InfoSecBulletin Cybersecurity for mankind
On a report titled “Surge on Web defacement and web application related vulnerabilities targeting Bangladesh” BGD e-GOV CIRT said, web defacement attacks and the exploitation of web application vulnerabilities are a growing trend in Bangladesh.
These weaknesses can be used for phishing attacks, spreading malware, and creating backdoors for continuous access, further endangering the security of the affected websites. Websites and applications use environment or configuration files to manage content and specify data locations. Alterations to these files can indicate a security breach or defacement attack. 73% of all identified web vulnerabilities are found in websites and IoT devices accessed through basic HTTP authentication.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
CIRT report highlighted the web vulnerabilities associated it assets/products used by Bangladeshi organizations. In the report CIRT mentioned numerous worlds’ renowned vendors names and CVE’s related to their products and the severity.
According to CIRT report, VMware CVE’s (33.11%) mostly affect Bangladeshi organization. Zimbra is in the 2nd position with 27.03% CVE’s and Roundcube with 17.23 % CVE’s is in 3rd position in the chart.
CIRT said for some common causes such incident happened including outdated software, weak credentials, poor configuration, lack of security updates and insecure code.
According to CIRT, hackers attack such sites using remote file inclusion (RFI), SQL injection, cross-site scripting, (XSS), Brute force attack and expiating vulnerable software.
CIRT mentioned some effective remediation strategies to mitigate these vulnerabilities, including Parameterized Queries and ORM (SQL Injection), Input Validation and Sanitization, Output Encoding (XSS), Content Security Policy (CSP) (XSS), Patch Management, Web Server Configuration and to Follow OWASP Guidelines. Implementing these strategies can significantly enhance web security and protect against defacement attacks.
