TECHZONE™
Ir al canal en Telegram
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Mostrar más595
Suscriptores
Sin datos24 horas
-17 días
-1030 días
Archivo de publicaciones
595
Australia Bans Kaspersky Software Over National Security and Espionage Concerns
https://thehackernews.com/2025/02/australia-bans-kaspersky-software-over.html
Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns.
"After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks and data,
595
Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
https://thehackernews.com/2025/02/bybit-confirms-record-breaking-146.html
Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history.
"The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated
595
OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns
https://thehackernews.com/2025/02/openai-bans-accounts-misusing-chatgpt.html
OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool.
The social media listening tool is said to likely originate from China and is powered by one of Meta's Llama models, with the accounts in question using the AI company's models to generate detailed descriptions and analyze documents
595
Fake job offers target software developers with infostealers
https://www.welivesecurity.com/en/videos/fake-job-offers-target-coders-infostealers/
A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers
595
DeceptiveDevelopment targets freelance developers
https://www.welivesecurity.com/en/eset-research/deceptivedevelopment-targets-freelance-developers/
ESET researchers analyzed a campaign delivering malware bundled with job interview challenges
595
Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands
https://thehackernews.com/2025/02/apple-drops-iclouds-advanced-data.html
Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data.
The development was first reported by Bloomberg.
ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its
595
Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations
https://thehackernews.com/2025/02/data-leak-exposes-topsecs-role-in.html
An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country.
Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it's also providing "boutique" solutions in order
595
Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3
https://thehackernews.com/2025/02/cybercriminals-can-now-clone-any-brands.html
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale.
The latest iteration of the phishing suite "represents a significant
595
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
https://thehackernews.com/2025/02/webinar-learn-how-to-identify-high-risk.html
In today’s rapidly evolving digital landscape, weak identity security isn’t just a flaw—it’s a major risk that can expose your business to breaches and costly downtime.
Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities.
Join us for "
595
AI-Powered Deception is a Menace to Our Societies
https://thehackernews.com/2025/02/ai-powered-deception-is-menace-to-our.html
Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where it’s said, ‘The first casualty is the truth.’
While these forms of communication
595
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
https://thehackernews.com/2025/02/cisco-confirms-salt-typhoon-exploited.html
Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies.
"The threat actor then demonstrated their ability to persist in target environments across equipment from multiple
595
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
595
North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware
https://thehackernews.com/2025/02/north-korean-hackers-target-freelance.html
Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret.
The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima,
595
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
https://thehackernews.com/2025/02/chinese-linked-attackers-exploit-check.html
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw
595
PCI DSS 4.0 Mandates DMARC By 31st March 2025
https://thehackernews.com/2025/02/pci-dss-40-mandates-dmarc-by-31st-march.html
The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result in monetary
595
Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html
A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.
"The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC)
595
Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now
https://thehackernews.com/2025/02/microsoft-end-of-support-for-exchange-2016-and-exchange-2019.html
For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks
595
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
https://thehackernews.com/2025/02/citrix-releases-security-fix-for.html
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0
It has been described as a case of improper privilege management that could
595
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html
Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below -
CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability
"
595
Australian Critical Infrastructure Faces 'Acute' Foreign Threats
https://www.darkreading.com/ics-ot-security/australian-critical-infrastructure-acute-foreign-threats
¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
