GitLab released patches for a critical flaw in Community and Enterprise Editions that could allow authentication bypass. The vulnerability in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0) could let an attacker log in as any user in the affected system. It was fixed by the maintainers last week. The issue …

On September 16, 2024, Globe Pharmaceuticals Ltd., a major pharmaceutical company in Bangladesh, was hit by a ransomware attack detected by the BCSI Threat Intelligence Platform, highlighting ongoing cyber vulnerabilities in established firms. The Attack Unfolds: Globe Pharmaceuticals experienced a ransomware attack on September 16th, but the method of attack …

The FBI has alerted that cyber actors have compromised over 260,000 internet-connected devices, mainly routers, to form a large botnet for malicious activities, including distributed denial of service attacks and identity concealment. The FBI advisory states that a botnet, managed by the China-based Integrity Technology Group, has been active since …

Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be available gradually over the next few days and weeks. The latest Chrome version (129.0.6668.58 for Linux, 129.0.6668.58/.59 for Windows and Mac) includes several improvements and important security fixes. This release focuses on security by fixing …

Broadcom has fixed a serious VMware vCenter Server vulnerability that allows attackers to execute remote code on unpatched servers through network packets. vCenter Server is the main management hub for VMware’s vSphere suite, enabling administrators to oversee and monitor virtualized infrastructure. The vulnerability (CVE-2024-38812) identified by TZL security researchers at …

Ransomware groups like BianLian and Rhysida use Microsoft’s Azure Storage Explorer and AzCopy to steal data from hacked networks and store it in Azure Blob storage. Storage Explorer is a GUI tool for managing Microsoft Azure, while AzCopy is a command-line tool for large data transfers to and from Azure …

Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on fixing security vulnerabilities. Apple’s iOS 18 has addressed 33 major security vulnerabilities that could have endangered millions of iPhone users. Without these fixes, hackers could have accessed personal data, controlled …

CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws, adding them to its Known Exploited Vulnerabilities catalog, and is urging swift action from federal agencies and global organizations. CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVSS 8.8) Microsoft‘s MSHTML …

Cybersecurity researcher Jeremiah Fowler found a non-password-protected database with 780,000 records from FleetPanda, a tech provider for dispatch management. The database included invoices, driver applications, and images of licenses and background checks containing personal identifiable information (PII). A non-password-protected database held 780,191 documents, totaling 193 GB. The exposed files included …

A recent dark web scan revealed that customer data from Dhaka Electric Supply Company Limited (DESCO) has been exposed. The breach affects 110,856 users and includes sensitive information like Customer Number, Name, Email, Address, and Mobile Number. The exposure of this data on the dark web poses several risks like: …