GitLab, a premier platform for DevOps and continuous integration/continuous delivery has rolled out essential security updates in versions 17.4.2, 17.3.5 and 17.2.9 for both community Edition (CE) and enterprises edition (EE). These updates tackles several important vulnerabilities, notably a critical severity flaw (CVE: 2024-9164) that could enable attackers to execute …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, …

Palo Alto Networks released a security advisory (PAN-SA-2024-0010) about several high-severity vulnerabilities in its Expedition migration tool, with CVSS scores between 7.0 and 9.9. Exploiting these flaws could allow attackers to take over firewall admin accounts and access sensitive information like usernames, cleartext passwords, and API keys for PAN-OS firewalls. …

In its recent Patch Tuesday release, Microsoft fixed 118 vulnerabilities, including five zero-day flaws, two of which are currently being exploited. The updates affect multiple Microsoft products, such as Windows, Office, Azure, .NET, and Visual Studio. Zero-Day Vulnerabilities: Among the five zero-day vulnerabilities patched, two were actively exploited in the …

The Cyber Threat Intelligence (CTI) Unit at BGD e-GOV CIRT has discovered a malware campaign involving the Lumma Stealer family. They’ve found that various types of stealer malware are being spread using similar methods. CIRT is monitoring stealer malware campaigns and has found malware that steals sensitive information. Recently, the …

Qualcomm’s October 2024 Security Bulletin reveals critical vulnerabilities in several chipsets, including the popular Snapdragon mobile platforms and FastConnect solutions. These issues impact various system components like WLAN, DSP, and graphics, posing serious security risks to users globally. CVE-2024-43047 (CVSS 7.8) is a vulnerability identified by Google’s Threat Analysis Group …

BGD e-GOV CIRT is excited to announce the Financial Institutions and Critical Information Infrastructure (CII) Cyber Drill 2024, designed for Bangladeshi cybersecurity professionals. This event aims to enhance participants’ skills against evolving cyber threats through realistic scenarios and challenges. Participants will analyze incidents and related artifacts to find solutions, with …

National Attack Surface (NAS) report for the first half of 2024 reveals that 56.6% of cyberattacks in Bangladesh targeted educational institutions, indicating a serious lack of maintenance and updates for school websites, making them highly vulnerable. During this period, 32.4% of attacks targeted government websites, revealing significant security flaws. The …

CISA has issued an urgent alert about critical vulnerabilities being exploited in Synacor’s Zimbra Collaboration and Ivanti’s Endpoint Manager (EPM). Organizations using these products are urged to mitigate potential risks immediately. CVE-2024-45519: Synacor Zimbra Collaboration Command Execution Vulnerability: A new vulnerability, CVE-2024-45519, has been found in the Synacor Zimbra Collaboration …