The Apache Software Foundation has found multiple security issues in the widely used Apache HTTP Server. These vulnerabilities could lead to denial-of-service attacks, remote code execution, and unauthorized access, putting many websites at risk of cyberattacks. CVE-2024-36387 to CVE-2024-39573 are vulnerabilities in Apache HTTP Server’s components like mod_proxy, mod_rewrite, and …

An executive from National Australia Bank reveals that the four major banks in the country face continuous attacks, as threat actors launch numerous attacks every minute, around the clock. According to Chris Sheehan, National Australia Bank’s executive for group investigations, all banks are constantly being targeted by attacks. The purpose …

There is a security flaw (CVE-2024-20399) in Cisco NX-OS Software that lets an attacker with local access execute commands as root on the affected device. The vulnerability is caused by not properly checking the arguments used in certain configuration CLI commands. An attacker can take advantage of this vulnerability by …

Despite the limited manpower and various limitations, efforts are being made to keep the country’s cyber space safe, said the Director General of the National Cyber ​​Security Agency (NCSA), Abu Sayed Md. Kamruzzaman. He gave this information at a seminar titled “Use of Safe Internet and Prevention of Rumors and …

Microsoft will assign Common Vulnerabilities and Exposures (CVE) numbers to important vulnerabilities found and fixed in their cloud services. This improves transparency and security by publicly disclosing vulnerabilities that can be fixed without user intervention. Microsoft’s decision to assign CVE numbers to cloud service vulnerabilities, regardless of whether customer action …

Indonesia’s temporary National Data Center (PDN) was attacked by ransomware last Thursday, leading to delays in airport immigration services and new student registration. The hackers are asking for an $8 million ransom, about Rp 131 billion, to give back the stolen data. The ransomware used in this incident is “Brain …

FortiGuard Labs found an attack that uses the CVE-2021-40444 vulnerability in Microsoft Office. This flaw lets attackers run harmful code through specific documents. The attack deployed a spyware called “MerkSpy” which secretly watches user activities, collects sensitive information, and stays on compromised systems. The attack starts with a harmless-looking Microsoft …

Starting November 1, 2024, Google will block websites that use certificates from Entrust. Google made this decision because Entrust has not been able to handle security issues promptly and has not complied with their requirements. “Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors …

CISA issued seven advisories about Industrial Control Systems (ICS) on June 27, 2024. These advisories aim to give prompt information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-179-01 TELSAT marKoni FM Transmitter ICSA-24-179-02 SDG Technologies PnPSCADA ICSA-24-179-03 Yokogawa FAST/TOOLS and CI Server ICSA-24-179-04 Johnson Controls Illustra Essentials Gen …

Researchers said, threat actor exploiting vulnerabilities in Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839 to deploy cryptocurrency miners via PowerShell scripts. Trend Micro researchers published a new analysis by Ahmed Mohamed Ibrahim, Shubham Singh, and Sunil Bharti. “The threat actor employs fileless execution techniques, using DLL reflective and process injection, …