InfoSecBulletin Cybersecurity for mankind
In the Pwn2Own Automotive first edition, competitors earned $1,323,750 by hacking Tesla twice and demonstrating 49 zero-day bugs in various electric car systems from January 24 to January 26. Hackers targeted electric vehicle chargers, infotainment systems, and car operating systems during a contest organized by Trend Micro’s Zero Day Initiative …
Read More »TimeLine Layout
January, 2024
-
26 January
Critical RCE flaw detected in Cisco’s communication software
Cisco warns that some Unified Communications Manager and Contact Center Solutions products have a critical remote code execution security vulnerability. Cisco’s Unified Communications and Contact Center Solutions offer voice, video, and messaging services, as well as customer engagement and management. The company issued a security bulletin about a vulnerability (CVE-2024-20253) …
Read More » -
25 January
Pwn2Own Contest Tokyo
Hackers Unearths Dozens of Zero-Day Vulnerabilities
Top ethical hackers are currently competing in Tokyo. They have discovered nearly 40 zero-day vulnerabilities in Tesla and other products. The first car-focused Zero Day Initiative (ZDI) Pwn2Own contest takes place from January 24-26. ZDI is the world’s largest bug bounty program, encouraging ethical hackers to find and report vulnerabilities …
Read More » -
25 January
Bulletproof Hosting: A Critical Cybercriminal Service
Cybercriminals now offer services and products to other cybercriminals is a significant development in the last two decades. Cybercrime-as-a-service has made it easier for criminals to get into cybercrime, allowing them to specialize and commit crimes on a larger scale. For instance, instead of coding malware, a criminal can buy …
Read More » -
25 January
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-22527 Atlassian Confluence Data Center and Server Template Injection Vulnerability CVE-2023-22527 Detail: A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE …
Read More » -
24 January
Bangladeshi hospital to wear heart ring through Robot
On Sunday (January 21) Bangladesh’s only specialized institution, National Institute of Cardiovascular Diseases, entered the era of robotic services by fitting free robotic rings in the main arteries of two heart patients. The work was completed very efficiently by the associate professor Dr. Pradeep Kumar Karmakar and his specialized team …
Read More » -
24 January
Cybernews report
‘Mother of all Breaches’ sees 26billion records leaked online
A database of 26 billion leaked records has been discovered called the “Mother of all Breaches.” Cybersecurity researcher Bob Dyachenko and the team at Cybernews found a huge 12-terabyte leak. The database contains both credentials and sensitive data, but it’s not clear who is responsible for it. Having your personal …
Read More » -
24 January
CISA Releases Six Industrial Control Systems Advisories
CISA released 6 advisories for Industrial Control Systems (ICS) on January 23, 2024. These advisories share important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-023-01 APsystems Energy Communication Unit (ECU-C) Power Control Software ICSA-24-023-02 Crestron AM-300 ICSA-24-023-03 Voltronic Power ViewPower Pro ICSA-23-023-04 Westermo Lynx 206-F2G ICSA-24-023-05 Lantronix …
Read More » -
23 January
Medibank breach
Australia imposes sanctions on Russian hacker
Australia has imposed cyber sanctions on a Russian hacker for his alleged role in a 2022 ransomware attack. This is the country’s first use of this penalty. A cyberattack stole personal data from 9.7 million Medibank customers in Australia. The data includes names, birth dates, medical information, and Medicare numbers. …
Read More » -
23 January
Apple patches 2024’s first zero-day
Apple’s first zero-day of 2024 has been disclosed, with fixes pushed out for MacOS, iOS, and iPadOS. Apple describes CVE-2024-23222 as a type confusion bug in Webkit. They are aware of a report suggesting that this issue might have been exploited. “Processing maliciously crafted web content may lead to arbitrary …
Read More »
