InfoSecBulletin Cybersecurity for mankind
Check Point has released hotfixes for a VPN vulnerability used in attacks to gain remote access to firewalls and try to breach corporate networks. On Monday, the company warned about an increase in attacks on VPN devices and provided recommendations on how admins can protect their devices. The CVE-2024-24919 vulnerability …
Read More »TimeLine Layout
May, 2024
-
29 May
First American December data breach impacts 44,000 people
In December 2023, The First American Financial Corporation, a major title insurance company in the US, experienced a cyberattack. This resulted in the personal information of approximately 44,000 individuals being exposed. The company disclosed this data breach to the US Securities and Exchange Commission (SEC) on May 28, 2024. This …
Read More » -
29 May
Exploit released for maximum severity RCE In FORTINET SIEM
Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Horizon3’s Attack Team released a demonstration of a security vulnerability, identified as CVE-2024-23108, in Fortinet’s SIEM solution. This vulnerability allows attackers to run commands as the most powerful user on publicly accessible FortiSIEM devices. …
Read More » -
29 May
Bangladeshi app “Boithok” got WSIS award 2024
State Minister for Posts, Telecommunications and Information Technology Zunaid Ahmed Palak received the award in Geneva, Switzerland, winner of the World Summit on Information Society (WSIS) Award-2024, one of the awards in the information and technology sector in the international arena. This year, he received this award as the winner …
Read More » -
29 May
CISA Releases One Industrial Control Systems Advisory
CISA published an advisory on May 28, 2024, about Industrial Control Systems (ICS). They share important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-149-01 Campbell Scientific CSI Web Server: The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches …
Read More » -
28 May
Hacker targeting Check Point VPNs to breach enterprise networks
Check Point warned that threat actors are targeting their Remote Access VPN devices in an ongoing campaign to breach enterprise networks. Remote Access is included in all Check Point network firewalls. It can be set up as a client-to-site VPN for accessing corporate networks using VPN clients, or as an …
Read More » -
28 May
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
A serious security flaw has been found in the TP-Link Archer C5400X gaming router. It could allow remote code execution on vulnerable devices by sending specific requests. The vulnerability CVE-2024-5035 has a CVSS score of 10.0 and affects all versions of the router firmware up to 1_1.1.6. It has been …
Read More » -
28 May
New ATM Malware Threatens Banking Security worldwide
There appeared a new type of ATM malware that security experts warn about. It is being advertised in the cybercrime underground and specifically designed to target Europe. A bad actor claimed that the new ATM malware called “EU ATM Malware” has 99% success rate. It can compromise most ATMs in …
Read More » -
28 May
Daily Cybersecurity update, May 27, 2024
Infosecbulletin’s daily cyber security update is a daily basis security updates across the globe. This aim is to inform the readers todays happenings in cyber world. Using various ways the information is collected and only the headlines are shown here. Users are advised to read out the full report for …
Read More » -
27 May
ENEA BOLG POST
Cybercriminals exploit top 3 cloud storage for SMS scams
Researchers found criminal SMS phishing scam campaigns that exploit cloud storage services like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage. These campaigns, run by unknown threat actors, aim to send SMS messages to redirect users to malicious websites in order to steal their information. According …
Read More »
