belgium

North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 https://thehackernews.com/2024/01/north-koreas-cyber-heist-dprk-hackers.html Threat actors affiliated with the Democratic People's Republic of Korea (also known as North Korea) have plundered at least $600 million in cryptocurrency in 2023. The DPRK "was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850 million haul in 2022," blockchain analytics firm TRM Labs said last week. "Hacks

Cracking the 2023 SANS Holiday Hack Challenge https://www.welivesecurity.com/en/cybersecurity/cracking-2023-sans-holiday-hack-challenge/ From ChatNPT to Game Boys and space apps, this year’s challenge took us to the Geese Islands for another rollicking romp of fun

Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies https://thehackernews.com/2024/01/sea-turtle-cyber-espionage-campaign.html Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle. "The infrastructure of the targets was susceptible to supply chain and island-hopping attacks, which the attack group

Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware https://thehackernews.com/2024/01/pro-iranian-hacker-group-targeting.html The recent wave of cyber attacks targeting Albanian organizations involved the use of a wiper called No-Justice. The findings come from cybersecurity company ClearSky, which said the Windows-based malware "crashes the operating system in a way that it cannot be rebooted." The intrusions have been attributed to an Iranian "psychological operation group" called Homeland

Cybersecurity trends and challenges to watch out for in 2024 – Week in security with Tony Anscombe https://www.welivesecurity.com/en/videos/cybersecurity-trends-challenges-watch-out-for-2024/ What are some of the key cybersecurity trends that people and organizations should have on their radars this year?

SpectralBlur: New macOS Backdoor Threat from North Korean Hackers https://thehackernews.com/2024/01/spectralblur-new-macos-backdoor-threat.html Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors. “SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [

Exposed Secrets are Everywhere. Here's How to Tackle Them https://thehackernews.com/2024/01/exposed-secrets-are-everywhere-heres.html Picture this: you stumble upon a concealed secret within your company's source code. Instantly, a wave of panic hits as you grasp the possible consequences. This one hidden secret has the power to pave the way for unauthorized entry, data breaches, and a damaged reputation. Understanding the secret is just the beginning; swift and resolute action becomes imperative. However, lacking the

Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware https://thehackernews.com/2024/01/orange-spain-faces-bgp-traffic-hijack.html Mobile network operator Orange Spain suffered an internet outage for several hours on January 3 after a threat actor used administrator credentials captured by means of stealer malware to hijack the border gateway protocol (BGP) traffic. "The Orange account in the IP network coordination center (RIPE) has suffered improper access that has affected the browsing of some of our customers," the

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution https://thehackernews.com/2024/01/alert-ivanti-releases-patch-for.html Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an

Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May 2023. The development was first reported by Reuters. The incident, described as a "powerful hacker attack," first came to light last month, knocking out access to mobile and internet services

New Bandook RAT Variant Resurfaces, Targeting Windows Machines https://thehackernews.com/2024/01/new-bandook-rat-variant-resurfaces.html A new variant of remote access trojan called Bandook has been observed being propagated via phishing attacks with an aim to infiltrate Windows machines, underscoring the continuous evolution of the malware. Fortinet FortiGuard Labs, which identified the activity in October 2023, said the malware is distributed via a PDF file that embeds a link to a password-protected .7z archive. “

Lost and found: How to locate your missing devices and more https://www.welivesecurity.com/en/how-to/lost-found-locate-missing-devices-more/ Losing your keys, your wallet – or anything else, really – can be a pain, but there is a wide world of trackers that can help you locate your missing things – with awesome accuracy

Three Ways To Supercharge Your Software Supply Chain Security https://thehackernews.com/2024/01/three-ways-to-supercharge-your-software.html Section four of the "Executive Order on Improving the Nation’s Cybersecurity" introduced a lot of people in tech to the concept of a “Software Supply Chain” and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and

Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners https://thehackernews.com/2024/01/beware-3-malicious-pypi-packages-found.html Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down. “These packages, upon initial use, deploy a CoinMiner

UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthick Kumar and Shilpesh Trivedi said in

Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It's currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@