InfoSecBulletin Cybersecurity for mankind
Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The Shadowserver Foundation reports that 48,457 Fortinet devices remain publicly exposed and unpatched for CVE-2024-55591, despite urgent warnings in the last week. The situation hasn’t improved. Shadowserver started tracking exposed devices …
Read More »TimeLine Layout
January, 2025
-
21 January
Daily Security Update Dated: 21.01.2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: MITRE Launches D3FEND 1.0 – A Milestone …
Read More » -
21 January
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
Ubuntu 22.04 LTS users are advised to update their systems right away due to a crucial security patch from Canonical that fixes critical vulnerabilities in the Linux kernel for Xilinx ZynqMP processors. The Linux kernel for Xilinx Zynq UltraScale+ MPSoC is customized to support the features and hardware of these …
Read More » -
21 January
CERT-UA alerts about “security audit” requests through AnyDesk
Attackers are pretending to be Ukraine’s Computer Emergency Response Team (CERT-UA) using AnyDesk to access target computers. “Unidentified individuals are sending connection requests via AnyDesk under the pretext of conducting a ‘security audit to verify the level of protection,’ using the name ‘CERT.UA,’ the CERT-UA logo, and the AnyDesk ID …
Read More » -
21 January
Oracle Critical Pre-Release update addressed 320 flaw
Oracle Critical Patch Update Pre-Release Announcement shares details about the upcoming update scheduled for January 21, 2025. Note that this information may change before the official advisory is released. A Critical Patch Update contains patches for various security vulnerabilities. This update includes 320 new patches, some of which affect multiple …
Read More » -
21 January
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the most critical vulnerabilities and provides developers and security professionals with a roadmap to reduce risks in decentralized systems. The OWASP Smart Contract Top 10 lists the most common vulnerabilities in …
Read More » -
20 January
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out DNS rebinding attacks. Binary Security found serious security risks in a widely used development platform during a client engagement. The first vulnerability in Azure DevOps’ ‘endpointproxy’ feature enables Server-Side Request …
Read More » -
20 January
Intel holds 22 employees from one Bangladeshi University
Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and Chemical Engineering at Dhaka University, with 9 at its headquarters. Their presence is due not only to individual skills and hard work but also to the department’s robust curriculum, research …
Read More » -
19 January
VPN Surge 1500% in USA after TikTok Shut Down
vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues. ByteDance, TikTok’s Chinese parent company, is under pressure to sell its U.S. operations by January 19, 2025, or face a ban due to concerns about user data security and possible …
Read More » -
18 January
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded by the NSA and the U.S. Department of Defense, offers a flexible and user-friendly framework for cybersecurity operations and strategic decision-making. D3FEND was initially released as a beta in June …
Read More »