Wednesday , April 2 2025

infosecbulletin

Bitdefender blog post
Medusa target Fortinet flaw (CVE-2023-48788) for Ransomware Attacks

diagram

A recent Bitdefender report reveals that Medusa is still actively attacking and has created a notable presence on both the dark web and surface web, making it a ransomware group to monitor. Medusa stands out from other ransomware groups by maintaining a name-and-shame blog on the surface web, where it …

Read More »

Ivanti alerts ongoing exploitation of recently patched CAV

Board

Ivanti warned that a recently fixed security flaw in its Cloud Service Appliance (CSA) is being actively exploited. CVE-2024-8190 is a high-severity vulnerability (CVSS score: 7.2) that can enable remote code execution in specific situations. “An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and …

Read More »

CISA unveils 25 new advisories for Industrial Control Systems

CISA

CISA issued 25 ICS advisories on September 12, 2024, detailing current security issues, vulnerabilities, and exploits in Industrial Control Systems. ICSA-24-256-01 Siemens SINEMA Remote Connect Server ICSA-24-256-02 Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D ICSA-24-256-03 Siemens User Management Component (UMC) ICSA-24-256-04 Siemens SINUMERIK Systems ICSA-24-256-05 Siemens Mendix Runtime ICSA-24-256-06 …

Read More »

Intel Issues Alert on 20+ Vulnerabilities, Urges Firmware Updates

Intel

Intel announced over 20 vulnerabilities in its processors and products in security advisories released on Tuesday. The chip giant has released four new advisories, including one that addresses 11 vulnerabilities in UEFI firmware for various processors, such as Atom, Xeon, Pentium, Celeron, and Core series. Over half of the security …

Read More »

Urgent: GitLab Patches flaws allowing unapproved pipeline Job Execution

GitLab

GitLab released security updates on Wednesday to fix 17 vulnerabilities, including a critical issue that lets attackers run pipeline jobs as any user. CVE-2024-6678 is a critical vulnerability with a CVSS score of 9.9 out of 10.0 “An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior …

Read More »

Fortinet admits data breach after hacker claims to steal 440GB

Fortinet

Fortinet confirmed a data breach after a threat actor claimed to have stolen 440GB of files from its Microsoft SharePoint server. Fortinet told two international media that, “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which …

Read More »

Gov.t issues high alert on android devices

Android

Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities that affect Android versions 12, 12L, 13, and 14. The advisory said, bad attacker could potentially exploit these vulnerabilities to gain access the sensitive information stored in the devices, even …

Read More »

TD Bank fined $28 million for sharing customer data

TD bank

Because of disclosing incorrect and negative data, The Consumer Financial Protection Bureau (CFPB) on Wednesday fined TD Bank, one of North American leading financial institutions $28 million to consumer reporting agencies. According to the agency, The inaccurate data included “systemic errors about credit card delinquencies and bankruptcies,”. Nearly $8 million …

Read More »

Global-Cybersecurity-Index
Bangladesh secure role-model position by ITU

Chart

Bangladesh secure prestigious role-model position in the latest ITU cyber security index published by ITU. Bangladesh ranks among the top 10 percent of the world’s most cyber-secure countries, according to the latest Global Cyber Security Index 2024 report released by the International Telecommunication Union (ITU) on Thursday. The report places …

Read More »