InfoSecBulletin Cybersecurity for mankind
Bangladesh Bank issues alert on cyber threat. In its alert the central bank said, according to Bangladesh cyber security intelligence (BCSI)’s observation, some banks customers are victim to unauthorized transaction through Facebook ad manager.
In this situation, Bangladesh Bank notifies the banks to take precautionary action to secure the account as well as advise to the followings:
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
i. Information Sharing: Notify to Bangladesh Bank in case of any potential data breach or ransomware
attack immediately. Send information about detailed account of any related incidents, including the
scope, affected data, and any steps taken to address the issue.
ii. Enhanced Verification: Use enhanced security methods, such as biometric authentication and required
CVV verification for each transaction.
iii. Use of OTP: Use One Time Password (OTP) for each transaction.
iv. Use of2FA/MFA: Use 2FA/MFA for any financial transaction.
v. Limit Number of Attempts: Determine how many times a card number can fail verification before
being blocked or blacklisted.
vi. Advanced Fraud Detection Systems: Use Al and machine learning (if possible) to detect unusual
trends in Bank Identification Number (BIN) attacks.
vii. Monitor Transaction Patterns: Regularly examine transaction patterns for irregularities that could
indicate a BIN attack, such as an unexpectedly high number of denied transactions.
viii. Secure BIN Sharing: Limit the amount of BIN data exchanged with merchants and keep it safe to avoid unauthorized access.
ix. Aware of false QR Code: Aware customer and banks employees of false QR Code (e.g. Qshing Attacks).
x. Educate Merchants: Give merchants training and tools on how to detect and respond to potential BIN attacks.
xi. Internal Assessment: Conduct an immediate internal vulnerability and compromise assessment within
your Bank to ensure the security of your systems and data. Indentify any vulnerabilities or potential areas of concern that that may make you susceptible to ransomware attacks.
xii. Cyber Security Measures: Review and reinforce your existing cyber security measures, including firewalls, intrusion detection systems, intrusion prevention systems, and access controls. Ensure they are up to date and capable of withstanding evolving cyber threats. Ensure robust security measures in place to protect your sensitive data and to have plan in place to address a potential data breach or ransomware attack.
xiii. Security Awareness: Conduct regular security awareness training for your employees to educate then on identifying and mitigating potential cyber security threats, such as phishing emails or suspicious attachments.
xiv. Incident Response Planning: Enhance your incident response plan to include specific steps for responding to data breaches and ransomware attacks. Ensure protocols are in place for isolating affected systems, engaging with relevant authorities, and communicating with stakeholders.
xv. Patches Update: Install Patches and Update Software and systems regularly. Ensure Security of website and web based systems, ensure the security of all workstations and endpoints of your bank
xvi. Monitoring by 24/7: Ensure strict network and user activity monitoring by 24/7, especially during non- office hours, and watch out for any indication of data exfiltration.
xvii. Collaboration: Establish a collaborative approach among the relevant organizations, cyber security
experts, and authorities to share information, best practices, and resources in addressing potential threats.
Bangladeshi Social media flooded with unauthorized withdrawals from bank accounts
