Sunday , February 23 2025

TimeLine Layout

August, 2024

  • 28 August

    Google Cloud Leak Exposed Data of 83,000 Shark Tank Contestant

    bucket

    A Google Cloud Storage bucket linked to Alice’s Table, a Shark Tank contestant offering virtual floral arrangement classes, has leaked personal data of over 83,000 customers. Cybernews and Cyble researchers found a misconfigured cloud bucket while investigating. Researchers found that the Google bucket belonged to Alice’s Table, a company founded …

    Read More »
  • 27 August

    CVE-2024-38856
    CISA Issues Alert for Actively Exploited Apache OFBiz Vulnerability

    coding

    CISA issued a warning about a security flaw in Apache OFBiz, an ERP system. The vulnerability is being actively exploited and has been added to CISA’s Known Exploited Vulnerabilities catalog as CVE-2024-38856. CVE-2024-38856 is a serious security flaw in Apache OFBiz. It allows attackers to run code on a remote …

    Read More »
  • 27 August

    Chinese Volt Typhoon hackers exploited Versa zero-day breaching ISPs, MSPs

    camera

    Lumen Technologies’ malware hunters have discovered Chinese APT group Volt Typhoon using a new zero-day exploit in Versa Director servers. They used this exploit to steal credentials and gain unauthorized access to the networks of downstream customers. CVE-2024-39717 is a serious vulnerability that CISA added to their must-patch list after …

    Read More »
  • 26 August

    SonicWall Issues Critical Patch for Firewall Vulnerability

    sonicwall

    SonicWall released security updates to fix a critical flaw in its firewalls. If exploited, this flaw could give unauthorized access to malicious actors. The vulnerability is known as CVE-2024-40766 and has a CVSS score of 9.3. It is an access control issue. “An improper access control vulnerability has been identified …

    Read More »
  • 25 August

    NSA Unveils Best Practices for Event Log & Threat Detection – 2024

    NSA

    NSA has released Best Practices for Event Logging and Threat Detection to make sure important systems keep working. These practices apply to cloud services, enterprise networks, mobile devices, and operational technology networks. The Cybersecurity Information Sheet (CSI) was created with international co-authors, including the Australian Signals Directorate’s Australian Cyber Security …

    Read More »
  • 25 August

    Infosecbulletin’s malware newsletter August

    hacker

    The Malware newsletter from Infosecbulletin features the top articles and research on malware from around the world. The “Mad Liberator” ransomware group leverages social-engineering moves to watch out for Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset TodoSwift Disguises Malware Download Behind …

    Read More »
  • 24 August

    Patch Now! Dell Power Manager Vulnerability Allow Unauthorized Access

    DELL

    Dell Technologies identified a security vulnerability in Dell Power Manager (DPM), in versions 3.15.0 and older. The vulnerability, named CVE-2024-39576, allows a low-privileged attacker with local access to execute code and gain higher privileges. Vulnerability Details: Lefteris Panos from LRQA Nettitude found the vulnerability in Dell Power Manager. This vulnerability …

    Read More »
  • 24 August

    CISA warns of Dahua cameras flaws being actively exploited

    camera

    CISA warned about two important vulnerabilities in Dahua IP cameras and related products. Though these vulnerabilities were discovered in 2021, CISA has now added them to its catalog “based on evidence of active exploitation.” CISA stated that Dahua IP cameras and related products have authentication bypass vulnerabilities. Attackers can bypass …

    Read More »
  • 24 August

    CISA Issues Five Industrial Control Systems Advisories

    ICS

    CISA issues five advisories about Industrial Control Systems (ICS) on August 22, 2024. These advisories give important information about security issues, weaknesses, and threats related to ICS. ICSA-24-235-01 Rockwell Automation Emulate3D ICSA-24-235-02 Rockwell Automation 5015 – AENFTXT ICSA-24-235-03 MOBOTIX P3 and Mx6 Cameras ICSA-24-235-04 Avtec Outpost 0810 ICSA-20-282-02 Mitsubishi Electric …

    Read More »
  • 23 August

    BCSI call for team CERT to Defend Bangladesh’s Cyberspace

    BCSI

    Bangladesh Cyber Security Intelligence (BCSI) has launched a Community-driven Emergency Response Team to defend the nation’s digital assets in response to recent floods and cyberattacks from a neighboring country. This team will be on the front lines, protecting Bangladesh during this critical time and ensuring that any future threats to …

    Read More »