Thursday , June 5 2025
ALERT

BD CIRT cyber threat alert
Multiple Bangladeshi organizations faced data breach via third party

The Cyber Threat Intelligence Unit at BGD e-GOV CIRT has noticed an increase in cyber-attacks on organizations. These attacks are aimed at compromising third-party service providers. Several organizations in Bangladesh have experienced data breaches.

Source: BGD e-GOV CIRT

Some individuals employed by third party service providers, tasked with offering technical support to various client organizations, have been targeted by information-stealing malware.

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

The malware stole important data like system information, browser cookies, and user account credentials. Then, the hackers used this stolen data to get into the client organizations’ networks without permission. The attack got worse quickly, as the hackers used advanced techniques to gain more access to important assets and move around within the compromised organization.

Source: BGD e-GOV CIRT

BGD e-GOV CIRT issues this alert to all organizations in Bangladesh, warning about the significant risks stemming from compromises at third-party service providers. CIRT strongly encouraged organizations to take proactive steps to protect their assets from potential attacks.

CIRT instructs some the preventive measures to follow for attack risks originating from third party service
providers:

1. Clearly define access control policies for third-party employees.
2. Limit network access to specific segments required for their tasks.
3. Use VPN with strict access policies.
4. Provide regular phishing awareness training.
5. Enforce device security policies.
6. Use temporary credentials with limited validity.
7. Monitor and audit their activities.
8. Establish an incident response plan.
9. Include security requirements in contractual agreements and CIRT mention to their cyber threat alert that organization to report any incidents to BGD e-GOV CIRT at [email protected].

Check Also

Qualcomm

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting …

Leave a Reply

Your email address will not be published. Required fields are marked *