National Security Agency (NSA), The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) jointly published guideline to enhanced visibility and hardening guidance for communications infrastructure providing best practices to protect against PRC affiliated threat actor. According to the guideline above mentioned threat actor has compromised networks …
Read More »
CISA has issued an alert about three critical security vulnerabilities that are currently being exploited. These issues are now part of CISA’s Known Exploited Vulnerabilities (KEV) catalog and require urgent action from organizations and individuals to avoid potential risks. Vulnerability Breakdown: CVE-2023-45727 (CVSS 7.5): A vulnerability in Proself Enterprise/Standard Edition, …
Read More »
Cisco has released an updated security advisory about CVE-2014-2120, a vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. This flaw, disclosed in 2014, allows unauthenticated remote attackers to perform cross-site scripting (XSS) attacks on WebVPN users. The advisory highlights that this vulnerability is currently being …
Read More »
A serious zero-day vulnerability has been found in TP-Link Archer, Deco, and Tapo routers, which could let attackers inject harmful commands and take full control of the devices. This vulnerability affects both old and recent firmware versions of popular router models, raising serious security concerns for users until November 4, …
Read More »
IBM revealed several critical vulnerabilities in its Security Verify Access Appliance, which could pose serious security risks to users identified as (CVE-2024-49803, CVE-2024-49804, CVE-2024-49805, CVE-2024-49806). These vulnerabilities affect versions 10.0.0 – 10.0.8 IF1. CVE-2024-49803 is a critical vulnerability with a CVSS score of 9.8. IBM cybersecurity researchers found that this …
Read More »
Cybersecurity researchers are alerting users about phishing email campaigns using a toolkit called “Rockstar 2FA” to steal Microsoft 365 account credentials. These campaigns use advanced techniques to create fake landing pages resembling real Microsoft 365 login pages. Their main goal is to steal user credentials, targeting Microsoft accounts. This campaign …
Read More »
A workshop on “DDoS use cases & solutions for government & BFSI” held at Bangladesh computer society premises on Saturday (30.11.24) where about 100 participants attended. Bangladesh computer society is regarded as the leading professional and learned society in the field of computers and information systems in Bangladesh. BCS said, it …
Read More »
Uganda’s finance ministry confirmed media reports that hackers breached the central bank’s systems and stole money, but refuted the claims to steal the money as much as $17 million. Uganda’s Minister of State for Finance, Henry Musasizi, addressed media reports alleging that a Southeast Asian hacker group hacked the Bank …
Read More »
CERT Germany and Zyxel have alerted about a serious vulnerability in Zyxel firewalls, identified as CVE-2024-11667. This flaw is being exploited to spread Helldown ransomware, with reports of at least five affected organizations in Germany. CVE-2024-11667 is a directory traversal vulnerability in Zyxel’s ZLD firmware versions 5.00 to 5.38. Exploiting …
Read More »
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: Hackers steal millions of dollars from Alabama …
Read More »
InfoSecBulletin Cybersecurity for mankind
