InfoSecBulletin Cybersecurity for mankind
US authorities have revealed a major cyberespionage campaign by hackers, targeting information from Americans in government and politics. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint statement on Wednesday that actors affiliated with Beijing had “compromised networks at multiple telecommunications companies”. In a statement …
Read More »TimeLine Layout
November, 2024
-
15 November
(CVE-2024-52301)
Laravel Flaw Unveils Millions of Web Applications to Attack
A significant security flaw, CVE-2024-52301, has been found in the Laravel framework, which is widely used for web applications. With a CVSS rating of 8.7, this vulnerability could allow unauthorized access, data tampering, and privilege escalation in many Laravel applications. CVE-2024-52301 pertains to inadequate input validation in Laravel’s environment configuration. …
Read More » -
14 November
Bitdefender releases free decryptor for ShrinkLocker ransomware
Bitdefender has released a decryptor for the ShrinkLocker ransomware after months of concern from responders regarding attacks involving this malware. Bitdefender released a detailed blog explaining how a ransomware strain utilizes Microsoft’s BitLocker to encrypt files and removes recovery options. “ShrinkLocker is a novel ransomware strain that leverages a unique …
Read More » -
13 November
Fortinet releases updates for Various Products
Fortinet has issued security updates for several products, including FortiOS, to fix vulnerabilities that could allow cyber attackers to take control of affected systems. CISA encourages users and administrators to review the following advisories and apply necessary updates. FG-IR-23-396 ReadOnly Users Could Run Some Sensitive Operations: A client-side enforcement of …
Read More » -
13 November
Microsoft November Patch Tuesday: 4 Zero-Days & 89 flaws
Microsoft’s latest Patch Tuesday update fixes 89 security vulnerabilities. Four of these are zero-day vulnerabilities, with two currently being exploited. This patch release highlights the need for timely updates to guard against cyber threats. Zero-Day Vulnerabilities Patched: The four zero-day vulnerabilities patched in this update include two that attackers have …
Read More » -
11 November
CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems
On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-312-01 Beckhoff Automation TwinCAT Package Manager: CISA has identified a serious vulnerability in Beckhoff Automation’s TwinCAT Package Manager, a key software in manufacturing. The flaw, called CVE-2024-8934, relates to …
Read More » -
11 November
Cyberattack Disrupts Israel’s Gas and Payment Systems
A cyberattack on an Israeli clearing company on Sunday left some people unable to use their credit cards for shopping for several hours. According to Times of Israel, The incident occurred less than two weeks after a similar attack briefly disrupted another credit services company. In Sunday’s incident, a DDoS …
Read More » -
11 November
Russia blocks thousands websites using Cloudflare’s privacy service
Russia’s media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare’s encryption feature that enhances online privacy and security. Local media reports indicate that several websites were blocked overnight on October 6. These sites use Cloudflare’s Encrypted Client Hello (ECH) feature, which enhances user privacy by making it harder …
Read More » -
10 November
Hacker to sale Indian Gov.t email credentials
Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker on a private forum claims that purchasing access to these government email accounts can make anyone willing to pay a few thousand rupees “become” a government officer. The forum post …
Read More » -
9 November
Cyberattacks increase 105% in third quarter of 2024 in Bangladesh
Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024, making it one of the countries with the fastest increase in cyberattacks. It ranks second after Japan (108%) and is closely followed by France (130%), underscoring significant cybersecurity challenges. The “Quarterly Threat Intelligence …
Read More »
