Zyxel released patches for 15 security issues affecting network-attached storage (NAS), firewall, and access point (AP) devices. The fixes address critical flaws that could allow authentication bypass and command injection. The three vulnerabilities are listed below : CVE-2023-35138 (CVSS score: 9.8): There is a vulnerability that allows an attacker to …
Read More »
Booking.com, a major online travel agency, reported that customers have been targeted by hackers. While the agency’s systems are secure, online criminals have scammed many customers by stealing login credentials from the agency’s partner hotels. These criminals then pose as hotel staff to deceive customers. What have the online attacks …
Read More »
Google has fixed the sixth Chrome zero-day bug that was exploited in the wild this year. The flaw is identified as CVE-2023-6345. “Google is aware that an exploit for CVE-2023-6345 exists in the wild,” Google said. This vulnerability has many risks, such as executing any code and causing crashes. Benoît …
Read More »
The creators of the open-source file-sharing software ownCloud have alerted users about three serious security vulnerabilities. These flaws could allow attackers to access confidential information and make changes to files. Brief description of the vulnerabilities is as follows: Sensitive credentials and configuration in container deployments for graphapi versions 0.2.0 to …
Read More »
A new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack. A new technique for launching distributed denial of service (DDoS) attacks has been discovered. It is identified as CVE-2023-44487 and has a high severity rating of 7.5. In addition, this vulnerability …
Read More »
Bangladesh Government’s Computer Incident Response Team (BGD e-GOV CIRT) proactively releases critical threat intelligence information to ensure the security of Bangladesh’s cyberspace. Following this, CIRT has recently identified critical vulnerabilities for critical information infrastructure (CII). CIRT published cyber alert for critical information infrastructure (CII) on Thursday (23 November). The report …
Read More »
Security researchers were able to bypass authentication on three popular laptops by testing the fingerprint sensors used for Windows Hello. The research was done by Blackwing Intelligence and Microsoft’s MORSE. Target devices include a Dell Inspiron 15 with a Goodix fingerprint sensor, a Lenovo ThinkPad T14s with a Synaptics sensor, …
Read More »
It is important to regularly update your passwords. Many people still use very simple passwords, which can be easily cracked by cybercriminals. According to NordPass research, some popular passwords can be cracked in less than a second. Research says that 31 percent of people worldwide still use common passwords like …
Read More »
Microsoft Patch Tuesday security updates for November 2023 addressed 63 new vulnerabilities in Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; ASP.NET and .NET Framework; Azure; Mariner; Microsoft Edge (Chromium-based), Visual Studio, and Windows Hyper-V. The IT giant has addressed vulnerabilities with different severity ratings. Three are …
Read More »
Hackers attacked Denmark’s critical infrastructure by compromising 22 energy organizations. This information was revealed by SektorCERT, a non-profit cybersecurity center for critical sectors. In May 2023, hackers attacked Danish critical infrastructure and compromised several organizations in just a few days. This was the biggest attack of its kind in Denmark …
Read More »
InfoSecBulletin Cybersecurity for mankind
