Monday , December 23 2024

infosecbulletin

Unprotected UN Database Exposes 228GB of Gender Violence Victims’ Data

man in phone

Cybersecurity researcher Jeremiah Fowler found a non-password-protected database with 115,000 records linked to the UN Trust Fund to End Violence against Women. This fund aims to prevent violence against women and girls by supporting organizations that address gender-based violence and promote women’s rights. The unprotected database contained sensitive financial reports, …

Read More »

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability

urgent fix

Cisco announced updates on Wednesday to fix a security flaw in its Adaptive Security Appliance (ASA) that is currently being exploited and could cause a denial-of-service (DoS) condition. CVE-2024-20481 (CVSS score: 5.8) is A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and …

Read More »

Fortinet + Crowdstrike team on protection from endpoint to firewall

flowchart

In today’s rapidly changing cybersecurity environment, organizations encounter numerous complex threats targeting endpoints and networks. CrowdStrike and Fortinet have partnered to provide top-notch protection from endpoints to firewalls. This partnership combines the strengths of CrowdStrike in endpoint security and Fortinet in network security, offering customers the flexibility, visibility, and protection …

Read More »

2nd time hacker breached Internet Archive

Internet archive

The Internet Archive was breached again, this time through their Zendesk email support platform, following warnings that threat actors had stolen exposed GitLab authentication tokens. Bleeping computer reported, Since last night, the authority received numerous messages from people who received replies to their old Internet Archive removal requests, warning that …

Read More »

Vulnhuntr: A Tool for Finding Exploitable Vulnerabilities with LLMs

Diagram

In today’s changing cybersecurity environment, it’s essential to find vulnerabilities in code. Vulnhuntr, an open-source tool on GitHub, uses Large Language Models (LLMs) and static code analysis to detect remotely exploitable vulnerabilities in Python projects. Its user-friendly design combines intelligent automation with thorough code analysis, making it a valuable resource …

Read More »

Critical Vulnerabilities in Bitdefender Total Security Expose Users to MITM

Bitdefender

Bitdefender said a vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the “Server Authentication” specification in the Extended Key Usage extension, the product does not verify the certificate’s compliance with the site, …

Read More »

Microsoft’s Alarming Report: 600 Million Cyberattacks perday

Microsoft

Cybersecurity threats have surged to extraordinary heights, as Microsoft’s latest Digital Defense Report reveals that its customers are confronted with over 600 million cyberattacks every day. The report highlights that cyber operations play a crucial role in geopolitical conflicts, used for espionage, influence, and destruction. The cooperation between nation-states and …

Read More »

CVE-2024-38814
VMware fixes high-severity SQL injection flaw in HCX

vmware

VMware has issued a warning about a remote code execution vulnerability, CVE-2024-38814, with a CVSS score of 8.8, in its HCX application mobility platform. An authenticated SQL injection vulnerability in HCX was privately reported to VMware by Sina Kheirkhah from the Summoning Team through the Trend Micro Zero Day Initiative. …

Read More »