InfoSecBulletin Cybersecurity for mankind
On a report titled “Surge on Web defacement and web application related vulnerabilities targeting Bangladesh” BGD e-GOV CIRT said, web defacement attacks and the exploitation of web application vulnerabilities are a growing trend in Bangladesh.
These weaknesses can be used for phishing attacks, spreading malware, and creating backdoors for continuous access, further endangering the security of the affected websites. Websites and applications use environment or configuration files to manage content and specify data locations. Alterations to these files can indicate a security breach or defacement attack. 73% of all identified web vulnerabilities are found in websites and IoT devices accessed through basic HTTP authentication.
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
CIRT report highlighted the web vulnerabilities associated it assets/products used by Bangladeshi organizations. In the report CIRT mentioned numerous worlds’ renowned vendors names and CVE’s related to their products and the severity.
According to CIRT report, VMware CVE’s (33.11%) mostly affect Bangladeshi organization. Zimbra is in the 2nd position with 27.03% CVE’s and Roundcube with 17.23 % CVE’s is in 3rd position in the chart.
CIRT said for some common causes such incident happened including outdated software, weak credentials, poor configuration, lack of security updates and insecure code.
According to CIRT, hackers attack such sites using remote file inclusion (RFI), SQL injection, cross-site scripting, (XSS), Brute force attack and expiating vulnerable software.
CIRT mentioned some effective remediation strategies to mitigate these vulnerabilities, including Parameterized Queries and ORM (SQL Injection), Input Validation and Sanitization, Output Encoding (XSS), Content Security Policy (CSP) (XSS), Patch Management, Web Server Configuration and to Follow OWASP Guidelines. Implementing these strategies can significantly enhance web security and protect against defacement attacks.
