Saturday , June 7 2025

infosecbulletin

Navigating the Cyber Threat Landscape – Digital bank, Bangladesh perspective

picture

Digital banking has played a pivotal role in expanding financial access for millions in Bangladesh, showcasing technology’s capacity to uplift lives and create opportunities. The nation’s high mobile penetration rate and the widespread adoption of Mobile Financial Services (MFS) like bKash and Nagad have empowered millions, especially in rural areas, …

Read More »

ALERT
NGINX Releases Security Updates: HTTP/3 Vulnerabilities Patched

NGINX

NGINX team released important updates for their web server software and is advising users to upgrade as soon as possible. The updates fix four important vulnerabilities in the HTTP/3 implementation, especially affecting configurations using the “ngx_http_v3_module.” CVE-2024-32760: A vulnerability in NGINX Plus or NGINX OSS causes HTTP/3 QUIC module to …

Read More »

CISA Releases Seven Industrial Control Systems Advisories

ics

On May 30, 2024, CISA published seven advisories about Industrial Control Systems (ICS). These advisories share important information regarding security issues, vulnerabilities, and exploits related to ICS. ICSA-24-151-01 LenelS2 NetBox ICSA-24-151-02 Fuji Electric Monitouch V-SFT ICSA-24-151-03 Inosoft VisiWin ICSA-24-151-04 Westermo EDW-100 ICSA-22-356-03 Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC …

Read More »

Business Leaders & Celebrities’ Accounts Exposed

phone

Jeremiah Fowler, a cybersecurity researcher, found and informed WebsitePlanet about a database without password protection. It held around 121,000 user accounts of entrepreneurs and business leaders from Clarity.fm, a platform for connecting entrepreneurs with experts. The database had 155,531 records, including 121,000 member profiles with personal and professional email addresses, …

Read More »

Hacker Claim to compromise over 15 Asian telecom

tower

A large dataset belonging to BSNL, an Indian state-owned telecommunications company, has been put up for sale by cybercriminals on an underground forum. On May 27, 2024, it was discovered that “kiberphant0m” was selling unauthorized access to databases stolen from BSNL, as well as data from other Asian telecom companies …

Read More »

First American December data breach impacts 44,000 people

In December 2023, The First American Financial Corporation, a major title insurance company in the US, experienced a cyberattack. This resulted in the personal information of approximately 44,000 individuals being exposed. The company disclosed this data breach to the US Securities and Exchange Commission (SEC) on May 28, 2024. This …

Read More »

Exploit released for maximum severity RCE In FORTINET SIEM

fortinet

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Horizon3’s Attack Team released a demonstration of a security vulnerability, identified as CVE-2024-23108, in Fortinet’s SIEM solution. This vulnerability allows attackers to run commands as the most powerful user on publicly accessible FortiSIEM devices. …

Read More »