OWASP released the LLM AI Cybersecurity & Governance Checklist. The 32-page document helps organizations create a strategy for using large language models and reducing associated risks. Sandy Dunn, CISO at Quark IQ, started working on the checklist in August 2023 as a supporting resource to OWASP’s Top 10 Security Issues …
Read More »
CISA published an advisory about Industrial Control Systems (ICS) on February 22, 2024, to inform about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft: EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerability: Uncontrolled Search Path Element RISK EVALUATION …
Read More »
LockBit ransomware creators were working on a new version of their file-encrypting malware, called LockBit-NG-Dev, possibly to be known as LockBit 4.0, before law enforcement dismantled their operation this week. Multiple Versions: “Security experts said LockBit previously released various versions of its ransomware:” LockBit version 1.0 was released in January …
Read More »
IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild. CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to …
Read More »
Mozilla released security updates for Firefox, Firefox ESR, and Thunderbird to fix vulnerabilities. These vulnerabilities could allow a cyber threat actor to take control of a system. MFSA 2024-05 for Firefox MFSA 2024-06 for Firefox ESR MFSA 2024-07 for Thunderbird CISA advises users and administrators to check the Mozilla Security …
Read More »
VMware advises users to remove the outdated Enhanced Authentication Plugin (EAP) due to the discovery of a serious authentication relay vulnerability, known as CVE-2024-22245 (CVSS score: 9.6). A person who intends to harm could deceive a domain user with EAP installed in their web browser. This deception could lead the …
Read More »
“sebacenter.xyz” is now a name of threat for personal identifiable information (PII) for the people of Bangladesh. By using only the site, miscreants are making and distributing fake paper of TIN, NID, NID info, BMET training, Surokkha, Death and birth register and duplicate land tax paper instantly. Even, if any …
Read More »
The U.K. National Crime Agency (NCA) confirmed that it got LockBit’s source code and gathered intelligence about its activities and affiliates as part of Operation Cronos. “Some of the data on LockBit’s systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a …
Read More »
Every day different cases of cyber fraud come to light. Identifying them is not an easy task at all. So law enforcement is now taking the help of advanced technology. Recently the police launched a chat bot called “Surat Cyber Mitra” to fight cyber fraud. It is known that this …
Read More »
The US cybersecurity agency, CISA, added a security flaw in Cisco’s ASA and FTD software to its list of known exploited vulnerabilities following reports that it’s being likely exploited in Akira ransomware attacks. The vulnerability is CVE-2020-3259, with a high severity level (CVSS score: 7.5). It allows attackers to access …
Read More »
InfoSecBulletin Cybersecurity for mankind
