A critical security vulnerability has been revealed in the widely used WordPress plugin called Ultimate Member, which is installed on over 200,000 websites. The vulnerability CVE-2024-1071 has a high CVSS score of 9.8 out of 10. It was discovered and reported by security researcher Christiaan Swiers. WordPress security company Wordfence …
Read More »
Chainalysis Report
$100 million in crypto payments to Myanmar scam syndicate
Investigators found that two cryptocurrency addresses linked to a company in Myanmar received nearly $100 million in deposits in less than two years. This sheds light on the lucrative business of conducting romance scams and extorting ransom payments from the families of trafficked workers. Chainalysis and a human rights researcher …
Read More »Microsoft released PyRIT, A Tool For Generative AI Systems
Microsoft has released a new open automation framework called PyRIT (Python Risk Identification Toolkit). It helps security professionals and machine learning engineers identify and reduce risks in generative models. The need for automation in AI Red Teaming: Red teaming AI systems is complex. Microsoft’s AI Red Team consists of experts …
Read More »NCSA organized a seminar on ‘Safe Internet Usage’ in Rangpur
The National Cyber Security Agency (NCSA) rganized a seminar on ‘Safe Internet Usage’ at Rangpur District Shilpakala Academy Auditorium. Over 500 students, teachers, and parents from various educational institutions in Rangpur City Corporation attended the seminar and were informed about staying safe in the cyber world. The National Cyber Security …
Read More »
LockBit new .onion address
LockBit returns; new five victims disclosed
LockBit restarted their ransomware operation on a new infrastructure after law enforcement disrupted their servers. Now, they threat to target the government sector more with their attacks. The gang posted a long message admitting their negligence and sharing their future plans. “Due to my personal negligence and irresponsibility I relaxed …
Read More »Cyberattack halts Malawi Immigration Dept. Passport Services
The government of Malawi has stopped giving out passports after a cyber-attack on the immigration service’s computer network. President Chakwera informed members of parliament about a significant breach of national security involving the department being targeted. He said the hackers demanded a ransom but the president said the government won’t …
Read More »LockBit Reestablishes Dark Web Leak Site: Report
The LockBit ransomware group reactivated a hidden website on the dark web. They posted a long message written by their leader, who vowed not to retreat from the criminal underground world. The LockBit leader says the FBI used a vulnerability in PHP to hack their servers. They didn’t fix it …
Read More »0/1 click Facebook account takeover; Nepalis talent rewarded
Meta ranked Nepal’s cyber security researcher Samip Aryal first in the White Hack (Hall of Fame) for finding a vulnerability that could hack accounts with one click. This happened on Friday. Samip Aryal informed a Nepali media outlet about discovering a vulnerability in Facebook that could allow for an ‘account …
Read More »OWASP Releases Security Checklist for Generative AI Deployment
OWASP released the LLM AI Cybersecurity & Governance Checklist. The 32-page document helps organizations create a strategy for using large language models and reducing associated risks. Sandy Dunn, CISO at Quark IQ, started working on the checklist in August 2023 as a supporting resource to OWASP’s Top 10 Security Issues …
Read More »CISA Releases One Industrial Control Systems Advisory
CISA published an advisory about Industrial Control Systems (ICS) on February 22, 2024, to inform about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft: EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerability: Uncontrolled Search Path Element RISK EVALUATION …
Read More »