Microsoft’s cybersecurity team found two major vulnerabilities in Rockwell Automation’s PanelView Plus, a widely used human-machine interface in industrial settings. There are two vulnerabilities, CVE-2023-2071 and CVE-2023-29464, that can be used by attackers without authentication. They can use these vulnerabilities for remote code execution (RCE) and denial-of-service (DoS) attacks. The …
Read More »Researchers detect 28 new Ransomwares in June
Cybersecurity experts found 28 new types of ransomware in June. These malicious programs are a big threat to individuals and businesses. Cybercriminals are improving their tactics with each new variant, making it harder to detect and stop them. Ransomware encrypts important data, making it impossible for users to access. Afterward, …
Read More »Vote for DHAKA, Vote for ISACA at 6 July
ISACA Dhaka Chapter election is going to be held on Saturday (6 July) 2024. This year 23 candidates will fight each other for 13 posts. Dr. Ijazul Haque and Mohammed Iqbal Hossain will fight each other for the post of president on the other hand S M Mizanur Rahman and …
Read More »Google to pays $250,000 for KVM zero-day vulnerabilities
Google launched a new bug bounty program called kvmCTF to enhance the security of its Kernel-based Virtual Machine (KVM) hypervisor. This program offers up to $250,000 as a reward to security researchers who successfully achieve a full virtual machine (VM) escape exploit. KVM, an open-source hypervisor, is important in consumer …
Read More »Brain Cipher Ransomware to Release Decryption Keys free for Indonesia
The Brain Cipher ransomware group to release the decryption keys for Indonesia Terkoneksi on Wednesday. They said their attack aims to highlight the need for funding the industry and hiring skilled experts. They clarified that the attack is not politically motivated, but rather a penetration test that requires payment afterwards. …
Read More »0-click Account Takeover via Google Authentication
“A critical vulnerability has been identified in the Google Authentication mechanism of the application. By manipulating the ID and email parameters in the authentication request, an attacker can obtain an access token for any user. This allows the attacker to take over any account without any user interaction, leading to …
Read More »multiple vulnerabilities found in apache HTTP server
The Apache Software Foundation has found multiple security issues in the widely used Apache HTTP Server. These vulnerabilities could lead to denial-of-service attacks, remote code execution, and unauthorized access, putting many websites at risk of cyberattacks. CVE-2024-36387 to CVE-2024-39573 are vulnerabilities in Apache HTTP Server’s components like mod_proxy, mod_rewrite, and …
Read More »Australian four major banks raised alarm on cyber ‘warfare’
An executive from National Australia Bank reveals that the four major banks in the country face continuous attacks, as threat actors launch numerous attacks every minute, around the clock. According to Chris Sheehan, National Australia Bank’s executive for group investigations, all banks are constantly being targeted by attacks. The purpose …
Read More »CVE-2024-20399: Cisco NX-OS Vulnerability Under active Attack
There is a security flaw (CVE-2024-20399) in Cisco NX-OS Software that lets an attacker with local access execute commands as root on the affected device. The vulnerability is caused by not properly checking the arguments used in certain configuration CLI commands. An attacker can take advantage of this vulnerability by …
Read More »NCSA to do maximum work with limited manpower: DG Kamruzzaman
Despite the limited manpower and various limitations, efforts are being made to keep the country’s cyber space safe, said the Director General of the National Cyber Security Agency (NCSA), Abu Sayed Md. Kamruzzaman. He gave this information at a seminar titled “Use of Safe Internet and Prevention of Rumors and …
Read More »