uz
Feedback
TECHZONE™

TECHZONE™

Kanalga Telegram’da o‘tish

TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news

Ko'proq ko'rsatish
596
Obunachilar
+124 soatlar
+17 kunlar
-830 kunlar
Postlar arxiv
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation https://thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access https://thehackernews.com/2024/08/sonicwall-issues-critical-patch-for.html SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An improper access control vulnerability has been identified in the SonicWall SonicOS

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S. https://thehackernews.com/2024/08/dutch-regulators-fines-uber-290-million.html The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. "The Dutch DPA found that Uber transferred personal data of European taxi drivers to the United States (U.S.) and failed to appropriately safeguard the data with regard to

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms https://thehackernews.com/2024/08/researchers-identify-over-20-supply.html Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading

Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration https://thehackernews.com/2024/08/unpacking-slack-hacks-6-ways-to-protect.html Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got hold of over 1.2 terabytes of data from Disney's internal Slack messaging channels. The breach exposed

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks https://thehackernews.com/2024/08/critical-flaws-in-traccar-gps-system.html Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized if guest registration is enabled, which is the default configuration for Traccar 5, Horizon3.ai

New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards https://thehackernews.com/2024/08/new-android-malware-ngate-steals-nfc.html Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia. The malware "has

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures https://thehackernews.com/2024/08/telegram-founder-pavel-durov-arrested.html Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said the probe was focused on a lack of content moderation on the instant messaging service, which the

New Linux Malware 'sedexp' Hides Credit Card Skimmers Using Udev Rules https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon's Stroz Friedberg incident response services team. "This advanced threat, active since 2022, hides

PWA phishing on Android and iOS – Week in security with Tony Anscombe https://www.welivesecurity.com/en/videos/pwa-phishing-on-android-and-ios-week-in-security-with-tony-anscombe/ Phishing using PWAs? ESET Research's latest discovery might just ruin some users' assumptions about their preferred platform's security

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September https://thehackernews.com/2024/08/cisa-urges-federal-agencies-to-patch.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the "Change Favicon" feature that could allow a threat actor to

Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The activity cluster, which originated from Iran, "appeared to have focused on political and diplomatic

NGate Android malware relays NFC traffic to steal cash https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/ Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM

New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads https://thehackernews.com/2024/08/new-peaklight-dropper-deployed-in.html Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said. "This PowerShell-based downloader is being tracked as PEAKLIGHT." Some of

Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform https://thehackernews.com/2024/08/webinar-experience-power-of-must-have.html Let's be honest. The world of cybersecurity feels like a constant war zone. You're bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It's exhausting, isn’t it? But what if there was a better way? Imagine having every essential cybersecurity tool at your fingertips, all within a single, intuitive platform, backed by expert support 24/7. This is

Focus on What Matters Most: Exposure Management and Your Attack Surface https://thehackernews.com/2024/08/focus-on-what-matters-most-exposure.html Read the full article for key points from Intruder’s VP of Product, Andy Hornegold’s recent talk on exposure management. If you’d like to hear Andy’s insights first-hand, watch Intruder’s on-demand webinar. To learn more about reducing your attack surface, reach out to their team today.  Attack surface management vs exposure management Attack surface management (ASM) is the ongoing

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data https://thehackernews.com/2024/08/new-qilin-ransomware-attack-uses-vpn.html The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascading consequences, cybersecurity firm Sophos said in a Thursday report. The attack, detected in July

New macOS Malware "Cthulhu Stealer" Targets Apple Users' Data https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are increasingly setting their sights on the operating system. Dubbed Cthulhu Stealer, the malware has been available under a malware-as-a-service (MaaS) model for $500 a month from late 2023. It's capable of

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group https://thehackernews.com/2024/08/latvian-hacker-extradited-to-us-for.html A 33-year-old Latvian national living in Moscow, Russia, has been charged in the U.S. for allegedly stealing data, extorting victims, and laundering ransom payments since August 2021. Deniss Zolotarjovs (aka Sforza_cesarini) has been charged with conspiring to commit money laundering, wire fraud and Hobbs Act extortion. He was arrested in Georgia in December 2023 and has since been extradited to

How regulatory standards and cyber insurance inform each other https://www.welivesecurity.com/en/business-security/how-regulatory-standards-and-cyber-insurance-inform-each-other/ Should the payment of a ransomware demand be illegal? Should it be regulated in some way? These questions are some examples of the legal minefield that cybersecurity teams must deal with