TECHZONE™
Відкрити в Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Показати більше595
Підписники
Немає даних24 години
Немає даних7 днів
-1030 день
Архів дописів
595
Social Media Accounts: The Weak Link in Organizational SaaS Security
https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html
Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a situation no organization wants as
595
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild
https://thehackernews.com/2024/10/microsoft-issues-security-update-fixing.html
Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild.
Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based
595
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks
https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html
Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic.
The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result
595
Mind the (air) gap: GoldenJackal gooses government guardrails
https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/
ESET Research analyzed two separate toolsets for breaching air-gapped systems, used by a cyberespionage threat actor known as GoldenJackal
595
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.
The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said.
Successful exploitation of these vulnerabilities could allow an authenticated
595
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
https://thehackernews.com/2024/10/gamers-tricked-into-downloading-lua.html
Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads.
"These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer community," Morphisec researcher Shmuel Uzan said in a new report published today, adding "this malware
595
Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools
https://thehackernews.com/2024/10/cyberattack-group-awaken-likho-targets.html
Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho.
"The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems," Kaspersky said, detailing a new campaign that began in June 2024 and continued at least until
595
GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets
https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html
A little-known threat actor tracked as GoldenJackal has been linked to a series of cyber attacks targeting embassies and governmental organizations with an aim to infiltrate air-gapped systems using two disparate bespoke toolsets.
Victims included a South Asian embassy in Belarus and a European Union government (E.U.) organization, Slovak cybersecurity company ESET said.
"The ultimate goal of
595
New Case Study: The Evil Twin Checkout Page
https://thehackernews.com/2024/10/new-case-study-evil-twin-checkout-page.html
Is your store at risk? Discover how an innovative web security solution saved one global online retailer and its unsuspecting customers from an “evil twin” disaster. Read the full real-life case study here.
The Invisible Threat in Online Shopping
When is a checkout page, not a checkout page? When it's an “evil twin”! Malicious redirects can send unsuspecting shoppers to these perfect-looking
595
The Value of AI-Powered Identity
https://thehackernews.com/2024/10/the-value-of-ai-powered-identity.html
Introduction
Artificial intelligence (AI) deepfakes and misinformation may cause worry in the world of technology and investment, but this powerful, foundational technology has the potential to benefit organizations of all kinds when harnessed appropriately.
In the world of cybersecurity, one of the most important areas of application of AI is augmenting and enhancing identity management
595
Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday
https://thehackernews.com/2024/10/pro-ukrainian-hackers-strike-russian.html
Ukraine has claimed responsibility for a cyber attack that targeted Russia state media company VGTRK and disrupted its operations, according to reports from Bloomberg and Reuters.
The incident took place on the night of October 7, VGTRK confirmed, describing it as an "unprecedented hacker attack." However, it said "no significant damage" was caused and that everything was working normally
595
Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits
https://thehackernews.com/2024/10/qualcomm-urges-oems-to-patch-critical.html
Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to "memory corruption
595
Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection
https://thehackernews.com/2024/10/google-blocks-unsafe-android-app.html
Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil.
The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps,
595
E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads
https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html
Europe's top court has ruled that Meta Platforms must restrict the use of personal data harvested from Facebook for serving targeted ads even when users consent to their information being used for advertising purposes, a move that could have serious consequences for ad-driven companies operating in the region.
"An online social network such as Facebook cannot use all of the personal data
595
The complexities of attack attribution – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/complexities-attack-attribution-week-security-tony-anscombe/
As highlighted by new ESET research this week, attributing a cyberattack to a specific threat actor is a complex affair
595
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
https://thehackernews.com/2024/10/apple-releases-critical-ios-and-ipados.html
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology.
The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security researcher Bistrit Daha has been credited with
595
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html
Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country.
"The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials
595
How to Get Going with CTEM When You Don't Know Where to Start
https://thehackernews.com/2024/10/how-to-get-going-with-ctem-when-you.html
Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk. It breaks down the complex task of managing security threats into five distinct stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. Each of these stages plays a crucial role in identifying, addressing, and mitigating vulnerabilities -
595
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors
https://thehackernews.com/2024/10/cloudflare-thwarts-largest-ever-38-tbps.html
Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds.
The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout the month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (
595
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html
A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions.
The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2.
It was
Вже доступно! Дослідження Telegram за 2025 — головні інсайти року 
