InfoSecBulletin Cybersecurity for mankind
Fluent Bit, a widely used logging utility, has a critical vulnerability. This vulnerability can lead to denial-of-service attacks, information disclosure, and potentially remote code execution (RCE). Tenable, a cybersecurity firm, discovered this vulnerability. Fluent Bit is an open source tool that collects and processes large amounts of log data from …
Read More »TimeLine Layout
May, 2024
-
21 May
Hackers Target E-Commerce in Bangladesh, Sell order details on Dark Web
Hackers target Bangladeshi many WordPress based e-commerce sites for their illegal activities. Getting access they are now offer to sell the taken access on the dark web. But, the alarming issue is that on those post not any specific site name has been mentioned. So, this is really difficult to …
Read More » -
20 May
BCSI BLOG POST
SonicWALL Vulnerability Traded; threating for Corporate network in Bangladesh
SonicWALL SSL-VPN provides secure remote access to an organization’s internal network and resources through an encrypted SSL connection. This kind of VPN is great for giving employees and partners secure access to internal applications and data from remote locations. A hacker is selling a $1000 exploit that targets SonicWALL SSL-VPN …
Read More » -
20 May
Banking trojan Grandoreiro targeting about 1,500 banks over 60 countries
The banking trojan “Grandoreiro” is spreading widely through a phishing campaign in over 60 countries, aiming at customer accounts of about 1,500 banks. In January 2024, a joint international law enforcement operation involving Brazil, Spain, Interpol, ESET, and Caixa Bank revealed the disruption of a malware operation. The malware had …
Read More » -
18 May
Australian gov.t warns of ‘large-scale ransomware data breach’
Australian police are investigating a big data breach in a healthcare company after a ransomware attack on Thursday. The website and hotline of MediSecure, a company based in Melbourne, were offline after a breach occurred. This was confirmed by a statement from the electronic prescription service provider. No group has …
Read More » -
18 May
Patch Now: CISA Warns of Actively Exploited D-Link Router Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that two security flaws in D-Link routers have been added to its list of actively exploited vulnerabilities. The list of vulnerabilities is as follows: CVE-2014-100005 : A vulnerability that allows an attacker to manipulate D-Link DIR-600 router configurations by taking over …
Read More » -
18 May
New “Antidot” Banking Trojan disguised Fake Google Play Updates
The “Antidot” Android Banking Trojan pretends to be a Google Play update app and targets Android users in different regions. It uses VNC and overlay techniques to steal credentials. Cyble Research and Intelligence Labs (CRIL) found that the new Android Banking Trojan, called “Antidot,” pretends to be a Google Play …
Read More » -
18 May
CISA Published Encrypted DNS Implementation Guidance
CISA published a guide on using Encrypted Domain Name System (DNS) for federal civilian agencies to improve cybersecurity and meet OMB Memorandum M-22-09 requirements. Traditionally, the DNS protocol didn’t have ways to make sure requests and responses were confidential, secure, or authentic. However, the M-22-09 guideline requires agencies to encrypt …
Read More » -
17 May
Cyble Research
Transparent Tribe & SideCopy: A Cyber Alliance Targeting India
Cyble Research and Intelligence Labs found that two cyber threat groups, Transparent Tribe (APT36) and SideCopy, are using advanced strategies to target India, putting both public and private sectors at risk. Cyble Research and Intelligence Labs (CRIL) found that two APT groups, Transparent Tribe (APT36) and SideCopy, are using advanced …
Read More » -
17 May
Recordedfuture report
Hackers Exploit GitHub to Spread Malware targeting operating systems
Recorded Future’s Insikt Group has discovered a major cyber threat campaign carried out by Russian-speaking hackers, possibly located in the Commonwealth of Independent States (CIS). This campaign misuses GitHub, a platform for software development, to spread different malware. The report explains how attackers pretend to be popular software like 1Password, …
Read More »
