Cisco, a global network solutions leader, has reported a security issue with its Firepower Management Center (FMC) software. This vulnerability, known as CVE-2024-20360, has a CVSS score of 8.8, indicating a high severity level and a risk of widespread exploitation. The vulnerability comes from not checking the input correctly in …

Ivanti on Tuesday declare to patch for several products, including fixes for critical vulnerabilities in Endpoint Manager (EPM). Ivanti resolved six out of the ten security defects resolved in EPM are critical-severity SQL Injection bugs. Tracked as CVE-2024-29822 through CVE-2024-29827, the bugs impact the Core server of Ivanti EPM 2022 …

Companies in Germany are facing a new wave of cyberattacks. The State Criminal Police Office of North Rhine-Westphalia has issued a warning. Cybercriminals are targeting Microsoft 365, particularly email and document management, as a way to launch their attacks. “Unknown perpetrators take over email accounts and then send messages on …

SentinelOne researchers found that the Ikaruz Red Team is targeting the Philippines government using different ransomware builders like LockBit, Vice Society, Clop, and AlphV to carry out “small-scale” attacks. They are also sharing data leaks from various organizations in the Philippines. Ikaruz Red Team (IRT) has been targeting entities in …

The US cybersecurity agency, CISA, added a flaw in NextGen Healthcare’s Mirth Connect product to its catalog of Known Exploited Vulnerabilities (KEV). A vulnerability in the open source product, known as CVE-2023-43208, allows remote code execution without authentication due to a data deserialization problem. A patch was rolled out with …

Bangabandhugrandmaster.com, a website dedicated to Bangabandhu Sheikh Mujibur Rahman’s ideas and life, has suffered a major data breach. The breach happened on May 20, 2024, when a significant amount of user data was exposed. The Bangabandhugrandmaster.com data breach revealed an SQL file with detailed information about 94,000 users. The exposed …

Fluent Bit, a widely used logging utility, has a critical vulnerability. This vulnerability can lead to denial-of-service attacks, information disclosure, and potentially remote code execution (RCE). Tenable, a cybersecurity firm, discovered this vulnerability. Fluent Bit is an open source tool that collects and processes large amounts of log data from …

Hackers target Bangladeshi many WordPress based e-commerce sites for their illegal activities. Getting access they are now offer to sell the taken access on the dark web. But, the alarming issue is that on those post not any specific site name has been mentioned. So, this is really difficult to …

SonicWALL SSL-VPN provides secure remote access to an organization’s internal network and resources through an encrypted SSL connection. This kind of VPN is great for giving employees and partners secure access to internal applications and data from remote locations. A hacker is selling a $1000 exploit that targets SonicWALL SSL-VPN …

The banking trojan “Grandoreiro” is spreading widely through a phishing campaign in over 60 countries, aiming at customer accounts of about 1,500 banks. In January 2024, a joint international law enforcement operation involving Brazil, Spain, Interpol, ESET, and Caixa Bank revealed the disruption of a malware operation. The malware had …