A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code execution (RCE) with default settings. The vulnerability CVE-2024-56145 was reported by security researchers and quickly patched by the Craft CMS team within 24 hours. PHP has improved over the years …
Read More »For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future
Mastercard has completed its acquisition of Recorded Future, an AI-based threat intelligence provider. Mastercard has acquired the company for $2.65 billion to strengthen its security in the digital payments ecosystem. Mastercard operates in over 200 countries, leading global efforts to enable digital economies for individuals, businesses, and governments. Mastercard provides …
Read More »Eight New ICS Advisories released by CISA
CISA has released eight advisories on vulnerabilities in Industrial Control Systems (ICS). These vulnerabilities affect essential software and hardware in different industries, risking service disruptions, unauthorized access, and malicious code execution. ICSA-24-354-01 Hitachi Energy RTU500 series CMU ICSA-24-354-02 Hitachi Energy SDM600 ICSA-24-354-03 Delta Electronics DTM Soft ICSA-24-354-04 Siemens User Management …
Read More »
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure and that normal transactions continue uninterrupted, despite rumors of a ransomware attack on social media. On Wednesday evening, BRI’s Director of Digital and IT, Arga M. Nugraha, confirmed via Instagram …
Read More »London-based company “Builder.ai” reportedly exposed 1.2 TB data
Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million records from Builder.ai, a London company that provides AI software and app development solutions without requiring coding skills. Jeremiah Fowler claimed the unsecured database contained 3,077,542 records, totaling 1.29 TB. …
Read More »
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
Sophos has fixed three separate security vulnerabilities in Sophos Firewall. The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such as remote code execution and privilege escalation. Applies to the following Sophos product(s) and version(s): Sophos Firewall v21.0 GA and earlier No action is needed for Sophos Firewall customers who …
Read More »“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
A time-demanding workshop on “Cybersecurity Awareness and Needs Analysis” was held on Thursday (December 19) at Bangladesh Bank Training Academy Auditorium in Dhaka. This workshop aims to raise awareness of the latest cybersecurity trends and technologies in the financial sector and gather insights on future human resource development. It is …
Read More »
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
Kaspersky’s Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient EMS, affecting versions 7.0.1 to 7.0.10 and 7.2.0 to 7.2.2. Even with available patches, many systems remain unupdated, allowing unauthorized code execution and compromise of networks. According to the report, …
Read More »U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link due to concerns that they may be linked to cyberattacks and pose a national security risk. TP-Link, which holds a 65% market share in the U.S. for high-speed cable modems, routers, and smart home devices, …
Read More »Daily Security Update Dated: 18.12.2024
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: Thieves steal $107K+ from University of Central …
Read More »