InfoSecBulletin Cybersecurity for mankind
Microsoft disclosed 48 vulnerabilities in its products and services in 2024. 46 of them are considered “important” severity. A critical security vulnerability, known as CVE-2024-20674, was fixed on Tuesday. This vulnerability affects the Windows Kerberos authentication protocol. By carrying out a man-in-the-middle attack, an attacker could exploit this vulnerability to …
Read More »TimeLine Layout
January, 2024
-
10 January
Fortinet Releases Security Updates for FortiOS and FortiProxy
Fortinet released a security update for FortiOS and FortiProxy software to fix a vulnerability. This vulnerability could allow a cyber threat actor to take control of a system. CISA recommends that users and administrators review security bulletin FG-IR-23-315 for FortiOS & FortiProxy and install updates as needed. Fortiguard PSIRT posted …
Read More » -
9 January
Google’s New Email Requirements For 2024
February 1, 2024: A Date All Email Senders Should Care About
If your organization sends a large number of emails to Google and Yahoo accounts, there’s an important date to remember: February 1st. On this day, it is important to be aware if you are sending more than 5000 emails daily to Google and Yahoo mailboxes. So, What Is the Issue? …
Read More » -
9 January
Thieves stole SBI ATM Machine with Rs 30 Lakh
Thieves stole an ATM machine of the (State Bank of India) SBI containing about Rs 30 lakh in Uttar Pradesh’s Agra district, police said on Monday. A complaint has been registered on the branch manager’s request, police said, adding that teams have been formed to investigate the matter. The incident …
Read More » -
9 January
New decryptor for Babuk Tortilla ransomware variant released
Cisco Talos has confirmed the creation of a new decryptor key for victims of the Babuk Tortilla ransomware variant. The keys will be added to a generic Babuk decryptor created by Avast Threat Labs. This will allow users to download a single decryptor containing all current Babuk keys. Targeting Babuk …
Read More » -
9 January
CloudSek report
Without password, hackers access your Google account
Security researchers found a hack that lets cybercriminals access people’s Google accounts without needing their passwords. CloudSEK, a security firm, has discovered a highly perilous type of malware that illicitly obtains individuals’ sensitive data by exploiting third-party cookies. Disturbingly, this malicious software has already caught the attention of hacking groups, …
Read More » -
9 January
Google started phases out third party cookies
Google is focusing on improving web privacy by disabling third-party cookies on the Chrome browser. According to Anthony Chavez, VP for Privacy Sandbox, Google will test Tracking Protection, a new feature that limits cross-site tracking by restricting website access to third-party cookies by default. “We’ll roll this out to 1% …
Read More » -
8 January
cyber news report
Saudi Ministry reportedly exposed sensitive data
Saudi Arabia’s Ministry of Industry and Mineral Resources (MIM) had an exposed environment file containing sensitive details. The Cybernews reported that this data was accessible for 15 months. An environment file gives instructions to computer programs and is important for any system. Leaving these files open to anyone can expose …
Read More » -
8 January
Cyber Attack
Beirut Airport Screens Hacked: displaying Anti-Hezbollah Message
The airport’s screens were hacked with messages criticizing Hezbollah and its leaders for endangering Lebanon and risking war with Israel. The screens at Beirut’s airport were hacked by anti-Hezbollah groups, showing the conflict between Hezbollah and Israel. The message accused Hezbollah of risking war with Israel. “Hassan Nasrallah, you will …
Read More » -
7 January
Apache RocketMQ servers vulnerable to RCE attacks
Security researchers found that Apache RocketMQ services are being targeted by malicious activities. The vulnerabilities, known as CVE-2023-33246 and CVE-2023-37582, remain a serious threat even after the vendor released patches in May 2023. Vulnerability Overview: The CVE-2023-33246 affected different parts of RocketMQ, such as NameServer, Broker, and Controller. Rongtong Jin, …
Read More »
