InfoSecBulletin Cybersecurity for mankind
The Submarine Cable Company has limited bandwidth services for collecting dues from 19 International Internet Gateway (IIG) companies in the country. This has resulted in many customers experiencing slow internet service. Bangladesh Submarine Cables PLC (BSCPLC), an organization under the Ministry of Posts, Telecommunications, and Information Technology, reduced the bandwidth …
Read More »TimeLine Layout
November, 2023
-
24 November
CISCO report
Globally, 9 in 10 organizations embraced zero-trust security
Nearly 90% of organizations have started adopting zero-trust security, but there is still a lot of work to be done, says a report from CISCO. 86.5% of global information security professionals have begun implementing parts of the zero-trust security model. However, only 2% have completed their deployments. Cisco measures maturity …
Read More » -
23 November
HTTP/2 Rapid Reset Attack
Cisco Patched Products Vulnerable to HTTP/2 Rapid Reset Attack
A new high-severity vulnerability has been discovered in multiple Cisco products, which could potentially allow HTTP/2 Rapid Reset Attack. A new technique for launching distributed denial of service (DDoS) attacks has been discovered. It is identified as CVE-2023-44487 and has a high severity rating of 7.5. In addition, this vulnerability …
Read More » -
23 November
CIRT alert on CVEs
BD CIRT published CVE of f5, Apache, Juniper, Citrix and Atlassian
Bangladesh Government’s Computer Incident Response Team (BGD e-GOV CIRT) proactively releases critical threat intelligence information to ensure the security of Bangladesh’s cyberspace. Following this, CIRT has recently identified critical vulnerabilities for critical information infrastructure (CII). CIRT published cyber alert for critical information infrastructure (CII) on Thursday (23 November). The report …
Read More » -
23 November
Black wing intelligence (video)
Windows hello fingerprint auth bypassed on Microsoft, Dell, Lenovo laptops
Security researchers were able to bypass authentication on three popular laptops by testing the fingerprint sensors used for Windows Hello. The research was done by Blackwing Intelligence and Microsoft’s MORSE. Target devices include a Dell Inspiron 15 with a Goodix fingerprint sensor, a Lenovo ThinkPad T14s with a Synaptics sensor, …
Read More » -
22 November
Microsoft launches new bounty program with $20,000 rewards
Microsoft has launched a bug bounty program for the Microsoft Defender security platform. Rewards range from $500 to $20,000. Microsoft has the authority to decide how much money people will receive as a reward for finding and reporting vulnerabilities. The amount will depend on how serious the vulnerability is, how …
Read More » -
22 November
DataHub Asia
By 2025, Domestic cloud market expected $46.3 million; MD “DataHub Asia”
“To support country’s growing digital economy, protecting sensitive data with cost saving ‘purpose-built data center’ is needed” according to Md. Shoroer Morshed Porag, Managing Director of DataHub Asia. He remarked this on a seminar held Tuesday (21 November) at Dhaka titled “Purpose-Built Data center: Destination of Choice” arranged by DataHub …
Read More » -
21 November
Securelist report
Modern Asian APT groups’ tactics, techniques and procedures
Research is regularly published about Asian APT groups targeting organizations from different industries. These campaigns and incidents don’t only happen in one region. Research like this usually includes detailed information about the tools used by APT actors, the vulnerabilities they exploit, and sometimes even specific attribution. Despite the abundance of …
Read More » -
21 November
Treasury Board of Canada Secretariat statment
Canadian government discloses data breach
The Canadian government reported that two contractors have been hacked, revealing sensitive information of an unknown number of government employees. Last month, there were security breaches that affected two companies: Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services. These companies provide relocation services to Canadian government …
Read More » -
21 November
Daily Cybersecurity update, November 20, 2023
The fallout from the MOVEit Transfer data breach is growing. The U.S. CMS announced that hundreds of thousands of Medicare recipients were affected. Additionally, the Canadian government revealed a data breach affecting former and current public service employees. On a different note, the INC Ransom group, a new threat, added …
Read More »