ru
Feedback
TECHZONE™

TECHZONE™

Открыть в Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Больше
593
Подписчики
-124 часа
-27 дней
-830 день
Архив постов
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems https://thehackernews.com/2024/02/lazarus-exploits-typos-to-sneak-pypi.html The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index (PyPI) repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been collectively downloaded 3,269 times, with pycryptoconf accounting for the most

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware https://thehackernews.com/2024/02/chinese-hackers-exploiting-ivanti-vpn.html At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as attempted to maintain

President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations https://thehackernews.com/2024/02/president-biden-blocks-mass-transfer-of.html U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House said in a statement. This includes sensitive information such as genomic data, biometric data,

Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors https://thehackernews.com/2024/02/iran-linked-unc1549-hackers-target.html An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, and defense industries in the Middle East, including Israel and the U.A.E. Other targets of the cyber espionage activity likely include Turkey, India, and Albania, Google-owned Mandiant said in a new analysis. UNC1549 is said to overlap with&nbsp

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks https://thehackernews.com/2024/02/fbi-warns-us-healthcare-sector-of.html The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in an updated advisory. "This is likely in response to the ALPHV/BlackCat administrator's

Building Your Privacy-Compliant Customer Data Platform (CDP) with First-Party Data https://thehackernews.com/2024/02/building-your-privacy-compliant.html In today's digital era, data privacy isn't just a concern; it's a consumer demand. Businesses are grappling with the dual challenge of leveraging customer data for personalized experiences while navigating a maze of privacy regulations. The answer? A privacy-compliant Customer Data Platform (CDP). Join us for a transformative webinar where we unveil Twilio Segment's state-of-the-art CDP.

Superusers Need Super Protection: How to Bridge Privileged Access Management and Identity Management https://thehackernews.com/2024/02/superusers-need-super-protection-how-to.html Traditional perimeter-based security has become costly and ineffective. As a result, communications security between people, systems, and networks is more important than blocking access with firewalls. On top of that, most cybersecurity risks are caused by just a few superusers – typically one out of 200 users. There’s a company aiming to fix the gap between traditional PAM and IdM

TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users https://thehackernews.com/2024/02/timbrestealer-malware-spreading-via-tax.html Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos, which discovered the activity, described the authors as skilled and that the "threat actor has previously used similar tactics, techniques and procedures (TTPs) to distribute a banking trojan known

Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used by a Russia-linked threat actor known as

WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk https://thehackernews.com/2024/02/wordpress-litespeed-plugin.html A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. "This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any unauthenticated user

Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub https://thehackernews.com/2024/02/open-source-xeno-rat-trojan-emerges-as.html An "intricately designed" remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a "comprehensive set of features for remote system management," according to its developer, who goes by the name moom825

10 things to avoid posting on social media – and why https://www.welivesecurity.com/en/social-media/10-things-avoid-posting-social-media-why/ Do you often take to social media to broadcast details from your life? Here’s why this habit may put your privacy and security at risk.

From Alert to Action: How to Speed Up Your SOC Investigations https://thehackernews.com/2024/02/from-alert-to-action-how-to-speed-up.html Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional's role. Threat intelligence platforms can significantly enhance their ability to do so. Let's find out what these platforms are and how they can empower analysts. The Challenge: Alert Overload The modern SOC faces a relentless barrage of security alerts generated by SIEMs and EDRs.

Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics https://thehackernews.com/2024/02/five-eyes-agencies-expose-apt29s.html Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) of the

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks https://thehackernews.com/2024/02/new-hugging-face-vulnerability-exposes.html Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any models that are submitted

WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites https://thehackernews.com/2024/02/wordpress-plugin-alert-critical-sqli.html A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. The vulnerability, tracked as CVE-2024-1071, carries a CVSS score of 9.8 out of a maximum of 10. Security researcher Christiaan Swiers has been credited with discovering and reporting the flaw. In an advisory published last week, WordPress

New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT https://thehackernews.com/2024/02/new-idat-loader-attacks-using.html Ukrainian entities based in Finland have been targeted as part of a malicious campaign distributing a commercial remote access trojan known as Remcos RAT using a malware loader called IDAT Loader. The attack has been attributed to a threat actor tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) under the moniker UAC-0184. "The attack, as part of the IDAT Loader, used

8,000+ Subdomains of Trusted Brands Hijacked for Massive Spam Operation https://thehackernews.com/2024/02/8000-subdomains-of-trusted-brands.html More than 8,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing since at least September 2022, under the name SubdoMailing. The emails range from "counterfeit package delivery alerts

North Korean Hackers Targeting Developers with Malicious npm Packages https://thehackernews.com/2024/02/north-korean-hackers-targeting.html A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show. The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils. One of the packages in question, execution-time-async, masquerades as its legitimate

Three Tips to Protect Your Secrets from AI Accidents https://thehackernews.com/2024/02/three-tips-to-protect-your-secrets-from.html Last year, the Open Worldwide Application Security Project (OWASP) published multiple versions of the "OWASP Top 10 For Large Language Models," reaching a 1.0 document in August and a 1.1 document in October. These documents not only demonstrate the rapidly evolving nature of Large Language Models, but the evolving ways in which they can be attacked and defended. We're going to talk in this