TECHZONE™
Открыть в Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Больше595
Подписчики
-124 часа
Нет данных7 дней
-930 день
Архив постов
595
U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation
https://thehackernews.com/2024/07/us-seizes-domains-used-by-ai-powered.html
The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale.
"The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the
595
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
https://thehackernews.com/2024/07/palo-alto-networks-patches-critical.html
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass.
Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover.
"Missing authentication
595
60 New Malicious Packages Uncovered in NuGet Supply Chain Attack
https://thehackernews.com/2024/07/60-new-malicious-packages-uncovered-in.html
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection.
The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply
595
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk
https://thehackernews.com/2024/07/chinese-apt41-upgrades-malware-arsenal.html
The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk.
The new variant of StealthVector – which is also referred to as DUSTPAN – has been codenamed DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in
595
Streamlined Security Solutions: PAM for Small to Medium-sized Businesses
https://thehackernews.com/2024/07/streamlined-security-solutions-pam-for.html
Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit
595
New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign
https://thehackernews.com/2024/07/new-poco-rat-targets-spanish-speaking.html
Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024.
The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense.
"The majority of the custom code in the malware appears to be focused on anti-analysis,
595
Understanding IoT security risks and how to mitigate them | Cybersecurity podcast
https://www.welivesecurity.com/en/videos/understanding-iot-security-risks-mitigate-cybersecurity-podcast/
As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?
595
PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
https://thehackernews.com/2024/07/php-vulnerability-exploited-to-spread.html
Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets.
The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It
595
GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs
https://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html
GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user.
Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0.
"An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to
595
New Ransomware Group Exploiting Veeam Backup Software Vulnerability
https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html
A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware.
Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5) to carry out the malicious activities.
Initial access to the target
595
Smash-and-Grab Extortion
https://thehackernews.com/2024/07/smash-and-grab-extortion.html
The Problem
The “2024 Attack Intelligence Report” from the staff at Rapid7 [1] is a well-researched, well-written report that is worthy of careful study. Some key takeaways are:
53% of the over 30 new vulnerabilities that were widely exploited in 2023 and at the start of 2024 were zero-days.
More mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities.
595
Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited
https://thehackernews.com/2024/07/microsofts-july-update-patches-143.html
Microsoft has released patches to address a total of 143 security flaws as part of its monthly security updates, two of which have come under active exploitation in the wild.
Five out of the 143 flaws are rated Critical, 136 are rated Important, and four are rated Moderate in severity. The fixes are in addition to 33 vulnerabilities that have been addressed in the Chromium-based Edge browser
595
True Protection or False Promise? The Ultimate ITDR Shortlisting Guide
https://thehackernews.com/2024/07/true-protection-or-false-promise.html
It’s the age of identity security. The explosion of driven ransomware attacks has made CISOs and security teams realize that identity protection lags 20 years behind their endpoints and networks. This realization is mainly due to the transformation of lateral movement from fine art, found in APT and top cybercrime groups only, to a commodity skill used in almost every ransomware attack. The
595
Google Adds Passkeys to Advanced Protection Program for High-Risk Users
https://thehackernews.com/2024/07/google-adds-passkeys-to-advanced.html
Google on Wednesday announced that it's making available passkeys for high-risk users to enroll in its Advanced Protection Program (APP).
"Users traditionally needed a physical security key for APP — now they can choose a passkey to secure their account," Shuvo Chatterjee, product lead of APP, said.
Passkeys are considered a more secure and phishing-resistant alternative to passwords. Based on
595
HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia
https://thehackernews.com/2024/07/crypto-analysts-expose-huione.html
Cryptocurrency analysts have shed light on an online marketplace called HuiOne Guarantee that's widely used by cybercriminals in Southeast Asia, particularly those linked to pig butchering scams.
"Merchants on the platform offer technology, data, and money laundering services, and have engaged in transactions totaling at least $11 billion," Elliptic said in a report shared with The Hacker News.
595
5 common Ticketmaster scams: How fraudsters steal the show
https://www.welivesecurity.com/en/scams/5-common-ticketmaster-scams-fraudsters-steal-show/
Scammers gonna scam scam scam, so before hunting for your tickets to a Taylor Swift gig or other in-demand events, learn how to stop fraudsters from leaving a blank space in your bank account
595
ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks
https://thehackernews.com/2024/07/vipersoftx-malware-disguises-as-ebooks.html
The sophisticated malware known as ViperSoftX has been observed being distributed as eBooks over torrents.
"A notable aspect of the current variant of ViperSoftX is that it uses the Common Language Runtime (CLR) to dynamically load and run PowerShell commands, thereby creating a PowerShell environment within AutoIt for operations," Trellix security researchers Mathanraj Thangaraju and Sijo Jacob
595
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html
Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution (RCE).
The vulnerability, tracked as CVE-2024-6409 (CVSS score: 7.0), is distinct from CVE-2024-6387 (aka RegreSSHion) and relates to a case of code execution in the privsep child process due to a race condition in signal handling. It only impacts versions 8.7p1
595
RADIUS Protocol Vulnerability Exposes Networks to MitM Attacks
https://thehackernews.com/2024/07/radius-protocol-vulnerability-exposes.html
Cybersecurity researchers have discovered a security vulnerability in the RADIUS network authentication protocol called BlastRADIUS that could be exploited by an attacker to stage Mallory-in-the-middle (MitM) attacks and bypass integrity checks under certain circumstances.
"The RADIUS protocol allows certain Access-Request messages to have no integrity or authentication checks," InkBridge
595
Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks
https://thehackernews.com/2024/07/hackers-exploiting-jenkins-script.html
Cybersecurity researchers have found that it's possible for attackers to weaponize improperly configured Jenkins Script Console instances to further criminal activities such as cryptocurrency mining.
"Misconfigurations such as improperly set up authentication mechanisms expose the '/script' endpoint to attackers," Trend Micro's Shubham Singh and Sunil Bharti said in a technical write-up
