InfoSecBulletin Cybersecurity for mankind
Fortinet released security patches for a critical vulnerability (CVE-2023-37936) involving a hard-coded cryptographic key. This flaw lets remote, unauthorized attackers use the key to execute unauthorized code through specially crafted cryptographic requests.
The use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.
CVE-2023-37936
Fortinet released update for a critical cryptographic key vuln
By infosecbulletin
/ Tuesday , January 14 2025
Fortinet released security patches for a critical vulnerability (CVE-2023-37936) involving a hard-coded cryptographic key. This flaw lets remote, unauthorized attackers...
Read More
Millions of Accounts Vulnerable due to Google’s OAuth Flaw
By infosecbulletin
/ Tuesday , January 14 2025
A critical flaw in Google’s "Sign in with Google" system has put millions of Americans at risk of data theft....
Read More
CISA Adds Second BeyondTrust Flaw to KEV On Active Attacks
By infosecbulletin
/ Tuesday , January 14 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a second security flaw affecting BeyondTrust’s Privileged Remote Access (PRA) and Remote...
Read More
Abusing AWS features: Ransomware Encrypting S3 Buckets
By infosecbulletin
/ Tuesday , January 14 2025
Executive Summary: Native Resource Abuse: Threat actor dubbed Codefinger uses compromised AWS keys to encrypt S3 bucket data via SSE-C,...
Read More
$12.9 B Cybersecurity Boom Awaits India for 2030
By infosecbulletin
/ Tuesday , January 14 2025
India has made strides in cybersecurity by clarifying ministerial roles in September 2024 and implementing a National Security Directive that...
Read More
Emerging Phishing Threat in Bangladesh’s Cyber Space
By infosecbulletin
/ Monday , January 13 2025
BGD e-GOV CIRT report highlights a recent surge in phishing attacks targeting Bangladeshi government organizations, law enforcement, and educational institutions....
Read More
Fake LDAPNightmware exploit on GitHub spreads malware
By infosecbulletin
/ Saturday , January 11 2025
A deceptive proof-of-concept exploit for CVE-2024-49113, known as "LDAPNightmare," on GitHub spreads infostealer malware that steals sensitive data and sends...
Read More
Alert! Fake Crowdstrike Recruitment Emails Spread XMRig cryptominer
By infosecbulletin
/ Friday , January 10 2025
In a sophisticated phishing campaign, uncovered cybercriminals are exploiting CrowdStrike’s recruitment branding to target developers and deploy the XMRig cryptominer....
Read More
Facebook awards researcher $100,000 to find bug allowing internal access
By infosecbulletin
/ Friday , January 10 2025
In October 2024, security researcher Ben Sadeghipour discovered a vulnerability in Facebook's ad platform that allowed him to run commands...
Read More
Top 4 Malware you have to Prepare for in 2025
By infosecbulletin
/ Friday , January 10 2025
In 2025, malware attacks will persist. To prepare, organizations should familiarize themselves with common malware families. Here are five to...
Read More
