InfoSecBulletin Cybersecurity for mankind
TechCrunch reports that Byte Federal, a major Bitcoin ATM operator in the U.S., has experienced a data breach affecting the personal information of thousands of customers. A Florida-based company recently reported to the Maine attorney general that hackers tried to access data from about 58,000 customers. The breached information includes …
Read More »TimeLine Layout
December, 2024
-
12 December
CVE-2024-11274
GitLab Patch Release for CE and EE
GitLab has released a critical security update for several versions of its platform, including versions 17.6.2, 17.5.4, and 17.4.6 for both Community and Enterprise Editions. This update fixes vulnerabilities that could result in account takeovers, denial of service attacks, and data leaks. CVE-2024-11274 (CVSS 8.7) is a critical vulnerability that …
Read More » -
12 December
Researcher claim to bypass Microsoft Azure MFA flaw within hour
Oasis Security discovered a flaw in Microsoft’s Multi-Factor Authentication (MFA) system, allowing attackers to bypass it and access user accounts, including Outlook, OneDrive, Teams, and Azure. With over 400 million Office 365 users, the impact of this vulnerability could be significant. Research team claim, “The bypass was simple: it took …
Read More » -
12 December
Meta fails to detect
9 Deepfake videos identified of Dr. Md. Yunus and Shakib Khan
Dr. Md. Yunus, the chief advisor to the interim government of Bangladesh, is the victim of propaganda using artificial intelligence. A Deepfakes video of him has been seen on social media for the past few days where he is heard saying on the gambling site, “I have decided to create …
Read More » -
12 December
Facebook, Instagram, and Threads are reportedly down
Facebook, Instagram and threads are experiencing technical issues, causing temporary disruptions worldwide. Many users are having trouble messaging, and Meta has not yet commented on the cause of the outage. Around 11:30 pm on Wednesday, many users experienced login issues with the web version of WhatsApp, receiving a ‘service not …
Read More » -
11 December
U.S. Charges Chinese man linked to global Firewall hack
A federal court in Hammond, Indiana, has unsealed an indictment against Guan Tianfeng, a Chinese citizen, for allegedly hacking firewall devices globally in 2020. Guan and his co-conspirators, employed by Sichuan Silence Information Technology Co. Ltd., targeted a previously unknown vulnerability (an “0-day” vulnerability) in firewalls produced by U.K.-based Sophos …
Read More » -
11 December
Hackers Exploit AWS Misconfigurations: allegedly 2TB data lost
Thousands of AWS customers had terabytes of sensitive data, including personal details, AWS credentials, and proprietary code, compromised in a cyber attack linked to the ShinyHunters hacking group. They gained access to sensitive information through poorly set up systems, resulting in over 2 TB of compromised data. Cybersecurity researchers Noam …
Read More » -
11 December
Microsoft December 2024 Patch Tuesday – 71 Vulnerabilities Fixed, 1 Zero-day
Microsoft published December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws. The number of bugs in each vulnerability category is listed below: 27 Elevation of Privilege Vulnerabilities3 …
Read More » -
10 December
CISA listed Over 270 Critical Vulnerabilities: What’s New!
CISA has released a bulletin that lists over 270 Critical vulnerabilities discovered in various software and hardware in the past week. These vulnerabilities impact popular apps, operating systems, IoT devices, and development frameworks, creating significant risks if not fixed. Vulnerabilities have been categorized using the Common Vulnerability Scoring System (CVSS). …
Read More » -
10 December
Cyberattacks targeting Indian Government rose by 138%
India has experienced a 138% rise in cyberattacks on government bodies from 2019 to 2023. This increase has prompted a response from the government, detailed in a recent report to the Rajya Sabha. From 2019 to 2023, cyberattacks on Indian government entities surged from 85,797 to 204,844, indicating a significant …
Read More »
