Monday , December 23 2024

infosecbulletin

New report; Polyfill[.]io Attack Impacts Over 380,000 Hosts

coding

The web development community was affected by a supply chain attack on the popular Polyfill.io JavaScript library last week. Polyfill.js supports modern tools on older web browsers for cross-compatibility. In February 2024, the Polyfill.io domain and GitHub account were acquired by Funnull, a Chinese CDN company. This raised concerns about …

Read More »

Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw

apache

Apache Software Foundation released Apache HTTP Server version 2.4.61 to fix a serious source code disclosure vulnerability (CVE-2024-39884). This flaw could expose sensitive server information to malicious actors. The CVE-2024-39884 vulnerability is caused by a problem in how old content-type configurations are managed. The “AddType” directive and similar settings, when …

Read More »

Microsoft Uncovers Flaws in Rockwell Automation PanelView Plus

Rockwell automation

Microsoft’s cybersecurity team found two major vulnerabilities in Rockwell Automation’s PanelView Plus, a widely used human-machine interface in industrial settings. There are two vulnerabilities, CVE-2023-2071 and CVE-2023-29464, that can be used by attackers without authentication. They can use these vulnerabilities for remote code execution (RCE) and denial-of-service (DoS) attacks. The …

Read More »

Brain Cipher Ransomware to Release Decryption Keys free for Indonesia

statement

The Brain Cipher ransomware group to release the decryption keys for Indonesia Terkoneksi on Wednesday. They said their attack aims to highlight the need for funding the industry and hiring skilled experts. They clarified that the attack is not politically motivated, but rather a penetration test that requires payment afterwards. …

Read More »

multiple vulnerabilities found in apache HTTP server

apache

The Apache Software Foundation has found multiple security issues in the widely used Apache HTTP Server. These vulnerabilities could lead to denial-of-service attacks, remote code execution, and unauthorized access, putting many websites at risk of cyberattacks. CVE-2024-36387 to CVE-2024-39573 are vulnerabilities in Apache HTTP Server’s components like mod_proxy, mod_rewrite, and …

Read More »

Australian four major banks raised alarm on cyber ‘warfare’

banks logo

An executive from National Australia Bank reveals that the four major banks in the country face continuous attacks, as threat actors launch numerous attacks every minute, around the clock. According to Chris Sheehan, National Australia Bank’s executive for group investigations, all banks are constantly being targeted by attacks. The purpose …

Read More »