AWS announced new security features at its re:Inforce conference, such as identity and malware protection services. The cloud giant added passkeys to the list of supported multi-factor authentication (MFA) mechanisms for root and Identity and Access Management (IAM) users. The company also started enforcing MFA on root users, particularly AWS …
Read More »
CISA released 20 advisories about Industrial Control Systems (ICS) on June 13, 2024. These advisories give important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-165-01 Siemens Mendix Applications ICSA-24-165-02 Siemens SIMATIC S7-200 SMART Devices ICSA-24-165-03 Siemens TIA Administrator ICSA-24-165-04 Siemens ST7 ScadaConnect ICSA-24-165-05 Siemens SITOP UPS1600 ICSA-24-165-06 …
Read More »
Microsoft has released updates for 49 security vulnerabilities in its Patch Tuesday update for June. One of the fixes addresses a critical bug in Microsoft Message Queuing (MSMQ) technology that could allow remote code execution (RCE) and server takeover. The number of bugs in each vulnerability category is listed below: …
Read More »
GhostR hacker claimed to hack Absolute Telecom PTE Ltd, a Singapore-based telecom company and stole 34 gigabytes of data including corporate information, accounting records, sales data, customer details, credit card information, and call records. In a post the bad actor claimed they infiltrated and compromised the company’s server networks on …
Read More »
CISA released four advisories about Industrial Control Systems (ICS) on June 4, 2024. These advisories contain important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-156-01 Uniview NVR301-04S2-P4 ICSA-23-278-03 Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A) ICSA-22-172-01 Mitsubishi Electric MELSEC iQ-R, Q, L Series and …
Read More »
The NSA advises iPhone and Android users to restart their devices weekly for better security against cyber threats. The NSA suggests in a document that regularly restarting devices is a simple and effective way to reduce the risk of cyberattacks. This advice is especially relevant due to the rising complexity …
Read More »
On April 30th, the White House released National Security Memorandum-22 (NSM) on Critical Infrastructure Security and Resilience to update national policy on protecting and securing critical infrastructure from cyber and all-hazard threats. The memorandum recognizes the changed risk landscape and aims to collaborate with partners to identify and reduce sector, …
Read More »
Kaspersky has launched a new virus removal tool called KVRT for Linux, which allows users to scan and remove malware and known threats for free. Linux systems are often thought to be secure, but a security firm has shown that this is not always the case. They have discovered several …
Read More »
A large dataset belonging to BSNL, an Indian state-owned telecommunications company, has been put up for sale by cybercriminals on an underground forum. On May 27, 2024, it was discovered that “kiberphant0m” was selling unauthorized access to databases stolen from BSNL, as well as data from other Asian telecom companies …
Read More »
Check Point warned that threat actors are targeting their Remote Access VPN devices in an ongoing campaign to breach enterprise networks. Remote Access is included in all Check Point network firewalls. It can be set up as a client-to-site VPN for accessing corporate networks using VPN clients, or as an …
Read More »
InfoSecBulletin Cybersecurity for mankind