InfoSecBulletin Cybersecurity for mankind
Tenable security researchers found a vulnerability in Google Cloud Platform’s Cloud Functions service that could allow an attacker to access other services and sensitive data without permission. Tenable has given the vulnerability the name ConfusedFunction. “An attacker could escalate their privileges to the Default Cloud Build Service Account and access …
Read More »TimeLine Layout
July, 2024
-
25 July
BD CIRT published advisory on Web Application and Database Security
BDG e-GOV CIRT’s Cyber Threat Intelligence Unit has noticed a concerning increase in cyber-attacks against web applications and database servers in Bangladesh. Hackers are trying to deface government websites, steal important information, and disrupt online services through DDoS attacks. Organizations are advised to take precautions to protect themselves online. CIRT …
Read More » -
25 July
GitLab fixed six security flaws and recommends updating shortly
GitLab released a security update today to fix six vulnerabilities in its software. Although none of the flaws are critical, there is one high-severity cross-site scripting bug that could seriously affect users who don’t update quickly. The update, which applies to GitLab Community Edition (CE) and Enterprise Edition (EE), includes …
Read More » -
25 July
Researchers Unveil Massive Quad7 Botnet Targeting Microsoft 365
Sekoia.io and Intrinsec analyzed the Quad7 (7777) botnet, which uses TCP port 7777 on infected routers to carry out brute-force attacks on Microsoft 365 accounts. Attacks were detected on 0.11% of monitored accounts. Key insights highlighted by researchers: Botnet Evolution: Quad7 has been active for a long time and continues …
Read More » -
24 July
Threat Actor announce new DDoS Panel “Cliver”
A threat actor has announced a new DDoS tool called Cliver, which offers strong attack methods for disrupting web services, including HTTP/2 and TLS floods, Cloudflare bypass, and browser emulation for bypassing CAPTCHA. The threat actor shared more information in a FAQ section. Cliver is a strong Layer 7 (L7) …
Read More » -
24 July
CISA added two security flaws to its KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The vulnerabilities are listed below – CVE-2012-4792 (CVSS score: 9.3) – Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) – Twilio Authy Information Disclosure …
Read More » -
18 July
Cisco SSM On-Prem bug allows change any user’s password
CISCO fixed a vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem). The vulnerability could allow an attacker without authentication to change the password of any user, even administrative users. The problem is caused by not implementing the password-change process correctly. An attacker could take advantage …
Read More » -
18 July
Nacsa investigates
Malaysia Telco U Mobile Four Million user data allegedly Breached
Malyasian National Cyber Security Agency (Nacsa) is investigating a possible data breach that exposed the data of four million U Mobile subscribers. The data, which claimed to contain personal information like names, addresses, MyKad numbers, andThe data, which may include personal information like names, addresses, MyKad numbers, and mobile phone …
Read More » -
17 July
APT17 Targets Italian Companies with 9002 RAT Malware
APT17 has recently been seen attacking Italian companies and government organizations. They are using a modified version of a well-known malware called 9002 RAT. Two targeted attacks occurred on June 24 and July 2, 2024, according to an analysis by Italian cybersecurity company TG Soft published last week. “The first …
Read More » -
17 July
(CVE-2024-37381)
Ivanti Patches SQLi Vulnerability in Endpoint Management Software
Ivanti fixed a SQL Injection vulnerability in its Endpoint Management software. This vulnerability, designated as CVE-2024-37381, could have allowed authenticated attackers on the same network to run any code on affected systems. The EPM software is used in many industries to manage different device platforms such as Windows, macOS, Chrome …
Read More »
