InfoSecBulletin Cybersecurity for mankind
The BGD e-GOV CIRT Cyber Threat Intelligence Unit has noticed a big rise in a type of malware named stealer malware in Bangladesh’s cyberspace. These sneaky programs are good at secretly getting sensitive data like login details, personal information, and secret data from specific systems. This breach puts financial resources …
Read More »TimeLine Layout
January, 2024
-
18 January
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA found evidence of active exploitation for three new vulnerabilities, which have been added to their list of known exploited vulnerabilities. CVE-2023-6549: Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability. It describes Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway …
Read More » -
18 January
Cyble report
Cyber Espionage Strikes Indian Air Force
Cyble Research and Intelligence Labs (CRIL), CRIL has uncovered a Go Stealer possibly targeting the Indian Air Force. This malware is propagated through a ZIP file named “SU-30_Aircraft_Procurement”. The ZIP file is hosted on Oshi (hxxps://oshi[.]at/ougg), an anonymous file storage platform and the Threat Actor (TA) could potentially be distributing …
Read More » -
18 January
abnormal security report
Vendor Email Attacks risen by 137% in Financial Sector in 2023
The financial industry has seen a 137% rise in Vendor Email Compromise attacks in the past year, according to new data from Abnormal Security. Most threats came from email attacks that tricked people, with the sector getting 200 advanced attacks per week for every 1000 mailboxes. Last year, there were …
Read More » -
17 January
Patch now: Critical VMware, Atlassian flaws found
VMware and Atlassian disclosed critical vulnerabilities today. Even though there have been no reports of misuse, administrators should update their systems as soon as possible to prevent any issues. There are two problems reported by Atlassian. The most important one is CVE-2023-22527, which is a flaw in the template system …
Read More » -
17 January
Flight officer ‘fled to Canada’, Biman fear of data leak
The Assistant Manager (Administration) of Biman Bangladesh Airlines Anower hosan fled to Canada without the permission of the authorities. Besides, the commercial supervisor of the company Sohan Ahmed is missing. Biman MD Shafiul Azim confirmed the matter on Tuesday (January 16). Biman’s Managing Director said, they have important software and …
Read More » -
16 January
Tech Giants Pay $886M Digital Taxes in Indonesia
The Indonesian government has collected Rp 13.29 trillion ($886.4 million) in digital taxes from 135 technology companies, both domestic and foreign, since 2020. Digital tax revenue has been increasing steadily, reaching Rp 731.4 billion in 2020, Rp 3.9 trillion in 2021, Rp 5.51 trillion in 2022, and Rp 3.15 trillion …
Read More » -
16 January
UNDOC Report
Group reportedly link to Bangladesh Bank cyber attack still active in Asia
North Korean hackers are sharing money-laundering and underground banking networks with fraudsters and drug traffickers in Southeast Asia, according to a United Nations report published on Monday, with casinos and crypto exchanges emerging as key venues for organized crime. The United Nations Office of Drugs and Crime (UNODC) said without …
Read More » -
16 January
Atlassian released advisory for CVE-2023-22527
Tuesday (16 January) Atlassian released advisory for CVE-2023-22527 – RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server. A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version. Customers using an affected version …
Read More » -
16 January
TrendMicro Research
CVE-2023-36025, Phemedrone Stealer exploit windows SmartScreen flaw
Cybersecurity researchers at Trend Micro discovered an exploitation of CVE-2023-36025 leading to the spread of a new type of malware called Phemedrone Stealer. Phemedrone Stealer is a malware that targets web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord. It not only steals data, but also takes …
Read More »
