uk
Feedback
TECHZONE™

TECHZONE™

Відкрити в Telegram

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Показати більше
595
Підписники
Немає даних24 години
-17 днів
-1030 день
Архів дописів
Actively Exploited Fortinet Zero-Day Gives Attackers Super-Admin Privileges https://www.darkreading.com/cloud-security/actively-exploited-fortinet-zero-day-attackers-super-admin-privileges

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks https://thehackernews.com/2025/01/purecrypter-deploys-agent-tesla-and-new.html A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter. TorNet is so

OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking https://thehackernews.com/2025/01/oauth-redirect-flaw-in-airline-travel.html Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – including

AI SOC Analysts: Propelling SecOps into the future https://thehackernews.com/2025/01/ai-soc-analysts-propelling-secops-into.html Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses. Security

Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations https://thehackernews.com/2025/01/ransomware-targets-esxi-systems-via.html Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. "ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia

How Long Does It Take Hackers to Crack Modern Hashing Algorithms? https://thehackernews.com/2025/01/how-long-does-it-take-hackers-to-crack.html While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable. Even long secure passphrases should be hashed to prevent them

E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia’s Key Ministries https://thehackernews.com/2025/01/eu-sanctions-3-russian-nationals-for.html The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Armed Forces of the Russian Federation (GRU) Unit 29155, it said. Per the council decision, all the

Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks https://thehackernews.com/2025/01/top-rated-chinese-ai-app-deepseek.html DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page. "Existing users can log in

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. "Apple is

USPS Impersonators Tap Trust in PDFs in Smishing Attack Wave https://www.darkreading.com/endpoint-security/usps-impersonators-pdfs-smishing-campaign

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January] https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity_27.html Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention. As we unpack these complex topics, we'll equip you with sharp insights to

Do We Really Need The OWASP NHI Top 10? https://thehackernews.com/2025/01/do-we-really-need-owasp-nhi-top-10.html The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used API and Web Application security lists.  Non-human identity security represents an emerging

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities https://thehackernews.com/2025/01/gamacopy-mimics-gamaredon-tactics-in.html A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks https://thehackernews.com/2025/01/mintsloader-delivers-stealc-malware-and.html Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file,"

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks https://thehackernews.com/2025/01/metas-llama-framework-flaw-exposes-ai.html A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server.  The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a

CISOs Are Gaining C-Suite Swagger, but Has It Come With a Cost? https://www.darkreading.com/threat-intelligence/cisos-gaining-c-suite-swagger