Cisco has released updates to fix security issues in Cisco IOS, IOS XE, and AP software that could be exploited to disrupt services. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Cisco Event Response: March 2024 Semiannual Cisco IOS and IOS XE Software …
Read More »Alert
CISA releases draft rule for cyber incident reporting
The Cybersecurity and Infrastructure Security Agency (CISA) published a 447-page document of regulations according to the Cyber Incident Reporting for Critical Infrastructure Act in the Federal Register for public comment. The law passed in 2022 aims to enhance the government’s capability to monitor incidents and ransomware payments. Homeland Security Secretary …
Read More »National health service confirmed data breach
A ransomware group is threatening to publish a huge cache of stolen data following a cyber attack on a Scottish health board. The group called INC Ransom claims to have three terabytes of data. NHS Dumfries and Galloway is aware that clinical data relating to a small number of patients …
Read More »
ALERT
CISA Adds Microsoft SharePoint Vulnerability to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a Microsoft SharePoint Server vulnerability in its list of known exploited vulnerabilities due to signs of active use by attackers. CVE-2023-24955 is a critical flaw that lets a user with Site Owner access run any code they choose. “In a network-based …
Read More »
“Operation FlightNight”
Hackers Hit Indian Gov.t, Energy Sectors with Malware: EclecticIQ Report
A new spying campaign has been discovered that targets Indian government agencies and the energy sector, using a modified open-source tool called HackBrowserData to steal browser credentials, cookies, and history. Researchers from EclecticIQ, a Dutch cybersecurity firm, found a hacking campaign in early March. They didn’t identify the hackers but …
Read More »Daily Cybersecurity update, March 26, 2024
Some of notable happening the cyber world: St. Cloud, Florida, experienced a ransomware attack that disrupted city services and required changes in how payments are made at some city facilities. Russian hackers Cozy Bear used fake dinner invites to attack German political parties, installing the WINELOADER backdoor. A supply-chain attack …
Read More »CISA Releases Four Industrial Control Systems Advisories
CISA published four advisories on March 26, 2024, about security problems, vulnerabilities, and exploits in Industrial Control Systems (ICS). ICSA-24-086-01 Automation-Direct C-MORE EA9 HMI ICSA-24-086-02 Rockwell Automation PowerFlex 527 ICSA-24-086-03 Rockwell Automation Arena Simulation ICSA-24-086-04 Rockwell Automation FactoryTalk View ME CISA encourages users and administrators to review the newly released …
Read More »
Teletalk to use Banglalink's network
Experimental National Roaming Service launched in Bangladesh
An experimental national roaming service has been launched for the first time in the country to reduce network disruptions for Teletalk customers. As a result, Teletalk will use Banglalink’s network. State Minister for Posts, Telecommunications and Information Technology Zunayd Ahmed Palak inaugurated this service organized at BCC on the occasion …
Read More »CISA urges software devs mitigatin SQL injection vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint alert about making software secure by eliminating SQL injection vulnerabilities. This was in response to a recent major incident involving SQL injection that affected thousands of organizations and emphasizes how common this type of security flaw is. …
Read More »
Checkmarx blog post
170K+ Python Developers GitHub Accounts Hacked
The Checkmarx Research team found out that hackers attacked the software supply chain and managed to breach the Top.gg GitHub organization, which has over 170,000 users, and also targeted individual developers. These hackers took over accounts by stealing browser cookies, added bad code with verified commits, created a fake Python …
Read More »