TECHZONE™
Ir al canal en Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Mostrar más595
Suscriptores
Sin datos24 horas
Sin datos7 días
-1030 días
Archivo de publicaciones
595
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
https://thehackernews.com/2024/11/bitfinex-hacker-sentenced-to-5-years.html
Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday.
Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange.
595
CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed
https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild.
To that end, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates
595
ESET APT Activity Report Q2 2024–Q3 2024: Key findings
https://www.welivesecurity.com/en/videos/eset-apt-activity-report-q2-2024-q3-2024-key-findings/
ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report
595
Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme
https://thehackernews.com/2024/11/experts-uncover-70000-hijacked-domains.html
Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years.
The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently
595
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
https://thehackernews.com/2024/11/google-warns-of-rising-cloaking-scams.html
Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites.
"Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said.
"The landing
595
5 BCDR Oversights That Leave You Exposed to Ransomware
https://thehackernews.com/2024/11/5-bcdr-oversights-that-leave-you-exposed-to-ransomware.html
Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent
595
ESET Research Podcast: Gamaredon
https://www.welivesecurity.com/en/podcasts/eset-research-podcast-gamaredon/
ESET researchers introduce the Gamaredon APT group, detailing its typical modus operandi, unique victim profile, vast collection of tools and social engineering tactics, and even its estimated geolocation
595
TikTok Pixel Privacy Nightmare: A New Case Study
https://thehackernews.com/2024/11/tiktok-pixel-privacy-nightmare-new-case.html
Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But one online travel marketplace targeting young holidaymakers with ads on the popular video-sharing platform broke GDPR rules when a third-party partner misconfigured
595
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
https://thehackernews.com/2024/11/new-rustyattr-malware-targets-macos.html
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr.
The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing infrastructure and tactical overlaps observed in connection with prior campaigns, including
595
Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html
A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this
595
Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
https://thehackernews.com/2024/11/hamas-affiliated-wirte-employs-samecoin.html
A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities.
The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis.
"The [Israel-Hamas] conflict has not disrupted the WIRTE's
595
Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
https://thehackernews.com/2024/11/free-decryptor-released-for-bitlocker.html
Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware.
The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted
595
Comprehensive Guide to Building a Strong Browser Security Program
https://thehackernews.com/2024/11/comprehensive-guide-to-building-strong.html
The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that
595
OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution
https://thehackernews.com/2024/11/ovrc-platform-vulnerabilities-expose.html
A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices.
"Attackers successfully exploiting these vulnerabilities can access, control, and disrupt devices supported by OvrC; some of those include smart electrical power supplies, cameras, routers, home automation systems, and
595
Beats by bot: The AI remix revolution
https://www.welivesecurity.com/en/we-live-progress/beats-bot-ai-remix-revolution/
Artificial intelligence is reshaping the music landscape, turning listeners into creators and sparking new debates over creativity, copyright, and the future of sound
595
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs
https://thehackernews.com/2024/11/microsoft-fixes-90-new-vulnerabilities.html
Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild.
The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in
595
Beyond the checkbox: Demystifying cybersecurity compliance
https://www.welivesecurity.com/en/business-security/beyond-checkbox-demystifying-cybersecurity-compliance/
In an era of escalating digital threats, cybersecurity compliance goes beyond ticking a legal box – it’s a crucial shield safeguarding assets, reputation, and the very survival of your business
595
Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks
https://thehackernews.com/2024/11/iranian-hackers-use-dream-job-lures-to.html
The Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group's playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023.
"The campaign distributed the SnailResin malware, which activates the SlugResin backdoor," Israeli cybersecurity company ClearSky said
595
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html
Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE)
The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the
595
New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns
https://thehackernews.com/2024/11/new-phishing-tool-goissue-targets.html
Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.
The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub
¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
