uz
Feedback
TECHZONE™

TECHZONE™

Kanalga Telegram’da o‘tish

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Ko'proq ko'rsatish
595
Obunachilar
-124 soatlar
Ma'lumot yo'q7 kunlar
-930 kunlar
Postlar arxiv
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP https://thehackernews.com/2024/07/critical-apache-hugegraph-vulnerability.html Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. Tracked as CVE-2024-27348 (CVSS score: 9.8), the vulnerability impacts all versions of the software before 1.3.0. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are

Hello, is it me you’re looking for? How scammers get your phone number https://www.welivesecurity.com/en/scams/hello-is-it-me-youre-looking-for-how-scammers-get-your-phone-number/ Your humble phone number is more valuable than you may think. Here’s how it could fall into the wrong hands – and how you can help keep it out of the reach of fraudsters.

'Konfety' Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins https://thehackernews.com/2024/07/konfety-ad-fraud-uses-250-google-play.html Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds. "Konfety represents a new form of

Threat Prevention & Detection in SaaS Environments - 101 https://thehackernews.com/2024/07/threat-prevention-detection-in-saas.html Identity-based threats on SaaS applications are a growing concern among security professionals, although few have the capabilities to detect and respond to them.  According to the US Cybersecurity and Infrastructure Security Agency (CISA), 90% of all cyberattacks begin with phishing, an identity-based threat. Throw in attacks that use stolen credentials, over-provisioned accounts, and

Malicious npm Packages Found Using Image Files to Hide Backdoor Code https://thehackernews.com/2024/07/malicious-npm-packages-found-using.html Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team. "They

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks https://thehackernews.com/2024/07/iranian-hackers-deploy-new-bugsleep.html The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access. That's according to independent findings from cybersecurity firms Check Point and Sekoia, which have

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer https://thehackernews.com/2024/07/void-banshee-apt-exploits-microsoft.html An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, the vulnerability – tracked as CVE-2024-38112 – was used as part of a multi-stage attack

Kaspersky Exits U.S. Market Following Commerce Department Ban https://thehackernews.com/2024/07/kaspersky-exits-us-market-following.html Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. News of the closure was first reported by journalist Kim Zetter. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect. It's also

CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software https://thehackernews.com/2024/07/cisa-warns-of-actively-exploited-rce.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open

GitHub Token Leak Exposes Python's Core Repositories to Potential Attacks https://thehackernews.com/2024/07/github-token-leak-exposes-pythons-core.html Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub. "This

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit https://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool https://thehackernews.com/2024/07/crystalray-hackers-infect-over-1500.html A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software]

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months https://thehackernews.com/2024/07/singapore-banks-to-phase-out-otps-for.html Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) on July 9, 2024. "Customers who have activated their digital

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection https://thehackernews.com/2024/07/new-hardbit-ransomware-40-uses.html Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis. "The passphrase needs to be provided during

AT&T Confirms Data Breach Affecting Nearly All Wireless Customers https://thehackernews.com/2024/07/at-confirms-data-breach-affecting.html American telecom service provider AT&T has confirmed that threat actors managed to access data belonging to "nearly all" of its wireless customers as well as customers of mobile virtual network operators (MVNOs) using AT&T's wireless network. "Threat actors unlawfully accessed an AT&T workspace on a third-party cloud platform and, between April 14 and April 25, 2024, exfiltrated

Should ransomware payments be banned? – Week in security with Tony Anscombe https://www.welivesecurity.com/en/videos/should-ransomware-payments-be-banned-week-security-tony-anscombe/ The issue of whether to ban ransomware payments is a hotly debated topic in cybersecurity and policy circles. What are the implications of outlawing these payments, and would the ban be effective?

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign https://thehackernews.com/2024/07/darkgate-malware-exploits-samba-file.html Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North

Australian Defence Force Private and Husband Charged with Espionage for Russia https://thehackernews.com/2024/07/australian-defence-force-private-and.html Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA. This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media reports have identified them as Kira Korolev and Igor Korolev,

Ever Wonder How Hackers Really Steal Passwords? Discover Their Tactics in This Webinar https://thehackernews.com/2024/07/ever-wonder-how-hackers-really-steal.html In today's digital age, passwords serve as the keys to our most sensitive information, from social media accounts to banking and business systems. This immense power brings with it significant responsibility—and vulnerability. Most people don't realize their credentials have been compromised until the damage is done. Imagine waking up to drained bank accounts, stolen identities, or a company's

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass