National Security Agency (NSA), The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) jointly published guideline to enhanced visibility and hardening guidance for communications infrastructure providing best practices to protect against PRC affiliated threat actor. According to the guideline above mentioned threat actor has compromised networks …
Read More »
Cybersecurity researchers are alerting users about phishing email campaigns using a toolkit called “Rockstar 2FA” to steal Microsoft 365 account credentials. These campaigns use advanced techniques to create fake landing pages resembling real Microsoft 365 login pages. Their main goal is to steal user credentials, targeting Microsoft accounts. This campaign …
Read More »
Uganda’s finance ministry confirmed media reports that hackers breached the central bank’s systems and stole money, but refuted the claims to steal the money as much as $17 million. Uganda’s Minister of State for Finance, Henry Musasizi, addressed media reports alleging that a Southeast Asian hacker group hacked the Bank …
Read More »
SL Data Services/Propertyrec, an information research provider exposes a non-password-protected database containing more than 600K records according to the security researcher Jeremiah Fowler. The dataset contains over 713 GB records including vehicle records, property ownership reports and court records. Jeremiah Fowler said, around 95% of the limited sample of documents …
Read More »
On Monday, Indian HDFC life insurance said, They got some instances of data leaks. “We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” HDFC Life said in a regulatory filing. The company has started to security …
Read More »
According to ESET, Russia linked Ramcom exploit the two zero days of Mozilla FireFox and Microsoft Window addressed CVE 2024-9680, and 2024-49039. “In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) …
Read More »
Jan Michael Alcantara of Netskope Threat Labs reported, Python NodeStealer has resurfaced with advanced techniques and a broader target range. The report shows that primarily the infostealer to target Facebook business accounts and harvests credit card information. The malware targets Facebook Ads Manager accounts to steal login details, cookies, and …
Read More »
A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting a significant security risk. The findings are alarming for the United States, which has over one-third of global exposures (48,000 systems). This shows a pressing need for improved cybersecurity in …
Read More »
Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack using two recently patched vulnerabilities (CVE-2024-0012 and CVE-2024-9474), according to Shadowserver Foundation’s internet scanning. Palo Alto Networks security researchers reported on Wednesday that they detected a “limited set of exploitation activity” involving two vulnerabilities in PAN-OS, the …
Read More »
Renowned cybersecurity researcher Jeremiah Fowler uncovered a non-password-protected database having over 1.1 million records linked to Conduitor Limited (Forces Penpals). This platform provides dating services and social networking for US and UK military personnel and their supporters. Jeremiah Fowler revealed that the publicly accessible database lacked password protection and encryption. …
Read More »
InfoSecBulletin Cybersecurity for mankind