The CTO of Razz Security, Mukesh, recently exploited CI/CD pipelines to gain full server access which has its origins in the presence of an exposed .git directory on a publicly available web server. For this flaw, anyone could read and download the entire version control. It is examined that, this …
Read More »
Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has a CVSS score of 9.8. The report said, for the poor design of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, the published …
Read More »
Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit these vulnerabilities to access systems without permission, steal important information, and potentially run harmful code. Vulnerabilities in Palo Alto Networks: The vulnerabilities include CVE-2024-5915, CVE-2024-5916, and CVE-2024-5914. GlobalProtect App: Privilege …
Read More »
US authorities have issued a cybersecurity advisory about a ransomware group called RansomHub. The group is thought to have stolen data from at least 210 victims using encryption and double extortion techniques. The group targeted various organizations, including healthcare, IT, government, emergency services, food and agriculture, and water and wastewater. They …
Read More »
The Cicada3301 ransomware is made in Rust and attacks Windows and Linux/ESXi hosts. Truesec researchers examined a version that targets VMware ESXi systems, which seems to be a variant of the same malware for Windows. Experts mentioned that although many ransomware groups are now targeting ESXi systems, only a few, …
Read More »
Global Secure Layer (GSL) recently mitigated a huge volume of DDoS attack ever recorded. The attack targeted a Minecraft gaming customer which peak at a staggering 3.15 billion packets per second (Gpps) that surpasses previous records by a factor of 3.2 to 3.5, underscoring the escalating threat posed by DDoS …
Read More »
Attackers are using more phishing toolkits (open-source, commercial, and criminal) to carry out adversary-in-the-middle attacks. Attackers can use AitM to steal both login information and active sessions. This lets them bypass security measures like MFA, EDR, and email filtering. What is AitM phishing? AitM phishing uses specialized tools to intercept …
Read More »
Trend Micro researchers identified a sophisticated malware campaign that aims at Middle East organizations. The campaign tricks victims into infecting their devices by pretending to be a real Palo Alto GlobalProtect VPN client. The attack begins with the distribution of a malicious file named “setup.exe,” which masquerades as a legitimate …
Read More »
The BlackByte ransomware group is suspected of using a recently fixed security issue in VMware ESXi hypervisors. They are also taking advantage of weak drivers to bypass security measures. A vulnerability named CVE-2024-37085 lets attackers bypass authentication on VMware ESXi systems connected to an Active Directory domain. By using this …
Read More »
Nigeria’s National Data Protection Commission (NDPC) fined Fidelity Bank ₦555.8 million for breaking customer data protection laws. Punch reported that Olatunji said the top bank violated Nigeria’s Data Protection Act and Regulation, resulting in a large fine of 0.1% of the bank’s 2023 revenue. Commissioner emphasized the importance of following …
Read More »
InfoSecBulletin Cybersecurity for mankind