A PoC code has been released for the a serious vulnerability, CVE-2023-41974, on iOS and macOS. This vulnerability can be used to gain full control of a mobile device by exploiting a critical issue in the kernel, giving an application access to run any code with kernel privileges. This discovery …
Read More »
Security researchers have released new tools to help Black Basta ransomware victims recover their files. SR Labs, based in Berlin, recently shared on GitHub that the tools take advantage of a flaw in the encryption algorithm. Basta uses ChaCha to encrypt victim files by XORing with a keystream in 64-byte …
Read More »
Hudson Researchers reported that on December 20th, ‘irleaks’ claimed to have 160 million records from 23 top insurance companies in Iran for sale. The hacker says they have stolen data like names, birth dates, phone numbers, national codes, and more. They have shared a sample of the data and want …
Read More »
Hacktivist group, Anonymous Collective claim to cyber attack the E Visa service of the Bahrain government. The cyberattack on Bahrain government has raised concerns about the cyber security arena of sensitive data protection. The hacktivist group shared a screen shot of attack of the E Visa services on their social …
Read More »
On Christmas Eve, Resecurity protecting Fortune 100 and government agencies worldwide, noticed that multiple actors on the Dark Web were leaking a large amount of data. More than 50 million records containing personal information about consumers from different countries were leaked. The damage caused by this could potentially be worth …
Read More »
Microsoft disables the ms-appinstaller protocol handler by default due to its misuse by several threat actors to spread malware. “The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence team …
Read More »
India’s space ambitions have grown with the announcement from the Indian Space Research Organisation (ISRO) that they plan to launch 50 satellites in the next five years. These satellites will be important for improving the country’s geo-intelligence capabilities. The satellites will form a network at different levels, allowing for monitoring …
Read More »
A new security flaw was found in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. This flaw could be used to get around authentication protections. The vulnerability, CVE-2023-51467, is found in the login feature and is caused by a partial fix for another serious vulnerability (CVE-2023-49070, CVSS score: 9.8) …
Read More »
CISA started the SCuBA project to improve the security of email and cloud environments in the federal government. The project aims to enhance the security features of commonly used products and services and provide better visibility at the enterprise level to support our cybersecurity goals. This meant creating secure configurations …
Read More »
Barracuda, fixed a zero-day bug on December 21. The bug was used by hackers known as UNC4841 to exploit Email Security Gateway (ESG) appliances. The company released additional security updates the following day for compromised ESG appliances that were attacked with SeaSpy and Saltwater malware. A security vulnerability was disclosed …
Read More »
InfoSecBulletin Cybersecurity for mankind