The Malware newsletter from Infosecbulletin features the top articles and research on malware from around the world. The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset TodoSwift Disguises Malware Download Behind …

Dell Technologies identified a security vulnerability in Dell Power Manager (DPM), in versions 3.15.0 and older. The vulnerability, named CVE-2024-39576, allows a low-privileged attacker with local access to execute code and gain higher privileges. Vulnerability Details: Lefteris Panos from LRQA Nettitude found the vulnerability in Dell Power Manager. This vulnerability …

CISA warned about two important vulnerabilities in Dahua IP cameras and related products. Though these vulnerabilities were discovered in 2021, CISA has now added them to its catalog “based on evidence of active exploitation.” CISA stated that Dahua IP cameras and related products have authentication bypass vulnerabilities. Attackers can bypass …

CISA issues five advisories about Industrial Control Systems (ICS) on August 22, 2024. These advisories give important information about security issues, weaknesses, and threats related to ICS. ICSA-24-235-01 Rockwell Automation Emulate3D ICSA-24-235-02 Rockwell Automation 5015 – AENFTXT ICSA-24-235-03 MOBOTIX P3 and Mx6 Cameras ICSA-24-235-04 Avtec Outpost 0810 ICSA-20-282-02 Mitsubishi Electric …

Bangladesh Cyber Security Intelligence (BCSI) has launched a Community-driven Emergency Response Team to defend the nation’s digital assets in response to recent floods and cyberattacks from a neighboring country. This team will be on the front lines, protecting Bangladesh during this critical time and ensuring that any future threats to …

Nigeria’s National Data Protection Commission (NDPC) fined Fidelity Bank ₦555.8 million for breaking customer data protection laws. Punch reported that Olatunji said the top bank violated Nigeria’s Data Protection Act and Regulation, resulting in a large fine of 0.1% of the bank’s 2023 revenue. Commissioner emphasized the importance of following …

A post on a Telegram channel said that the Arab National Bank (ANB), one of Saudi Arabia’s biggest financial institutions, was targeted by a threat actor called SN_BLACKMETA. The attack targeted the bank’s infrastructure, as claimed by the threat actor. They said it was part of a larger campaign against …

GitHub has fixed three security flaws in its Enterprise Server product. One of these flaws was critical and allowed an attacker to gain administrative privileges. The most severe issue is called CVE-2024-6800. It has a CVSS score of 9.5. “On GitHub Enterprise Server instances that use SAML single sign-on (SSO) …

Ransomware attacks have increased a lot in the past year. Cybercriminals are using different tactics, so organizations need to monitor and investigate suspicious behaviors all the time. According to a new report from Malwarebytes, “Ransomware gangs have time and motivation on their side. They constantly evolve to respond to the …

Mandiant has found a new vulnerability in Azure Kubernetes Services (AKS) called “WireServing.” This flaw could have let attackers increase their privileges in a compromised cluster and access sensitive credentials without authorization. Kubernetes is a complex platform known for security challenges. A vulnerability in AKS clusters using “Azure CNI” and …