InfoSecBulletin Cybersecurity for mankind
Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities that affect Android versions 12, 12L, 13, and 14. The advisory said, bad attacker could potentially exploit these vulnerabilities to gain access the sensitive information stored in the devices, even …
Read More »TimeLine Layout
September, 2024
-
12 September
TD Bank fined $28 million for sharing customer data
Because of disclosing incorrect and negative data, The Consumer Financial Protection Bureau (CFPB) on Wednesday fined TD Bank, one of North American leading financial institutions $28 million to consumer reporting agencies. According to the agency, The inaccurate data included “systemic errors about credit card delinquencies and bankruptcies,”. Nearly $8 million …
Read More » -
12 September
Global-Cybersecurity-Index
Bangladesh secure role-model position by ITU
Bangladesh secure prestigious role-model position in the latest ITU cyber security index published by ITU. Bangladesh ranks among the top 10 percent of the world’s most cyber-secure countries, according to the latest Global Cyber Security Index 2024 report released by the International Telecommunication Union (ITU) on Thursday. The report places …
Read More » -
12 September
New RansomHub Attack Kill Kaspersky’s TDSSKiller To Disable EDR
Threatdown Managed Detection and Response (MDR) team has discovered the RansomHub ransomware gang using a new attack method wityh two tools: TDSKiller, to disable EDR system, and LaZagne, for stealing credentials. Although both TDSSKiller and LaZagne have been used by attackers for years, this is the first record of RansomHub …
Read More » -
11 September
Not Enough, Say Experts
India set to train 5000 ‘Cyber Commandos’
India is to make 5,000 cyber commandos over the next five years to deal with cybercrimes in India, said Home Minister Amit Shah on Tuesday. He urged that cybercrime has no boundary, and hence all stakeholders must come together to deal with its menace. The unit will consist of 5,000 …
Read More » -
11 September
Researcher detect 21 New Ransomwares in August
In August, Cybersecurity researchers identified 21 new ransomware variants that threaten indivisual and business. Cybercriminals are improving their tactics, making it harder to detect and combat these malicious programs. Ransomware encrypts valuable data, making it inaccessible, and then demands high ransoms for decryption keys. This puts personal data at risk …
Read More » -
11 September
Microsoft patch September 2024 fixes 4 zero-days, 79 flaws
Microsoft patched September 2024 Tuesday addressing 79 vulnerabilities, including four actively exploited zero-days which covers critical flaws in Windows Installer, MoTW, Publisher, and Windows Update. Those flaw are mentioned in September 2024 patch Tuesday are rated as critical, most of which were either remote code execution (RCE) or elevation of …
Read More » -
11 September
Zyxel Issues Hotfix for EOL NAS product
Zyxel issued hotfixes for a severe command injection vulnerability traced as CVE-2024-6342, affecting its NAS326 and NAS542 network-attached storage (NAS) devices. The flaw reported by security researchers Nanyu Zhong and Jinwei Dong from VARAS@IIE, poses significant risks for it allows bad actor to execute arbitrary operating system commands. Its concerning …
Read More » -
10 September
Researcher to exploit CI / CD pipelines gaining full server access
The CTO of Razz Security, Mukesh, recently exploited CI/CD pipelines to gain full server access which has its origins in the presence of an exposed .git directory on a publicly available web server. For this flaw, anyone could read and download the entire version control. It is examined that, this …
Read More » -
10 September
Hacker to exploite GeoServer Vulnerability to Deploy Malware
Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has a CVSS score of 9.8. The report said, for the poor design of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, the published …
Read More »
