TECHZONE™
Відкрити в Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Показати більше593
Підписники
Немає даних24 години
-27 днів
-830 день
Архів дописів
593
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
https://thehackernews.com/2024/01/malicious-pypi-packages-slip-whitesnake.html
Cybersecurity researchers have identified malicious packages on the open-source Python Package Index (PyPI) repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems.
The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. They have been uploaded by a threat actor named "WS."
"These
593
Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/blackwood-software-updates-nspx30-week-security-tony-anscombe/
The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK
593
AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks
https://thehackernews.com/2024/01/allakore-rat-malware-targeting-mexican.html
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT.
The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active since at least 2021.
"Lures use Mexican Social
593
Assessing and mitigating supply chain cybersecurity risks
https://www.welivesecurity.com/en/business-security/assessing-mitigating-cybersecurity-risks-supply-chain/
Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management
593
Perfecting the Defense-in-Depth Strategy with Automation
https://thehackernews.com/2024/01/perfecting-defense-in-depth-strategy.html
Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity. Like castles with strategic layouts to withstand attacks, the Defense-in-Depth strategy is the modern counterpart — a multi-layered approach with strategic redundancy and a blend of passive and active security
593
Malicious Ads on Google Target Chinese Users with Fake Messaging Apps
https://thehackernews.com/2024/01/malicious-ads-on-google-target-chinese.html
Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign.
"The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura said in a
593
Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs
https://thehackernews.com/2024/01/microsoft-warns-of-widening-apt29.html
Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them.
The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew
593
Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree
https://thehackernews.com/2024/01/russian-trickbot-mastermind-gets-5-year.html
40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said.
The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud.
"
593
Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems
https://thehackernews.com/2024/01/critical-cisco-flaw-lets-hackers.html
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device.
Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a
593
SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks
https://thehackernews.com/2024/01/systembc-malwares-c2-server-analysis.html
Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC.
"SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an analysis published last week.
The risk and
593
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!
https://thehackernews.com/2024/01/critical-jenkins-vulnerability-exposes.html
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE).
The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the
593
Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024
https://thehackernews.com/2024/01/cyber-threat-landscape-7-key-findings.html
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team.
Discover the full scope of digital threats in the Axur Report 2023/2024.
Overview
593
China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware
https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.html
A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30.
Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It's said to be active since at least 2018.
The NSPX30
593
New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits
https://thehackernews.com/2024/01/new-cherryloader-malware-mimics.html
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation.
Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader's icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims
593
Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach
https://thehackernews.com/2024/01/tech-giant-hp-enterprise-hacked-by.html
Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data.
"The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,"
593
NSPX30: A sophisticated AitM-enabled implant evolving since 2005
https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/
ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood
593
Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters
https://thehackernews.com/2024/01/google-kubernetes-misconfig-lets-any.html
Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster.
The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector.
In
593
What is Nudge Security and How Does it Work?
https://thehackernews.com/2024/01/what-is-nudge-security-and-how-does-it.html
In today’s highly distributed workplace, every employee has the ability to act as their own CIO, adopting new cloud and SaaS technologies whenever and wherever they need. While this has been a critical boon to productivity and innovation in the digital enterprise, it has upended traditional approaches to IT security and governance.
Nudge Security is the world’s first and only solution to address
593
Kasseika Ransomware Using BYOVD Trick to Disarms Security Pre-Encryption
https://thehackernews.com/2024/01/kasseika-ransomware-using-byovd-trick.html
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood.
The tactic allows "threat actors to terminate antivirus processes and services for the deployment of ransomware," Trend
593
The Unknown Risks of The Software Supply Chain: A Deep-Dive
https://thehackernews.com/2024/01/the-unknown-risks-of-software-supply.html
In a world where more & more organizations are adopting open-source components as foundational blocks in their application's infrastructure, it's difficult to consider traditional SCAs as complete protection mechanisms against open-source threats.
Using open-source libraries saves tons of coding and debugging time, and by that - shortens the time to deliver our applications. But, as
