TECHZONE™
رفتن به کانال در Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
نمایش بیشتر594
مشترکین
اطلاعاتی وجود ندارد24 ساعت
اطلاعاتی وجود ندارد7 روز
-630 روز
آرشیو پست ها
594
How Attackers Can Own a Business Without Touching the Endpoint
https://thehackernews.com/2024/04/showcasing-networkless-identity-attacks.html
Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.
Before getting into the details of the attack techniques being used, let’s discuss why
594
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers
https://thehackernews.com/2024/04/akira-ransomware-gang-extorts-42.html
Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024.
"Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S.,
594
Hackers Target Middle East Governments with Evasive "CR4T" Backdoor
https://thehackernews.com/2024/04/hackers-target-middle-east-governments.html
Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T.
Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been codenamed
594
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
https://thehackernews.com/2024/04/offlrouter-malware-evades-detection-in.html
Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015.
Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform.
"The documents contained VBA code to drop and run an executable with the name 'ctrlpanel.exe,'"
594
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor
https://thehackernews.com/2024/04/fin7-cybercrime-group-targeting-us-auto.html
The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak).
"FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights," the BlackBerry research and intelligence team said in a new write-up.
"They
594
Recover from Ransomware in 5 Minutes—We will Teach You How!
https://thehackernews.com/2024/04/recover-from-ransomware-in-5-minuteswe.html
Super Low RPO with Continuous Data Protection:Dial Back to Just Seconds Before an Attack
Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use
594
How to Conduct Advanced Static Analysis in a Malware Sandbox
https://thehackernews.com/2024/04/how-to-conduct-advanced-static-analysis.html
Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations.
Detecting Threats in PDFs
PDF files are frequently exploited by threat actors to
594
New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks
https://thehackernews.com/2024/04/new-android-trojan-soumnibot-evades.html
A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure.
The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis.
594
Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide
https://thehackernews.com/2024/04/global-police-operation-disrupts.html
As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world.
Described as one of the largest Phishing-as-a-Service (PhaaS) providers, LabHost offered phishing pages targeting banks, high-profile organizations, and other service
594
Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
https://thehackernews.com/2024/04/hackers-exploit-openmetadata-flaws-to.html
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity.
That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024.
OpenMetadata is an open-source platform that operates as a
594
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor
https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html
A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell.
"The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby
594
Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks
https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html
A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022.
The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka APT44 or
594
GenAI: A New Headache for SaaS Security Teams
https://thehackernews.com/2024/04/genai-new-headache-for-saas-security.html
The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI.
Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing,
594
Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware
https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html
Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware.
The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account.
Armed with this access, a
594
Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign
https://thehackernews.com/2024/04/hackers-exploit-fortinet-flaw-deploy.html
Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads.
The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or
594
Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services
https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html
Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024.
"These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said.
Successful attacks could
594
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
https://thehackernews.com/2024/04/openjs-foundation-targeted-in-potential.html
Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project.
"The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails," OpenJS
594
TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks
https://thehackernews.com/2024/04/ta558-hackers-weaponize-images-for-wide.html
The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others.
"The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside
594
AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs
https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html
New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations.
The vulnerability has been codenamed LeakyCLI by cloud security firm Orca.
"Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in
594
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
https://thehackernews.com/2024/04/widely-used-putty-ssh-client-found.html
The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.
The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus
