InfoSecBulletin Cybersecurity for mankind
CISA released three ICS advisories on January 4, 2024. These advisories give important information about security issues, vulnerabilities, and exploits concerning ICS. ICSA-24-004-01 Rockwell Automation FactoryTalk Activation: Vulnarability overview Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems’ products which internally use a version of …
Read More »TimeLine Layout
January, 2024
-
4 January
BD CIRT REPORT
Ongoing Phishing Campaign targeting Bangladesh by APT group SideWinder
Cyber Threat Intelligence Unit of BGD e-GOV CIRT has detected a suspicious ongoing phishing campaign by APT group named as SideWinder targeted at Bangladeshi entities such as Bangladesh Armed Forces Division (AFD) and Law Enforcement Agencies. The group is known as a highly active hacker group who has shown the …
Read More » -
4 January
F5 releases security advisories for multiple vulnerabilities
F5 releases security advisory for multiple vulnerabilities including K000132893: GRUB2 vulnerability CVE-2022-28733. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands …
Read More » -
4 January
2024 strong start
Google’s Mandiant recover its x (twitter) account after hacked
Google’s cybersecurity firm Mandiant get back its x (twitter) account after being taken over by someone sharing links to a cryptocurrency platform. On Wednesday afternoon around 3:30 pm EST, the scammar took the control over mandiant’s x account, renamed it as phantom and tweeted out links to a company called …
Read More » -
4 January
Daily Cybersecurity update, January 03, 2024
The European Central Bank will test 109 banks in Europe for their resilience against cyberattacks using simulated disruptive cyberattacks. Snappfood, an Iranian online food delivery service, reported to suffer a major data breach. The hacker group “irleaks” revealed the breach and said they took 3TB of personal data from millions …
Read More » -
4 January
Shadowserver report
Nearly 11 million SSH servers vulnerable to Terrapin attacks
Around 11 million SSH servers are at risk from the Terrapin attack, which can compromise the security of certain SSH connections. This constitutes roughly 52% of all scanned samples in the IPv4 and IPv6 space monitored by Shadoserver. The Terrapin attack, created by researchers from Ruhr University Bochum in Germany, …
Read More » -
4 January
Check now it
CISA Adds Two known Critical Vulnerabilities to Watchlist for 2024
CISA added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog for January 2024 due to evidence of ongoing exploitation. They are the Google Chromium WebRTC Heap Buffer Overflow Vulnerability (CVE-2023-7024) and the Spreadsheet::ParseExcel Remote Code Execution Vulnerability (CVE-2023-7101). In December 2023, Google released an update to fix a vulnerability …
Read More » -
3 January
European Central Bank (ECB) has announced
ECB to test over 100 European banks cyber resiliency
The European Central Bank (ECB) will test over 100 European banks on their ability to respond to and recover from cyber-attacks. The European Union’s central bank will perform its first cyber resilience stress test on 109 banks under its supervision in 2024. The test will evaluate the banks’ capacity to …
Read More » -
3 January
Have a quick check
X (twitter) gold accounts flood dark web to sell
Cybercriminals have increased the sale of new or stolen Gold checkmarked accounts from the X/Twitter platform. These accounts are being used by threat actors to share links to malware on the social media site, making it appear as a post from a trusted source. Researchers at CloudSEK in Singapore have …
Read More » -
3 January
Across 61 countries
29 malware families target 1,800 banking apps worldwide
The research uncovered that 29 malware families targeted 1,800 banking applications across 61 countries last year. In comparison, the 2022 report uncovered 10 prolific malware families targeting 600 banking apps. Traditional banking apps are the main target, with 1,103 compromised apps, accounting for 61% of the total. FinTech and Trading …
Read More »
