ru
Feedback
TECHZONE™

TECHZONE™

Открыть в Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Больше
593
Подписчики
Нет данных24 часа
-27 дней
-830 день
Архив постов
Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners https://thehackernews.com/2024/01/beware-3-malicious-pypi-packages-found.html Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a cryptocurrency miner on affected Linux devices. The three harmful packages, named modularseven, driftme, and catme, attracted a total of 431 downloads over the past month before they were taken down. “These packages, upon initial use, deploy a CoinMiner

UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT https://thehackernews.com/2024/01/uac-0050-group-using-new-phishing.html The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthick Kumar and Shilpesh Trivedi said in

Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack https://thehackernews.com/2024/01/mandiants-twitter-account-restored.html American cybersecurity firm and Google Cloud subsidiary Mandiant had its X (formerly Twitter) account compromised for more than six hours by an unknown attacker to propagate a cryptocurrency scam. As of writing, the account has been restored on the social media platform. It's currently not clear how the account was breached. But the hacked Mandiant account was initially renamed to "@

Say what you will? Your favorite speech-to-text app may be a privacy risk https://www.welivesecurity.com/en/privacy/favorite-speech-to-text-app-privacy-risk/ Typing with your voice? It should go without saying that you need to take some precautions and avoid spilling your secrets.

Malware Using Google MultiLogin Exploit to Maintain Access Despite Password Reset https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html Information stealing malware are actively taking advantage of an undocumented Google OAuth endpoint named MultiLogin to hijack user sessions and allow continuous access to Google services even after a password reset. According to CloudSEK, the critical exploit facilitates session persistence and cookie generation, enabling threat actors to maintain access to a valid session in an

5 Ways to Reduce SaaS Security Risks https://thehackernews.com/2024/01/5-ways-to-reduce-saas-security-risks.html As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails https://thehackernews.com/2024/01/smtp-smuggling-new-threat-enables.html A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks," Timo Longin, a senior security

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation https://thehackernews.com/2024/01/doj-slams-xcast-with-10-million-fine.html The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR). In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures,

The Definitive Enterprise Browser Buyer's Guide https://thehackernews.com/2024/01/the-definitive-enterprise-browser.html Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,

Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' https://thehackernews.com/2024/01/google-settles-5-billion-privacy.html Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers. The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed. The plaintiffs had

New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach "leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security https://thehackernews.com/2024/01/new-terrapin-flaw-could-let-attackers.html Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the "first ever practically exploitable prefix

New JinxLoader Targeting Users with Formbook and XLoader Malware https://thehackernews.com/2024/01/new-jinxloader-targeting-users-with.html A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks. "The

Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks https://thehackernews.com/2023/12/beware-scam-as-service-aiding.html Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu,

Albanian Parliament and One Albania Telecom Hit by Cyber Attacks https://thehackernews.com/2023/12/albanian-parliament-and-one-albania.html The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. “These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said. One Albania, which has

CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK https://thehackernews.com/2023/12/cert-ua-uncovers-new-malware-wave.html The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25, 2023, targets government entities

Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks https://thehackernews.com/2023/12/kimsuky-hackers-deploying-appleseed.html Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky. “A notable point about attacks that

A year in review: 10 of the biggest security incidents of 2023 https://www.welivesecurity.com/en/cybersecurity/year-review-10-biggest-security-incidents-2023/ As we draw the curtain on another eventful year in cybersecurity, let’s review some of the high-profile cyber-incidents that occurred in 2023

Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks https://thehackernews.com/2023/12/microsoft-disables-msix-app-installer.html Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service https://thehackernews.com/2023/12/google-cloud-resolves-privilege.html Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to