Alert

CISA and the UK’s NCSC released a joint advisory about new tactics of Russian Foreign Intelligence Service (SVR) cyber actors. This group, also known as APT29, Midnight Blizzard, the Dukes or Cozy Bear, has been identified by the US as a cyber-espionage entity linked to the Russian SVR intelligence agency. …

A critical security vulnerability has been revealed in the widely used WordPress plugin called Ultimate Member, which is installed on over 200,000 websites. The vulnerability CVE-2024-1071 has a high CVSS score of 9.8 out of 10. It was discovered and reported by security researcher Christiaan Swiers. WordPress security company Wordfence …

IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild. CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to …

Mozilla released security updates for Firefox, Firefox ESR, and Thunderbird to fix vulnerabilities. These vulnerabilities could allow a cyber threat actor to take control of a system. MFSA 2024-05 for Firefox MFSA 2024-06 for Firefox ESR MFSA 2024-07 for Thunderbird CISA advises users and administrators to check the Mozilla Security …

The threat landscape report from BGD e-GOV CIRT shows a significant 71.39% increase in malware infections linked to potential ransomware threats. The report shows that there exist vulnerabilities in Bangladesh that could lead to ransomware attacks on various organizations. The main malware strains identified are M0yv, Phorpiex, and Necurs, which …

CISA released the 2024 Priorities of the Joint Cyber Defense Collaborative (JCDC). These priorities will help the group focus on developing effective solutions to cybersecurity challenges. Resulting from the trusted partnerships the collaborative has fostered, the focused goals of the 2024 priorities are to: Defend against Advanced Persistent Threat (APT) …

The Cyber Threat Intelligence Unit at BGD e-GOV CIRT has noticed an increase in cyber-attacks on organizations. These attacks are aimed at compromising third-party service providers. Several organizations in Bangladesh have experienced data breaches. Some individuals employed by third party service providers, tasked with offering technical support to various client …

CISA released two advisories on February 6, 2024. They contain important information about security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-037-01 HID Global Encoders: Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration cards and credentials. Reader configuration cards contain …

By using the name of Bangladesh Bank license, mobile financial services (MFS) top organization Bkash and the name of one of the entrepreneurs of the information technology sector, Sonia Bashir Kabir, Wellxpay has started spreading false propaganda. The company told various foreign media that Wellxpay has received a Payment Service …

CISA released 8 advisories about Industrial Control Systems (ICS) on January 30, 2024. They give up-to-date information on security issues, vulnerabilities, and exploits related to ICS. ICSA-24-030-01 Emerson Rosemount GC370XA, GC700XA, GC1500XA ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products ICSA-24-030-03 Mitsubishi Electric MELSEC WS Series Ethernet Interface Module ICSA-24-030-04 Hitron …