InfoSecBulletin Cybersecurity for mankind
India has made the National Security Council Secretariat (NSCS) the nodal agency for dealing with the growing threats to cyber security. As per a notification issued late Friday evening, PM-led NSCS has been mandated “to provide overall coordination and strategic direction for cyber security” in addition to assisting the National …
Read More »TimeLine Layout
October, 2024
September, 2024
-
30 September
Facial DNA provider exposes thousands biometric data
Cybersecurity researcher Jeremiah Fowler has uncovered a major data breach at ChoiceDNA, an Indiana-based firm offering DNA testing and facial recognition services involving biometric images and personal information. Fowler reported to Infosecbulletin that around 8,000 sensitive documents, including biometric images and metadata, were publicly accessible without password protection. The unsecured …
Read More » -
29 September
Task force says
Ransomware hit 117 countries, Over 6,500 attacks recorded
In 2023, over 6,500 ransomware attacks were reported, affecting a record 117 countries worldwide after a decline in 2022. Ransomware incidents rose 73% year-over-year to 6,670, with significant increases in June and July linked to a widely used file transfer tool. The Ransomware Task Force, established in 2021 by the …
Read More » -
29 September
CTF competition at BCS: Registration open
A CTF contest is going to be organized at Bangladesh Computer Society (BCS). The registration process is automatically started for the contest. The contest will be on cryptography, reverse engineering, forensics, web, binary exploitation, PWN, OSINT, Networking and steganography. Contest module: • 24 hours training ( 3 days) • Every Saturday …
Read More » -
29 September
NIST unveils new password guidelines 2024: 11 rules to follow
The National Institute of Standards and Technology (NIST) has issued new guidelines for password security, representing a major change from standard practices. These new recommendations, outlined in NIST Special Publication 800-63B, aim to enhance cybersecurity while improving user experience. NIST has changed its approach to password complexity. Instead of requiring …
Read More » -
28 September
Meta fined $101 million for storing passwords in plaintext
Meta was fined over $100 million by the EU privacy regulator on Friday due to a security issue with Facebook users’ passwords. The Irish Data Protection Commission fined the U.S. tech company 91 million euros ($101.6 million) after an investigation. The watchdog opened an investigation in 2019 after Meta reported …
Read More » -
27 September
Microsoft warns Storm-0501 targets hybrid cloud environments
Microsoft cybersecurity researchers found that the “Storm-0501” ransomware group is targeting hybrid cloud environments. Storm-0501 Attacking Cloud Environments: Storm-0501 is a ‘financially motivated’ threat group that has launched a sophisticated ‘multi-stage attack’ targeting “hybrid cloud environments” across various ‘U.S. sectors’ and ‘critical infrastructure.’ The group exploited vulnerabilities in Zoho ManageEngine, …
Read More » -
27 September
RCE flaw impacts all GNU/Linux System: Details Revealed
Simone Margaritelli has discovered a serious remote code execution (RCE) vulnerability in the Common Unix Printing System (CUPS), impacting all GNU/Linux systems. Simone Margaritelli has revealed technical details about the unauthenticated RCE flaw affecting all GNU/Linux systems, which he previously reported. The flaw, comprising four CVEs (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177), …
Read More » -
27 September
Octo2: European Banks Already Under Attack by New Malware varient
Cybersecurity researchers at ThreatFabric have identified a new and more dangerous variant of the Octo banking malware, called “Octo2.” This evolved version of ExobotCompact is already targeting European financial institutions, with attacks reported in Italy, Poland, Moldova, and Hungary. Octo2 features improved remote access and advanced anti-detection methods, making it …
Read More » -
27 September
CISA Releases Guideline mitigating Active Directory compromise
To improve cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has partnered with international agencies to release a guide on detecting and addressing Active Directory compromises. This guidance, from the ASD, NSA, CCCS, NCSC-NZ, and NCSC-UK, informs organizations about common techniques used by cybercriminals to target Microsoft Active Directory. Active …
Read More »
