ওআইসি-সার্ট (The Organization of The Islamic Cooperation – Computer Emergency Response Teams, OIC-CERT) একটি নেতৃস্থানীয় আন্তর্জাতিক সংস্থা যার মূল লক্ষ্য হল সমগ্র বিশ্বব্যাপী সাইবার সুরক্ষা প্ল্যাটফর্ম তৈরিতে অগ্রণী ভূমিকা পালন করা এবং বিশ্বের বিভিন্ন সার্ট সংস্থাগুলোর মাঝে অভ্যন্তরীণ সহযোগিতার মাধ্যমে সাইবার হুমকিগুলো মোকাবেলা ও হ্রাস করা। ওআইসি-সার্ট প্রতি বছরই তার সদস্য সংস্থাগুলোর সক্ষমতা যাচাইয়ের লক্ষে সাইবার সিকিউরিটি ড্রিলের আয়োজন করে থাকে। বিশ্বের সাম্প্রতিক কোন একটি...
Read More
Background OIC-CERT CYBER SECURITY DRILL is an annual event for OIC-CERT members to build a better and secure Cybersecurity ecosystem, including the capacity in incident handling with suitable and comprehensive response as well as engaging better collaboration and coordination among CSIRT organizations from different countries. The final goal of this event is to get a more realistic experience in anticipating and handling some incidents related...
Read More
BGD e-GOV CIRT has been listed as Trusted Introducer of TF-CSIRT from 14 September 2018. Constituency of BGD e-GOV CIRT are all governmental institutions of Bangladesh. Constituency sector is “government” and constituency type is “mixed” (internal and external). Part of the constituency is using National Data Center (NDC) located at BCC where host their IT resources and services. Security and Incident Response teams manage the...
Read More
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution...
Read More
Recently, there have been many incidents of ransomware attacks. Once users are infected by ransomware, it is almost impossible to decrypt it by technical means that users can only be forced to abandon data or pay ransom to solve. Therefore, unlike other virus Trojans, the “pre-defense strategy” is different from the “after-the-fact killing strategy”. Today, we would like to make a brief summary of the...
Read More
Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. The September security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash Player .NET Framework Microsoft.Data.OData ASP.NET Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are...
Read More
Description: Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion. These updates address an important vulnerability in Adobe Flash Player 30.0.0.154 and earlier versions. Successful exploitation could lead to information disclosure. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/flash-player/apsb18-31.html https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html
A few days ago, an elevation of privilege vulnerability in Windows was exposed, but only two days later, an organization called Powerpool was eyeing this vulnerability, and also produced a Trojan. Even though the Trojan is produced in a very short period, its attack power is still significant. Once the computer is attacked, the attacker can intercept the user’s screen to upload and download files,...
Read More
Recently, 360 Security Center monitored a kind of malicious mining Trojans disguising as all kinds of commonly used cracking software for big spread. At present, it has already supported defense against killing and killing. It is recommended that users do not download various software with unknown origins. Download the software as far as possible to the official website. Analysis KomarMiner Trojan disguises as a variety...
Read More
Recently, there has been a phishing email for WordPress users. The content of the email is to inform the users that their database needs to be updated, as shown in the figure below: Although the email is similar to a legitimate WordPress update, there are still a number of vulnerabilities: the content contains typos and the message delivery method is older. The deadlines marked in...
Read More
