InfoSecBulletin Cybersecurity for mankind
CISA released a Resource Guide for Cybersecurity Clinics today. This guide explains how CISA can collaborate and assist cybersecurity clinics and their clients. University cybersecurity clinics train students to strengthen the digital defenses of under-resourced organizations. They help address the national cyber workforce gap by developing a talent pipeline for …
Read More »TimeLine Layout
February, 2024
-
28 February
NIST Releases Cybersecurity Framework 2.0 Officially
NIST has released its Cybersecurity Framework 2.0 after several years of consideration. The new framework expands its recommendations to cover the concerns of organizations beyond critical infrastructure. NIST issued the first CSF in 2014, in response to a presidential executive order, to assist organizations, particularly critical infrastructure, in managing cybersecurity …
Read More » -
27 February
CISA Issues Alert on APT29’s Cloud Infiltration Tactics
CISA and the UK’s NCSC released a joint advisory about new tactics of Russian Foreign Intelligence Service (SVR) cyber actors. This group, also known as APT29, Midnight Blizzard, the Dukes or Cozy Bear, has been identified by the US as a cyber-espionage entity linked to the Russian SVR intelligence agency. …
Read More » -
27 February
Bangladesh to form ‘Cyber Police Unit’: PM Sheikh Hasina
The Prime Minister of Bangladesh Sheikh Hasina has announced to form ‘Cyber Police Unit’, a separate unit to combat cyber crime. He said this while speaking to the chief guest at the Police Week inauguration ceremony at Rajarbagh Police Lines on Tuesday, February 27. The Prime Minister announced the establishment …
Read More » -
27 February
Alert – Critical SQLi Vulnerability Threatens 200K+ Websites
A critical security vulnerability has been revealed in the widely used WordPress plugin called Ultimate Member, which is installed on over 200,000 websites. The vulnerability CVE-2024-1071 has a high CVSS score of 9.8 out of 10. It was discovered and reported by security researcher Christiaan Swiers. WordPress security company Wordfence …
Read More » -
27 February
Chainalysis Report
$100 million in crypto payments to Myanmar scam syndicate
Investigators found that two cryptocurrency addresses linked to a company in Myanmar received nearly $100 million in deposits in less than two years. This sheds light on the lucrative business of conducting romance scams and extorting ransom payments from the families of trafficked workers. Chainalysis and a human rights researcher …
Read More » -
26 February
Microsoft released PyRIT, A Tool For Generative AI Systems
Microsoft has released a new open automation framework called PyRIT (Python Risk Identification Toolkit). It helps security professionals and machine learning engineers identify and reduce risks in generative models. The need for automation in AI Red Teaming: Red teaming AI systems is complex. Microsoft’s AI Red Team consists of experts …
Read More » -
26 February
NCSA organized a seminar on ‘Safe Internet Usage’ in Rangpur
The National Cyber Security Agency (NCSA) rganized a seminar on ‘Safe Internet Usage’ at Rangpur District Shilpakala Academy Auditorium. Over 500 students, teachers, and parents from various educational institutions in Rangpur City Corporation attended the seminar and were informed about staying safe in the cyber world. The National Cyber Security …
Read More » -
26 February
LockBit new .onion address
LockBit returns; new five victims disclosed
LockBit restarted their ransomware operation on a new infrastructure after law enforcement disrupted their servers. Now, they threat to target the government sector more with their attacks. The gang posted a long message admitting their negligence and sharing their future plans. “Due to my personal negligence and irresponsibility I relaxed …
Read More » -
25 February
Cyberattack halts Malawi Immigration Dept. Passport Services
The government of Malawi has stopped giving out passports after a cyber-attack on the immigration service’s computer network. President Chakwera informed members of parliament about a significant breach of national security involving the department being targeted. He said the hackers demanded a ransom but the president said the government won’t …
Read More »
