Tuesday , December 24 2024

infosecbulletin

Alert – Critical SQLi Vulnerability Threatens 200K+ Websites

code

A critical security vulnerability has been revealed in the widely used WordPress plugin called Ultimate Member, which is installed on over 200,000 websites. The vulnerability CVE-2024-1071 has a high CVSS score of 9.8 out of 10. It was discovered and reported by security researcher Christiaan Swiers. WordPress security company Wordfence …

Read More »

Chainalysis Report
$100 million in crypto payments to Myanmar scam syndicate

Myanmar, IMAGE: MOHIGAN / WIKIMEDIA COMMONS / CC BY-SA 3.0

Investigators found that two cryptocurrency addresses linked to a company in Myanmar received nearly $100 million in deposits in less than two years. This sheds light on the lucrative business of conducting romance scams and extorting ransom payments from the families of trafficked workers. Chainalysis and a human rights researcher …

Read More »

Microsoft released PyRIT, A Tool For Generative AI Systems

office

Microsoft has released a new open automation framework called PyRIT (Python Risk Identification Toolkit). It helps security professionals and machine learning engineers identify and reduce risks in generative models. The need for automation in AI Red Teaming: Red teaming AI systems is complex. Microsoft’s AI Red Team consists of experts …

Read More »

NCSA organized a seminar on ‘Safe Internet Usage’ in Rangpur

seminar

The National Cyber Security Agency  (NCSA) rganized a seminar on ‘Safe Internet Usage’ at Rangpur District Shilpakala Academy Auditorium. Over 500 students, teachers, and parents from various educational institutions in Rangpur City Corporation attended the seminar and were informed about staying safe in the cyber world. The National Cyber Security …

Read More »

LockBit new .onion address
LockBit returns; new five victims disclosed

Lock Bit

LockBit restarted their ransomware operation on a new infrastructure after law enforcement disrupted their servers. Now, they threat to target the government sector more with their attacks. The gang posted a long message admitting their negligence and sharing their future plans. “Due to my personal negligence and irresponsibility I relaxed …

Read More »

Cyberattack halts Malawi Immigration Dept. Passport Services

The government of Malawi has stopped giving out passports after a cyber-attack on the immigration service’s computer network. President Chakwera informed members of parliament about a significant breach of national security involving the department being targeted. He said the hackers demanded a ransom but the president said the government won’t …

Read More »

0/1 click Facebook account takeover; Nepalis talent rewarded

Meta ranked Nepal’s cyber security researcher Samip Aryal first in the White Hack (Hall of Fame) for finding a vulnerability that could hack accounts with one click. This happened on Friday. Samip Aryal informed a Nepali media outlet about discovering a vulnerability in Facebook that could allow for an ‘account …

Read More »

CISA Releases One Industrial Control Systems Advisory

CISA

CISA published an advisory about Industrial Control Systems (ICS) on February 22, 2024, to inform about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft:  EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerability: Uncontrolled Search Path Element RISK EVALUATION …

Read More »