Tuesday , December 24 2024

infosecbulletin

Ivanti Patches Critical RCE Flaws in Endpoint Manager

Ivanti

Ivanti on Tuesday declare to patch for several products, including fixes for critical vulnerabilities in Endpoint Manager (EPM). Ivanti resolved six out of the ten security defects resolved in EPM are critical-severity SQL Injection bugs. Tracked as CVE-2024-29822 through CVE-2024-29827, the bugs impact the Core server of Ivanti EPM 2022 …

Read More »

Hacktivists group target Philippines government ransomware attack

logo

SentinelOne researchers found that the Ikaruz Red Team is targeting the Philippines government using different ransomware builders like LockBit, Vice Society, Clop, and AlphV to carry out “small-scale” attacks. They are also sharing data leaks from various organizations in the Philippines. Ikaruz Red Team (IRT) has been targeting entities in …

Read More »

CISA ALERT
CISA Warns Exploiting NextGen Healthcare Mirth Connect Flaw

CISA

The US cybersecurity agency, CISA, added a flaw in NextGen Healthcare’s Mirth Connect product to its catalog of Known Exploited Vulnerabilities (KEV). A vulnerability in the open source product, known as CVE-2023-43208, allows remote code execution without authentication due to a data deserialization problem. A patch was rolled out with …

Read More »

BangabandhuGrandmaster.com Faces Massive Data Breach

Bangabandhu

Bangabandhugrandmaster.com, a website dedicated to Bangabandhu Sheikh Mujibur Rahman’s ideas and life, has suffered a major data breach. The breach happened on May 20, 2024, when a significant amount of user data was exposed. The Bangabandhugrandmaster.com data breach revealed an SQL file with detailed information about 94,000 users. The exposed …

Read More »

TENABLE REPORT
Critical bug “Fluent Bit” impact all major cloud platforms

woodcutter

Fluent Bit, a widely used logging utility, has a critical vulnerability. This vulnerability can lead to denial-of-service attacks, information disclosure, and potentially remote code execution (RCE). Tenable, a cybersecurity firm, discovered this vulnerability. Fluent Bit is an open source tool that collects and processes large amounts of log data from …

Read More »

BCSI BLOG POST
SonicWALL Vulnerability Traded; threating for Corporate network in Bangladesh

SONIC WALL

SonicWALL SSL-VPN provides secure remote access to an organization’s internal network and resources through an encrypted SSL connection. This kind of VPN is great for giving employees and partners secure access to internal applications and data from remote locations. A hacker is selling a $1000 exploit that targets SonicWALL SSL-VPN …

Read More »

Banking trojan Grandoreiro targeting about 1,500 banks over 60 countries

map

The banking trojan “Grandoreiro” is spreading widely through a phishing campaign in over 60 countries, aiming at customer accounts of about 1,500 banks. In January 2024, a joint international law enforcement operation involving Brazil, Spain, Interpol, ESET, and Caixa Bank revealed the disruption of a malware operation. The malware had …

Read More »