Thursday , April 3 2025

infosecbulletin

CISA Adds ORACLE WEBLOGIC SERVER FLAW TO ITS KEV

oracle

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog. CVE-2017-3506 is an operating system (OS) command injection vulnerability which could be exploited to obtain unauthorized access as well as the full control. “Oracle WebLogic Server, a product within the …

Read More »

A Plan to Protect Critical Infrastructure from 21st Century Threats

Critical Infrastructure

On April 30th, the White House released National Security Memorandum-22 (NSM) on Critical Infrastructure Security and Resilience to update national policy on protecting and securing critical infrastructure from cyber and all-hazard threats. The memorandum recognizes the changed risk landscape and aims to collaborate with partners to identify and reduce sector, …

Read More »

Navigating the Cyber Threat Landscape – Digital bank, Bangladesh perspective

picture

Digital banking has played a pivotal role in expanding financial access for millions in Bangladesh, showcasing technology’s capacity to uplift lives and create opportunities. The nation’s high mobile penetration rate and the widespread adoption of Mobile Financial Services (MFS) like bKash and Nagad have empowered millions, especially in rural areas, …

Read More »

ALERT
NGINX Releases Security Updates: HTTP/3 Vulnerabilities Patched

NGINX

NGINX team released important updates for their web server software and is advising users to upgrade as soon as possible. The updates fix four important vulnerabilities in the HTTP/3 implementation, especially affecting configurations using the “ngx_http_v3_module.” CVE-2024-32760: A vulnerability in NGINX Plus or NGINX OSS causes HTTP/3 QUIC module to …

Read More »

CISA Releases Seven Industrial Control Systems Advisories

ics

On May 30, 2024, CISA published seven advisories about Industrial Control Systems (ICS). These advisories share important information regarding security issues, vulnerabilities, and exploits related to ICS. ICSA-24-151-01 LenelS2 NetBox ICSA-24-151-02 Fuji Electric Monitouch V-SFT ICSA-24-151-03 Inosoft VisiWin ICSA-24-151-04 Westermo EDW-100 ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC …

Read More »

Business Leaders & Celebrities’ Accounts Exposed

phone

Jeremiah Fowler, a cybersecurity researcher, found and informed WebsitePlanet about a database without password protection. It held around 121,000 user accounts of entrepreneurs and business leaders from Clarity.fm, a platform for connecting entrepreneurs with experts. The database had 155,531 records, including 121,000 member profiles with personal and professional email addresses, …

Read More »

Hacker Claim to compromise over 15 Asian telecom

tower

A large dataset belonging to BSNL, an Indian state-owned telecommunications company, has been put up for sale by cybercriminals on an underground forum. On May 27, 2024, it was discovered that “kiberphant0m” was selling unauthorized access to databases stolen from BSNL, as well as data from other Asian telecom companies …

Read More »