DESCRIPTION:Multiple vulnerabilities have been discovered in Apple Products, themost severe of which could allow for arbitrary code execution. * iOS is a mobile operating system for mobile devices, including theiPhone, iPad, and iPod touch.* iPadOS is the successor to iOS 12 and is a mobile operating system foriPads.* macOS Monterey is the 18th and current major release of macOS.* macOS Big Sur is the 17th...
Read More
Cyber resilience effort and strategy have traditionally been considered from the position of enabling governments and businesses to deliver the intended outcomes despite disruptions to information and communication systems. There has also been a general focus on the security and resilience of critical information infrastructures, such as industrial control systems, supervisory control, and data acquisition systems, and also on vital sectors, such as telecommunications, banking,...
Read More
সাম্প্রতিক সময়ে সাইবার আক্রমন বেড়ে যাওয়ায় বিভিন্ন প্রতিষ্ঠান নিজেদের তথ্য নিরাপত্তা নিশ্চিত করতে বিভিন্ন উপায় অবলম্বন করছে। তন্মধ্যে প্রতিষ্ঠানের ব্যবহারকারীদের সচেতনতা বৃদ্ধি ও সাইবার নিরাপত্তা কর্মীদের হাতে কলমে প্রশিক্ষন অন্যতম। সাইবার নিরাপত্তা কর্মীদের হাতে কলমে প্রশিক্ষন ও মুল্যায়নের মাধ্যম হিসেবে Capture The Flag (CTF) বিশ্বজুড়ে জনপ্রিয় ও বহুল সমাদৃত একটি সাইবার ড্রিল অথবা সাইবার সিকিউরিটি বিষয়ক অনলাইন প্রতিযোগিতা। BGD e-GOV CIRT গত বছরের মত এবারও...
Read More
CYBER THREAT ALERT Cyber Threat Intelligence unit of BGD e-GOV CIRT recently observed a series of malicious and suspicious activities, organized by an unknown APT group named APT-C-61, which was being observed starting in mid-2021. In primary observation, till now the target was important organizations such as national institutions, military industry, and scientific research institutions of Pakistan and Bangladesh to steal classified information. Details are...
Read More
Description: A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions.To check the PowerShell version you are running and determine if you are vulnerable to attacks...
Read More
Description: An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems. CVE-2021-41355 impacts users of PowerShell 7.1.To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt. Mitigations: Admins are advised to install the updated PowerShell...
Read More
DESCRIPTION:A vulnerability has been discovered in Microsoft MSHTML, which couldallow for remote code execution. MSHTML (also known as Trident) is theengine used for Internet Explorer. It is also used by Microsoft Officeapplications for rendering web based content. Successful exploitation ofthis vulnerability could result in remote code execution in the contextof the affected user. Depending on the privileges associated with theuser, an attacker could view, change,...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox,Firefox Extended Support Release (ESR), and Thunderbird, the most severeof which could allow for arbitrary code execution. Mozilla Firefox is aweb browser used to access the Internet. Mozilla Firefox ESR is aversion of the web browser intended to be deployed in largeorganizations. Successful exploitation of these vulnerabilities couldallow for arbitrary code execution. Depending on the privilegesassociated with the...
Read More
