InfoSecBulletin Cybersecurity for mankind
Microsoft published December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws. The number of bugs in each vulnerability category is listed below: 27 Elevation of Privilege Vulnerabilities3 …
Read More »TimeLine Layout
December, 2024
-
10 December
CISA listed Over 270 Critical Vulnerabilities: What’s New!
CISA has released a bulletin that lists over 270 Critical vulnerabilities discovered in various software and hardware in the past week. These vulnerabilities impact popular apps, operating systems, IoT devices, and development frameworks, creating significant risks if not fixed. Vulnerabilities have been categorized using the Common Vulnerability Scoring System (CVSS). …
Read More » -
10 December
Cyberattacks targeting Indian Government rose by 138%
India has experienced a 138% rise in cyberattacks on government bodies from 2019 to 2023. This increase has prompted a response from the government, detailed in a recent report to the Rajya Sabha. From 2019 to 2023, cyberattacks on Indian government entities surged from 85,797 to 204,844, indicating a significant …
Read More » -
10 December
Google unveils ‘mindboggling’ quantum computing chip
Google has made a quantum computing chip that can finish tasks in five minutes, which would take conventional computers 10 undecillion (10,000,000,000,000,000,000,000,000 years) to complete. That’s 10 septillion years, a number much larger than the age of our universe, leading scientists behind a recent quantum computing breakthrough to describe it …
Read More » -
8 December
Google’s released “Vanir” Open Sources Security Patch Validation Tool
Google has announced Vanir, an open-source tool for detecting and fixing security vulnerabilities, publicly available for developers. Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities (OSV) together …
Read More » -
7 December
Hacker Claim 1tb, Deloitte denies, What Inside!
The spokesperson from Deloitte told two international media that, “No Deloitte systems have been impacted,”. The allegations relate to a single client’s system which sits outside the Deloitte network, according to cybersecurity news and infosecuritynews. Times of India said, “Only a single client’s sensitive was impacted and none of the …
Read More » -
7 December
New Windows zero-day: Exposes credentials, Gets unofficial patch
A newly found zero-day vulnerability lets attackers steal NTLM credentials by manipulating targets into opening a malicious file in Windows Explorer. The 0patch team found a flaw and reported it to Microsoft, but no official fix has been released yet. 0patch reports that the issue affects all Windows versions from …
Read More » -
7 December
Daily Security Update Dated: 07.12.2024
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: Cyberattack stalls nearly $50M civic center project …
Read More » -
6 December
Patch urgently: Hundred of CISCO switches impacted
A bootloader vulnerability in Cisco NX-OS affects over 100 switches, enabling attackers to bypass image signature checks. Cisco issued security patches for the vulnerability CVE-2024-20397 (CVSS score of 5.2) in NX-OS software’s bootloader, which could allow attackers to bypass image signature verification. “A vulnerability in the bootloader of Cisco NX-OS …
Read More » -
6 December
Multiple ICS Advisories Released by CISA
On December 5, 2024, CISA issued two advisories regarding Industrial Control Systems (ICS). These advisories highlight current security issues, vulnerabilities, and exploits in ICS. Vulnerabilities found in AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s WGS-804HPT switch could severely threaten critical infrastructure if exploited. ICSA-24-340-01 AutomationDirect C-More EA9 Programming Software: …
Read More »