uk
Feedback
TECHZONE™

TECHZONE™

Відкрити в Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Показати більше
596
Підписники
+124 години
+17 днів
-830 день
Архів дописів

In Appreciation: Amit Yoran, Tenable CEO, Passes Away https://www.darkreading.com/cloud-security/amit-yoran-tenable-passes-away

EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets https://www.darkreading.com/cyberattacks-data-breaches/eagerbee-backdoor-middle-east-isps-government-targets

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People's Republic of China (PRC

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows -

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored https://thehackernews.com/2025/01/4-reasons-your-saas-attack-surface-can.html What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025. What do identity risks, data security risks and third-party

Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions https://thehackernews.com/2025/01/illicit-huione-telegram-market.html The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. The figures, released by blockchain analytics firm Elliptic, show that monthly inflows have increased by 51% since July 2024. Huione Guarantee, part

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes," cybersecurity firm