Thursday , January 9 2025

TimeLine Layout

February, 2024

  • 26 February

    LockBit new .onion address
    LockBit returns; new five victims disclosed

    Lock Bit

    LockBit restarted their ransomware operation on a new infrastructure after law enforcement disrupted their servers. Now, they threat to target the government sector more with their attacks. The gang posted a long message admitting their negligence and sharing their future plans. “Due to my personal negligence and irresponsibility I relaxed …

    Read More »
  • 25 February

    Cyberattack halts Malawi Immigration Dept. Passport Services

    The government of Malawi has stopped giving out passports after a cyber-attack on the immigration service’s computer network. President Chakwera informed members of parliament about a significant breach of national security involving the department being targeted. He said the hackers demanded a ransom but the president said the government won’t …

    Read More »
  • 25 February

    LockBit Reestablishes Dark Web Leak Site: Report

    Lock bit

    The LockBit ransomware group reactivated a hidden website on the dark web. They posted a long message written by their leader, who vowed not to retreat from the criminal underground world. The LockBit leader says the FBI used a vulnerability in PHP to hack their servers. They didn’t fix it …

    Read More »
  • 24 February

    0/1 click Facebook account takeover; Nepalis talent rewarded

    Meta ranked Nepal’s cyber security researcher Samip Aryal first in the White Hack (Hall of Fame) for finding a vulnerability that could hack accounts with one click. This happened on Friday. Samip Aryal informed a Nepali media outlet about discovering a vulnerability in Facebook that could allow for an ‘account …

    Read More »
  • 23 February

    OWASP Releases Security Checklist for Generative AI Deployment

    glass

    OWASP released the LLM AI Cybersecurity & Governance Checklist. The 32-page document helps organizations create a strategy for using large language models and reducing associated risks. Sandy Dunn, CISO at Quark IQ, started working on the checklist in August 2023 as a supporting resource to OWASP’s Top 10 Security Issues …

    Read More »
  • 23 February

    CISA Releases One Industrial Control Systems Advisory

    CISA

    CISA published an advisory about Industrial Control Systems (ICS) on February 22, 2024, to inform about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft:  EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerability: Uncontrolled Search Path Element RISK EVALUATION …

    Read More »
  • 22 February

    TrendMicro Research
    LockBit-NG-Dev, might consider a true 4.0 version

    4.0

    LockBit ransomware creators were working on a new version of their file-encrypting malware, called LockBit-NG-Dev, possibly to be known as LockBit 4.0, before law enforcement dismantled their operation this week. Multiple Versions: “Security experts said LockBit previously released various versions of its ransomware:” LockBit version 1.0 was released in January …

    Read More »
  • 22 February

    Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited

    chain

    IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild. CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to …

    Read More »
  • 21 February

    Mozilla Releases Security Updates for Firefox and Thunderbird

    mozila

    Mozilla released security updates for Firefox, Firefox ESR, and Thunderbird to fix vulnerabilities. These vulnerabilities could allow a cyber threat actor to take control of a system. MFSA 2024-05 for Firefox MFSA 2024-06 for Firefox ESR MFSA 2024-07 for Thunderbird CISA advises users and administrators to check the Mozilla Security …

    Read More »
  • 21 February

    VMware Alert: Critical flaw found in deprecated VMware EAP

    vmware

    VMware advises users to remove the outdated Enhanced Authentication Plugin (EAP) due to the discovery of a serious authentication relay vulnerability, known as CVE-2024-22245 (CVSS score: 9.6). A person who intends to harm could deceive a domain user with EAP installed in their web browser. This deception could lead the …

    Read More »
Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin

This will close in 6 seconds