InfoSecBulletin Cybersecurity for mankind
A deceptive proof-of-concept exploit for CVE-2024-49113, known as “LDAPNightmare,” on GitHub spreads infostealer malware that steals sensitive data and sends it to an external FTP server. Trend Micro discovered a case where hackers trick users into infecting themselves with malware. Trend Micro reports a malicious GitHub repository that seems to …
Read More »TimeLine Layout
January, 2025
-
10 January
Alert! Fake Crowdstrike Recruitment Emails Spread XMRig cryptominer
In a sophisticated phishing campaign, uncovered cybercriminals are exploiting CrowdStrike’s recruitment branding to target developers and deploy the XMRig cryptominer. This scam uses fake job offers to trick victims into downloading harmful software disguised as an “employee CRM application.” The attack starts with a phishing email pretending to be from …
Read More » -
10 January
Facebook awards researcher $100,000 to find bug allowing internal access
In October 2024, security researcher Ben Sadeghipour discovered a vulnerability in Facebook’s ad platform that allowed him to run commands on its internal server, giving him control over it. After Sadeghipour reported the vulnerability to Meta, Facebook’s parent company, it was fixed within an hour, and he received a $100,000 …
Read More » -
10 January
Top 4 Malware you have to Prepare for in 2025
In 2025, malware attacks will persist. To prepare, organizations should familiarize themselves with common malware families. Here are five to focus on now. LockBit: LockBit is a major ransomware targeting Windows devices and is a significant threat in Ransomware-as-a-Service (RaaS) attacks. Its decentralized structure has allowed it to infiltrate high-profile …
Read More » -
9 January
Palo Alto Networks Expedition Tool Vuln Lead to Exposure of Firewall Credentials
Palo Alto Networks released a security advisory about vulnerabilities in its Expedition migration tool that could expose sensitive data and enable unauthorized actions on affected systems. Expedition, formerly the Migration Tool, is a free tool that helps users migrate to the Palo Alto Networks NGFW platform and provides a temporary …
Read More » -
9 January
US introduces Cyber Trust Mark for smart devices
Launched in July 2023, the new US Cyber Trust Mark allows smart devices from participating vendors to showcase their cyber resilience through the prominent display of the Cyber Trust Mark logo. “Americans have many ‘smart’ wireless interconnected devices in their homes, from baby monitors to home security cameras to voice-activated …
Read More » -
8 January
CISA warns of critical Oracle, Mitel flaws active exploitation
CISA has urgent warnings for organizations regarding three security flaws in Mitel and Oracle systems that are currently being exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog and pose major risks to federal agencies and businesses. Two vulnerabilities impact Mitel MiCollab, a widely used unified communications …
Read More » -
8 January
Best Cybersecurity Certifications for Your Career in 2025
Cybersecurity professionals serve as the first line of defense against hackers, hacktivists, and ransomware groups. To combat these cyber threats, there is an ever-growing need for skilled individuals who can effectively identify and mitigate cyber risks. As we enter 2025, both aspiring cybersecurity experts and seasoned professionals must stay informed …
Read More » -
7 January
CVE-2024-40766
48,000+ Vulnerable SonicWall Devices exposed to ransomware attack
Over 48,000 SonicWall devices are still vulnerable to a serious security flaw, putting organizations worldwide at risk of ransomware attacks. The CVE-2024-40766 vulnerability was disclosed in September 2024 and is actively exploited by ransomware groups Akira and Fog. CVE-2024-40766 is a serious access control vulnerability in SonicWall’s SonicOS, used in …
Read More » -
6 January
India releases draft Digital Personal Data Protection Rules
On Friday, the Indian government released the draft Digital Personal Data Protection Rules, requiring social media and online platforms to obtain verifiable consent from parents before children can create accounts. Parents must validate their identity and age using voluntary identity proof issued by a recognized legal entity or the government, …
Read More »