Researchers found a big phishing campaign that uses QR codes to trick people. QR code fraud or “quishing” is a type of phishing where hackers pretend to be a trustworthy source to trick people into giving sensitive information or downloading malware. This trend is concerning and should not be ignored. …
Read More »MICROSOFT PATCH TUESDAY FIXED 4 CRITICAL FLAWS
In December 2023, Microsoft released security updates for multiple products, addressing 33 vulnerabilities. The company’s vulnerabilities affect several Microsoft products, including Windows, Office, Azure, Microsoft Edge, Windows Defender, Windows DNS and DHCP server, and Microsoft Dynamic. The IT giant also addressed several Chromium issues. ALSO READ: Bypassing major EDRS using …
Read More »Sophos updated RCE fix after attacks on unsupported firewalls
Sophos had to update old firewall firmware versions due to a security vulnerability (CVE-2022-3236) after attacked by hackers. There is a code injection flaw in the User Portal and Webadmin of Sophos Firewall. This flaw allows for remote code execution. ALSO READ: Bypassing major EDRS using “POOL PARTY”, Hackers revealed …
Read More »
process injection techniques
Bypassing major EDRS using “POOL PARTY”, Hackers revealed
Researchers at cybersecurity firm SafeBreach created a new method called Pool Party. This method allows attackers to bypass EDR solutions. The researchers presented Pool Party at Black Hat Europe 2023. The experts discovered an new way to inject processes by using Windows thread pools. Researchers found eight new process injection …
Read More »APACHE FIXED CRITICAL RCE FLAW CVE-2023-50164 at STRUTS 2
The Apache Software Foundation fixed a critical file upload vulnerability in the Struts 2 open-source framework. This flaw, tracked as CVE-2023-50164, could allow remote code execution. An attacker can manipulate file upload parameters to upload a malicious file and execute code on the server. “An attacker can manipulate file upload …
Read More »
internet operational technology
17th bdNOG conference start tomorrow for three days
17th bdNOG Conference and Workshop is going to be held in Dhaka on December 12-15 jointly organized by Bangladesh Network Operators Group (BDING) and Internet Service Providers Association of Bangladesh (ISPAB). Three days technical workshop and one day hosting day will be in the conference. The workshop will train Internet …
Read More »
Canada Ransomware Whitepaper-2023
Mid-sized Canadian firms pay an average $1.13 million to ransomware gangs
A recent survey found that mid-sized Canadian companies paid an average of just over $1 million in ransomware payments this year. On Thursday, the results of a survey conducted by Palo Alto Networks were released. The survey involved IT professionals from 1,000 organizations with employee numbers ranging from 100 to …
Read More »Government plans digital health cards for all citizens
The government plans to implement digital health cards for all citizens. This will eliminate the need to keep physical prescription and test files, as all the information will be stored in a digital database. DGHS is implementing a digital database to manage patient information more efficiently. Each patient will receive …
Read More »Daily Cybersecurity update, December 09, 2023
In the digital age, attacks have been generated in every seconds in every corner of the work. Here are the 5 notable happenings in the world in cyber industry: FortiGuard Labs found a new email phishing campaign. It tricks victims by using fake hotel booking details to make them click …
Read More »Singapore’s AI strategy 2.0 to include localized LLM
Singapore launched its first AI strategy in 2019, aiming to deepen the use of AI in transforming the economy. Singapore’s early investment in AI led to the creation of approximately 150 research teams and 900 startups focusing on AI development. Consequently, Singapore has experienced notable advancements in AI, leading to …
Read More »