International

A threat actor has announced a new DDoS tool called Cliver, which offers strong attack methods for disrupting web services, including HTTP/2 and TLS floods, Cloudflare bypass, and browser emulation for bypassing CAPTCHA. The threat actor shared more information in a FAQ section. Cliver is a strong Layer 7 (L7) …

Malyasian National Cyber Security Agency (Nacsa) is investigating a possible data breach that exposed the data of four million U Mobile subscribers. The data, which claimed to contain personal information like names, addresses, MyKad numbers, andThe data, which may include personal information like names, addresses, MyKad numbers, and mobile phone …

Kaspersky is offering free security products and safety tips for six months to consumers in the United States. The company decided to close its business and lay off employees in the U.S. after the U.S. government added Kaspersky to the Entity List, a catalog of “foreign individuals, companies, and organizations …

Microsoft’s July 2024 Patch Tuesday includes security updates for 142 flaws, including two zero-days that are actively exploited and two that are publicly disclosed. This Patch Tuesday fixed five critical vulnerabilities, all of which were remote code execution flaws. July 2024 Patch Tuesday Breakdown: Here is the breakdown of vulnerabilities …

Avast researchers found a security flaw in the DoNex ransomware and its previous versions, which allowed them to create a tool to decrypt the files. They shared this discovery at the Recon 2024 conference. Avast released a free decryptor in March 2024 to help victims recover their files. “All brands …

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the UK, and the US issued a warning about a cyber espionage group called APT40, which is linked to China. The advisory cautions about the group’s capability to quickly and effectively use security flaws that are recently disclosed. “APT …

The United States cyber defense agency is creating a new framework to answer a critical question in cybersecurity: How can the trustworthiness of open-source security projects be accurately measured and transparently communicated? The Cybersecurity and Infrastructure Security Agency is working on the second phase of its open-source software security road …

Cyble Analyzes An Active Campaign Exploiting A Microsoft SmartScreen Vulnerability To Deliver Stealers Via Spam Emails. Key findings:  * Cyble Research and Intelligence Labs (CRIL) recently came across an active campaign exploiting the Microsoft SmartScreen vulnerability (CVE-2024-21412). * The ongoing campaign targets multiple regions, including Spain, the US, and Australia. …

Mohammed Iqbal Hossain has been elected as the president of ISACA Dhaka chapter and Md. Abul Kalam Azad has been reelected as secretary. Saturday (6 July) from 4 pm to 6.30 pm, 150+ member cast their vote to elect their candidates for ISACA Dhaka chapter. This year 23 candidates fight …

Apache Software Foundation released Apache HTTP Server version 2.4.61 to fix a serious source code disclosure vulnerability (CVE-2024-39884). This flaw could expose sensitive server information to malicious actors. The CVE-2024-39884 vulnerability is caused by a problem in how old content-type configurations are managed. The “AddType” directive and similar settings, when …