Hackers are exploiting a recently revealed RCE vulnerability in Zimbra email servers that can be activated by sending specially crafted emails to the SMTP server. CVE-2024-45519 is a remote code execution vulnerability in Zimbra’s postjournal service, which handles incoming emails via SMTP. Attackers can exploit this flaw by sending emails …

CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code execution in critical infrastructure. The flaws involve weak authentication, allowing users to bypass password requirements, and issues with validating user input, which could lead to remote code execution, arbitrary file …

On October 1, 2024, CISA released two advisories regarding Industrial Control Systems (ICS), highlighting current security issues, vulnerabilities, and exploits in the field. ICSA-24-275-01 Optigo Networks ONS-S8 Spectra Aggregation Switch: Successful exploitation of these vulnerabilities could allow an attacker to achieve remote code execution, arbitrary file upload, or bypass authentication. …

DataDog security researchers found that hackers are widely exploiting Docker Swarm, Kubernetes, and SSH servers. The newly discovered malware campaign focuses on “Docker” and “Kubernetes” environments and uses “Docker API” endpoint vulnerabilities as the ‘initial access vector.’ Hackers Exploiting Servers in Large Scale: The hackers install “cryptocurrency mining software” on …

A technical error in the server at Bangladesh Bank is causing issues with inter-bank transactions, resulting in the cancellation of all clearing checks set for Monday. On October 1, Husne Ara Shikha, Executive Director and Spokesperson of Bangladesh Bank, confirmed this information. There was a check clearing issue on Monday …

India has made the National Security Council Secretariat (NSCS) the nodal agency for dealing with the growing threats to cyber security. As per a notification issued late Friday evening, PM-led NSCS has been mandated “to provide overall coordination and strategic direction for cyber security” in addition to assisting the National …

Cybersecurity researcher Jeremiah Fowler has uncovered a major data breach at ChoiceDNA, an Indiana-based firm offering DNA testing and facial recognition services involving biometric images and personal information. Fowler reported to Infosecbulletin that around 8,000 sensitive documents, including biometric images and metadata, were publicly accessible without password protection. The unsecured …

In 2023, over 6,500 ransomware attacks were reported, affecting a record 117 countries worldwide after a decline in 2022. Ransomware incidents rose 73% year-over-year to 6,670, with significant increases in June and July linked to a widely used file transfer tool. The Ransomware Task Force, established in 2021 by the …

A CTF contest is going to be organized at Bangladesh Computer Society (BCS). The registration process is automatically started for the contest. The contest will be on cryptography, reverse engineering, forensics, web, binary exploitation, PWN, OSINT, Networking and steganography. Contest module: • 24 hours training ( 3 days) • Every Saturday …

The National Institute of Standards and Technology (NIST) has issued new guidelines for password security, representing a major change from standard practices. These new recommendations, outlined in NIST Special Publication 800-63B, aim to enhance cybersecurity while improving user experience. NIST has changed its approach to password complexity. Instead of requiring …