Sunday , June 1 2025
Source: BGD e-GOV CIRT

Current web vulnerabilities in Bangladesh across vendor product line

On a report titled “Surge on Web defacement and web application related vulnerabilities targeting Bangladesh” BGD e-GOV CIRT said, web defacement attacks and the exploitation of web application vulnerabilities are a growing trend in Bangladesh.

These weaknesses can be used for phishing attacks, spreading malware, and creating backdoors for continuous access, further endangering the security of the affected websites. Websites and applications use environment or configuration files to manage content and specify data locations. Alterations to these files can indicate a security breach or defacement attack. 73% of all identified web vulnerabilities are found in websites and IoT devices accessed through basic HTTP authentication.

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

CVE-2023-39780
Botnet hacks thousands of ASUS routers

GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to...
Read More
CVE-2023-39780  Botnet hacks thousands of ASUS routers

Bangladesh Bank instructed using AI to prevent online gambling

The rise of online gambling in the country is leading to increased crime and societal issues. In response, the central...
Read More
Bangladesh Bank instructed using AI to prevent online gambling

251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch

Cybersecurity researchers recently revealed a coordinated cloud-based scanning attack that targeted 75 different exposure points earlier this month. On May...
Read More
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch

Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets

Recent security research has shown that attackers can weaken zero-trust security frameworks by exploiting a key DNS vulnerability, disrupting automated...
Read More
Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets

Evaly E-commerce Platform Allegedly Hacked

Evaly, a Bangladeshi e-commerce platform, is reportedly facing a major data breach that may have exposed sensitive information of around...
Read More
Evaly E-commerce Platform Allegedly Hacked

Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges

A passback vulnerability has been found in some Canon printers, including production and multifunction models. If an attacker gains administrative...
Read More
Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges

184 Million Leaked Credentials Discovered in Open Database

Security researchers have discovered a database with 184 million account credentials, highlighting the need to update compromised passwords, strengthen weak...
Read More
184 Million Leaked Credentials Discovered in Open Database

CIRT report highlighted the web vulnerabilities associated it assets/products used by Bangladeshi organizations. In the report CIRT mentioned numerous worlds’ renowned vendors names and CVE’s related to their products and the severity.

Source: BGD e-GOV CIRT

According to CIRT report, VMware CVE’s (33.11%) mostly affect Bangladeshi organization. Zimbra is in the 2nd position with 27.03% CVE’s and Roundcube with 17.23 % CVE’s is in 3rd position in the chart.

  Source: BGD e-GOV CIRT

CIRT said for some common causes such incident happened including outdated software, weak credentials, poor configuration, lack of security updates and insecure code.

According to CIRT, hackers attack such sites using remote file inclusion (RFI), SQL injection, cross-site scripting, (XSS), Brute force attack and expiating vulnerable software.

CIRT mentioned some effective remediation strategies to mitigate these vulnerabilities, including Parameterized Queries and ORM (SQL Injection), Input Validation and Sanitization, Output Encoding (XSS), Content Security Policy (CSP) (XSS), Patch Management, Web Server Configuration and to Follow OWASP Guidelines. Implementing these strategies can significantly enhance web security and protect against defacement attacks.

 

Check Also

canon

Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges

A passback vulnerability has been found in some Canon printers, including production and multifunction models. …

Leave a Reply

Your email address will not be published. Required fields are marked *