The Apache Software Foundation has warned about two serious security issues (CVE-2024-38346 and CVE-2024-39864) in Apache CloudStack, a popular open-source cloud computing platform. These vulnerabilities are a big threat to organizations using CloudStack to manage their virtualized infrastructure. Unauthenticated Cluster Service Port (CVE-2024-38346) The vulnerability CVE-2024-38346 is found in the …

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the UK, and the US issued a warning about a cyber espionage group called APT40, which is linked to China. The advisory cautions about the group’s capability to quickly and effectively use security flaws that are recently disclosed. “APT …

The United States cyber defense agency is creating a new framework to answer a critical question in cybersecurity: How can the trustworthiness of open-source security projects be accurately measured and transparently communicated? The Cybersecurity and Infrastructure Security Agency is working on the second phase of its open-source software security road …

In early 2021, a hacker infiltrated OpenAI’s internal messaging systems and obtained information about the design of the company’s AI technologies. The hacker stole information from an online forum where OpenAI employees discussed their latest technologies. However, the hacker was unable to access the systems where the company stores and …

So, get Ready for BDSec CTF 2024! Knight squad call you to mark your calendar for 20 July 2024 at 09:00 PM (Bangladesh Time). This is your chance to showcase your cybersecurity skills and compete with the best minds from around the world. 🌐 Register Now: bdsec-ctf.com 🕒 Date: 20 …

Cisco warned about a serious security issue called “regreSSHion” (CVE-2024-6387) that affects the OpenSSH server in some Cisco products and cloud services. This could let unauthorized attackers run their own code on affected systems, possibly taking full control of the system. The following table lists Cisco products that are affected …

Cyble Analyzes An Active Campaign Exploiting A Microsoft SmartScreen Vulnerability To Deliver Stealers Via Spam Emails. Key findings:  * Cyble Research and Intelligence Labs (CRIL) recently came across an active campaign exploiting the Microsoft SmartScreen vulnerability (CVE-2024-21412). * The ongoing campaign targets multiple regions, including Spain, the US, and Australia. …

A huge collection of passwords, containing almost ten billion unique passwords, was leaked on a popular hacking forum. The Cybernews research team warns that this leak could seriously endanger users who tend to reuse. Cybernews researchers found the biggest password collection with 9,948,575,739 unique passwords. It was posted as a …

First get together of information security professionals community (ISPC) was held at Dhaka with a festive look with the participation of 70+ professionals from different organizations at Dhaka. At get together, the attendees discussed how can ISPC be well structured for the professionals. Someone proposed to form ISPC a professional …

Mohammed Iqbal Hossain has been elected as the president of ISACA Dhaka chapter and Md. Abul Kalam Azad has been reelected as secretary. Saturday (6 July) from 4 pm to 6.30 pm, 150+ member cast their vote to elect their candidates for ISACA Dhaka chapter. This year 23 candidates fight …