Wednesday , April 2 2025

infosecbulletin

NIST unveils new password guidelines 2024: 11 rules to follow

nist

The National Institute of Standards and Technology (NIST) has issued new guidelines for password security, representing a major change from standard practices. These new recommendations, outlined in NIST Special Publication 800-63B, aim to enhance cybersecurity while improving user experience. NIST has changed its approach to password complexity. Instead of requiring …

Read More »

Meta fined $101 million for storing passwords in plaintext

photo

Meta was fined over $100 million by the EU privacy regulator on Friday due to a security issue with Facebook users’ passwords. The Irish Data Protection Commission fined the U.S. tech company 91 million euros ($101.6 million) after an investigation. The watchdog opened an investigation in 2019 after Meta reported …

Read More »

Microsoft warns Storm-0501 targets hybrid cloud environments

Cloud

Microsoft cybersecurity researchers found that the “Storm-0501” ransomware group is targeting hybrid cloud environments. Storm-0501 Attacking Cloud Environments: Storm-0501 is a ‘financially motivated’ threat group that has launched a sophisticated ‘multi-stage attack’ targeting “hybrid cloud environments” across various ‘U.S. sectors’ and ‘critical infrastructure.’ The group exploited vulnerabilities in Zoho ManageEngine, …

Read More »

RCE flaw impacts all GNU/Linux System: Details Revealed

GNU

Simone Margaritelli has discovered a serious remote code execution (RCE) vulnerability in the Common Unix Printing System (CUPS), impacting all GNU/Linux systems. Simone Margaritelli has revealed technical details about the unauthenticated RCE flaw affecting all GNU/Linux systems, which he previously reported. The flaw, comprising four CVEs (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177), …

Read More »

Octo2: European Banks Already Under Attack by New Malware varient

phone

Cybersecurity researchers at ThreatFabric have identified a new and more dangerous variant of the Octo banking malware, called “Octo2.” This evolved version of ExobotCompact is already targeting European financial institutions, with attacks reported in Italy, Poland, Moldova, and Hungary. Octo2 features improved remote access and advanced anti-detection methods, making it …

Read More »

CISA Releases Guideline mitigating Active Directory compromise

cisa

To improve cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has partnered with international agencies to release a guide on detecting and addressing Active Directory compromises. This guidance, from the ASD, NSA, CCCS, NCSC-NZ, and NCSC-UK, informs organizations about common techniques used by cybercriminals to target Microsoft Active Directory. Active …

Read More »

Cloudflare report
India linked hacker to target Bangladeshi Gov.t and law agency

india

A threat actor likely operating out of India is relying on various cloud services to conduct cyberattacks against energy, defense, government, telecommunications, and technology entities of Bangladesh, Cloudflare reports. Tracked as SloppyLemming, this group is linked to Outrider Tiger, a threat actor associated with India, previously Crowdstrike said, that uses …

Read More »

India launches first Al-powered network solution for spam detection

mobile

India’s Bharti Airtel has launched India’s first AI-powered solution that detects spam calls and messages, alerting customers in real-time. The free service automatically activates for all users, detecting millions of spam messages daily to improve customer security. Airtel announces a free tool that will automatically alert customers in real-time about …

Read More »