Wednesday , October 9 2024

Alert

Microsoft October 2024 Patch: 5 Zero-Days, 118 flaw

Microsoft

In its recent Patch Tuesday release, Microsoft fixed 118 vulnerabilities, including five zero-day flaws, two of which are currently being exploited. The updates affect multiple Microsoft products, such as Windows, Office, Azure, .NET, and Visual Studio. Zero-Day Vulnerabilities: Among the five zero-day vulnerabilities patched, two were actively exploited in the …

Read More »

BD CIRT alert
Lumma C2 malware attack Bangladeshi several websites

Lummac2

The Cyber Threat Intelligence (CTI) Unit at BGD e-GOV CIRT has discovered a malware campaign involving the Lumma Stealer family. They’ve found that various types of stealer malware are being spread using similar methods. CIRT is monitoring stealer malware campaigns and has found malware that steals sensitive information. Recently, the …

Read More »

First Half Of 2024 Report
Bangladeshi 32.4% government websites face cyber attack: NAS report

National Attack Surface (NAS) report for the first half of 2024 reveals that 56.6% of cyberattacks in Bangladesh targeted educational institutions, indicating a serious lack of maintenance and updates for school websites, making them highly vulnerable. During this period, 32.4% of attacks targeted government websites, revealing significant security flaws. The …

Read More »

CISA Warns
Network switch RCE flaw impacts critical infrastructure

switch

CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code execution in critical infrastructure. The flaws involve weak authentication, allowing users to bypass password requirements, and issues with validating user input, which could lead to remote code execution, arbitrary file …

Read More »

Cloudflare report
India linked hacker to target Bangladeshi Gov.t and law agency

india

A threat actor likely operating out of India is relying on various cloud services to conduct cyberattacks against energy, defense, government, telecommunications, and technology entities of Bangladesh, Cloudflare reports. Tracked as SloppyLemming, this group is linked to Outrider Tiger, a threat actor associated with India, previously Crowdstrike said, that uses …

Read More »

ALERT
Hackers Using Supershell Malware Targeting Linux SSH Servers

LINUX

Researchers found an attack targeting poorly secured Linux SSH servers using Supershell, a backdoor written in Go that gives attackers remote control of affected systems. After the initial infection, attackers likely used scanners to find more vulnerable targets and launched dictionary attacks with credentials collected from the compromised systems. The …

Read More »

CISA adds windows and whatsUp Gold vuls to its KEV

cisa

CISA has warned Microsoft Windows MSHTML Platform Spoofing Vulnerability and Progress WhatsUp Gold SQL Injection Vulnerability actively exploited security flaws, adding them to its Known Exploited Vulnerabilities catalog, and is urging swift action from federal agencies and global organizations. CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability (CVSS 8.8) Microsoft‘s MSHTML …

Read More »

Gov.t issues high alert on android devices

Android

Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities that affect Android versions 12, 12L, 13, and 14. The advisory said, bad attacker could potentially exploit these vulnerabilities to gain access the sensitive information stored in the devices, even …

Read More »