InfoSecBulletin Cybersecurity for mankind
The journey to mastering penetration testing can be challenging for those interested in security. Besides theoretical knowledge, practical experience is essential to improve your skills and become a skilled pentester. PentesterVibe is a subscription-based service that helps bridge this gap by providing the necessary knowledge and resources to excel in …
Read More »TimeLine Layout
March, 2024
-
22 March
A project taken
By June 2026, Dhaka to see eco-friendly electric buses, Cars
A project has been taken to introduce eco-friendly electric transport in Dhaka. The Road Transport and Highways Department, Bangladesh Road Transport Authority, Department of Environment, and Bangladesh Road Transport Corporation will set up an experimental charging station in Dhaka city. The project will be implemented from now until June 2026. …
Read More » -
22 March
Hacker exploiting ScreenConnect, F5 bugs : Mandiant
Hacker allegedly exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia, according to new report by Google owned security firm Mandiant. The report focused on UNC5174, a threat actor. According to Mandiant, UNC5174 used to be a member of Chinese hacktivist groups. However, …
Read More » -
21 March
CISA, FBI, and MS-ISAC Release Joint Guidance on DDoS
CISA, FBI, and MS-ISAC updated a guide to help organizations defend against DDoS attacks. The guidance now includes detailed insight into three different types of DDoS techniques: Volumetric, attacks aiming to consume available bandwidth. Protocol, attacks which exploit vulnerabilities in network protocols. Application, attacks targeting vulnerabilities in specific applications or …
Read More » -
21 March
Exploit released for Fortinet RCE bug used in attacks, patch now it
Security researchers created a demonstration of a critical flaw in Fortinet’s FortiClient Enterprise Management Server (EMS) software. The security flaw CVE-2023-48788 is an SQL injection in the DB2 Administration Server (DAS) discovered and reported by the UK’s National Cyber Security Centre (NCSC). It impacts FortiClient EMS versions 7.0 (7.0.1-7.0.10) and …
Read More » -
20 March
87% of UK businesses are vulnerable to cyberattacks: Microsoft
Only 13% of organizations in the UK are resilient to cyber-attacks, while the majority are either vulnerable (48%) or at high risk (39%) of experiencing damaging cyber-incidents. This information comes from a new report by Microsoft in collaboration with the University of London. The tech giant said that the UK’s …
Read More » -
20 March
CISA, NSI, FBI released critical infrastructure defense tips against Volt Typhoon
CISA, NSA, FBI, and other US and international partners released a joint fact sheet called “People’s Republic of China State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders.” This publication includes contributions from various partners. U.S. Department of Energy (DOE) U.S. Environmental Protection Agency (EPA) U.S. Transportation Security Administration (TSA) U.S. …
Read More » -
19 March
Trend Micro report
Earth Krahang hackers breach 70 orgs in 23 countries
The APT group ‘Earth Krahang’ has hacked 70 organizations and attacked at least 116 in 45 countries. Trend Micro researchers have been monitoring a campaign targeting government organizations since early 2022. The group targeted 116 organizations in 35 countries and confirmed at least 70 compromises, including organizations linked to world …
Read More » -
19 March
IBM X-Force report
APT28 Hacker Group Targeting Asia in Widespread Phishing Scheme
As of March 2024, X-Force is tracking the APT28 group is carrying out phishing campaigns using fake government and non-governmental organization documents to target different regions around the world, including Central Asia, Europe, the South Caucasus, and North and South America. The discovered lures include a mix of public and …
Read More » -
18 March
‘Hell Paradise’ Claims
Government Websites in 49 Countries at Risk
According to FalconFeeds x post, a threat actor has listed 49 countries as part of an experiment. They also claim that over 1000 government sites are vulnerable. According to Cyber Express, the threat actor is promoting an onion website called ‘Hell Paradise’ which aims to obtain vulnerable government sites and …
Read More »