InfoSecBulletin Cybersecurity for mankind
Tuesday (16 January) Atlassian released advisory for CVE-2023-22527 – RCE (Remote Code Execution) Vulnerability In Confluence Data Center and Confluence Server. A template injection vulnerability on out-of-date versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected version. Customers using an affected version …
Read More »TimeLine Layout
January, 2024
-
16 January
TrendMicro Research
CVE-2023-36025, Phemedrone Stealer exploit windows SmartScreen flaw
Cybersecurity researchers at Trend Micro discovered an exploitation of CVE-2023-36025 leading to the spread of a new type of malware called Phemedrone Stealer. Phemedrone Stealer is a malware that targets web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord. It not only steals data, but also takes …
Read More » -
16 January
Bishopfox bog
Over 178k SonicWall Firewalls are Publicly Exploitable
In a blog post BishopFox said, SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities with the potential for remote code execution. SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart and reported that no exploitation had been observed in the wild; …
Read More » -
15 January
Recorded Future Report
Security Experts Urge IT to Lock Down GitHub Services
Recorded Future, a threat intelligence firm, has cautioned that malicious actors are using GitHub services more to carry out secret cyber-attacks and has advised IT teams to act. Its new report, Flying Under the Radar: Abusing GitHub for Malicious Infrastructure, revealed the most popular GitHub services for threat actors. Between …
Read More » -
15 January
Microsoft lets cloud users keep personal data within Europe
Microsoft said on Thursday that it will keep all personal data of its cloud customers within the European Union instead of allowing transfers outside the EU. This is part of their ongoing efforts to comply with different privacy regulations in different places. Microsoft will store customer data from its cloud …
Read More » -
14 January
The US central bank suffered huge financial losses
The Federal Reserve is expecting significant losses in 2023, mainly due to higher costs. This was announced by the central bank of the United States last Friday. The interest rate was raised to reduce the money supply, causing commercial banks and other institutions to pay more interest on reserves at …
Read More » -
14 January
World Economic Forum
Global Cybersecurity Outlook 2024: WEF report
The World Economic Forum’s Global Cybersecurity Outlook 2024, produced in collaboration with Accenture, examines the cybersecurity trends that will affect economies and societies in the year to come. The report illuminates major findings and puts a spotlight on the widening cyber inequity and the profound impact of emerging technologies. The …
Read More » -
13 January
300+ team registered for “Knight CTF” 2024, registration open
Knight CTF official said, Till now more than 300+ teams from home and abroad registered for the “KnightCFT-2024”. Official expectation is more high to reach the registration up-to 500 + teams. 📅 Event Start: January 20, 2024, at 09:00 PM (Bangladesh Standard Time) ⏳ Event End: January 21, 2024, at …
Read More » -
13 January
Vast Voter Data Leaks Cast Shadow Over Indonesia’s 2024 Presidential Election
Investigators from Resecurity’s HUNTER (HUMINT) have found that Indonesia is increasingly being targeted by cyber-threat actors who have staged attacks that pose significant long-term risks to the integrity of the country’s elections. These findings coincide with the critical and fast-approaching Indonesian presidential election set to take place in February this …
Read More » -
13 January
Juniper warns of critical RCE bug in firewalls and switches
Juniper Networks released security updates to fix a critical vulnerability in its SRX Series firewalls and EX Series switches. The vulnerability allows remote code execution (RCE) without authentication. A critical security flaw named CVE-2024-21591 was found in devices’ J-Web configuration interfaces. It can be exploited by unauthenticated attackers to gain …
Read More »
