CISA has urgent warnings for organizations regarding three security flaws in Mitel and Oracle systems that are currently being exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog and pose major risks to federal agencies and businesses. Two vulnerabilities impact Mitel MiCollab, a widely used unified communications …

Cybersecurity professionals serve as the first line of defense against hackers, hacktivists, and ransomware groups. To combat these cyber threats, there is an ever-growing need for skilled individuals who can effectively identify and mitigate cyber risks. As we enter 2025, both aspiring cybersecurity experts and seasoned professionals must stay informed …

Over 48,000 SonicWall devices are still vulnerable to a serious security flaw, putting organizations worldwide at risk of ransomware attacks. The CVE-2024-40766 vulnerability was disclosed in September 2024 and is actively exploited by ransomware groups Akira and Fog. CVE-2024-40766 is a serious access control vulnerability in SonicWall’s SonicOS, used in …

On Friday, the Indian government released the draft Digital Personal Data Protection Rules, requiring social media and online platforms to obtain verifiable consent from parents before children can create accounts. Parents must validate their identity and age using voluntary identity proof issued by a recognized legal entity or the government, …

Microsoft recently shared a vision for the future of American technology and economic competitiveness, highlighting Artificial Intelligence (AI) as central to this change. The company views AI as “the electricity of our age,” capable of boosting innovation and productivity across all sectors. Microsoft’s vision rests on three pillars: Advancements in …

According to Bangladesh Cyber ​​Security Intelligence (BCSI) report, City Bank has been the victim of a cyber attack. The hacker group was selling the bank’s customer financial reports on a dark web market. BCSI has contacted the hacker. In the published report, BCSI shared screenshots of the conversation with the …

Around 3.3 million servers are running POP3/IMAP email services without encryption (TLS) enabled, the Shadowserver Foundation, a nonprofit security organization, has discovered. Most of these servers reside in the US, Germany, and Poland. POP3 (Post Office Protocol version 3) is an aging protocol used by email clients to retrieve emails …

Researchers have demonstrated a method to bypass Windows 11’s BitLocker encryption, enabling the extraction of Full Volume Encryption Keys (FVEKs) from memory. This vulnerability underscores the risks associated with physical access attacks and highlights potential weaknesses in memory protection mechanisms. The attack revolves around capturing the contents of a computer’s …

SafeBreach Labs revealed a zero-click vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) service, dubbed “LDAP Nightmare”. This critical vulnerability, tracked as CVE-2024-49112, has been assigned a CVSS score of 9.8, highlighting its severe implications for enterprise networks. SafeBreach researchers demonstrated how the exploit could crash unpatched Windows Servers, …

Bangladesh Cyber Security Intelligence (BCSI) has published Financial Threat Assessment report for 2024. In an era where financial institutions and Critical Information Infrastructure (CII) are essential to both economic and national stability, the growing frequency and complexity of cyber threats have underscored a pressing truth: Bangladesh’s national security is under …