InfoSecBulletin Cybersecurity for mankind
China proposed a four-tier classification to respond to data security incidents, showing its concern about data leaks and hacking in the country. The plan is due to increased tensions with the United States and its allies. It follows an incident where a hacker claimed to have gotten a large amount …
Read More »TimeLine Layout
December, 2023
-
15 December
5 Islamic banks risk of being frozen out of certain transactions
Five Islamic banks current accounts with Bangladesh Bank are negative, but transactions are ongoing. The central bank has warned that unless the banks meet liquidity requirements within 20 days, transactions will be halted, reported Prothom Alo. According to Three prominent media reports Bangladesh Bank’s Motijheel office has recently given this …
Read More » -
15 December
CERT-In
Warning! Govt alerts Samsung users; here’s why
The Indian government urgently asked Samsung smartphone users to update their devices due to security vulnerabilities. CERT-In issued a warning about a threat to certain Samsung devices running on Android versions 11, 12, 13, and 14. These vulnerabilities could be exploited to gain unauthorized access to sensitive data on these …
Read More » -
15 December
MITRE Reveals EMB3D
MITRE reveals Critical Infrastructure Threat Model Framework
Red Balloon Security, Narf Industries, and MITRE worked together to develop the EMB3D Threat Model. This model helps us understand the risks that embedded devices face and the security measures they require. The EMB3D model is a framework that focuses on embedded devices. “It considers the specific risks presented by …
Read More » -
14 December
“Onpassive”, Bangladesh bank alert fraudulent activities
Bangladesh Bank’s Financial Intelligence Unit (BFIU) warned about the fraudulent activities of the MLM company ‘Onpassive‘. BFIU issued a warning on Thursday (December 14). ALSO READ: Quishing: New Phishing Attacks Tactics Rising The intelligence unit has reported that there have been cases of large-scale embezzlement from ordinary people through different …
Read More » -
14 December
Quishing: New Phishing Attacks Tactics Rising
Researchers found a big phishing campaign that uses QR codes to trick people. QR code fraud or “quishing” is a type of phishing where hackers pretend to be a trustworthy source to trick people into giving sensitive information or downloading malware. This trend is concerning and should not be ignored. …
Read More » -
13 December
MICROSOFT PATCH TUESDAY FIXED 4 CRITICAL FLAWS
In December 2023, Microsoft released security updates for multiple products, addressing 33 vulnerabilities. The company’s vulnerabilities affect several Microsoft products, including Windows, Office, Azure, Microsoft Edge, Windows Defender, Windows DNS and DHCP server, and Microsoft Dynamic. The IT giant also addressed several Chromium issues. ALSO READ: Bypassing major EDRS using …
Read More » -
13 December
Sophos updated RCE fix after attacks on unsupported firewalls
Sophos had to update old firewall firmware versions due to a security vulnerability (CVE-2022-3236) after attacked by hackers. There is a code injection flaw in the User Portal and Webadmin of Sophos Firewall. This flaw allows for remote code execution. ALSO READ: Bypassing major EDRS using “POOL PARTY”, Hackers revealed …
Read More » -
13 December
process injection techniques
Bypassing major EDRS using “POOL PARTY”, Hackers revealed
Researchers at cybersecurity firm SafeBreach created a new method called Pool Party. This method allows attackers to bypass EDR solutions. The researchers presented Pool Party at Black Hat Europe 2023. The experts discovered an new way to inject processes by using Windows thread pools. Researchers found eight new process injection …
Read More » -
12 December
APACHE FIXED CRITICAL RCE FLAW CVE-2023-50164 at STRUTS 2
The Apache Software Foundation fixed a critical file upload vulnerability in the Struts 2 open-source framework. This flaw, tracked as CVE-2023-50164, could allow remote code execution. An attacker can manipulate file upload parameters to upload a malicious file and execute code on the server. “An attacker can manipulate file upload …
Read More »
