InfoSecBulletin Cybersecurity for mankind
Google is focusing on improving web privacy by disabling third-party cookies on the Chrome browser. According to Anthony Chavez, VP for Privacy Sandbox, Google will test Tracking Protection, a new feature that limits cross-site tracking by restricting website access to third-party cookies by default. “We’ll roll this out to 1% …
Read More »TimeLine Layout
January, 2024
-
8 January
cyber news report
Saudi Ministry reportedly exposed sensitive data
Saudi Arabia’s Ministry of Industry and Mineral Resources (MIM) had an exposed environment file containing sensitive details. The Cybernews reported that this data was accessible for 15 months. An environment file gives instructions to computer programs and is important for any system. Leaving these files open to anyone can expose …
Read More » -
8 January
Cyber Attack
Beirut Airport Screens Hacked: displaying Anti-Hezbollah Message
The airport’s screens were hacked with messages criticizing Hezbollah and its leaders for endangering Lebanon and risking war with Israel. The screens at Beirut’s airport were hacked by anti-Hezbollah groups, showing the conflict between Hezbollah and Israel. The message accused Hezbollah of risking war with Israel. “Hassan Nasrallah, you will …
Read More » -
7 January
Apache RocketMQ servers vulnerable to RCE attacks
Security researchers found that Apache RocketMQ services are being targeted by malicious activities. The vulnerabilities, known as CVE-2023-33246 and CVE-2023-37582, remain a serious threat even after the vendor released patches in May 2023. Vulnerability Overview: The CVE-2023-33246 affected different parts of RocketMQ, such as NameServer, Broker, and Controller. Rongtong Jin, …
Read More » -
6 January
12th Election in Bangladesh
Election ads campaign on Meta, cost $45 thousands for 7 days
In the last seven days (December 27-January 2), about 45 thousand US dollars were spent on the election campaign on social media Facebook. According to the data of Matter Ad Library, Bangladeshis have spent this dollar on advertising during the period from December 27 to January 2. These advertising dollars …
Read More » -
5 January
CISA Released Three Industrial Control Systems Advisories
CISA released three ICS advisories on January 4, 2024. These advisories give important information about security issues, vulnerabilities, and exploits concerning ICS. ICSA-24-004-01 Rockwell Automation FactoryTalk Activation: Vulnarability overview Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems’ products which internally use a version of …
Read More » -
4 January
BD CIRT REPORT
Ongoing Phishing Campaign targeting Bangladesh by APT group SideWinder
Cyber Threat Intelligence Unit of BGD e-GOV CIRT has detected a suspicious ongoing phishing campaign by APT group named as SideWinder targeted at Bangladeshi entities such as Bangladesh Armed Forces Division (AFD) and Law Enforcement Agencies. The group is known as a highly active hacker group who has shown the …
Read More » -
4 January
F5 releases security advisories for multiple vulnerabilities
F5 releases security advisory for multiple vulnerabilities including K000132893: GRUB2 vulnerability CVE-2022-28733. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands …
Read More » -
4 January
2024 strong start
Google’s Mandiant recover its x (twitter) account after hacked
Google’s cybersecurity firm Mandiant get back its x (twitter) account after being taken over by someone sharing links to a cryptocurrency platform. On Wednesday afternoon around 3:30 pm EST, the scammar took the control over mandiant’s x account, renamed it as phantom and tweeted out links to a company called …
Read More » -
4 January
Daily Cybersecurity update, January 03, 2024
The European Central Bank will test 109 banks in Europe for their resilience against cyberattacks using simulated disruptive cyberattacks. Snappfood, an Iranian online food delivery service, reported to suffer a major data breach. The hacker group “irleaks” revealed the breach and said they took 3TB of personal data from millions …
Read More »