Sunday , July 20 2025
BD bank

Bangladesh Bank issues cyber threat alert

Bangladesh Bank issues alert on cyber threat. In its alert the central bank said, according to Bangladesh cyber security intelligence (BCSI)’s observation, some banks customers are victim to unauthorized transaction through Facebook ad manager.

In this situation, Bangladesh Bank notifies the banks to take precautionary action to secure the account as well as advise to the followings:

HPE alerts of hardcoded passwords in Aruba access points

Hewlett-Packard Enterprise (HPE) warns that Aruba Instant On Access Points have hardcoded credentials, enabling attackers to skip normal authentication and...
Read More
HPE alerts of hardcoded passwords in Aruba access points

Akira Ransomware Allegedly Compromise 12 Companies in 72 Hours

The Akira ransomware group increased its attacks, adding 12 new victims to its dark web portal from July 15 to...
Read More
Akira Ransomware Allegedly Compromise 12 Companies in 72 Hours

Singapore urgently engage military force to tackle ‘serious’ cyberattack

Defence Minister Chan Chun Sing said these select units will work with the Cyber Security Agency (CSA) in a united...
Read More
Singapore urgently engage military force to tackle ‘serious’ cyberattack

Hackers infect 10M Androids with BADBOX 2.0

Google is suing 25 unidentified cybercriminals thought to be from China for running BADBOX 2.0, a major global botnet with...
Read More
Hackers infect 10M Androids with BADBOX 2.0

Oracle Patched 200 Vulns With July 2025 CPU

Oracle's July 2025 Critical Patch Update includes 309 new security patches, with 127 addressing remotely exploitable vulnerabilities. SecurityWeek found about...
Read More
Oracle Patched 200 Vulns With July 2025 CPU

Ivanti Zero-Days Exploited to Drop MDifyLoader

Cybersecurity researchers have revealed a new malware named MDifyLoader, linked to cyber attacks using security vulnerabilities in Ivanti Connect Secure...
Read More
Ivanti Zero-Days Exploited to Drop MDifyLoader

CISA added Fortinet FortiWeb vul to KEV catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a crucial vulnerability in Fortinet FortiWeb in its Known Exploited Vulnerabilities...
Read More
CISA added Fortinet FortiWeb vul  to KEV catalog

Adoption Agency Exposes One Million+ Records

Security researcher Jeremiah Fowler discovered an online database exposing sensitive information from an adoption agency. Jeremiah Fowler Jeremiah specializes in...
Read More
Adoption Agency Exposes One Million+ Records

CVE-2025-20337
Patch Now! Cisco ISE bug allows pre-auth command execution

A critical vulnerability in Cisco Identity Services Engine (ISE) and Cisco ISE-PIC, identified as CVE-2025-20337, has a CVSS score of...
Read More
CVE-2025-20337  Patch Now! Cisco ISE bug allows pre-auth command execution

BD Bank Honours PABC Officials for Foiling $20 Million Cyber Fraud Attempt

On Tuesday, Bangladesh Bank organized a special award ceremony at its headquarters in Dhaka to formally recognize and honor a...
Read More
BD Bank Honours PABC Officials for Foiling $20 Million Cyber Fraud Attempt

i. Information Sharing: Notify to Bangladesh Bank in case of any potential data breach or ransomware
attack immediately. Send information about detailed account of any related incidents, including the
scope, affected data, and any steps taken to address the issue.

ii. Enhanced Verification: Use enhanced security methods, such as biometric authentication and required
CVV verification for each transaction.

iii. Use of OTP: Use One Time Password (OTP) for each transaction.

iv. Use of2FA/MFA: Use 2FA/MFA for any financial transaction.

v. Limit Number of Attempts: Determine how many times a card number can fail verification before
being blocked or blacklisted.

vi. Advanced Fraud Detection Systems: Use Al and machine learning (if possible) to detect unusual
trends in Bank Identification Number (BIN) attacks.

vii. Monitor Transaction Patterns: Regularly examine transaction patterns for irregularities that could
indicate a BIN attack, such as an unexpectedly high number of denied transactions.

viii. Secure BIN Sharing: Limit the amount of BIN data exchanged with merchants and keep it safe to avoid unauthorized access.
ix. Aware of false QR Code: Aware customer and banks employees of false QR Code (e.g. Qshing Attacks).

x. Educate Merchants: Give merchants training and tools on how to detect and respond to potential BIN attacks.

xi. Internal Assessment: Conduct an immediate internal vulnerability and compromise assessment within
your Bank to ensure the security of your systems and data. Indentify any vulnerabilities or potential areas of concern that that may make you susceptible to ransomware attacks.

xii. Cyber Security Measures: Review and reinforce your existing cyber security measures, including firewalls, intrusion detection systems, intrusion prevention systems, and access controls. Ensure they are up to date and capable of withstanding evolving cyber threats. Ensure robust security measures in place to protect your sensitive data and to have plan in place to address a potential data breach or ransomware attack.

xiii. Security Awareness: Conduct regular security awareness training for your employees to educate then on identifying and mitigating potential cyber security threats, such as phishing emails or suspicious attachments.

xiv. Incident Response Planning: Enhance your incident response plan to include specific steps for responding to data breaches and ransomware attacks. Ensure protocols are in place for isolating affected systems, engaging with relevant authorities, and communicating with stakeholders.

xv. Patches Update: Install Patches and Update Software and systems regularly. Ensure Security of website and web based systems, ensure the security of all workstations and endpoints of your bank

xvi. Monitoring by 24/7: Ensure strict network and user activity monitoring by 24/7, especially during non- office hours, and watch out for any indication of data exfiltration.

xvii. Collaboration: Establish a collaborative approach among the relevant organizations, cyber security
experts, and authorities to share information, best practices, and resources in addressing potential threats.

Bangladeshi Social media flooded with unauthorized withdrawals from bank accounts

Check Also

FortiGate

Hackers retain access to patched FortiGate VPNs using symlinks

Recent incidents continue to bring this into focus with active exploitations of known vulnerabilities as …

Leave a Reply

Your email address will not be published. Required fields are marked *