Tuesday , December 24 2024

infosecbulletin

CISA releases draft rule for cyber incident reporting

cisa

The Cybersecurity and Infrastructure Security Agency (CISA) published a 447-page document of regulations according to the Cyber Incident Reporting for Critical Infrastructure Act in the Federal Register for public comment. The law passed in 2022 aims to enhance the government’s capability to monitor incidents and ransomware payments. Homeland Security Secretary …

Read More »

“Operation FlightNight”
Hackers Hit Indian Gov.t, Energy Sectors with Malware: EclecticIQ Report

India flag

A new spying campaign has been discovered that targets Indian government agencies and the energy sector, using a modified open-source tool called HackBrowserData to steal browser credentials, cookies, and history. Researchers from EclecticIQ, a Dutch cybersecurity firm, found a hacking campaign in early March. They didn’t identify the hackers but …

Read More »

Daily Cybersecurity update, March 26, 2024

Some of notable happening the cyber world: St. Cloud, Florida, experienced a ransomware attack that disrupted city services and required changes in how payments are made at some city facilities. Russian hackers Cozy Bear used fake dinner invites to attack German political parties, installing the WINELOADER backdoor. A supply-chain attack …

Read More »

CISA Releases Four Industrial Control Systems Advisories

CISA

CISA published four advisories on March 26, 2024, about security problems, vulnerabilities, and exploits in Industrial Control Systems (ICS). ICSA-24-086-01 Automation-Direct C-MORE EA9 HMI ICSA-24-086-02 Rockwell Automation PowerFlex 527 ICSA-24-086-03 Rockwell Automation Arena Simulation ICSA-24-086-04 Rockwell Automation FactoryTalk View ME CISA encourages users and administrators to review the newly released …

Read More »

Teletalk to use Banglalink's network
Experimental National Roaming Service launched in Bangladesh

picture

An experimental national roaming service has been launched for the first time in the country to reduce network disruptions for Teletalk customers. As a result, Teletalk will use Banglalink’s network. State Minister for Posts, Telecommunications and Information Technology Zunayd Ahmed Palak inaugurated this service organized at BCC on the occasion …

Read More »

CISA urges software devs mitigatin SQL injection vulnerabilities

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint alert about making software secure by eliminating SQL injection vulnerabilities. This was in response to a recent major incident involving SQL injection that affected thousands of organizations and emphasizes how common this type of security flaw is. …

Read More »

Checkmarx blog post
170K+ Python Developers GitHub Accounts Hacked

The Checkmarx Research team found out that hackers attacked the software supply chain and managed to breach the Top.gg GitHub organization, which has over 170,000 users, and also targeted individual developers. These hackers took over accounts by stealing browser cookies, added bad code with verified commits, created a fake Python …

Read More »