TECHZONE™
Открыть в Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Больше596
Подписчики
Нет данных24 часа
Нет данных7 дней
-930 день
Архив постов
596
New UULoader Malware Distributes Gh0st RAT and Mimikatz in East Asia
https://thehackernews.com/2024/08/new-uuloader-malware-distributes-gh0st.html
A new type of malware called UULoader is being used by threat actors to deliver next-stage payloads like Gh0st RAT and Mimikatz.
The Cyberint Research Team, which discovered the malware, said it's distributed in the form of malicious installers for legitimate applications targeting Korean and Chinese speakers.
There is evidence pointing to UULoader being the work of a Chinese speaker due to the
596
Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware
https://thehackernews.com/2024/08/cybercriminals-exploit-popular-software.html
Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat.
"These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical report. "The infection utilizes a trojanized MSIX installer, which executes a PowerShell script to
596
Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks
https://thehackernews.com/2024/08/xeon-sender-tool-exploits-cloud-apis.html
Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services.
"Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.
596
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group
https://thehackernews.com/2024/08/microsoft-patches-zero-day-flaw.html
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea.
The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock.
"An attacker who successfully exploited this
596
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
https://thehackernews.com/2024/08/researchers-uncover-new-infrastructure.html
Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7.
The two clusters of potential FIN7 activity "indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively," Team Cymru said in a report published this week as part of a joint investigation with
596
How a BEC scam cost a company $60 Million – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/how-a-bec-scam-cost-a-company-60-million-week-in-security-with-tony-anscombe/
Business email compromise (BEC) has once again proven to be a costly issue, with a company losing $60 million in a wire transfer fraud scheme
596
OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda
https://thehackernews.com/2024/08/openai-blocks-iranian-influence.html
OpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election.
"This week we identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as
596
Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts
https://thehackernews.com/2024/08/attackers-exploit-public-env-files-to.html
A large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications.
"Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence
596
Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web
https://thehackernews.com/2024/08/russian-hacker-jailed-3-years-for.html
A 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp.
Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to
596
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware
https://thehackernews.com/2024/08/russian-hackers-using-fake-brand-sites.html
Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC.
The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users into downloading the
596
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics
https://thehackernews.com/2024/08/multi-stage-valleyrat-targets-chinese.html
Chinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT.
"ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage," Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said.
"Another noteworthy characteristic of this malware is its
596
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?
https://thehackernews.com/2024/08/the-hidden-security-gaps-in-your-saas.html
SaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough due diligence on SaaS apps is essential to identify and mitigate these risks, ensuring the protection of your
596
New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems
https://thehackernews.com/2024/08/new-banshee-stealer-targets-100-browser.html
Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems.
Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures.
"Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser
596
Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk
https://thehackernews.com/2024/08/google-pixel-devices-shipped-with.html
A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware.
The issue manifests in the form of a pre-installed Android app called "Showcase.apk" that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary
596
SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
https://thehackernews.com/2024/08/solarwinds-releases-patch-for-critical.html
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances.
The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug.
"SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability
596
Russian-Linked Hackers Target Eastern European NGOs and Media
https://thehackernews.com/2024/08/russian-linked-hackers-target-eastern.html
Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government.
While one of the campaigns – dubbed River of Phish – has been attributed to COLDRIVER, an
596
Identity Threat Detection and Response Solution Guide
https://thehackernews.com/2024/08/identity-threat-detection-and-response.html
The Emergence of Identity Threat Detection and Response
Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments. Identity Threat Detection and Response solutions help
596
RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks
https://thehackernews.com/2024/08/ransomhub-group-deploys-new-edr-killing.html
A cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator.
The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in
596
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover
https://thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html
A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments.
"A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume,
596
New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data
https://thehackernews.com/2024/08/new-cyber-threat-targets-azerbaijan-and.html
A previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data.
The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diplomats. The activity is being tracked under the moniker Actor240524.
"Actor240524 possesses the ability to steal secrets
Уже доступно! Исследование Telegram 2025 — ключевые инсайты года 
