TECHZONE™
Ir al canal en Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Mostrar más595
Suscriptores
Sin datos24 horas
-17 días
-1030 días
Archivo de publicaciones
595
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
https://thehackernews.com/2025/01/mirai-botnet-variant-exploits-four.html
A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.
The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.
595
FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance
https://thehackernews.com/2025/01/fcc-launches-cyber-trust-mark-for-iot.html
The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices.
"IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear
595
CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation
https://thehackernews.com/2025/01/cisa-flags-critical-flaws-in-mitel-and.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker
595
Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
https://thehackernews.com/2025/01/researchers-uncover-major-security-flaw.html
Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices.
"The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard
595
Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year
https://thehackernews.com/2025/01/farewell-to-fallen-cybersecurity-stars.html
It's time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to
595
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities
https://thehackernews.com/2025/01/new-eagerbee-variant-targets-isps-and.html
Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework.
The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution.
"The key
595
CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing
https://thehackernews.com/2025/01/cisa-no-wider-federal-impact-from.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said there are no indications that the cyber attack targeting the Treasury Department impacted other federal agencies.
The agency said it's working closely with the Treasury Department and BeyondTrust to get a better understanding of the breach and mitigate its impacts.
"The security of federal systems and the data they
595
Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers
https://thehackernews.com/2025/01/moxa-alerts-users-to-high-severity.html
Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution.
The list of vulnerabilities is as follows -
CVE-2024-9138 (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain
595
India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements
https://thehackernews.com/2025/01/india-proposes-digital-data-rules-with.html
The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation.
"Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released Sunday.
"Citizens are empowered with rights to demand data erasure,
595
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity.html
Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner.
This week, we dive into the hidden risks, surprising loopholes, and the clever tricks
595
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch
https://thehackernews.com/2025/01/from-22m-in-ransom-to-100m-stolen.html
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout
595
FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices
https://thehackernews.com/2025/01/firescam-android-malware-poses-as.html
An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices.
"Disguised as a fake 'Telegram Premium' app, it is distributed through a GitHub.io-hosted phishing site that impersonates RuStore – a popular app store in the Russian Federation,"
595
Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages
https://thehackernews.com/2025/01/russian-speaking-attackers-target.html
Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems.
"By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics,
595
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
https://thehackernews.com/2025/01/researchers-uncover-nuclei.html
A high-severity security flaw has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code.
Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0.
"The
595
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
https://thehackernews.com/2025/01/playfulghost-delivered-via-phishing-and.html
Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution.
The backdoor, according to Google's Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had its source
595
U.S. Treasury Sanctions Beijing Cybersecurity Firm for State-Backed Hacking Campaigns
https://thehackernews.com/2025/01/us-treasury-sanctions-beijing.html
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday issued sanctions against a Beijing-based cybersecurity company known as Integrity Technology Group, Incorporated for orchestrating several cyber attacks against U.S. victims.
These attacks have been publicly attributed to a Chinese state-sponsored threat actor tracked as Flax Typhoon (aka Ethereal Panda or
595
New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%
https://thehackernews.com/2025/01/new-ai-jailbreak-method-bad-likert.html
Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses.
The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit 42 researchers Yongzhe Huang, Yang Ji, Wenjun Hu, Jay Chen, Akshata Rao, and
595
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
https://thehackernews.com/2025/01/ldapnightmare-poc-exploit-crashes-lsass.html
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition.
The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (
595
Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption
https://thehackernews.com/2025/01/critical-deadline-update-old-net.html
Microsoft has announced that it's making an "unexpected change" to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure.
"We expect that most users will not be directly affected, however, it is critical that you validate if you are affected and to watch for downtime or other kinds of breakage," Richard Lander, a program
595
Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations
https://thehackernews.com/2025/01/apple-to-pay-siri-users-20-per-device.html
Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users' privacy using its voice-activated Siri assistant.
The development was first reported by Reuters.
The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the
¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
