InfoSecBulletin Cybersecurity for mankind
On Monday, Indian HDFC life insurance said, They got some instances of data leaks. “We have received communication from an unknown source, who has shared certain data fields of our customers with us, with mala fide intent,” HDFC Life said in a regulatory filing. The company has started to security …
Read More »TimeLine Layout
November, 2024
-
26 November
Daily Security Update Dated (26.11.2024) around the world
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: Volunteer hackers dive into America’s leaky water …
Read More » -
26 November
RomCom Exploits Firefox and Windows Zero-Day
According to ESET, Russia linked Ramcom exploit the two zero days of Mozilla FireFox and Microsoft Window addressed CVE 2024-9680, and 2024-49039. “In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) …
Read More » -
24 November
MITRE discloses 2024 CWE Top 25 critical software flaw
MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The nonprofit published its latest ranking of the Top 25 Most Dangerous Software Weaknesses on November 20, highlighting critical flaws from the Common Weakness Enumeration (CWEs) catalog between June 2023 and …
Read More » -
24 November
Python NodeStealer: harvest credit card and Facebook Ads Manager
Jan Michael Alcantara of Netskope Threat Labs reported, Python NodeStealer has resurfaced with advanced techniques and a broader target range. The report shows that primarily the infostealer to target Facebook business accounts and harvests credit card information. The malware targets Facebook Ads Manager accounts to steal login details, cookies, and …
Read More » -
23 November
Cisco Talos
Over 60% of Emails with QR Codes are spam
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% …
Read More » -
23 November
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
CERT-In issued a security advisory for multiple vulnerabilities in the Zoom app that could let attackers access sensitive information, escalate privileges, or disrupt service. Vulnerabilities exist in various Zoom products, including the Zoom Workplace App, Zoom Rooms Client, and Zoom Video SDK, across multiple operating systems: macOS, iOS, Windows, Linux, …
Read More » -
23 November
Daily Security Digest Dated 11/23/24
Every day a lot of cyberattack happenings around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: # Warning on 500K French supermarket shoppers …
Read More » -
22 November
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
SafetyDetectives researchers found that Microsoft Defender was tricked by malware which allowed cryptocurrency theft from a user while analyzing a misleading NFT game app that aimed to steal cryptocurrency. The application bypassed Google’s two-factor authentication, compromising the device and stealing over $24,000 in cryptocurrency. Researchers have found that this malware …
Read More » -
22 November
Over 145,000 ICS Across 175 Countries Found Exposed Online
A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting a significant security risk. The findings are alarming for the United States, which has over one-third of global exposures (48,000 systems). This shows a pressing need for improved cybersecurity in …
Read More »