Microsoft has found a group called Forest Blizzard (also known as STRONTIUM) in Russia using a security vulnerability called CVE-2023-23397 to get into email accounts on Exchange servers without permission. The Polish Cyber Command (DKWOC) is working with Microsoft to stop Forest Blizzard and prevent them from using their tricks. …
Read More »
A lot number of microsoft Exchange email servers in Europe, the United States, and Asia are at risk because they are accessible on the public internet. These servers are using an old and unsupported version of the software, which makes them vulnerable to multiple security issues, including some that are …
Read More »
Zyxel released patches for 15 security issues affecting network-attached storage (NAS), firewall, and access point (AP) devices. The fixes address critical flaws that could allow authentication bypass and command injection. The three vulnerabilities are listed below : CVE-2023-35138 (CVSS score: 9.8): There is a vulnerability that allows an attacker to …
Read More »
Booking.com, a major online travel agency, reported that customers have been targeted by hackers. While the agency’s systems are secure, online criminals have scammed many customers by stealing login credentials from the agency’s partner hotels. These criminals then pose as hotel staff to deceive customers. What have the online attacks …
Read More »
Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this year. The flaw is identified as CVE-2023-6345. “Google is aware that an exploit for CVE-2023-6345 exists in the wild,” Google said. This vulnerability has many risks, such as executing any code and causing crashes. Benoît …
Read More »
The creators of the open-source file-sharing software ownCloud have alerted users about three serious security vulnerabilities. These flaws could allow attackers to access confidential information and make changes to files. Brief description of the vulnerabilities is as follows: Sensitive credentials and configuration in container deployments for graphapi versions 0.2.0 to …
Read More »
A new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack. A new technique for launching distributed denial of service (DDoS) attacks has been discovered. It is identified as CVE-2023-44487 and has a high severity rating of 7.5. In addition, this vulnerability …
Read More »
Bangladesh Government’s Computer Incident Response Team (BGD e-GOV CIRT) proactively releases critical threat intelligence information to ensure the security of Bangladesh’s cyberspace. Following this, CIRT has recently identified critical vulnerabilities for critical information infrastructure (CII). CIRT published cyber alert for critical information infrastructure (CII) on Thursday (23 November). The report …
Read More »
Security researchers were able to bypass authentication on three popular laptops by testing the fingerprint sensors used for Windows Hello. The research was done by Blackwing Intelligence and Microsoft’s MORSE. Target devices include a Dell Inspiron 15 with a Goodix fingerprint sensor, a Lenovo ThinkPad T14s with a Synaptics sensor, …
Read More »
It is important to regularly update your passwords. Many people still use very simple passwords, which can be easily cracked by cybercriminals. According to NordPass research, some popular passwords can be cracked in less than a second. Research says that 31 percent of people worldwide still use common passwords like …
Read More »
InfoSecBulletin Cybersecurity for mankind