TECHZONE™
Kanalga Telegram’da o‘tish
TECHZONE CYBERNEWS && UPDATES Wᴇʟᴄᴏᴍᴇ Tᴏ TECHZONE™ ✔️Infosec Facts ✔️Cheatsheets ✔️Free Courses ✔️Open source tools ✔️Tech news
Ko'proq ko'rsatish592
Obunachilar
Ma'lumot yo'q24 soatlar
-27 kunlar
-730 kunlar
Postlar arxiv
592
PCI DSS 4.0 Mandates DMARC By 31st March 2025
https://thehackernews.com/2025/02/pci-dss-40-mandates-dmarc-by-31st-march.html
The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result in monetary
592
Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html
A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.
"The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC)
592
Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now
https://thehackernews.com/2025/02/microsoft-end-of-support-for-exchange-2016-and-exchange-2019.html
For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks
592
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
https://thehackernews.com/2025/02/citrix-releases-security-fix-for.html
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0
It has been described as a case of improper privilege management that could
592
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html
Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below -
CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability
"
592
Australian Critical Infrastructure Faces 'Acute' Foreign Threats
https://www.darkreading.com/ics-ot-security/australian-critical-infrastructure-acute-foreign-threats
592
Insight Partners, VC Giant, Falls to Social Engineering
https://www.darkreading.com/cyber-risk/insight-partners-vc-giant-social-engineering
592
Russian Groups Target Signal Messenger in Spy Campaign
https://www.darkreading.com/mobile-security/russian-groups-target-signal-messenger-in-spy-campaign
592
No, you’re not fired – but beware of job termination scams
https://www.welivesecurity.com/en/scams/no-youre-not-fired-beware-job-termination-scams/
Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff
592
Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html
Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts.
"The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app's legitimate 'linked devices' feature that enables Signal to be used on multiple
592
Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild
https://www.darkreading.com/remote-workforce/patch-now-cisa-researchers-warn-palo-alto-flaw-exploited-wild
592
What Is the Board's Role in Cyber-Risk Management in OT Environments?
https://www.darkreading.com/cyber-risk/board-role-cyber-risk-management-ot-environments
592
New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection
https://thehackernews.com/2025/02/new-snake-keylogger-variant-leverages.html
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain.
Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year.
"Typically delivered through phishing emails containing malicious attachments or links,
592
North Korea's Kimsuky Taps Trusted Platforms to Attack South Korea
https://www.darkreading.com/cyberattacks-data-breaches/north-koreans-kimsuky-attacks-rivals-trusted-platforms
592
The Ultimate MSP Guide to Structuring and Selling vCISO Services
https://thehackernews.com/2025/02/the-ultimate-msp-guide-to-structuring.html
The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services—delivering high-level cybersecurity leadership without the cost of a full-time hire.
However, transitioning to vCISO services is not without its challenges
592
Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
https://thehackernews.com/2025/02/trojanized-game-installers-deploy.html
Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts.
The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month.
Targets of the campaign include individuals and
592
CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
https://thehackernews.com/2025/02/cisa-adds-palo-alto-networks-and.html
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The flaws are listed below -
CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS
592
Katharine Hayhoe: The most important climate equation | Starmus highlights
https://www.welivesecurity.com/en/we-live-science/katharine-hayhoe-most-important-climate-equation-starmus-highlights/
The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action
592
Xerox Printer Vulnerabilities Enable Credential Capture
https://www.darkreading.com/iot/xerox-printer-vulnerabilities-credential-capture
592
China-Linked Threat Group Targets Japanese Orgs' Servers
https://www.darkreading.com/cyberattacks-data-breaches/china-linked-threat-group-japanese-orgs-servers
