InfoSecBulletin Cybersecurity for mankind
Cybernews has uncovered a huge data leak at MC2 Data, a background check company, impacting many US citizens. MC2 Data and similar companies provide public records and background check services by collecting and analyzing data from various public sources, such as criminal records, employment history, family information, and contact details. …
Read More »TimeLine Layout
September, 2024
-
21 September
80% of organizations faced an email-based security breach
Most critical infrastructure sectors have experienced an email security breach in the past year. A study by Osterman Research, commissioned by OPSWAT, found that 80% of organizations suffered an email-based security breach. Even as criminal hackers target the sector, CI businesses appear to be failing to protect their systems. Osterman …
Read More » -
20 September
Dell to investigate data breach claim after hacker leaks info
Dell is investigating claims of a data breach after a threat actor leaked information on over 10,000 employees. “We are aware of the claims and our security team is currently investigating,” Dell told BleepingComputer. A hacker called “grep” claims that Dell suffered a “minor” data breach, stealing over 10,000 employee …
Read More » -
20 September
ALERT
Hackers Using Supershell Malware Targeting Linux SSH Servers
Researchers found an attack targeting poorly secured Linux SSH servers using Supershell, a backdoor written in Go that gives attackers remote control of affected systems. After the initial infection, attackers likely used scanners to find more vulnerable targets and launched dictionary attacks with credentials collected from the compromised systems. The …
Read More » -
19 September
GitLab Patches Critical Authentication Bypass flaw
GitLab released patches for a critical flaw in Community and Enterprise Editions that could allow authentication bypass. The vulnerability in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0) could let an attacker log in as any user in the affected system. It was fixed by the maintainers last week. The issue …
Read More » -
19 September
Ransomware hit Bangladeshi Globe Pharmaceuticals Ltd
On September 16, 2024, Globe Pharmaceuticals Ltd., a major pharmaceutical company in Bangladesh, was hit by a ransomware attack detected by the BCSI Threat Intelligence Platform, highlighting ongoing cyber vulnerabilities in established firms. The Attack Unfolds: Globe Pharmaceuticals experienced a ransomware attack on September 16th, but the method of attack …
Read More » -
18 September
Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware
The FBI has alerted that cyber actors have compromised over 260,000 internet-connected devices, mainly routers, to form a large botnet for malicious activities, including distributed denial of service attacks and identity concealment. The FBI advisory states that a botnet, managed by the China-based Integrity Technology Group, has been active since …
Read More » -
18 September
Chrome 129 Released Fix with multiple Security Flaws
Google has released Chrome 129 for Windows, Mac, and Linux users. The update will be available gradually over the next few days and weeks. The latest Chrome version (129.0.6668.58 for Linux, 129.0.6668.58/.59 for Windows and Mac) includes several improvements and important security fixes. This release focuses on security by fixing …
Read More » -
18 September
Broadcom fixed RCE bug in VMware vCenter Server
Broadcom has fixed a serious VMware vCenter Server vulnerability that allows attackers to execute remote code on unpatched servers through network packets. vCenter Server is the main management hub for VMware’s vSphere suite, enabling administrators to oversee and monitor virtualized infrastructure. The vulnerability (CVE-2024-38812) identified by TZL security researchers at …
Read More » -
18 September
Cybercriminal now misuse Microsoft Azure tool to steal data
Ransomware groups like BianLian and Rhysida use Microsoft’s Azure Storage Explorer and AzCopy to steal data from hacked networks and store it in Azure Blob storage. Storage Explorer is a GUI tool for managing Microsoft Azure, while AzCopy is a command-line tool for large data transfers to and from Azure …
Read More »