TECHZONE™
Ir al canal en Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Mostrar más593
Suscriptores
-124 horas
-27 días
-830 días
Archivo de publicaciones
593
Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers
https://thehackernews.com/2024/03/critical-jetbrains-teamcity-on-premises.html
A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.
The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.
“The
593
How Cybercriminals are Exploiting India's UPI for Money Laundering Operations
https://thehackernews.com/2024/03/how-cybercriminals-are-exploiting.html
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme.
The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha, Abhishek Mathew, and Santripti Bhujel said in a report.
Details about the scam
593
From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market Companies
https://thehackernews.com/2024/03/from-500-to-5000-employees-securing-3rd.html
A company’s lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either experiencing or have experienced rapid growth. As requirements and tasks continue to accumulate and malicious actors remain active around the clock, budgets are often stagnant at best. Yet, it is crucial
593
Over 100 Malicious AI/ML Models Found on Hugging Face Platform
https://thehackernews.com/2024/03/over-100-malicious-aiml-models-found-on.html
As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform.
These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said.
"The model's payload grants the attacker a shell on the compromised machine, enabling them to gain full control over victims'
593
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
https://thehackernews.com/2024/03/phobos-ransomware-aggressively.html
U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the threat actors have adopted to deploy the file-encrypting malware.
“Structured as a ransomware as a service (RaaS) model, Phobos ransomware actors have targeted entities including municipal and
593
U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp
https://thehackernews.com/2024/03/us-court-orders-nso-group-to-hand-over.html
A U.S. judge has ordered NSO Group to hand over its source code for Pegasus and other products to Meta as part of the social media giant's ongoing litigation against the Israeli spyware vendor.
The decision, which marks a major legal victory for Meta, which filed the lawsuit in October 2019 for using its infrastructure to distribute the spyware to approximately
593
U.S. Charges Iranian Hacker, Offers $10 Million Reward for Capture
https://thehackernews.com/2024/03/us-charges-iranian-hacker-offers-10.html
The U.S. Department of Justice (DoJ) on Friday unsealed an indictment against an Iranian national for his alleged involvement in a multi-year cyber-enabled campaign designed to compromise U.S. governmental and private entities.
More than a dozen entities are said to have been targeted, including the U.S. Departments of the Treasury and State, defense contractors that support U.S. Department of
593
Deceptive AI content and 2024 elections – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/deceptive-ai-content-2024-elections-week-security-tony-anscombe/
As the specter of AI-generated disinformation looms large, tech giants vow to crack down on fabricated content that could sway voters and disrupt elections taking place around the world this year
593
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users
https://thehackernews.com/2024/03/new-phishing-kit-leverages-sms-voice.html
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices.
“This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing usernames, passwords, password reset URLs,
593
4 Instructive Postmortems on Data Downtime and Loss
https://thehackernews.com/2024/03/4-instructive-postmortems-on-data.html
More than a decade ago, the concept of the ‘blameless’ postmortem changed how tech companies recognize failures at scale.
John Allspaw, who coined the term during his tenure at Etsy, argued postmortems were all about controlling our natural reaction to an incident, which is to point fingers: “One option is to assume the single cause is incompetence and scream at engineers to make them
593
New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion
https://thehackernews.com/2024/03/new-bifrose-linux-malware-variant-using.html
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware.
"This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said.
BIFROSE is one of the long-standing
593
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities
https://thehackernews.com/2024/03/five-eyes-agencies-warn-of-active.html
The Five Eyes (FVEY) intelligence alliance has issued a new cybersecurity advisory warning of cyber threat actors exploiting known security flaws in Ivanti Connect Secure and Ivanti Policy Secure gateways, noting that the Integrity Checker Tool (ICT) can be deceived to provide a false sense of security.
"Ivanti ICT is not sufficient to detect compromise and that a cyber threat actor may be able
593
Blue Team toolkit: 6 open-source tools to assess and enhance corporate defenses
https://www.welivesecurity.com/en/business-security/blue-team-toolkit-6-open-source-tools-corporate-defenses/
Here’s how the blue team wards off red teamers and a few open-source tools it may leverage to identify chinks in the corporate armor
593
GitHub Rolls Out Default Secret Scanning Push Protection for Public Repositories
https://thehackernews.com/2024/03/github-rolls-out-default-secret.html
GitHub on Thursday announced that it’s enabling secret scanning push protection by default for all pushes to public repositories.
“This means that when a supported secret is detected in any push to a public repository, you will have the option to remove the secret from your commits or, if you deem the secret safe, bypass the block,” Eric Tooley and Courtney Claessens said.
Push protection&
593
New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems
https://thehackernews.com/2024/02/new-silver-saml-attack-evades-golden.html
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks.
Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce,” Semperis
593
GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks
https://thehackernews.com/2024/02/gtpdoor-linux-malware-targets-telecoms.html
Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX)
The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications.
GPRS roaming allows subscribers to access their GPRS services while they are
593
Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks
https://thehackernews.com/2024/02/lazarus-hackers-exploited-windows.html
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts.
The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part
593
How to Prioritize Cybersecurity Spending: A Risk-Based Strategy for the Highest ROI
https://thehackernews.com/2024/02/why-risk-based-approach-to.html
As an IT leader, staying on top of the latest cybersecurity developments is essential to keeping your organization safe. But with threats coming from all around — and hackers dreaming up new exploits every day — how do you create proactive, agile cybersecurity strategies? And what cybersecurity approach gives you the most bang for your buck, mitigating your risks and maximizing the value of your
593
Vulnerabilities in business VPNs under the spotlight
https://www.welivesecurity.com/en/business-security/vulnerabilities-business-vpns-spotlight/
As adversaries increasingly set their sights on vulnerable enterprise VPN software to infiltrate corporate networks, concerns mount about VPNs themselves being a source of cyber risk
593
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events
https://thehackernews.com/2024/02/new-backdoor-targeting-european.html
A previously undocumented threat actor dubbed SPIKEDWINE has been observed targeting officials in European countries with Indian diplomatic missions using a new backdoor called WINELOADER.
The adversary, according to a report from Zscaler ThreatLabz, used a PDF file in emails that purported to come from the Ambassador of India, inviting diplomatic staff to a wine-tasting
