TECHZONE™
Kanalga Telegram’da o‘tish
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Ko'proq ko'rsatish595
Obunachilar
Ma'lumot yo'q24 soatlar
Ma'lumot yo'q7 kunlar
-730 kunlar
Postlar arxiv
595
Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts
https://thehackernews.com/2024/06/ultimate-cyber-hygiene-guide-learn-how.html
2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable.
But here's the shocking truth: many of these attacks could have been prevented with basic cyber hygiene.
Are you ready to transform your
595
LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities
https://thehackernews.com/2024/06/lightspy-spywares-macos-variant-found.html
Cybersecurity researchers have disclosed that the LightSpy spyware allegedly targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant.
The findings come from both Huntress Labs and ThreatFabric, which separately analyzed the artifacts associated with the cross-platform malware framework that likely possesses capabilities to infect Android, iOS, Windows, macOS,
595
Cyber Landscape is Evolving - So Should Your SCA
https://thehackernews.com/2024/06/cyber-landscape-is-evolving-so-should.html
Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces?
Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark.
Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years. Although essential, many platforms
595
The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash
https://thehackernews.com/2024/06/the-ai-debate-googles-guidelines-metas.html
Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner.
The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools.
To that end, apps that generate content using AI must ensure they don't create
595
FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims
https://thehackernews.com/2024/06/fbi-distributes-7000-lockbit-ransomware.html
The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost.
"We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov," FBI Cyber Division
595
SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign
https://thehackernews.com/2024/06/spectr-malware-targets-ukraine-defense.html
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync.
The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, which is also called Vermin and is assessed to be associated with security agencies of the Luhansk
595
Commando Cat Cryptojacking Attacks Target Misconfigured Docker Instances
https://thehackernews.com/2024/06/commando-cat-cryptojacking-attacks.html
The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain.
"The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their own command-and-control (C&C) infrastructure," Trend Micro researchers Sunil Bharti and Shubham
595
The job hunter’s guide: Separating genuine offers from scams
https://www.welivesecurity.com/en/scams/the-job-hunters-guide-separating-genuine-offers-from-scams/
$90,000/year, full home office, and 30 days of paid leave, and all for a job as a junior data analyst – unbelievable, right? This and many other job offers are fake though – made just to ensnare unsuspecting victims into giving up their data.
595
Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
https://thehackernews.com/2024/06/muhstik-botnet-exploiting-apache.html
The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its scale.
"Muhstik is a well-known threat targeting IoT devices and Linux-based servers, notorious for its ability to infect devices and utilize them for cryptocurrency mining and launching Distributed Denial
595
Third-Party Cyber Attacks: The Threat No One Sees Coming – Here's How to Stop Them
https://thehackernews.com/2024/06/third-party-cyber-attacks-threat-no-one.html
Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.
In an increasingly interconnected world, supply chain attacks have emerged as a formidable threat, compromising
595
Prevent Account Takeover with Better Password Security
https://thehackernews.com/2024/06/prevent-account-takeover-with-better.html
Tom works for a reputable financial institution. He has a long, complex password that would be near-impossible to guess. He’s memorized it by heart, so he started using it for his social media accounts and on his personal devices too. Unbeknownst to Tom, one of these sites has had its password database compromised by hackers and put it up for sale on the dark web. Now threat actors are working
595
Hackers Exploit Legitimate Packer Software to Spread Malware Undetected
https://thehackernews.com/2024/06/hackers-exploit-legitimate-packer.html
Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers.
"The majority of the attributed malicious samples targeted financial institutions and government industries," Check Point security researcher Jiri Vinopal said in an analysis.
The volume of
595
Google Maps Timeline Data to be Stored Locally on Your Device for Privacy
https://thehackernews.com/2024/06/google-maps-timeline-data-to-be-stored.html
Google has announced plans to store Maps Timeline data locally on users' devices instead of their Google account effective December 1, 2024.
The changes were originally announced by the tech giant in December 2023, alongside changes to the auto-delete control when enabling Location History by setting it to three months by default, down from the previous limit of 18 months.
Google Maps Timeline,
595
Hackers Target Python Developers with Fake "Crytic-Compilers" Package on PyPI
https://thehackernews.com/2024/06/hackers-target-python-developers-with.html
Cybersecurity researchers have discovered a malicious Python package uploaded to the Python Package Index (PyPI) repository that's designed to deliver an information stealer called Lumma (aka LummaC2).
The package in question is crytic-compilers, a typosquatted version of a legitimate library named crytic-compile. The rogue package was downloaded 441 times before it was taken down by PyPI
595
Chinese State-Backed Cyber Espionage Targets Southeast Asian Government
https://thehackernews.com/2024/06/chinese-state-backed-cyber-espionage.html
An unnamed high-profile government organization in Southeast Asia emerged as the target of a "complex, long-running" Chinese state-sponsored cyber espionage operation codenamed Crimson Palace.
"The overall goal behind the campaign was to maintain access to the target network for cyberespionage in support of Chinese state interests," Sophos researchers Paul Jaramillo, Morgan Demboski, Sean
595
Unpacking 2024's SaaS Threat Predictions
https://thehackernews.com/2024/06/unpacking-2024s-saas-threat-predictions.html
Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of
595
Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide
https://thehackernews.com/2024/06/rebranded-knight-ransomware-targeting.html
An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops.
Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims' data for financial gain. It's operational across multiple platforms,
595
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
https://thehackernews.com/2024/06/zyxel-releases-patches-for-firmware.html
Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status.
Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations.
Impacted models include NAS326
595
Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs
https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html
Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.
The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows malware propagated via direct messages to compromise brand and celebrity accounts without having to
595
Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan
https://thehackernews.com/2024/06/russian-power-companies-it-firms-and.html
Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog.
Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds.
"The Hellhounds group compromises organizations they select and
