InfoSecBulletin Cybersecurity for mankind
OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the most critical vulnerabilities and provides developers and security professionals with a roadmap to reduce risks in decentralized systems. The OWASP Smart Contract Top 10 lists the most common vulnerabilities in …
Read More »TimeLine Layout
January, 2025
-
20 January
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out DNS rebinding attacks. Binary Security found serious security risks in a widely used development platform during a client engagement. The first vulnerability in Azure DevOps’ ‘endpointproxy’ feature enables Server-Side Request …
Read More » -
20 January
Intel holds 22 employees from one Bangladeshi University
Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and Chemical Engineering at Dhaka University, with 9 at its headquarters. Their presence is due not only to individual skills and hard work but also to the department’s robust curriculum, research …
Read More » -
19 January
VPN Surge 1500% in USA after TikTok Shut Down
vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues. ByteDance, TikTok’s Chinese parent company, is under pressure to sell its U.S. operations by January 19, 2025, or face a ban due to concerns about user data security and possible …
Read More » -
18 January
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded by the NSA and the U.S. Department of Defense, offers a flexible and user-friendly framework for cybersecurity operations and strategic decision-making. D3FEND was initially released as a beta in June …
Read More » -
17 January
AWS Patches Multiple Vulns in WorkSpaces, AppStream 2.0
Amazon Web Services (AWS) has recently fixed two major security vulnerabilities in its cloud services: Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV (Desktop Cloud Visualization). Vulnerabilities CVE-2025-0500 and CVE-2025-0501 could let attackers conduct man-in-the-middle attacks and access remote sessions without permission. CVE-2025-0500 impacts certain versions of Amazon WorkSpaces native …
Read More » -
17 January
Malware Trends Review 2024: Ever Recorded Cyber Threats
Last year saw a significant rise in cyber threats, with malware becoming more advanced and attack strategies more sophisticated. A report by ANY.RUN, an interactive malware analysis platform, noted that 2024 experienced the highest levels of complex malware threats in the global cybersecurity landscape. Surge in Malware Activity: In 2024, …
Read More » -
16 January
Botnet Exploits 13,000 MikroTik Devices Abusing Misconfigured DNS
A recent Infoblox Threat Intel report reveals a sophisticated botnet that exploits DNS misconfigurations to spread malware widely. This botnet, made up of about 13,000 compromised MikroTik devices, uses fake sender domains and malicious emails to deliver trojan malware and engage in other harmful activities. According to the report, “This …
Read More » -
16 January
CVE-2024-9042
Code Execution Vulnerability Found in Kubernetes Windows Nodes
A new security flaw traced, CVE-2024-9042, poses a serious risk to Kubernetes clusters with Windows worker nodes. It has a Medium rating and a CVSS v3.1 score of 5.9, allowing attackers to execute commands on the host machine through the node’s /logs endpoint. A vulnerability in the Kubelet component of …
Read More » -
16 January
Hacker leaked 15k config files and VPN passwords of FortiGate firewall device
The hacking group “Belsen Group” has posted over 15,000 unique FortiGate firewall configurations online. The data dump, reportedly obtained by exploiting a zero-day vulnerability in Fortinet’s systems in October 2022, contains sensitive information including usernames, passwords (some in plain text), device management certificates, and complete firewall rules. “At the beginning of …
Read More »