There is a security flaw (CVE-2024-20399) in Cisco NX-OS Software that lets an attacker with local access execute commands as root on the affected device. The vulnerability is caused by not properly checking the arguments used in certain configuration CLI commands. An attacker can take advantage of this vulnerability by …

Despite the limited manpower and various limitations, efforts are being made to keep the country’s cyber space safe, said the Director General of the National Cyber ​​Security Agency (NCSA), Abu Sayed Md. Kamruzzaman. He gave this information at a seminar titled “Use of Safe Internet and Prevention of Rumors and …

Microsoft will assign Common Vulnerabilities and Exposures (CVE) numbers to important vulnerabilities found and fixed in their cloud services. This improves transparency and security by publicly disclosing vulnerabilities that can be fixed without user intervention. Microsoft’s decision to assign CVE numbers to cloud service vulnerabilities, regardless of whether customer action …

Indonesia’s temporary National Data Center (PDN) was attacked by ransomware last Thursday, leading to delays in airport immigration services and new student registration. The hackers are asking for an $8 million ransom, about Rp 131 billion, to give back the stolen data. The ransomware used in this incident is “Brain …

FortiGuard Labs found an attack that uses the CVE-2021-40444 vulnerability in Microsoft Office. This flaw lets attackers run harmful code through specific documents. The attack deployed a spyware called “MerkSpy” which secretly watches user activities, collects sensitive information, and stays on compromised systems. The attack starts with a harmless-looking Microsoft …

Starting November 1, 2024, Google will block websites that use certificates from Entrust. Google made this decision because Entrust has not been able to handle security issues promptly and has not complied with their requirements. “Over the past several years, publicly disclosed incident reports highlighted a pattern of concerning behaviors …

CISA issued seven advisories about Industrial Control Systems (ICS) on June 27, 2024. These advisories aim to give prompt information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-179-01 TELSAT marKoni FM Transmitter ICSA-24-179-02 SDG Technologies PnPSCADA ICSA-24-179-03 Yokogawa FAST/TOOLS and CI Server ICSA-24-179-04 Johnson Controls Illustra Essentials Gen …

Researchers said, threat actor exploiting vulnerabilities in Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839 to deploy cryptocurrency miners via PowerShell scripts. Trend Micro researchers published a new analysis by Ahmed Mohamed Ibrahim, Shubham Singh, and Sunil Bharti. “The threat actor employs fileless execution techniques, using DLL reflective and process injection, …

In a statement On Wednesday, 26 June 2024, team viewer said, “our security team detected an irregularity in TeamViewer’s internal corporate IT environment. We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary remediation measures. TeamViewer’s internal …

GitLab, a platform for DevOps tools, released critical updates for its Community Edition (CE) and Enterprise Edition (EE). The new versions, 17.1.1, 17.0.3, and 16.11.5, include security and bug fixes. Users should upgrade now to protect their installations from possible exploits. Key Security Fixes: CVE-2024-5655 (CVSS 9.6) – Run Pipelines …