InfoSecBulletin Cybersecurity for mankind
Google has patched a “high-severity” vulnerability that may be “under limited, targeted exploitation” in Android devices. Google issued an advisory stating that the bug, known as CVE-2024-36971, affects the Linux kernel. This kernel is a crucial part of an operating system, connecting the software to the computer’s hardware. According to …
Read More »TimeLine Layout
August, 2024
-
6 August
Critical Vulnerability in Apache OFBiz Requires Patching
The Mirai botnet is exploiting a new directory traversal vulnerability in Apache OFBiz. This Java framework is supported by the Apache Foundation. It is used to create ERP (Enterprise Resource Planning) applications that manage sensitive business data. Despite being less common than commercial alternatives, ERP applications are crucial for businesses. Vulnerability …
Read More » -
4 August
EU’s World-First Artificial Intelligence Rules Officially Taking Effect
The European Union’s artificial intelligence law, the first of its kind in the world, officially came into effect on Thursday. This is a significant step in the EU’s efforts to regulate this technology. The Artificial Intelligence Act aims to protect the “fundamental rights” of citizens in the 27-nation bloc and …
Read More » -
3 August
CISA issues nine industrial control system advisories
CISA released nine advisories about Industrial Control Systems (ICS) on August 1, 2024. They give important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-214-01 Johnson Controls exacqVision Client and exacqVision Server ICSA-24-214-02 Johnson Controls exacqVision Web Service ICSA-24-214-03 Johnson Controls exacqVision Web Service ICSA-24-214-04 Johnson Controls exacqVision …
Read More » -
3 August
“RayV Lite” Open Source Tool Enables Laser Hacking of Computer Chips
“At the upcoming Black Hat cybersecurity conference in Las Vegas, Sam Beaumont and Larry ‘Patch’ Trowell from NetSPI, a security firm, will showcase their new laser hacking device, the RayV Lite. They intend to release the design and component list of their tool as open source, enabling anyone to access …
Read More » -
2 August
BingoMod RAT: Android Banking Trojan Empties Accounts, Wipes data
Cleafy found a harmful software called BingoMod that targets Android devices. The malware tries to get into bank accounts on the device and steal money, then it erases the device’s activity. Cleafy says that BingoMod is a type of remote access Trojan (RAT). Attackers can use it to control devices …
Read More » -
2 August
Hackers Abuses Cloudflare Tunnels to Deliver malware
Proofpoint is monitoring a group of cybercriminals using Cloudflare Tunnels to distribute malware. They are exploiting the TryCloudflare feature to create one-time tunnels without needing an account. Tunnels allow remote access to data and resources not on the local network, similar to using a virtual private network (VPN) or secure …
Read More » -
1 August
1M domains at risk of ‘Sitting Ducks’ domain hijacking
More than a dozen threat actors are using a strong attack method in the domain name system (DNS). These hackers can take control of domain names without the owners realizing, and then use them for harmful activities. Infoblox, an IT automation and security company, cautions about this risk. The “Sitting …
Read More » -
1 August
Ransomware Attack Forces 300 Indian Banks To Temporarily Stop Payment Systems
A ransomware attack on a tech provider has caused payment systems in nearly 300 local Indian banks to temporarily shut down, according to two reliable sources. The attack affected C-Edge Technologies, a provider of banking technology systems to small banks across the country, they said. C-Edge Technologies did not respond …
Read More » -
1 August
SMS Stealer Targets 600 Global Brands: Over 105,000 samples identified
Zimperium’s zLabs found a new threat called SMS Stealer. It has been found in over 105,000 samples and affects more than 600 global brands. SMS Stealer poses risks like account takeovers and identity theft. SMS stealer: The SMS Stealer threat was discovered in 2022. It tricks victims by using fake …
Read More »