Tuesday , December 24 2024

infosecbulletin

5 Islamic banks risk of being frozen out of certain transactions

Banks

Five Islamic banks current accounts with Bangladesh Bank are negative, but transactions are ongoing. The central bank has warned that unless the banks meet liquidity requirements within 20 days, transactions will be halted, reported Prothom Alo. According to Three prominent media reports Bangladesh Bank’s Motijheel office has recently given this …

Read More »

CERT-In
Warning! Govt alerts Samsung users; here’s why

mobile phone

The Indian government urgently asked Samsung smartphone users to update their devices due to security vulnerabilities. CERT-In issued a warning about a threat to certain Samsung devices running on Android versions 11, 12, 13, and 14. These vulnerabilities could be exploited to gain unauthorized access to sensitive data on these …

Read More »

MITRE Reveals EMB3D
MITRE reveals Critical Infrastructure Threat Model Framework

MITRE

Red Balloon Security, Narf Industries, and MITRE worked together to develop the EMB3D Threat Model. This model helps us understand the risks that embedded devices face and the security measures they require. The EMB3D model is a framework that focuses on embedded devices. “It considers the specific risks presented by …

Read More »

“Onpassive”, Bangladesh bank alert fraudulent activities

onpassive

Bangladesh Bank’s Financial Intelligence Unit (BFIU) warned about the fraudulent activities of the MLM company ‘Onpassive‘. BFIU issued a warning on Thursday (December 14). ALSO READ: Quishing: New Phishing Attacks Tactics Rising The intelligence unit has reported that there have been cases of large-scale embezzlement from ordinary people through different …

Read More »

MICROSOFT PATCH TUESDAY FIXED 4 CRITICAL FLAWS

Microsoft

In December 2023, Microsoft released security updates for multiple products, addressing 33 vulnerabilities. The company’s vulnerabilities affect several Microsoft products, including Windows, Office, Azure, Microsoft Edge, Windows Defender, Windows DNS and DHCP server, and Microsoft Dynamic. The IT giant also addressed several Chromium issues. ALSO READ: Bypassing major EDRS using …

Read More »

Sophos updated RCE fix after attacks on unsupported firewalls

sophos logo

Sophos had to update old firewall firmware versions due to a security vulnerability (CVE-2022-3236) after attacked by hackers. There is a code injection flaw in the User Portal and Webadmin of Sophos Firewall. This flaw allows for remote code execution. ALSO READ: Bypassing major EDRS using “POOL PARTY”, Hackers revealed …

Read More »

process injection techniques
Bypassing major EDRS using “POOL PARTY”, Hackers revealed

Researchers at cybersecurity firm SafeBreach created a new method called Pool Party. This method allows attackers to bypass EDR solutions. The researchers presented Pool Party at Black Hat Europe 2023. The experts discovered an new way to inject processes by using Windows thread pools. Researchers found eight new process injection …

Read More »

APACHE FIXED CRITICAL RCE FLAW CVE-2023-50164 at STRUTS 2

STRUTS CVE

The Apache Software Foundation fixed a critical file upload vulnerability in the Struts 2 open-source framework. This flaw, tracked as CVE-2023-50164, could allow remote code execution. An attacker can manipulate file upload parameters to upload a malicious file and execute code on the server. “An attacker can manipulate file upload …

Read More »

internet operational technology
17th bdNOG conference start tomorrow for three days

bdNOG conference

17th bdNOG Conference and Workshop is going to be held in Dhaka on December 12-15 jointly organized by Bangladesh Network Operators Group (BDING) and Internet Service Providers Association of Bangladesh (ISPAB). Three days technical workshop and one day hosting day will be in the conference. The workshop will train Internet …

Read More »