InfoSecBulletin Cybersecurity for mankind
ISACA Dhaka chapter arranged a Continuing Professional Education (CPE) seminar for the community as its calendar work to develop the professionals. On 28 December, Saturday at ISACA Dhaka office with the participation over 50 participants the seminar draw the attention with the two leading topic on “Leadership & Communication is …
Read More »TimeLine Layout
December, 2024
-
27 December
Update Immediately
Palo Alto Releases Patch for PAN-OS DoS Flaw
Palo Alto Networks has revealed a high severity vulnerability in PAN-OS software that may lead to a denial-of-service (DoS) issue on affected devices. The vulnerability CVE-2024-3393 (CVSS score: 8.7) affects PAN-OS versions 10.X and 11.X, and Prisma Access with PAN-OS versions 10.2.8 or later and before 11.2.3. It has been …
Read More » -
27 December
Cyberattack Hit Japan Airlines Systems, delaying flights
Japan Airlines reported a cyberattack on Thursday that delayed over 20 domestic flights. The airline managed to stop the attack and restore its systems within hours, and confirmed that flight safety was not affected. JAL reported that a network issue began Thursday morning, affecting both internal and external systems. The …
Read More » -
26 December
Hacker reportedly leak Indonesia Gov.t 82 GB data
Hackers claimed to have accessed and stolen 82 GB of sensitive data from Indonesia’s Regional Financial Management Information System (SIPKD). GBHackers News reported the data breach announced on a hacking forum, exposing sensitive financial, administrative, and personal information, raising significant security and privacy concerns. The stolen data, which includes backups …
Read More » -
25 December
BCSI officially announce National Vulnerability Disclosure Program (NVDP)
Bangladesh Cyber Security Intelligence (BCSI) officially launch the National Vulnerability Disclosure Program (NVDP) to enhance the country’s cybersecurity. This initiative aims to create a secure platform for ethical hackers, researchers, and organizations to work together in identifying and addressing vulnerabilities that threaten government systems, critical infrastructure, and private sector entities. …
Read More » -
25 December
CVE-2024-9474
Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls
Northwave Cyber Security has found a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls. Northwave researcher claimed the backdoor was found during a forensic investigation of a compromised Palo Alto Networks device. Attackers exploited a recently disclosed vulnerability (CVE-2024-9474) to enter the system and deploy a malicious script called bwmupdate, …
Read More » -
24 December
New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs
A newly discovered vulnerability called “G-Door” enables malicious actors to bypass Microsoft 365 security by exploiting unmanaged Google Docs accounts. This flaw poses a serious threat to organizations using Microsoft 365’s Conditional Access policies. The G-Door vulnerability stems from the ability to create personal or workspace Google accounts using a …
Read More » -
24 December
CVE-2024-53961
Adobe alerts of critical ColdFusion bug with PoC exploit available
Adobe has issued urgent security updates for ColdFusion versions 2023 and 2021 to fix a critical vulnerability (CVE-2024-53961). This flaw allows attackers to read arbitrary files from the system, risking exposure of sensitive data and configuration files. It results from improper path limitations, enabling unauthorized access outside the intended directory. …
Read More » -
23 December
Splunk targets Bangladeshi market: Investing in local talent
Splunk, a unified security and observability platform turn its focuses on Bangladeshi market. On Monday (23 December) Splunk’s local partner “Aspire Tech Services and Solutions Ltd” arranged a day long bootcamp aims to provide comprehensive hands-on training for participants in order to familiarize them with the platform’s features, capabilities, and …
Read More » -
22 December
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE
A major security flaw in Craft CMS, a popular PHP content management system, has been found, enabling unauthenticated remote code execution (RCE) with default settings. The vulnerability CVE-2024-56145 was reported by security researchers and quickly patched by the Craft CMS team within 24 hours. PHP has improved over the years …
Read More »
