A SAML token signature bypass vulnerability in VMware Tools was responsibly reported to VMware with a maximum CVSSv3 base score of 7.5. Updates are available to remediate this vulnerability in the affected VMware products. Click here to read full report.
Read More »Credentials of NASA, Tesla, Verizon, and 2K others leaked by workplace safety organization
The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations. The National Safety Council (NSC) is a non-profit organization in the United States providing workplace and driving safety training. On its digital platform, NSC provides online resources …
Read More »Lockbit 3.0 Builder Leaked: Anyone Can Blend Ransomware
It has come to the attention of researchers that the LockBit 3.0 builder has suffered from a leak, which now allows anyone to create various versions of the LockBit ransomware according to their own preferences. This poses a serious security risk that should not be taken lightly. LockBit” is a …
Read More »Final approval of the Cyber Security Act in the Cabinet in Bangladesh
The Cabinet has given final approval to the Cyber Security Act. Law Minister Anisul Haque said that the approval was given on Monday (August 28). He said that the final approval of the Cyber Security Act has been given by making special changes in some sections besides further reducing the …
Read More »Mobile Neuron to scan for OWASP Mobile Top 10 vulnerabilities, iOS/Android weaknesses
ImmuniWeb has released Neuron Mobile, a security testing solution for mobile applications. It scans iOS and Android apps for OWASP Mobile Top 10 vulnerabilities and weaknesses. According to ImmuniWeb, Neuron Mobile is a fully automated solution that includes dynamic and static application security testing (DAST/SAST), along with software composition analysis …
Read More »1,000 Organizations, 60 Million Individuals Impacted by MOVEit Hack
Reportedly, the Russian-speaking Cl0p ransomware group has executed the MOVEit campaign, affecting approximately 1,000 organizations and 60 million individuals. It is important to highlight that these numbers encompass both entities that are directly and indirectly affected. For example, numerous organizations and millions of individuals had their information compromised through PBI, …
Read More »Google Workspace: New account security, DLP capabilities announced
Google Workspace has introduced new features to enhance account and data security for businesses. These features aim to make it harder for unauthorized individuals to take control of admin and user accounts, as well as prevent the extraction of sensitive data. A few of these options are already accessible in …
Read More »How do you defend against a malware loader?
Several steps can help minimize the threat from malware loaders. Here’s what ReliaQuest suggests: To enhance your workflow and streamline your scripting tasks, I recommend optimizing the default execution engine for JS files from Wscript to the versatile Notepad. Additionally, you have the flexibility to extend this configuration to accommodate …
Read More »Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches
The FBI has issued a warning stating that even after being patched against a critical flaw, Barracuda Networks Email Security Gateway (ESG) appliances are still vulnerable to potential compromise by suspected Chinese hacking groups. It said that the fixes were not effective and that it still sees intrusions and considers …
Read More »AHM Mohsin rejoin Sophos Bangladesh as country manager
AHM Mohsin re-assigned as Country Manager of Sophos Bangladesh. He has already started his duties. AHM Mohsin said, I have started serving as the country manager of Sophos in Bangladesh from August 21, 2023. He expects, the scope of work and quality of service of Sophos will increase by this. …
Read More »