InfoSecBulletin Cybersecurity for mankind
By using the name of Bangladesh Bank license, mobile financial services (MFS) top organization Bkash and the name of one of the entrepreneurs of the information technology sector, Sonia Bashir Kabir, Wellxpay has started spreading false propaganda. The company told various foreign media that Wellxpay has received a Payment Service …
Read More »TimeLine Layout
February, 2024
-
2 February
Cloudflare Blog
Cloudflare hacked using auth tokens stolen in Okta attack
Cloudflare disclosed that its internal Atlassian server was breached by a suspected ‘nation-state attacker’. The attacker gained access to Cloudflare’s Confluence wiki, Jira bug database, and Bitbucket source code management system. The attacker first accessed Cloudflare’s self-hosted Atlassian server on November 14, and then accessed the company’s Confluence and Jira …
Read More » -
1 February
‘Synergia’ operation
INTERPOL-led operation targets growing cyber threats
INTERPOL has found around 1,300 suspicious IP addresses and URLs worldwide. These were discovered during their operation against phishing, malware, and ransomware attacks. Operation Synergia was launched from September to November 2023 to address the increasing problem of transnational cybercrime and the need for coordinated action against new cyber threats. …
Read More » -
1 February
CloudSEK Report
750 million Indian mobile subscribers’ info for sale
After the ‘MOAB’ data breach exposing 26 billion records, a new leak has occurred. It includes 1.8 terabytes of data from an “Indian Mobile Network Consumer Database” with personal information of 750 million people. This database is now being sold on the dark web. CloudSEK, a cybersecurity firm, revealed a …
Read More » -
1 February
Ivanti warns of a new actively exploited zero-day
Ivanti has issued a warning regarding two new high-severity vulnerabilities in its Connect Secure and Policy secure solutions, identified as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2) respectively. Furthermore, the company has alerted that one of these vulnerabilities is actively being exploited in the wild. The vulnerability CVE-2024-21888 …
Read More »
January, 2024
-
31 January
CISA Releases Eight Industrial Control Systems Advisories
CISA released 8 advisories about Industrial Control Systems (ICS) on January 30, 2024. They give up-to-date information on security issues, vulnerabilities, and exploits related to ICS. ICSA-24-030-01 Emerson Rosemount GC370XA, GC700XA, GC1500XA ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products ICSA-24-030-03 Mitsubishi Electric MELSEC WS Series Ethernet Interface Module ICSA-24-030-04 Hitron …
Read More » -
31 January
Malaysian telco provider has data breach : Claimed
According to a report by Surfshark, Malaysia was the eighth most breached country in Q3 2023, with 494,699 leaked accounts. The breach rate in Q3 2023 was 144% higher than in Q2 2023, and around four Malaysian user accounts were leaked every minute. TM suffers data breach again: Customer data …
Read More » -
31 January
Citibank failed to protect customers from fraud
The attorney general’s office in New York state has sued Citibank for not protecting customers from electronic fraud and not reimbursing the victims. This has resulted in millions of dollars in losses for customers in the state. Attorney General Letitia James filed a lawsuit in federal court in Manhattan. She …
Read More » -
30 January
Juniper Networks Releases Urgent Junos OS Updates
Juniper Networks released updates to fix high-severity vulnerabilities in SRX Series and EX Series. These vulnerabilities could be exploited by attackers to gain control of vulnerable systems. The vulnerabilities, tracked as CVE-2024-21619 and CVE-2024-21620, are rooted in the J-Web component and impact all versions of Junos OS. There are vulnerabilities …
Read More » -
30 January
Apple says UK could ‘secretly veto’ global privacy tools
Apple opposes the UK government’s idea to pre-approve new security features from tech companies. If the UK Home Office rejects an update, it cannot be released in any other country, and the public will not be informed. The government is seeking to update the Investigatory Powers Act (IPA) 2016. The …
Read More »
