“Sarcoma” ransomware group attacked a well known Bangladeshi insurance company named “Popular life insurance company ltd”. The threat actor keeps an option to release the full data if their demand doesn’t meet up within 5 days. According to the threat actor, approximately 36 GB of data, including attachments and SQL …
Read More »“Sarcoma” ransomware group
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
Bug Hunt 2024, one of the largest cyber security competitions and conferences in Bangladesh, was successfully held at the ICT Tower in Agargaon, Dhaka On November 16, 2024. This groundbreaking initiative aims to enhance cyber security expertise and awareness in the cyber security landscape in the country. Highlights of the …
Read More »TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
A serious security flaw has been found in some TP-Link routers, potentially enabling hackers to remotely access the affected devices.The vulnerability CVE-2024-11237 impacts TP-Link VN020 F3v(T) routers with firmware TT_V6.2.1021, mainly used by Tunisie Telecom and Topnet ISPs. Routers similar to those used in Algeria and Morocco are vulnerable to …
Read More »
WSJ reports
T-Mobile hacked in massive breach of telecom networks
The Wall Street Journal reported on Friday citing people familiar with the matter that T-Mobile’s network was among the systems hacked in a damaging Chinese cyber-espionage operation that successfully gained entry into multiple U.S. and international telecommunications companies. Hackers were able to breach T-Mobile as part of a monthslong campaign …
Read More »Palo Alto Networks Confirms critical RCE zero-day actively exploited
“Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet. We are actively investigating this activity,” reads the security bulletin by the cybersecurity provider Palo Alto Networks. On November 8, Palo Alto …
Read More »
CISA, FBI Warns
Hacker compromised multiple teleco network at US
US authorities have revealed a major cyberespionage campaign by hackers, targeting information from Americans in government and politics. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint statement on Wednesday that actors affiliated with Beijing had “compromised networks at multiple telecommunications companies”. In a statement …
Read More »
(CVE-2024-52301)
Laravel Flaw Unveils Millions of Web Applications to Attack
A significant security flaw, CVE-2024-52301, has been found in the Laravel framework, which is widely used for web applications. With a CVSS rating of 8.7, this vulnerability could allow unauthorized access, data tampering, and privilege escalation in many Laravel applications. CVE-2024-52301 pertains to inadequate input validation in Laravel’s environment configuration. …
Read More »Bitdefender releases free decryptor for ShrinkLocker ransomware
Bitdefender has released a decryptor for the ShrinkLocker ransomware after months of concern from responders regarding attacks involving this malware. Bitdefender released a detailed blog explaining how a ransomware strain utilizes Microsoft’s BitLocker to encrypt files and removes recovery options. “ShrinkLocker is a novel ransomware strain that leverages a unique …
Read More »Fortinet releases updates for Various Products
Fortinet has issued security updates for several products, including FortiOS, to fix vulnerabilities that could allow cyber attackers to take control of affected systems. CISA encourages users and administrators to review the following advisories and apply necessary updates. FG-IR-23-396 ReadOnly Users Could Run Some Sensitive Operations: A client-side enforcement of …
Read More »Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws
Microsoft’s latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited. This patch release highlights the need for timely updates to guard against cyber threats. Zero-Day Vulnerabilities Patched: The four zero-day vulnerabilities patched in this update include two that attackers have …
Read More »