The hacking group “Belsen Group” has posted over 15,000 unique FortiGate firewall configurations online. The data dump, reportedly obtained by exploiting a zero-day vulnerability in Fortinet’s systems in October 2022, contains sensitive information including usernames, passwords (some in plain text), device management certificates, and complete firewall rules. “At the beginning of …

Registration open for “1st Agile Cyber Drill-2025” scheduled for February 26, 2025 online with an awards ceremony for 9 March an initiative by AGS Quality Action Ltd. The drill will involve companies, microfinance institutions, IT service providers, and others to evaluate their readiness for cyber risks. The drill targets corporate …

The FutureCrime Summit 2025 is just 30 days away. This conference is the largest on technology-driven crime, covering topics like digital forensics, cybercrime, and technology laws. Grant Thornton Bharat, a leader in fraud risk management and cybersecurity, is partnering with the FutureCrime Summit 2025 to strengthen efforts against emerging cyber …

Microsoft’s January Patch Tuesday update fixed 159 vulnerabilities, including 10 critical Remote Code Execution (RCE) issues. These updates are essential for protecting Windows and related software from exploitation. Key Highlights of December 2024 Patch Tuesday Updates: CVE-2025-21362 & CVE-2025-21354: Both issues are vulnerabilities in Microsoft Excel that allow remote code …

Fortinet released security patches for a critical vulnerability (CVE-2023-37936) involving a hard-coded cryptographic key. This flaw lets remote, unauthorized attackers use the key to execute unauthorized code through specially crafted cryptographic requests. The use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through …

A critical flaw in Google’s “Sign in with Google” system has put millions of Americans at risk of data theft. This vulnerability primarily impacts former employees of startups that have shut down. Truffle Security identifies that the issue arises from how Google’s OAuth login handles changes in domain ownership. When …

U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a second security flaw affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products to its Known Exploited Vulnerabilities (KEV) catalog, noting that it is actively being exploited. CVE-2024-12686 is a medium-severity vulnerability (CVSS score: 6.6) that could let an attacker …

Executive Summary: Native Resource Abuse: Threat actor dubbed Codefinger uses compromised AWS keys to encrypt S3 bucket data via SSE-C, leveraging AWS’s secure encryption infrastructure in a way that prevents recovery without their generated key. Irrecoverable Data Loss: AWS CloudTrail logs only an HMAC of the encryption key, which is …

India has made strides in cybersecurity by clarifying ministerial roles in September 2024 and implementing a National Security Directive that limits telecom infrastructure procurement to trusted sources. It is also considering similar protocols for other vital sectors like power. To address the shortage of cybersecurity professionals, the government is investing …

BGD e-GOV CIRT report highlights a recent surge in phishing attacks targeting Bangladeshi government organizations, law enforcement, and educational institutions. These attacks aim to steal sensitive information by impersonating official entities and using malicious attachments and links. Key details include: Target Sectors: Government organizations Law enforcement agencies Educational institutions Phishing …