Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted emails to the SMTP server. CVE-2024-45519 is a remote code execution vulnerability in Zimbra’s postjournal service, which handles incoming emails via SMTP. Attackers can exploit this flaw by sending emails …
Read More »Patch it now!
CISA Warns
Network switch RCE flaw impacts critical infrastructure
CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code execution in critical infrastructure. The flaws involve weak authentication, allowing users to bypass password requirements, and issues with validating user input, which could lead to remote code execution, arbitrary file …
Read More »CISA reveals 2 Industrial Control Systems Advisories
On October 1, 2024, CISA released two advisories regarding Industrial Control Systems (ICS), highlighting current security issues, vulnerabilities, and exploits in the field. ICSA-24-275-01 Optigo Networks ONS-S8 Spectra Aggregation Switch: Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution, arbitrary file upload, or bypass authentication. …
Read More »
DataDog research
Hackers to exploit Docker, Kubernetes & SSH Servers large scale
DataDog security researchers found that hackers are widely exploiting Docker Swarm, Kubernetes, and SSH servers. The newly discovered malware campaign focuses on “Docker” and “Kubernetes” environments and uses “Docker API” endpoint vulnerabilities as the ‘initial access vector.’ Hackers Exploiting Servers in Large Scale: The hackers install “cryptocurrency mining software” on …
Read More »BD Bank server issue to cancel clearing cheque
A technical error in the server at Bangladesh Bank is causing issues with inter-bank transactions, resulting in the cancellation of all clearing checks set for Monday. On October 1, Husne Ara Shikha, Executive Director and Spokesperson of Bangladesh Bank, confirmed this information. There was a check clearing issue on Monday …
Read More »NSCS: India’s new PM-led cybersecurity watchdog
India has made the National Security Council Secretariat (NSCS) the nodal agency for dealing with the growing threats to cyber security. As per a notification issued late Friday evening, PM-led NSCS has been mandated “to provide overall coordination and strategic direction for cyber security” in addition to assisting the National …
Read More »Facial DNA provider exposes thousands biometric data
Cybersecurity researcher Jeremiah Fowler has uncovered a major data breach at ChoiceDNA, an Indiana-based firm offering DNA testing and facial recognition services involving biometric images and personal information. Fowler reported to Infosecbulletin that around 8,000 sensitive documents, including biometric images and metadata, were publicly accessible without password protection. The unsecured …
Read More »
Task force says
Ransomware hit 117 countries, Over 6,500 attacks recorded
In 2023, over 6,500 ransomware attacks were reported, affecting a record 117 countries worldwide after a decline in 2022. Ransomware incidents rose 73% year-over-year to 6,670, with significant increases in June and July linked to a widely used file transfer tool. The Ransomware Task Force, established in 2021 by the …
Read More »CTF competition at BCS: Registration open
A CTF contest is going to be organized at Bangladesh Computer Society (BCS). The registration process is automatically started for the contest. The contest will be on cryptography, reverse engineering, forensics, web, binary exploitation, PWN, OSINT, Networking and steganography. Contest module: • 24 hours training ( 3 days) • Every Saturday …
Read More »NIST unveils new password guidelines 2024: 11 rules to follow
The National Institute of Standards and Technology (NIST) has issued new guidelines for password security, representing a major change from standard practices. These new recommendations, outlined in NIST Special Publication 800-63B, aim to enhance cybersecurity while improving user experience. NIST has changed its approach to password complexity. Instead of requiring …
Read More »