InfoSecBulletin Cybersecurity for mankind
According to ESET, Russia linked Ramcom exploit the two zero days of Mozilla FireFox and Microsoft Window addressed CVE 2024-9680, and 2024-49039. “In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) …
Read More »TimeLine Layout
November, 2024
-
24 November
MITRE discloses 2024 CWE Top 25 critical software flaw
MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The nonprofit published its latest ranking of the Top 25 Most Dangerous Software Weaknesses on November 20, highlighting critical flaws from the Common Weakness Enumeration (CWEs) catalog between June 2023 and …
Read More » -
24 November
Python NodeStealer: harvest credit card and Facebook Ads Manager
Jan Michael Alcantara of Netskope Threat Labs reported, Python NodeStealer has resurfaced with advanced techniques and a broader target range. The report shows that primarily the infostealer to target Facebook business accounts and harvests credit card information. The malware targets Facebook Ads Manager accounts to steal login details, cookies, and …
Read More » -
23 November
Cisco Talos
Over 60% of Emails with QR Codes are spam
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% …
Read More » -
23 November
CERT-In Flags Multiple Critical Vulnerabilities in Zoom app
CERT-In issued a security advisory for multiple vulnerabilities in the Zoom app that could let attackers access sensitive information, escalate privileges, or disrupt service. Vulnerabilities exist in various Zoom products, including the Zoom Workplace App, Zoom Rooms Client, and Zoom Video SDK, across multiple operating systems: macOS, iOS, Windows, Linux, …
Read More » -
23 November
Daily Security Digest Dated 11/23/24
Every day a lot of cyberattack happenings around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: # Warning on 500K French supermarket shoppers …
Read More » -
22 November
SafetyDetectives’ Research
Malware evades Microsoft Defender and 2FA, stealing $24K in crypto (video)
SafetyDetectives researchers found that Microsoft Defender was tricked by malware which allowed cryptocurrency theft from a user while analyzing a misleading NFT game app that aimed to steal cryptocurrency. The application bypassed Google’s two-factor authentication, compromising the device and stealing over $24,000 in cryptocurrency. Researchers have found that this malware …
Read More » -
22 November
Over 145,000 ICS Across 175 Countries Found Exposed Online
A study by Censys found that more than 145,000 Industrial Control Systems (ICS) are exposed online in 175 countries, highlighting a significant security risk. The findings are alarming for the United States, which has over one-third of global exposures (48,000 systems). This shows a pressing need for improved cybersecurity in …
Read More » -
22 November
World to see AI powered “human washing machines”
Osaka-based showerhead maker Science Co. is developing a new version of human washing machine based on cutting-edge technology. The company plans to hold an expo in Osaka this April, offering a 15-minute “wash and dry” experience for up to eight people daily, but reservations are required. the company plans to …
Read More » -
22 November
Hacker compromised over 2000 Palo Alto Networks Firewalls
Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack using two recently patched vulnerabilities (CVE-2024-0012 and CVE-2024-9474), according to Shadowserver Foundation’s internet scanning. Palo Alto Networks security researchers reported on Wednesday that they detected a “limited set of exploitation activity” involving two vulnerabilities in PAN-OS, the …
Read More »
