FortiGuard Labs found a phishing campaign that tricks users into downloading a malicious Java downloader to spread new VCURMS and STRRAT remote access trojans. The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub to avoid detection. They used email as its command and control throughout …
Read More »
Apple released security updates to fix vulnerabilities in Safari, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could use some of these vulnerabilities to take control of a system that is affected. CISA encourages users and administrators to review the following advisories and apply the necessary updates: Safari 17.4 …
Read More »
CISA released two advisories on February 29, 2024. The advisories warn about security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-060-01 Delta Electronics CNCSoft-B ICSMA-24-060-01 MicroDicom DICOM Viewer EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerability: Stack-based Buffer Overflow RISK …
Read More »
CISA and the UK’s NCSC released a joint advisory about new tactics of Russian Foreign Intelligence Service (SVR) cyber actors. This group, also known as APT29, Midnight Blizzard, the Dukes or Cozy Bear, has been identified by the US as a cyber-espionage entity linked to the Russian SVR intelligence agency. …
Read More »
A critical security vulnerability has been revealed in the widely used WordPress plugin called Ultimate Member, which is installed on over 200,000 websites. The vulnerability CVE-2024-1071 has a high CVSS score of 9.8 out of 10. It was discovered and reported by security researcher Christiaan Swiers. WordPress security company Wordfence …
Read More »
IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild. CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to …
Read More »
Mozilla released security updates for Firefox, Firefox ESR, and Thunderbird to fix vulnerabilities. These vulnerabilities could allow a cyber threat actor to take control of a system. MFSA 2024-05 for Firefox MFSA 2024-06 for Firefox ESR MFSA 2024-07 for Thunderbird CISA advises users and administrators to check the Mozilla Security …
Read More »
The threat landscape report from BGD e-GOV CIRT shows a significant 71.39% increase in malware infections linked to potential ransomware threats. The report shows that there exist vulnerabilities in Bangladesh that could lead to ransomware attacks on various organizations. The main malware strains identified are M0yv, Phorpiex, and Necurs, which …
Read More »
CISA released the 2024 Priorities of the Joint Cyber Defense Collaborative (JCDC). These priorities will help the group focus on developing effective solutions to cybersecurity challenges. Resulting from the trusted partnerships the collaborative has fostered, the focused goals of the 2024 priorities are to: Defend against Advanced Persistent Threat (APT) …
Read More »
The Cyber Threat Intelligence Unit at BGD e-GOV CIRT has noticed an increase in cyber-attacks on organizations. These attacks are aimed at compromising third-party service providers. Several organizations in Bangladesh have experienced data breaches. Some individuals employed by third party service providers, tasked with offering technical support to various client …
Read More »
InfoSecBulletin Cybersecurity for mankind
