InfoSecBulletin Cybersecurity for mankind
CISA released 6 advisories for Industrial Control Systems (ICS) on January 23, 2024. These advisories share important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-023-01 APsystems Energy Communication Unit (ECU-C) Power Control Software ICSA-24-023-02 Crestron AM-300 ICSA-24-023-03 Voltronic Power ViewPower Pro ICSA-23-023-04 Westermo Lynx 206-F2G ICSA-24-023-05 Lantronix …
Read More »TimeLine Layout
January, 2024
-
23 January
Medibank breach
Australia imposes sanctions on Russian hacker
Australia has imposed cyber sanctions on a Russian hacker for his alleged role in a 2022 ransomware attack. This is the country’s first use of this penalty. A cyberattack stole personal data from 9.7 million Medibank customers in Australia. The data includes names, birth dates, medical information, and Medicare numbers. …
Read More » -
23 January
Apple patches 2024’s first zero-day
Apple’s first zero-day of 2024 has been disclosed, with fixes pushed out for MacOS, iOS, and iPadOS. Apple describes CVE-2024-23222 as a type confusion bug in Webkit. They are aware of a report suggesting that this issue might have been exploited. “Processing maliciously crafted web content may lead to arbitrary …
Read More » -
22 January
Swedish customers affected
Akira ransomware hits cloud service Tietoevry
A ransomware attack on a data center run by Finnish IT company Tietoevry has caused widespread outages in Sweden, affecting healthcare, government services, retail outlets, and the largest cinema chain in the country. Tietoevry, a publicly traded company based in Espoo, Finland, reported that an attack occurred over the weekend. …
Read More » -
20 January
“Cyber League” a new community of NCSC
The UK’s top cybersecurity agency NCSC will form a new group of experts to monitor current and future threats to the country. What is Cyber League? The Cyber League is a new initiative by the NCSC that brings together trusted cyber experts from the NCSC and industry. They aim to …
Read More » -
20 January
D2M technology: India trial
Without internet, Access video content on smartphones or tablets
Calls, messages and videos can be viewed easily using SIM or WiFi on the smartphone. Think about it, what to do if there is no SIM and internet on the phone? Technology is also coming soon, which will allow watching videos on smartphones without SIM and internet. This technology is …
Read More » -
20 January
Microsoft’s Top Execs’ Emails Breached By Russia-Linked APT Attack
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024, and immediately activated our response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor …
Read More » -
19 January
Mandiant report
“Group UNC3886” exploiting VMware bug since late 2021
Mandiant and VMware Product Security found that the UNC3886 espionage group has been exploiting CVE-2023-34048 since late 2021, even though it was publicly reported and patched in October 2023. Mandiant found new ways that UNC3886 uses to attack computer systems. They focus on technologies that don’t have EDR protection and …
Read More » -
19 January
CISA released Incident Response Guide for the WWS Sector
CISA, the FBI, and the EPA have released a guide to help water and wastewater systems respond to incidents. Over 25 organizations from various sectors contributed to this guide, including private companies, non-profit organizations, and government entities. This collaboration ensured that the guide would be useful for water and wastewater …
Read More » -
19 January
Oracle Releases Critical Patch Update Advisory for January 2024
Oracle released a security advisory for January 2024. It fixes vulnerabilities in various products that could be exploited by hackers to take control of a system. Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it …
Read More »
