A new spying campaign has been discovered that targets Indian government agencies and the energy sector, using a modified open-source tool called HackBrowserData to steal browser credentials, cookies, and history. Researchers from EclecticIQ, a Dutch cybersecurity firm, found a hacking campaign in early March. They didn’t identify the hackers but …
Read More »“Operation FlightNight”
Daily Cybersecurity update, March 26, 2024
Some of notable happening the cyber world: St. Cloud, Florida, experienced a ransomware attack that disrupted city services and required changes in how payments are made at some city facilities. Russian hackers Cozy Bear used fake dinner invites to attack German political parties, installing the WINELOADER backdoor. A supply-chain attack …
Read More »CISA Releases Four Industrial Control Systems Advisories
CISA published four advisories on March 26, 2024, about security problems, vulnerabilities, and exploits in Industrial Control Systems (ICS). ICSA-24-086-01 Automation-Direct C-MORE EA9 HMI ICSA-24-086-02 Rockwell Automation PowerFlex 527 ICSA-24-086-03 Rockwell Automation Arena Simulation ICSA-24-086-04 Rockwell Automation FactoryTalk View ME CISA encourages users and administrators to review the newly released …
Read More »
Teletalk to use Banglalink's network
Experimental National Roaming Service launched in Bangladesh
An experimental national roaming service has been launched for the first time in the country to reduce network disruptions for Teletalk customers. As a result, Teletalk will use Banglalink’s network. State Minister for Posts, Telecommunications and Information Technology Zunayd Ahmed Palak inaugurated this service organized at BCC on the occasion …
Read More »CISA urges software devs mitigatin SQL injection vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint alert about making software secure by eliminating SQL injection vulnerabilities. This was in response to a recent major incident involving SQL injection that affected thousands of organizations and emphasizes how common this type of security flaw is. …
Read More »
Checkmarx blog post
170K+ Python Developers GitHub Accounts Hacked
The Checkmarx Research team found out that hackers attacked the software supply chain and managed to breach the Top.gg GitHub organization, which has over 170,000 users, and also targeted individual developers. These hackers took over accounts by stealing browser cookies, added bad code with verified commits, created a fake Python …
Read More »ChatGPT is down worldwide: OpenAI fixed issues
Many users around the world are experiencing issues with OpenAI’s ChatGPT, such as not being able to log in, missing chat histories, and chat screens that won’t load correctly. Sometimes when you open ChatGPT, you might get a blank screen that just says “How can I help you today?” without …
Read More »“Tycoon 2FA”: MFA-bypassing phishing kit targets Microsoft 365
In October 2023, Sekoia analysts discovered a new Adversary-in-The-Middle (AiTM) phishing kit used by several hackers for widespread attacks. This kit is linked to the Tycoon 2FA Phishing-as-a-Service (PhaaS) platform, active since at least August 2023. The Sekoia Threat Detection & Research (TDR) team analyzed the Tycoon 2FA PhaaS kit …
Read More »Unpatched PHP Deserialization Vulnerability in Artica Proxy
SonicWall Capture Labs found a vulnerability with the Artica Proxy appliance. This vulnerability affects over 100K servers globally. Artica Proxy is a proxy solution that performs tasks like web filtering, SSL inspection, and bandwidth management. SonicWall has developed measures to mitigate the vulnerability. There is a security vulnerability called CVE-2024-2054 …
Read More »How Henry Discovered Google’s Vulnerability and got recognition
The writing is first published to medium where Henry N. Caga wrote about how he find out Google’s vulnerability and achieved hall of fame recognition. Henry N. Caga wrote I stumbled upon a discovery that sent shockwaves through my system: an XSS (Cross-Site Scripting) vulnerability lurking within one of Google’s …
Read More »