InfoSecBulletin Cybersecurity for mankind
A new malware campaign is currently installing fake Google Chrome and Microsoft Edge extensions through a trojan found on fake websites posing as popular software. “The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal …
Read More »TimeLine Layout
August, 2024
-
10 August
Microsoft discloses an unpatched Office zero-day
A high-severity zero-day vulnerability has been found affecting Office 2016 and later. Microsoft is currently working on a patch to fix this issue. The vulnerability, known as CVE-2024-38200, could let unauthorized people access protected data like system status, configuration data, personal information, or connection metadata. This zero-day affects different 32-bit …
Read More » -
8 August
0.0.0.0 Day: Exploiting Localhost APIs From the Browser
A recent study found a vulnerability in major internet browsers that has existed for 18 years. This vulnerability makes private and corporate networks open to cyberattacks. Researchers from Oligo Security discovered that hackers can take advantage of how browsers handle requests to the IP address 0.0.0.0 by redirecting them to …
Read More » -
8 August
CISA, FBI released joint advisory for Blacksuit ransomware
The FBI and CISA updated their advisory to confirm that the Royal ransomware group now goes by the name “BlackSuit” and still demands very high ransom amounts, up to $60 million. The advisory has new technical information to help defenders detect the activity of the group, known as Royal ransomware …
Read More » -
8 August
DATA CENTER ALERT: AMD Patches Security Flaws in EPYC Processors
AMD has released a security bulletin about three possible vulnerabilities in its Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) technology. A researcher found vulnerabilities that could let a malicious hypervisor controlled by the host system access or modify the memory of a guest VM. This poses big risks to …
Read More » -
8 August
Researchers detect 30 new ransomware in July
Cybersecurity experts found 30 new types of ransomware in July. These harmful programs are a big threat to people and businesses. Each new variant makes it harder to detect and stop them. Ransomware works by locking important data on infected computers and then asking for a lot of money in …
Read More » -
7 August
CrowdStrike publish Root Cause of Global System Outages
CrowdStrike, a cybersecurity company, has released its analysis on the Falcon Sensor software update crash that affected millions of Windows devices worldwide. The “Channel File 291” incident was traced back to a content validation issue. This issue came up when a new Template Type was introduced. The purpose of this …
Read More » -
7 August
Microsoft 365 anti-phishing protection can be bypassed with CSS
Researchers found a way to get around a security measure in Microsoft 365, making it more likely for users to open harmful emails. Outlook has a hidden anti-phishing measure called the ‘First Contact Safety Tip.’ It warns recipients when they receive an email from an unfamiliar address. Outlook displays an …
Read More » -
7 August
Interim government to decide on resignation of top officials: Bangladesh Bank
In the changed reality, Bangladesh Bank employees demanded the resignation of the top officials of the bank, the interim government will decide. These persons were appointed on contractual basis by the recently resigned government. As a result, any new government will have to decide about them. Apart from this, Bangladesh …
Read More » -
7 August
Bangladesh Bank Deputy Governor resigned
Bangladesh Bank Deputy Governor Kazi Saidur Rahman resigned on the second day of opening office after the fall of the Sheikh Hasina government. On Wednesday (August 7) he resigned handing over the responsibility to Executive Director-1. Kazi Saidur Rahman became the Deputy Governor of Bangladesh Bank on 22 November 2020. …
Read More »