InfoSecBulletin Cybersecurity for mankind
CISA published an advisory about Industrial Control Systems (ICS) on February 22, 2024, to inform about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-053-01 Delta Electronics CNCSoft-B DOPSoft: EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerability: Uncontrolled Search Path Element RISK EVALUATION …
Read More »TimeLine Layout
February, 2024
-
22 February
TrendMicro Research
LockBit-NG-Dev, might consider a true 4.0 version
LockBit ransomware creators were working on a new version of their file-encrypting malware, called LockBit-NG-Dev, possibly to be known as LockBit 4.0, before law enforcement dismantled their operation this week. Multiple Versions: “Security experts said LockBit previously released various versions of its ransomware:” LockBit version 1.0 was released in January …
Read More » -
22 February
Ransomware Warning as CVSS 10.0 ScreenConnect Bug is Exploited
IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild. CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to …
Read More » -
21 February
Mozilla Releases Security Updates for Firefox and Thunderbird
Mozilla released security updates for Firefox, Firefox ESR, and Thunderbird to fix vulnerabilities. These vulnerabilities could allow a cyber threat actor to take control of a system. MFSA 2024-05 for Firefox MFSA 2024-06 for Firefox ESR MFSA 2024-07 for Thunderbird CISA advises users and administrators to check the Mozilla Security …
Read More » -
21 February
VMware Alert: Critical flaw found in deprecated VMware EAP
VMware advises users to remove the outdated Enhanced Authentication Plugin (EAP) due to the discovery of a serious authentication relay vulnerability, known as CVE-2024-22245 (CVSS score: 9.6). A person who intends to harm could deceive a domain user with EAP installed in their web browser. This deception could lead the …
Read More » -
21 February
“sebacenter.xyz”, a crucial identity threat for Bangladeshis
“sebacenter.xyz” is now a name of threat for personal identifiable information (PII) for the people of Bangladesh. By using only the site, miscreants are making and distributing fake paper of TIN, NID, NID info, BMET training, Surokkha, Death and birth register and duplicate land tax paper instantly. Even, if any …
Read More » -
20 February
LockBit Ransomware Operation Shut Down; Decryption Keys Released
The U.K. National Crime Agency (NCA) confirmed that it got LockBit’s source code and gathered intelligence about its activities and affiliates as part of Operation Cronos. “Some of the data on LockBit’s systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a …
Read More » -
19 February
Police introduced AI chatbot to catch cyber criminals
Every day different cases of cyber fraud come to light. Identifying them is not an easy task at all. So law enforcement is now taking the help of advanced technology. Recently the police launched a chat bot called “Surat Cyber Mitra” to fight cyber fraud. It is known that this …
Read More » -
17 February
CISA Warn: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability
The US cybersecurity agency, CISA, added a security flaw in Cisco’s ASA and FTD software to its list of known exploited vulnerabilities following reports that it’s being likely exploited in Akira ransomware attacks. The vulnerability is CVE-2020-3259, with a high severity level (CVSS score: 7.5). It allows attackers to access …
Read More » -
16 February
New Wi-Fi Auth Bypass Flaws Expose Home, Enterprise Networks
New Wi-Fi authentication bypass vulnerabilities were discovered in open source software. These vulnerabilities could put both enterprise and home networks at risk of attacks. Mathy Vanhoef, a professor at the KU Leuven research university in Belgium, and Heloise Gollier, a student at KU Leuven, discovered the vulnerabilities in collaboration with …
Read More »