Wednesday , April 2 2025

infosecbulletin

Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI

Bank Rakyat Indonesia (BRI), the largest state bank by assets, has assured customers that their data and funds are secure and that normal transactions continue uninterrupted, despite rumors of a ransomware attack on social media. On Wednesday evening, BRI’s Director of Digital and IT, Arga M. Nugraha, confirmed via Instagram …

Read More »

London-based company “Builder.ai” reportedly exposed 1.2 TB data

Builder.ai

Cybersecurity researcher Jeremiah Fowler reported to Website Planet that he found a non-password-protected 1.2 TB dataset containing over 3 million records from Builder.ai, a London company that provides AI software and app development solutions without requiring coding skills. Jeremiah Fowler claimed the unsecured database contained 3,077,542 records, totaling 1.29 TB. …

Read More »

(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall

Sophos Firewall

Sophos has fixed three separate security vulnerabilities in Sophos Firewall.  The vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729 present major risks, such as remote code execution and privilege escalation. Applies to the following Sophos product(s) and version(s): Sophos Firewall v21.0 GA and earlier No action is needed for Sophos Firewall customers who …

Read More »

“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA

A time-demanding workshop on “Cybersecurity Awareness and Needs Analysis” was held on Thursday (December 19) at Bangladesh Bank Training Academy Auditorium in Dhaka. This workshop aims to raise awareness of the latest cybersecurity trends and technologies in the financial sector and gather insights on future human resource development. It is …

Read More »

CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability

Fortinet

Kaspersky’s Global Emergency Response Team (GERT) found that attackers are exploiting a patched SQL injection vulnerability (CVE-2023-48788) in Fortinet FortiClient EMS, affecting versions 7.0.1 to 7.0.10 and 7.2.0 to 7.2.2. Even with available patches, many systems remain unupdated, allowing unauthorized code execution and compromise of networks. According to the report, …

Read More »

CISA released best practices to secure Microsoft 365 Cloud environments

Microsoft 365

CISA has issued Binding Operational Directive (BOD) 25-01, requiring federal civilian agencies to improve the security of their Microsoft 365 cloud environments. This directive is part of CISA’s effort to reduce risks from cloud misconfigurations and weak security controls that have been targeted in recent cyberattacks. BOD 25-01 introduces Secure …

Read More »

Data breach! Ireland fines Meta $264 million, Australia $50m

Meta

The Irish Data Protection Commission fined Meta €251 million ($263.6 million) for GDPR violations related to a 2018 data breach that affected 29 million Facebook accounts. The breach occurred when unauthorized parties exploited user access tokens, exposing sensitive information like names, email addresses, phone numbers, and physical locations, including data …

Read More »

Over 25K SonicWall VPN Firewalls exposed to critical flaws

sonicwall

More than 25,000 SonicWall SSL VPN devices are vulnerable to critical flaws, with 20,000 running outdated SonicOS/OSX firmware that is no longer supported. This analysis by cybersecurity firm Bishop Fox was prompted by key vulnerabilities disclosed this year in SonicWall devices. Ransomware groups, like Fog and Akira, have recently exploited …

Read More »