Apple’s first zero-day of 2024 has been disclosed, with fixes pushed out for MacOS, iOS, and iPadOS. Apple describes CVE-2024-23222 as a type confusion bug in Webkit. They are aware of a report suggesting that this issue might have been exploited. “Processing maliciously crafted web content may lead to arbitrary …

A ransomware attack on a data center run by Finnish IT company Tietoevry has caused widespread outages in Sweden, affecting healthcare, government services, retail outlets, and the largest cinema chain in the country. Tietoevry, a publicly traded company based in Espoo, Finland, reported that an attack occurred over the weekend. …

The UK’s top cybersecurity agency NCSC will form a new group of experts to monitor current and future threats to the country. What is Cyber League? The Cyber League is a new initiative by the NCSC that brings together trusted cyber experts from the NCSC and industry. They aim to …

Calls, messages and videos can be viewed easily using SIM or WiFi on the smartphone. Think about it, what to do if there is no SIM and internet on the phone? Technology is also coming soon, which will allow watching videos on smartphones without SIM and internet. This technology is …

The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor …

Mandiant and VMware Product Security found that the UNC3886 espionage group has been exploiting CVE-2023-34048 since late 2021, even though it was publicly reported and patched in October 2023. Mandiant found new ways that UNC3886 uses to attack computer systems. They focus on technologies that don’t have EDR protection and …

CISA, the FBI, and the EPA have released a guide to help water and wastewater systems respond to incidents. Over 25 organizations from various sectors contributed to this guide, including private companies, non-profit organizations, and government entities. This collaboration ensured that the guide would be useful for water and wastewater …

Oracle released a security advisory for January 2024. It fixes vulnerabilities in various products that could be exploited by hackers to take control of a system. Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it …

The BGD e-GOV CIRT Cyber Threat Intelligence Unit has noticed a big rise in a type of malware named stealer malware in Bangladesh’s cyberspace. These sneaky programs are good at secretly getting sensitive data like login details, personal information, and secret data from specific systems. This breach puts financial resources …

CISA found evidence of active exploitation for three new vulnerabilities, which have been added to their list of known exploited vulnerabilities. CVE-2023-6549: Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability. It describes Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway …