Thursday , November 30 2023

Vulnerabilities

ownCloud alert 3 Critical Vulnerabilities Users to Data Breaches

ownCloud

The creators of the open-source file-sharing software ownCloud have alerted users about three serious security vulnerabilities. These flaws could allow attackers to access confidential information and make changes to files. Brief description of the vulnerabilities is as follows: Sensitive credentials and configuration in container deployments for graphapi versions 0.2.0 to …

Read More »

HTTP/2 Rapid Reset Attack
Cisco Patched Products Vulnerable to HTTP/2 Rapid Reset Attack

Cisco

A new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack. A new technique for launching distributed denial of service (DDoS) attacks has been discovered. It is identified as CVE-2023-44487 and has a high severity rating of 7.5. In addition, this vulnerability …

Read More »

CIRT alert on CVEs
BD CIRT published CVE of f5, Apache, Juniper, Citrix and Atlassian

Bangladesh Government’s Computer Incident Response Team (BGD e-GOV CIRT) proactively releases critical threat intelligence information to ensure the security of Bangladesh’s cyberspace. Following this, CIRT has recently identified critical vulnerabilities for critical information infrastructure (CII). CIRT published cyber alert for critical information infrastructure (CII) on Thursday (23 November). The report …

Read More »

Black wing intelligence (video)
Windows hello fingerprint auth bypassed on Microsoft, Dell, Lenovo laptops

Laptop

Security researchers were able to bypass authentication on three popular laptops by testing the fingerprint sensors used for Windows Hello. The research was done by Blackwing Intelligence and Microsoft’s MORSE. Target devices include a Dell Inspiron 15 with a Goodix fingerprint sensor, a Lenovo ThinkPad T14s with a Synaptics sensor, …

Read More »

Reuters Special
How an Indian startup hacked the world

Rajat and Anuj Khare, two brothers who owned the Indian company Appin, were involved in a large-scale hacking incident. They stole personal information from celebrities, multinational executives, politicians, and others. An Indian company hacked on a large scale and got personal information of executives, lawyers, and politicians from all over …

Read More »

Microsoft pacthes November
Microsoft November 2023 Patch fixes 5 zero-days, 58 flaws

Microsoft logo

Microsoft Patch Tuesday security updates for November 2023 addressed 63 new vulnerabilities in Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET and .NET Framework; Azure; Mariner; Microsoft Edge (Chromium-based), Visual Studio, and Windows Hyper-V. The IT giant has addressed vulnerabilities with different severity ratings. Three are …

Read More »

SektorCERT reported
Record 22 Critical Infra hit by Sandworm: An alert for CII globally

power house

Hackers attacked Denmark’s critical infrastructure by compromising 22 energy organizations. This information was revealed by SektorCERT, a non-profit cybersecurity center for critical sectors. In May 2023, hackers attacked Danish critical infrastructure and compromised several organizations in just a few days. This was the biggest attack of its kind in Denmark …

Read More »

CISA Sets a Deadline November 17
Juniper Patches Over 30 Vulnerabilities in Junos OS

Junaper logo

Juniper Networks, a manufacturer of networking equipment, has released patches for over 30 vulnerabilities in Junos OS and Junos OS Evolved. These patches include fixes for nine high-severity vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to …

Read More »