Tuesday , December 24 2024

infosecbulletin

CloudSek report
Without password, hackers access your Google account

google

Security researchers found a hack that lets cybercriminals access people’s Google accounts without needing their passwords. CloudSEK, a security firm, has discovered a highly perilous type of malware that illicitly obtains individuals’ sensitive data by exploiting third-party cookies. Disturbingly, this malicious software has already caught the attention of hacking groups, …

Read More »

cyber news report
Saudi Ministry reportedly exposed sensitive data

Soudi Arabia

Saudi Arabia’s Ministry of Industry and Mineral Resources (MIM) had an exposed environment file containing sensitive details. The Cybernews reported that this data was accessible for 15 months. An environment file gives instructions to computer programs and is important for any system. Leaving these files open to anyone can expose …

Read More »

Cyber Attack
Beirut Airport Screens Hacked: displaying Anti-Hezbollah Message

Beirut Airport

The airport’s screens were hacked with messages criticizing Hezbollah and its leaders for endangering Lebanon and risking war with Israel. The screens at Beirut’s airport were hacked by anti-Hezbollah groups, showing the conflict between Hezbollah and Israel. The message accused Hezbollah of risking war with Israel. “Hassan Nasrallah, you will …

Read More »

Apache RocketMQ servers vulnerable to RCE attacks

RocketMQ

Security researchers found that Apache RocketMQ services are being targeted by malicious activities. The vulnerabilities, known as CVE-2023-33246 and CVE-2023-37582, remain a serious threat even after the vendor released patches in May 2023. Vulnerability Overview: The CVE-2023-33246 affected different parts of RocketMQ, such as NameServer, Broker, and Controller. Rongtong Jin, …

Read More »

12th Election in Bangladesh
Election ads campaign on Meta, cost $45 thousands for 7 days

Bangladesh flag

In the last seven days (December 27-January 2), about 45 thousand US dollars were spent on the election campaign on social media Facebook. According to the data of Matter Ad Library, Bangladeshis have spent this dollar on advertising during the period from December 27 to January 2. These advertising dollars …

Read More »

CISA Released Three Industrial Control Systems Advisories

industrial control system

CISA released three ICS advisories on January 4, 2024. These advisories give important information about security issues, vulnerabilities, and exploits concerning ICS. ICSA-24-004-01 Rockwell Automation FactoryTalk Activation: Vulnarability overview Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems’ products which internally use a version of …

Read More »

BD CIRT REPORT
Ongoing Phishing Campaign targeting Bangladesh by APT group SideWinder

BGD eGOV CIRT

Cyber Threat Intelligence Unit of BGD e-GOV CIRT has detected a suspicious ongoing phishing campaign by APT group named as SideWinder targeted at Bangladeshi entities such as Bangladesh Armed Forces Division (AFD) and Law Enforcement Agencies. The group is known as a highly active hacker group who has shown the …

Read More »

F5 releases security advisories for multiple vulnerabilities

F5 releases security advisory for multiple vulnerabilities including K000132893: GRUB2 vulnerability CVE-2022-28733. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands …

Read More »

2024 strong start
Google’s Mandiant recover its x (twitter) account after hacked

Mandiant

Google’s cybersecurity firm Mandiant get back its x (twitter) account after being taken over by someone sharing links to a cryptocurrency platform. On Wednesday afternoon around 3:30 pm EST, the scammar took the control over mandiant’s x account, renamed it as phantom and tweeted out links to a company called …

Read More »