Cyber Attack

BDG e-GOV CIRT’s Cyber Threat Intelligence Unit has noticed a concerning increase in cyber-attacks against web applications and database servers in Bangladesh. Hackers are trying to deface government websites, steal important information, and disrupt online services through DDoS attacks. Organizations are advised to take precautions to protect themselves online. CIRT …

Sekoia.io and Intrinsec analyzed the Quad7 (7777) botnet, which uses TCP port 7777 on infected routers to carry out brute-force attacks on Microsoft 365 accounts. Attacks were detected on 0.11% of monitored accounts. Key insights highlighted by researchers: Botnet Evolution: Quad7 has been active for a long time and continues …

APT17 has recently been seen attacking Italian companies and government organizations. They are using a modified version of a well-known malware called 9002 RAT. Two targeted attacks occurred on June 24 and July 2, 2024, according to an analysis by Italian cybersecurity company TG Soft published last week. “The first …

A massive cyber heist has hit at India’s Nainital Bank’s Noida branch, where over ₹16 crore was stolen after hackers accessed the servers and transferred the money to 89 different accounts. Cybercriminals hacked the bank’s RTGS channel by stealing the manager’s login details and stole ₹16.5 crore from June 16 …

AT&T, an American telecom service provider, has confirmed a data breach. The data approximately 109 million almost all its wireless customers and customers of mobile virtual network operators (MVNOs) who use AT&T’s wireless network was accessed by threat actors. AT&T’s MVNOs include Black Wireless, Boost Infinite, Consumer Cellular, Cricket Wireless, …

French cloud computing firm OVHcloud recently handled the largest DDoS attack in terms of packet rate. This attack occurred during a period of increasing intensity in DDoS attacks. According to the cloud provider, packet rate DDoS attacks are very effective because they are harder to stop than attacks with fewer, …

The web development community was affected by a supply chain attack on the popular Polyfill.io JavaScript library last week. Polyfill.js supports modern tools on older web browsers for cross-compatibility. In February 2024, the Polyfill.io domain and GitHub account were acquired by Funnull, a Chinese CDN company. This raised concerns about …

“A critical vulnerability has been identified in the Google Authentication mechanism of the application. By manipulating the ID and email parameters in the authentication request, an attacker can obtain an access token for any user. This allows the attacker to take over any account without any user interaction, leading to …

An executive from National Australia Bank reveals that the four major banks in the country face continuous attacks, as threat actors launch numerous attacks every minute, around the clock. According to Chris Sheehan, National Australia Bank’s executive for group investigations, all banks are constantly being targeted by attacks. The purpose …

There is a security flaw (CVE-2024-20399) in Cisco NX-OS Software that lets an attacker with local access execute commands as root on the affected device. The vulnerability is caused by not properly checking the arguments used in certain configuration CLI commands. An attacker can take advantage of this vulnerability by …