Monday , December 23 2024

Vulnerabilities

CIRT alert on CVEs
BD CIRT published CVE of f5, Apache, Juniper, Citrix and Atlassian

Bangladesh Government’s Computer Incident Response Team (BGD e-GOV CIRT) proactively releases critical threat intelligence information to ensure the security of Bangladesh’s cyberspace. Following this, CIRT has recently identified critical vulnerabilities for critical information infrastructure (CII). CIRT published cyber alert for critical information infrastructure (CII) on Thursday (23 November). The report …

Read More »

Black wing intelligence (video)
Windows hello fingerprint auth bypassed on Microsoft, Dell, Lenovo laptops

Laptop

Security researchers were able to bypass authentication on three popular laptops by testing the fingerprint sensors used for Windows Hello. The research was done by Blackwing Intelligence and Microsoft’s MORSE. Target devices include a Dell Inspiron 15 with a Goodix fingerprint sensor, a Lenovo ThinkPad T14s with a Synaptics sensor, …

Read More »

Change it now
your password can be cracked in seconds, if?

Showing passward

It is important to regularly update your passwords. Many people still use very simple passwords, which can be easily cracked by cybercriminals. According to NordPass research, some popular passwords can be cracked in less than a second. Research says that 31 percent of people worldwide still use common passwords like …

Read More »

Microsoft pacthes November
Microsoft November 2023 Patch fixes 5 zero-days, 58 flaws

Microsoft logo

Microsoft Patch Tuesday security updates for November 2023 addressed 63 new vulnerabilities in Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET and .NET Framework; Azure; Mariner; Microsoft Edge (Chromium-based), Visual Studio, and Windows Hyper-V. The IT giant has addressed vulnerabilities with different severity ratings. Three are …

Read More »

SektorCERT reported
Record 22 Critical Infra hit by Sandworm: An alert for CII globally

power house

Hackers attacked Denmark’s critical infrastructure by compromising 22 energy organizations. This information was revealed by SektorCERT, a non-profit cybersecurity center for critical sectors. In May 2023, hackers attacked Danish critical infrastructure and compromised several organizations in just a few days. This was the biggest attack of its kind in Denmark …

Read More »

CISA Sets a Deadline November 17
Juniper Patches Over 30 Vulnerabilities in Junos OS

Junaper logo

Juniper Networks, a manufacturer of networking equipment, has released patches for over 30 vulnerabilities in Junos OS and Junos OS Evolved. These patches include fixes for nine high-severity vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to …

Read More »

WhatsApp privacy feature
WhatsApp Introduces new privacy feature protect IP while Calling

WhatsApp introduces a privacy feature called “Protect IP Address in Calls.” This feature masks users’ IP addresses by relaying the calls through its servers. WhatsApp stated that calls are end-to-end encrypted, meaning that even if a call goes through their servers, they cannot listen to the calls. The main idea …

Read More »

ZDI published the vulnarabilities
New Microsoft Exchange zero-days allow RCE, data theft attacks

Trend Micro’s Zero Day Initiative (ZDI) Thursday (02.11.23) published four zero days vulnerabilities of Microsoft Exchange which can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. Bleeping Computer reported, these vulnerabilities were reported to Microsoft on September 7th and 8th, 2023. Microsoft acknowledges the reports …

Read More »

NGINX Ingress Controller
Vulnerabilities Uncovered in NGINX Ingress Controller for Kubernetes

Three unpatched security flaws in the NGINX Ingress controller for Kubernetes have been revealed. These flaws have a high severity level and could be used by a malicious actor to steal secret credentials from the cluster. The vulnerabilities are as follows: CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can …

Read More »

F5 warning customer: BIG-IP Vulnerability Allows Remote Code Execution

F5 warned customers about a serious security flaw in BIG-IP that may lead to unauthorized remote code execution. An issue has been identified in the configuration utility component. It is assigned the CVE identifier CVE-2023-46747 and has a CVSS score of 9.8 out of 10. F5 has stated that an …

Read More »