TECHZONE™
Відкрити в Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Показати більше594
Підписники
Немає даних24 години
Немає даних7 днів
-630 день
Архів дописів
594
Apple and Google Launch Cross-Platform Feature to Detect Unwanted Bluetooth Tracking Devices
https://thehackernews.com/2024/05/apple-and-google-launch-cross-platform.html
Apple and Google on Monday officially announced the rollout of a new feature that notifies users across both iOS and Android if a Bluetooth tracking device is being used to stealthily keep tabs on them without their knowledge or consent.
"This will help mitigate the misuse of devices designed to help keep track of belongings," the companies said in a joint statement, adding it aims to address "
594
MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices
https://thehackernews.com/2024/05/mitre-unveils-emb3d-threat-modeling.html
The MITRE Corporation has officially made available a new threat-modeling framework called EMB3D for makers of embedded devices used in critical infrastructure environments.
"The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them," the non-profit said
594
The 2024 Browser Security Report Uncovers How Every Web Session Could be a Security Minefield
https://thehackernews.com/2024/05/the-2024-browser-security-report.html
With the browser becoming the most prevalent workspace in the enterprise, it is also turning into a popular attack vector for cyber attackers. From account takeovers to malicious extensions to phishing attacks, the browser is a means for stealing sensitive data and accessing organizational systems.
Security leaders who are planning their security architecture
594
SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike
https://thehackernews.com/2024/05/shq-response-platform-and-risk-centre.html
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks.
The Impact of Alert Fatigue and False Positives
Analysts
594
Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries
https://thehackernews.com/2024/05/severe-vulnerabilities-in-cinterion.html
Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by threat actors to access sensitive information and achieve code execution.
"These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT
594
Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia
https://thehackernews.com/2024/05/black-basta-ransomware-strikes-500.html
The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in April 2022.
In a joint advisory published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS
594
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo
https://thehackernews.com/2024/05/malicious-python-package-hides-sliver.html
Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control (C2) framework within a PNG image of the project's logo.
The package employing this steganographic trickery is requests-darwin-lite, which has been
594
FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
https://thehackernews.com/2024/05/fin7-hacker-group-leverages-malicious.html
The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT.
"The threat actors used malicious websites to impersonate well-known brands, including AnyDesk, WinSCP, BlackRock, Asana, Concur, The Wall
594
How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe
https://www.welivesecurity.com/en/we-live-science/talk-climate-change-people-action-interview-katharine-hayhoe/
We spoke to climate scientist Katharine Hayhoe about intersections between climate action, human psychology and spirituality, and how to channel anxiety about the state of our planet into meaningful action
594
In it to win it! WeLiveSecurity shortlisted for European Security Blogger Awards
https://www.welivesecurity.com/en/cybersecurity/welivesecurity-shortlisted-european-security-blogger-awards/
We’re thrilled to announce that WeLiveSecurity has been named a finalist in the Corporates – Best Cybersecurity Vendor Blog category of the European Security Blogger Awards 2024
594
It's a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/rsac-2024-week-security-tony-anscombe/
More than 40,000 security experts descended on San Francisco this week. Let's now look back on some of the event's highlights – including the CISA-led 'Secure by Design' pledge also signed by ESET.
594
RSAC 2024: AI hype overload
https://www.welivesecurity.com/en/cybersecurity/rsac-2024-ai-hype-overload/
Can AI effortlessly thwart all sorts of cyberattacks? Let’s cut through the hyperbole surrounding the tech and look at its actual strengths and limitations.
594
North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms
https://thehackernews.com/2024/05/north-korean-hackers-deploy-new-golang.html
The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms.
"Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads and exfiltration of files,"
594
CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar)
https://thehackernews.com/2024/05/censysgpt-ai-powered-threat-hunting-for.html
Artificial intelligence (AI) is transforming cybersecurity, and those leading the charge are using it to outsmart increasingly advanced cyber threats.
Join us for an exciting webinar, "The Future of Threat Hunting is Powered by Generative AI," where you'll explore how AI tools are shaping the future of cybersecurity defenses.
During the session, Censys Security Researcher Aidan Holland will
594
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
https://thehackernews.com/2024/05/chrome-zero-day-alert-update-your.html
Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild.
Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024.
Use-after-free bugs, which arise when a program
594
What's the Right EDR for You?
https://thehackernews.com/2024/05/whats-right-edr-for-you.html
A guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs.
Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint
594
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing
https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html
Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices.
"This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report.
The
594
Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models
https://thehackernews.com/2024/05/researchers-uncover-llmjacking-scheme.html
Cybersecurity researchers have discovered a novel attack that employs stolen cloud credentials to target cloud-hosted large language model (LLM) services with the goal of selling access to other threat actors.
The attack technique has been codenamed LLMjacking by the Sysdig Threat Research Team.
"Once initial access was obtained, they exfiltrated cloud credentials and gained
594
New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation
https://thehackernews.com/2024/05/new-tunnelvision-attack-allows.html
Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network.
The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has
594
Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign
https://thehackernews.com/2024/05/kremlin-backed-apt28-targets-polish.html
Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28.
"The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the link," the computer emergency response team, CERT Polska, said in a Wednesday bulletin.
Clicking on the link
