On June 18, 2024, CISA released an advisory about Industrial Control Systems (ICS). These advisories give important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-170-01 RAD Data Communications SecFlow-2: Successful exploitation of this vulnerability could allow an attacker to obtain files from the operating system by crafting …
Read More »VMware Patche vCenter Server, Cloud Foundation and vSphere ESXi
VMware has fixed critical security flaws in Cloud Foundation, vCenter Server, and vSphere ESXi. These flaws could be used for privilege escalation and remote code execution. Vulnerabilities include: CVE-2024-37079 & CVE-2024-37080 (CVSS scores: 9.8): Multiple heap-overflow vulnerabilities in the implementation of the DCE/RPC protocol that could allow an unauthorized individual …
Read More »Hackers use F5 BIG-IP malware in cyber campaign for years
In late 2023, Sygnia researchers investigated a cyber incident involving a major organization that was reportedly caused by a threat group known as ‘Velvet Ant.’ The cyberspies deployed custom malware on F5 BIG-IP appliances to gain persistent access to the internal network of the target organization and steal sensitive data. …
Read More »Dahua Cameras 0day Vulnerability offer to sell
A threat actor has announced selling a 0day vulnerability for Dahua cameras. The bad actor claimed this vulnerability supposedly works with all versions of the device. The threat actor announced the vulnerability allowed unrestricted access and control of the camera and describing it as a Remote Code Execution (RCE) exploit. …
Read More »D-Link Routers Critical Backdoor Vulnerability Exposed
Taiwan’s CERT has warned about a serious security issue with D-Link wireless routers, affecting many models. This vulnerability could let attackers on the local network access the router’s Telnet service using basic administrator credentials CVE-2024-6045 Certain D-Link router models have a hidden backdoor that was recently discovered. This flaw allows …
Read More »ASUS patches authentication bypass flaw in multiple routers
Asus has released a crucial firmware update to address a severe vulnerability that impacts seven of its business router model. Customers are urged to promptly review their firmware status and apply the necessary updates. The flaw CVE: 2024-3080 with a CVSS score of 9.8 is an authentication bypass vulnerability that …
Read More »338 fraudulent Olympics games ticketing websites
Proofpoint found a fake website selling tickets for the Paris 2024 Summer Olympic Games. The website, “paris24tickets[.]com,” claimed to be a secondary marketplace for sports and live event tickets. It appeared as the second sponsored search result on Google, right after the official website, when searching for “Paris 2024 tickets” …
Read More »ASUS warn serious security vulnerability on 7 routers
ASUS released a new firmware update to fix a vulnerability affecting seven router models, which could be exploited by remote attackers to log in to the devices. The vulnerability CVE-2024-3080 (CVSS v3.1 score: 9.8 “critical”) is an authentication bypass flaw. It enables remote attackers without authentication to control the device. …
Read More »AWS Announced New Malware Detection Tool For S3 Buckets
AWS announced new security features at its re:Inforce conference, such as identity and malware protection services. The cloud giant added passkeys to the list of supported multi-factor authentication (MFA) mechanisms for root and Identity and Access Management (IAM) users. The company also started enforcing MFA on root users, particularly AWS …
Read More »150,000 phones registered under one IMEI number in Bangladesh
A smartphone’s IMEI (which stands for International Mobile Equipment Identity) is a unique identifier for each device, similar to a digital fingerprint. Telecom companies use it to enable network connectivity on a SIM card. Additionally, the IMEI number is used to track lost devices or criminals. However, analysis revealed that …
Read More »