The LockBit ransomware group reactivated a hidden website on the dark web. They posted a long message written by their leader, who vowed not to retreat from the criminal underground world. The LockBit leader says the FBI used a vulnerability in PHP to hack their servers. They didn’t fix it …
Read More »0/1 click Facebook account takeover; Nepalis talent rewarded
Meta ranked Nepal’s cyber security researcher Samip Aryal first in the White Hack (Hall of Fame) for finding a vulnerability that could hack accounts with one click. This happened on Friday. Samip Aryal informed a Nepali media outlet about discovering a vulnerability in Facebook that could allow for an ‘account …
Read More »OWASP Releases Security Checklist for Generative AI Deployment
OWASP released the LLM AI Cybersecurity & Governance Checklist. The 32-page document helps organizations create a strategy for using large language models and reducing associated risks. Sandy Dunn, CISO at Quark IQ, started working on the checklist in August 2023 as a supporting resource to OWASP’s Top 10 Security Issues …
Read More »CISA Releases One Industrial Control Systems Advisory
CISA published an advisory about Industrial Control Systems (ICS) on February 22, 2024, to inform about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft: EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerability: Uncontrolled Search Path Element RISK EVALUATION …
Read More »
TrendMicro Research
LockBit-NG-Dev, might consider a true 4.0 version
LockBit ransomware creators were working on a new version of their file-encrypting malware, called LockBit-NG-Dev, possibly to be known as LockBit 4.0, before law enforcement dismantled their operation this week. Multiple Versions: “Security experts said LockBit previously released various versions of its ransomware:” LockBit version 1.0 was released in January …
Read More »Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited
IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild. CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to …
Read More »Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla released security updates for Firefox, Firefox ESR, and Thunderbird to fix vulnerabilities. These vulnerabilities could allow a cyber threat actor to take control of a system. MFSA 2024-05 for Firefox MFSA 2024-06 for Firefox ESR MFSA 2024-07 for Thunderbird CISA advises users and administrators to check the Mozilla Security …
Read More »VMware Alert: Critical flaw found in deprecated VMware EAP
VMware advises users to remove the outdated Enhanced Authentication Plugin (EAP) due to the discovery of a serious authentication relay vulnerability, known as CVE-2024-22245 (CVSS score: 9.6). A person who intends to harm could deceive a domain user with EAP installed in their web browser. This deception could lead the …
Read More »“sebacenter.xyz”, a crucial identity threat for Bangladeshis
“sebacenter.xyz” is now a name of threat for personal identifiable information (PII) for the people of Bangladesh. By using only the site, miscreants are making and distributing fake paper of TIN, NID, NID info, BMET training, Surokkha, Death and birth register and duplicate land tax paper instantly. Even, if any …
Read More »LockBit Ransomware Operation Shut Down; Decryption Keys Released
The U.K. National Crime Agency (NCA) confirmed that it got LockBit’s source code and gathered intelligence about its activities and affiliates as part of Operation Cronos. “Some of the data on LockBit’s systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a …
Read More »