TECHZONE™
Kanalga Telegram’da o‘tish
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Ko'proq ko'rsatish593
Obunachilar
-124 soatlar
-27 kunlar
-830 kunlar
Postlar arxiv
593
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024
https://thehackernews.com/2024/02/cybersecurity-tactics-finserv.html
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more
593
Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses
https://thehackernews.com/2024/02/bumblebee-malware-returns-with-new.html
The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024.
Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs.
"The URLs led to a Word file with names such as "
593
DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability
https://thehackernews.com/2024/02/darkme-malware-targets-traders-using.html
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders.
Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet
593
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
https://thehackernews.com/2024/02/microsoft-rolls-out-patches-for-73.html
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation.
Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixed
593
Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit
https://thehackernews.com/2024/02/glupteba-botnet-evades-detection-with.html
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware.
"This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to
593
PikaBot Resurfaces with Streamlined Code and Deceptive Tactics
https://thehackernews.com/2024/02/pikabot-resurfaces-with-streamlined.html
The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution."
"Although it appears to be in a new development cycle and testing phase, the developers have reduced the complexity of the code by removing advanced obfuscation techniques and changing the network communications," Zscaler ThreatLabz researcher Nikolaos
593
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know
https://thehackernews.com/2024/02/midnight-blizzard-and-cloudflare.html
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and
593
Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures
https://thehackernews.com/2024/02/ivanti-vulnerability-exploited-to.html
Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices.
That's according to findings from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code.
593
Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now
https://thehackernews.com/2024/02/alert-cisa-warns-of-active-roundcube.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of
593
Rhysida Ransomware Cracked, Free Decryption Tool Released
https://thehackernews.com/2024/02/rhysida-ransomware-cracked-free.html
Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware.
The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA).
"Through a comprehensive analysis of Rhysida Ransomware, we identified an
593
4 Ways Hackers use Social Engineering to Bypass MFA
https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html
When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can be bypassed, and it often is.
If a password is compromised, there are several options
593
CISA and OpenSSF Release Framework for Package Repository Security
https://thehackernews.com/2024/02/cisa-and-openssf-release-framework-for.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it's partnering with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish a new framework to secure package repositories.
Called the Principles for Package Repository Security, the framework aims to establish a set of foundational rules for package
593
Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?
https://thehackernews.com/2024/02/why-are-compromised-identities.html
Incident response (IR) is a race against time. You engage your internal or external team because there's enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files and outbound network connections. However, the identity aspect - namely
593
Microsoft Introduces Linux-Like 'sudo' Command to Windows 11
https://thehackernews.com/2024/02/microsoft-introduces-linux-like-sudo.html
Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator privileges.
"Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," Microsoft Product Manager Jordi Adoumie said.
"It is an ergonomic and familiar solution for users who want to elevate a command
593
U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders
https://thehackernews.com/2024/02/us-offers-10-million-bounty-for-info.html
The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation.
It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person "conspiring to participate in or attempting to participate in Hive ransomware activity."
593
U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators
https://thehackernews.com/2024/02/us-doj-dismantles-warzone-rat.html
The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT.
The domains – www.warzone[.]ws and three others – were "used to sell computer malware used by cybercriminals to secretly access and steal data from victims' computers," the DoJ said.
Alongside the takedown, the
593
Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices
https://thehackernews.com/2024/02/alert-new-stealthy-rustdoor-backdoor.html
Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023.
The backdoor, codenamed RustDoor by Bitdefender, has been found to impersonate an update for Microsoft Visual Studio and target both Intel and Arm architectures.
The exact initial access pathway used to propagate the implant is currently not known, although
593
Ransomware payments hit a record high in 2023 – Week in security with Tony Anscombe
https://www.welivesecurity.com/en/videos/ransomware-payments-record-week-security-tony-anscombe/
Called a "watershed year for ransomware", 2023 marked a reversal from the decline in ransomware payments observed in the previous year
593
Raspberry Robin Malware Upgrades with Discord Spread and New Exploits
https://thehackernews.com/2024/02/raspberry-robin-malware-upgrades-with.html
The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before.
This means that "Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time," Check Point said in a report this
593
MoqHao Android Malware Evolves with Auto-Execution Capability
https://thehackernews.com/2024/02/new-variant-of-moqhao-android-malware.html
Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction.
"Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution," McAfee Labs said in a report published this week. "While the app is
