DataDog security researchers found that hackers are widely exploiting Docker Swarm, Kubernetes, and SSH servers. The newly discovered malware campaign focuses on “Docker” and “Kubernetes” environments and uses “Docker API” endpoint vulnerabilities as the ‘initial access vector.’ Hackers Exploiting Servers in Large Scale: The hackers install “cryptocurrency mining software” on …

A technical error in the server at Bangladesh Bank is causing issues with inter-bank transactions, resulting in the cancellation of all clearing checks set for Monday. On October 1, Husne Ara Shikha, Executive Director and Spokesperson of Bangladesh Bank, confirmed this information. There was a check clearing issue on Monday …

India has made the National Security Council Secretariat (NSCS) the nodal agency for dealing with the growing threats to cyber security. As per a notification issued late Friday evening, PM-led NSCS has been mandated “to provide overall coordination and strategic direction for cyber security” in addition to assisting the National …

Cybersecurity researcher Jeremiah Fowler has uncovered a major data breach at ChoiceDNA, an Indiana-based firm offering DNA testing and facial recognition services involving biometric images and personal information. Fowler reported to Infosecbulletin that around 8,000 sensitive documents, including biometric images and metadata, were publicly accessible without password protection. The unsecured …

In 2023, over 6,500 ransomware attacks were reported, affecting a record 117 countries worldwide after a decline in 2022. Ransomware incidents rose 73% year-over-year to 6,670, with significant increases in June and July linked to a widely used file transfer tool. The Ransomware Task Force, established in 2021 by the …

A CTF contest is going to be organized at Bangladesh Computer Society (BCS). The registration process is automatically started for the contest. The contest will be on cryptography, reverse engineering, forensics, web, binary exploitation, PWN, OSINT, Networking and steganography. Contest module: • 24 hours training ( 3 days) • Every Saturday …

The National Institute of Standards and Technology (NIST) has issued new guidelines for password security, representing a major change from standard practices. These new recommendations, outlined in NIST Special Publication 800-63B, aim to enhance cybersecurity while improving user experience. NIST has changed its approach to password complexity. Instead of requiring …

Meta was fined over $100 million by the EU privacy regulator on Friday due to a security issue with Facebook users’ passwords. The Irish Data Protection Commission fined the U.S. tech company 91 million euros ($101.6 million) after an investigation. The watchdog opened an investigation in 2019 after Meta reported …

Microsoft cybersecurity researchers found that the “Storm-0501” ransomware group is targeting hybrid cloud environments. Storm-0501 Attacking Cloud Environments: Storm-0501 is a ‘financially motivated’ threat group that has launched a sophisticated ‘multi-stage attack’ targeting “hybrid cloud environments” across various ‘U.S. sectors’ and ‘critical infrastructure.’ The group exploited vulnerabilities in Zoho ManageEngine, …

Simone Margaritelli has discovered a serious remote code execution (RCE) vulnerability in the Common Unix Printing System (CUPS), impacting all GNU/Linux systems. Simone Margaritelli has revealed technical details about the unauthenticated RCE flaw affecting all GNU/Linux systems, which he previously reported. The flaw, comprising four CVEs (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177), …