Alert

IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild. CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to …

Mozilla released security updates for Firefox, Firefox ESR, and Thunderbird to fix vulnerabilities. These vulnerabilities could allow a cyber threat actor to take control of a system. MFSA 2024-05 for Firefox MFSA 2024-06 for Firefox ESR MFSA 2024-07 for Thunderbird CISA advises users and administrators to check the Mozilla Security …

The threat landscape report from BGD e-GOV CIRT shows a significant 71.39% increase in malware infections linked to potential ransomware threats. The report shows that there exist vulnerabilities in Bangladesh that could lead to ransomware attacks on various organizations. The main malware strains identified are M0yv, Phorpiex, and Necurs, which …

CISA released the 2024 Priorities of the Joint Cyber Defense Collaborative (JCDC). These priorities will help the group focus on developing effective solutions to cybersecurity challenges. Resulting from the trusted partnerships the collaborative has fostered, the focused goals of the 2024 priorities are to: Defend against Advanced Persistent Threat (APT) …

The Cyber Threat Intelligence Unit at BGD e-GOV CIRT has noticed an increase in cyber-attacks on organizations. These attacks are aimed at compromising third-party service providers. Several organizations in Bangladesh have experienced data breaches. Some individuals employed by third party service providers, tasked with offering technical support to various client …

CISA released two advisories on February 6, 2024. They contain important information about security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-037-01 HID Global Encoders: Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration cards and credentials. Reader configuration cards contain …

By using the name of Bangladesh Bank license, mobile financial services (MFS) top organization Bkash and the name of one of the entrepreneurs of the information technology sector, Sonia Bashir Kabir, Wellxpay has started spreading false propaganda. The company told various foreign media that Wellxpay has received a Payment Service …

CISA released 8 advisories about Industrial Control Systems (ICS) on January 30, 2024. They give up-to-date information on security issues, vulnerabilities, and exploits related to ICS. ICSA-24-030-01 Emerson Rosemount GC370XA, GC700XA, GC1500XA ICSA-24-030-02 Mitsubishi Electric FA Engineering Software Products ICSA-24-030-03 Mitsubishi Electric MELSEC WS Series Ethernet Interface Module ICSA-24-030-04 Hitron …

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-22527 Atlassian Confluence Data Center and Server Template Injection Vulnerability CVE-2023-22527 Detail: A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE …

CISA released 6 advisories for Industrial Control Systems (ICS) on January 23, 2024. These advisories share important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-023-01 APsystems Energy Communication Unit (ECU-C) Power Control Software ICSA-24-023-02 Crestron AM-300 ICSA-24-023-03 Voltronic Power ViewPower Pro ICSA-23-023-04 Westermo Lynx 206-F2G ICSA-24-023-05 Lantronix …