Cybersecurity researchers at Trend Micro discovered an exploitation of CVE-2023-36025 leading to the spread of a new type of malware called Phemedrone Stealer. Phemedrone Stealer is a malware that targets web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord. It not only steals data, but also takes …
Read More »TrendMicro Research
Bishopfox bog
Over 178k SonicWall Firewalls are Publicly Exploitable
In a blog post BishopFox said, SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities with the potential for remote code execution. SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart and reported that no exploitation had been observed in the wild; …
Read More »
CISA alert
CISA Releases Nine Industrial Control Systems Advisories
CISA issued nine advisories about Industrial Control Systems (ICS) on January 11, 2024, to give timely information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-011-03 Rapid Software LLC Rapid SCADA ICSA-24-011-04 Horner Automation Cscape ICSA-24-011-05 Schneider Electric Easergy Studio ICSA-24-011-06 Siemens Teamcenter Visualization and JT2Go ICSA-24-011-07 Siemens Spectrum …
Read More »CISA Flags 6 Vulnerabilities – Apple, Apache, Adobe , D-Link, Joomla Under Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified six security vulnerabilities that are being actively exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-27524 is a high-severity vulnerability in Apache Superset. It has a CVSS score of 8.9 and could allow remote code …
Read More »
To sell over 160 million records
Mysterious hacker strikes Iran with 23 organizations: Hudson Rock
Hudson Researchers reported that on December 20th, ‘irleaks’ claimed to have 160 million records from 23 top insurance companies in Iran for sale. The hacker says they have stolen data like names, birth dates, phone numbers, national codes, and more. They have shared a sample of the data and want …
Read More »“Onpassive”, Bangladesh bank alert fraudulent activities
Bangladesh Bank’s Financial Intelligence Unit (BFIU) warned about the fraudulent activities of the MLM company ‘Onpassive‘. BFIU issued a warning on Thursday (December 14). ALSO READ: Quishing: New Phishing Attacks Tactics Rising The intelligence unit has reported that there have been cases of large-scale embezzlement from ordinary people through different …
Read More »
CIRT alert on CVEs
BD CIRT published CVE of f5, Apache, Juniper, Citrix and Atlassian
Bangladesh Government’s Computer Incident Response Team (BGD e-GOV CIRT) proactively releases critical threat intelligence information to ensure the security of Bangladesh’s cyberspace. Following this, CIRT has recently identified critical vulnerabilities for critical information infrastructure (CII). CIRT published cyber alert for critical information infrastructure (CII) on Thursday (23 November). The report …
Read More »Bangladesh bank alert on cyber attack to bank and financial sectors
Bangladesh Bank alert on a cyber attack on 15 August to the bank and financial institutions. Sunday (6 July) Bangladesh Bank issued the alert. Taken the cyber threat by the threat actor as serious the alert read the following: ALSO READ: 15 August target possible big cyber attack in BD; …
Read More »CISA Warns to patch Industrial Control Systems Vulnerabilities Immediately
CISA has released three Industrial Control Systems (ICS) advisories on July 6, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: ICSA-23-187-01 PiiGAB M-Bus ICSA-23-187-02 ABUS TVIP …
Read More »In 48 hours, Big three hacker group threaten attack European financial system (video)
Three hacking groups, Killnet, Anonymous Sudan, and REvil, have threatened to launch a “destructive” attack against the European financial system, starting with the SWIFT international communications system. The attack is expected to take place within the next 48 hours. The groups are reportedly motivated by political reasons, as they are …
Read More »