Tuesday , January 21 2025
CIRT

BD CIRT published advisory on Web Application and Database Security

BDG e-GOV CIRT’s Cyber Threat Intelligence Unit has noticed a concerning increase in cyber-attacks against web applications and database servers in Bangladesh. Hackers are trying to deface government websites, steal important information, and disrupt online services through DDoS attacks. Organizations are advised to take precautions to protect themselves online.

CIRT identifies top threats and attack trends, including DoS/DDoS attacks, database and software vulnerabilities exploitation, SQL/NoSQL injection attacks, insecure direct object reference (IDOR) vulnerability exploitation, and breaches of compromised organizational databases from web and mobile applications.

Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out...
Read More
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Intel holds 22 employees from one Bangladeshi University

Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and...
Read More
Intel holds 22 employees from one Bangladeshi University

VPN Surge 1500% in USA after TikTok Shut Down

vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues....
Read More
VPN Surge 1500% in USA after TikTok Shut Down

MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded...
Read More
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

AWS Patches Multiple Vulns in WorkSpaces, AppStream 2.0

Amazon Web Services (AWS) has recently fixed two major security vulnerabilities in its cloud services: Amazon WorkSpaces, Amazon AppStream 2.0,...
Read More
AWS Patches Multiple Vulns in WorkSpaces, AppStream 2.0

Malware Trends Review 2024: Ever Recorded Cyber Threats

Last year saw a significant rise in cyber threats, with malware becoming more advanced and attack strategies more sophisticated. A...
Read More
Malware Trends Review 2024: Ever Recorded Cyber Threats

Botnet Exploits 13,000 MikroTik Devices Abusing Misconfigured DNS

A recent Infoblox Threat Intel report reveals a sophisticated botnet that exploits DNS misconfigurations to spread malware widely. This botnet,...
Read More
Botnet Exploits 13,000 MikroTik Devices Abusing Misconfigured DNS

CVE-2024-9042
Code Execution Vulnerability Found in Kubernetes Windows Nodes

A new security flaw traced, CVE-2024-9042, poses a serious risk to Kubernetes clusters with Windows worker nodes. It has a...
Read More
CVE-2024-9042  Code Execution Vulnerability Found in Kubernetes Windows Nodes

Hacker leaked 15k config files and VPN passwords of FortiGate firewall device

The hacking group "Belsen Group" has posted over 15,000 unique FortiGate firewall configurations online. The data dump, reportedly obtained by exploiting...
Read More
Hacker leaked 15k config files and VPN passwords of FortiGate firewall device

Registration open for 1st Agile Cyber Drill 2025

Registration open for "1st Agile Cyber Drill-2025" scheduled for February 26, 2025 online with an awards ceremony for 9 March...
Read More
Registration open for 1st Agile Cyber Drill 2025

CIRT discovered root causes of attacks on web, mobile applications, and databases. Web and mobile applications face several security issues:

1. Secure coding practices are not followed.
2. Default parameters are used for configuration.
3. Lack of proper authorization and authentication in API development.
4. Absence of error handling capabilities.
5. Weak session management controls.
6. Insecure communication protocols.
7. Default configurations for applications and databases.
8. Negligence in software, OS, and database updates.
9. Insufficient logging and monitoring practices.
10. Weak control over administrative access roles.
11. Lack of website protection measures.

Databases:

1. Database software vulnerabilities being exploited.
2. Attackers exploit remote login to application and database servers, which is enabled for continuous maintenance by vendors, designers, and developers.
3. Threat actors using leaked or exposed administrative credentials.
4. Insufficient authorization, authentication, and user verification, including multifactor authentication (MFA) for administrative access roles.
5. Failure to monitor attack surface and implement continuous remediation strategies.

CIRT suggest some remediation Strategies:

To secure databases and applications:
– Use parameterized queries or ORM frameworks.
– Validate and sanitize user inputs regularly.
– Encode user inputs before displaying them.
– Implement Content Security Policy (CSP).

For database access management (DAM):
– Restrict database access to authorized users.
– Continuously monitor database activities.

For software maintenance:

– Patch software and plugins frequently.

For log monitoring (SIEM):

– Monitor logs for real-time threat detection.
– Detect anomalies and unusual activities.

For web application security:

– Use WAF to safeguard against web threats.
– Deploy anti-DDoS solutions.

Full report here.

 

Check Also

NVDP

BCSI officially announce National Vulnerability Disclosure Program (NVDP)

Bangladesh Cyber Security Intelligence (BCSI) officially launch the National Vulnerability Disclosure Program (NVDP) to enhance …

Leave a Reply

Your email address will not be published. Required fields are marked *