New guidance on ransomware, released during this week’s International Counter Ransomware Initiative (CRI) meeting, encourages victims to report attacks to law enforcement promptly and to consult more advisors before deciding to pay a ransom. Cybersecurity experts from about 70 countries are gathering at the White House this week for the …

Over 14 new security flaws have been found in DrayTek routers for homes and businesses, which could allow attackers to take control of affected devices. According to Forescout Vedere Labs,”These vulnerabilities could enable attackers to take control of a router by injecting malicious code, allowing them to persist on the …

Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted emails to the SMTP server. CVE-2024-45519 is a remote code execution vulnerability in Zimbra’s postjournal service, which handles incoming emails via SMTP. Attackers can exploit this flaw by sending emails …

CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code execution in critical infrastructure. The flaws involve weak authentication, allowing users to bypass password requirements, and issues with validating user input, which could lead to remote code execution, arbitrary file …

On October 1, 2024, CISA released two advisories regarding Industrial Control Systems (ICS), highlighting current security issues, vulnerabilities, and exploits in the field. ICSA-24-275-01 Optigo Networks ONS-S8 Spectra Aggregation Switch: Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution, arbitrary file upload, or bypass authentication. …

DataDog security researchers found that hackers are widely exploiting Docker Swarm, Kubernetes, and SSH servers. The newly discovered malware campaign focuses on “Docker” and “Kubernetes” environments and uses “Docker API” endpoint vulnerabilities as the ‘initial access vector.’ Hackers Exploiting Servers in Large Scale: The hackers install “cryptocurrency mining software” on …

A technical error in the server at Bangladesh Bank is causing issues with inter-bank transactions, resulting in the cancellation of all clearing checks set for Monday. On October 1, Husne Ara Shikha, Executive Director and Spokesperson of Bangladesh Bank, confirmed this information. There was a check clearing issue on Monday …

India has made the National Security Council Secretariat (NSCS) the nodal agency for dealing with the growing threats to cyber security. As per a notification issued late Friday evening, PM-led NSCS has been mandated “to provide overall coordination and strategic direction for cyber security” in addition to assisting the National …

Cybersecurity researcher Jeremiah Fowler has uncovered a major data breach at ChoiceDNA, an Indiana-based firm offering DNA testing and facial recognition services involving biometric images and personal information. Fowler reported to Infosecbulletin that around 8,000 sensitive documents, including biometric images and metadata, were publicly accessible without password protection. The unsecured …

In 2023, over 6,500 ransomware attacks were reported, affecting a record 117 countries worldwide after a decline in 2022. Ransomware incidents rose 73% year-over-year to 6,670, with significant increases in June and July linked to a widely used file transfer tool. The Ransomware Task Force, established in 2021 by the …