20 SEPTEMBER 2023 WEEKLY NEWSLETTER

BOCRA website

     

NEWSLETTER

 
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data null


                                                     LATEST CYBER HACKS 
 
 
icon

FBI HACKER USDOD LEAKS HIGHLY SENSITIVE TRANSUNION DATA

A threat actor who goes by the moniker  "USDos" announced the leak of highly sensitive data allegedly stolen from the credit reporting agency. The leaked database, over 3GB in size, contains sensitive PII of about 58,505 people, all across the globe, including the America and Europe
icon

CARDX RELEASED A DATA LEAK NOTIFICATION IMPACTING THEIR CUSTOMERS IN THAILAND

According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications. 
icon

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack.


                                                      VULNERABILITIES
 
 
icon

Fortinet Patches High-Severity Vulnerabilities in           FortiOS, FortiProxy, FortiWeb Products

Tracked as CVE-2023-29183 (CVSS score of 7.3), the security defect is described as an “improper neutralization of input during web page generation”.
icon

Thousands of Juniper devices vulnerable to unauthenticated RCE flaw

An estimated 12,000 Juniper SRX firewalls and EX switches are vulnerable to a fileless remote code execution flaw that attackers can exploit without authentication.


                                     MALWARES
 
 
icon

Inside the Code of a New XWorm Variant

XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe.
icon

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS.
icon

Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity.


                               GENERAL NEWS
 
 
icon

Live Webinar: Overcoming Generative AI Data Leakage Risks

As the adoption of generative AI tools, like ChatGPT, continues to surge, so does the risk of data exposure. According to Gartner's "Emerging Tech: Top 4 Security Risks of GenAI" report, privacy and data security is one of the four major emerging risks within generative AI.
icon

Think Your MFA and PAM Solutions Protect You? Think Again

When you roll out a security product, you assume it will fulfill its purpose. Unfortunately, however, this often turns out not to be the case. A new report, produced by Osterman Research and commissioned by Silverfort, reveals that MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions are almost never deployed comprehensively enough to provide resilience to identity threats.

BW-CIRT

Botswana Communications Regulatory Authority

Private Bag 00495, Gaborone, Botswana

+2673929961

Disclaimer: This information was gathered from multi-trusted feeds and it is not created by BW-CIRT