ru
Feedback
TECHZONE™

TECHZONE™

Открыть в Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Больше
593
Подписчики
Нет данных24 часа
-27 дней
-830 день
Архив постов
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines https://thehackernews.com/2024/01/malicious-pypi-packages-slip-whitesnake.html Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. They have been uploaded by a threat actor named "WS." "These

Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe https://www.welivesecurity.com/en/videos/blackwood-software-updates-nspx30-week-security-tony-anscombe/ The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks https://thehackernews.com/2024/01/allakore-rat-malware-targeting-mexican.html Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active since at least 2021. "Lures use Mexican Social

Assessing and mitigating supply chain cybersecurity risks https://www.welivesecurity.com/en/business-security/assessing-mitigating-cybersecurity-risks-supply-chain/ Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management

Perfecting the Defense-in-Depth Strategy with Automation https://thehackernews.com/2024/01/perfecting-defense-in-depth-strategy.html Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps https://thehackernews.com/2024/01/malicious-ads-on-google-target-chinese.html Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura said in a

Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs https://thehackernews.com/2024/01/microsoft-warns-of-widening-apt29.html Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them. The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew

Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree https://thehackernews.com/2024/01/russian-trickbot-mastermind-gets-5-year.html 40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud. "

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems https://thehackernews.com/2024/01/critical-cisco-flaw-lets-hackers.html Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks https://thehackernews.com/2024/01/systembc-malwares-c2-server-analysis.html Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an analysis published last week. The risk and

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP! https://thehackernews.com/2024/01/critical-jenkins-vulnerability-exposes.html The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the

Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024 https://thehackernews.com/2024/01/cyber-threat-landscape-7-key-findings.html The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview

China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.html A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30. Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It's said to be active since at least 2018. The NSPX30

New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits https://thehackernews.com/2024/01/new-cherryloader-malware-mimics.html A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation. Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader's icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach https://thehackernews.com/2024/01/tech-giant-hp-enterprise-hacked-by.html Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data. "The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,"

NSPX30: A sophisticated AitM-enabled implant evolving since 2005 https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/ ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood

Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters https://thehackernews.com/2024/01/google-kubernetes-misconfig-lets-any.html Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster. The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector. In

What is Nudge Security and How Does it Work? https://thehackernews.com/2024/01/what-is-nudge-security-and-how-does-it.html In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance. Nudge Security is the world’s first and only solution to address

Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption https://thehackernews.com/2024/01/kasseika-ransomware-using-byovd-trick.html The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood. The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend

The Unknown Risks of The Software Supply Chain: A Deep-Dive https://thehackernews.com/2024/01/the-unknown-risks-of-software-supply.html In a world where more & more organizations are adopting open-source components as foundational blocks in their application's infrastructure, it's difficult to consider traditional SCAs as complete protection mechanisms against open-source threats. Using open-source libraries saves tons of coding and debugging time, and by that - shortens the time to deliver our applications. But, as