Alert

CISA released the 2024 Priorities of the Joint Cyber Defense Collaborative (JCDC). These priorities will help the group focus on developing effective solutions to cybersecurity challenges. Resulting from the trusted partnerships the collaborative has fostered, the focused goals of the 2024 priorities are to: Defend against Advanced Persistent Threat (APT) …

The Cyber Threat Intelligence Unit at BGD e-GOV CIRT has noticed an increase in cyber-attacks on organizations. These attacks are aimed at compromising third-party service providers. Several organizations in Bangladesh have experienced data breaches. Some individuals employed by third party service providers, tasked with offering technical support to various client …

CISA released two advisories on February 6, 2024. They contain important information about security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-037-01 HID Global Encoders: Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration cards and credentials. Reader configuration cards contain …

By using the name of Bangladesh Bank license, mobile financial services (MFS) top organization Bkash and the name of one of the entrepreneurs of the information technology sector, Sonia Bashir Kabir, Wellxpay has started spreading false propaganda. The company told various foreign media that Wellxpay has received a Payment Service …

CISA released 8 advisories about Industrial Control Systems (ICS) on January 30, 2024. They give up-to-date information on security issues, vulnerabilities, and exploits related to ICS. ICSA-24-030-01 Emerson Rosemount GC370XA, GC700XA, GC1500XA ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products ICSA-24-030-03 Mitsubishi Electric MELSEC WS Series Ethernet Interface Module ICSA-24-030-04 Hitron …

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-22527 Atlassian Confluence Data Center and Server Template Injection Vulnerability CVE-2023-22527 Detail: A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE …

CISA released 6 advisories for Industrial Control Systems (ICS) on January 23, 2024. These advisories share important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-023-01 APsystems Energy Communication Unit (ECU-C) Power Control Software ICSA-24-023-02 Crestron AM-300 ICSA-24-023-03 Voltronic Power ViewPower Pro ICSA-23-023-04 Westermo Lynx 206-F2G ICSA-24-023-05 Lantronix …

Apple’s first zero-day of 2024 has been disclosed, with fixes pushed out for MacOS, iOS, and iPadOS. Apple describes CVE-2024-23222 as a type confusion bug in Webkit. They are aware of a report suggesting that this issue might have been exploited. “Processing maliciously crafted web content may lead to arbitrary …

CISA, the FBI, and the EPA have released a guide to help water and wastewater systems respond to incidents. Over 25 organizations from various sectors contributed to this guide, including private companies, non-profit organizations, and government entities. This collaboration ensured that the guide would be useful for water and wastewater …

Cybersecurity researchers at Trend Micro discovered an exploitation of CVE-2023-36025 leading to the spread of a new type of malware called Phemedrone Stealer. Phemedrone Stealer is a malware that targets web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord. It not only steals data, but also takes …