Advisories
New Advisory: Critical Vulnerability Found in Remote Access VPNs
ⓘ Your system could be at risk of being affected by several CVEs targeting SSL VPNs. CIRT-BS is advising that unpatched VPN devices are being actively scanned for vulnerabilities. These include many widely used brands detailed below. The attacks are using previously breached credentials and brute force to bypass weak or misconfigured MFA to access devices and/or deploy ransomware. Advisory Overview Advisory Type Technical Author
New Advisory: (Critical) Authentication Bypass Vulnerability (FortiOS, FortiProxy, and FortiSwitch Manager)
ⓘ This advisory addresses a critical vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager platforms. Attention constituent: CVE-2022-40684 is a critical authentication bypass vulnerability impacting Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager platforms. This flaw enables attackers to gain unauthorised administrative access, potentially leading to system compromise, data theft, and operational disruption. A leaked list of 15,000 vulnerable IP addresses has heightened the risk of exploitation. Immediate action is
New Advisory: (Critical) FortiOS Vulnerability
ⓘ This advisory addresses a critical vulnerability impacting FortiOS systems (CVE-2024-55591). Attention constituent: A critical vulnerability (CVE-2024-55591) has been identified in Fortinet’s FortiOS systems. This vulnerability stems from an authentication bypass flaw in the FortiOS web management interface. Exploitation of this vulnerability allows remote, unauthenticated attackers to gain unauthorised administrative access and execute arbitrary actions on affected systems. CVE: CVE-2024-55591 Severity: Critical (CVSS: 9.8) Affected Platforms: FortiOS systems
WhatsApp Account Hijacking Scams Advisory
ⓘ This advisory addresses an increase in compromised WhatsApp accounts. Attention constituent: CIRT-BS is advising members of the public to stay alert as a sophisticated scam targeting WhatsApp users is on the rise. Cybercriminals are hacking accounts and deceiving users’ friends and family into sending money by posing as trusted contacts. How the Scam Works Scammers make contact, sometimes with a WhatsApp call, and use fake
CrowdStrike Update (Phishing Attempts)
ⓘ This advisory addresses new phishing attempts related to CrowdStrike’s Falcon sensor crash. Attention Constituents: Since CrowdStrike deployed its international Falcon sensor fix last Friday, 19 July 2024, Crowd Strike Intelligence has identified that threat actors are leveraging this event for malicious purposes such as: Distributing a malicious zip file named “crowdstirke-hotfix.zip”; Establishing fraudulent domains to mimic CrowdStrike; Sending phishing emails posing as CrowdStrike support
New Advisory: CrowdStrike Update Crashes Windows Systems Worldwide
ⓘ This advisory addresses a recent update to CrowdStrike’s Falcon sensor which has led to widespread Blue Screen of Death errors. Attention Microsoft service users: A recent update to CrowdStrike’s Falcon sensor has led to widespread Blue Screen of Death (BSOD) errors on Windows hosts, resulting in disruptions locally to several services, including payment processing, and global disruptions. CrowdStrike has deployed a fix for this
“Free Money” WhatsApp Scam
ⓘ This advisory addresses an uptick in “free money” scams on WhatsApp. Attention constituent: CIRT-BS is observing an uptick in “free money” scams on WhatsApp involving threat actors impersonating the “Ministry of Labour and [Public Service]” and offering mobile device “top-ups” to solicit personally identifiable information like internet protocol (IP) addresses and telephone numbers from members of the general public. In the attacks, actors are
Parcel Delivery Scams
ⓘ This advisory addresses an uptick in parcel delivery scams. Attention constituent: CIRT-BS is observing an uptick in parcel delivery scams involving threat actors impersonating Bahamas Postal Services’ (BPS) website to solicit payment and personally identifiable information from members of the general public. Actors are sending SMS messages from the telephone number “+0123456789” advising recipients that their “delivery” is on hold and requesting they visit
Consumer Loan Scams
Attention Constituent: We would like to inform you about a series of consumer loan scams originating from actors posing as third-party representatives of financial institutions, including Central Bank of The Bahamas and Bank of The Bahamas Limited. Sources: https://www.centralbankbahamas.com/ and https://www.facebook.com/BOBBankofSolutions/ CIRT-BS reminds you that scammers often attempt to draw on your emotions by creating a sense of urgency and appearing to be trustworthy. Remember to do

Advisory: FortiBleed Credential Leak Exposes Thousands of Fortinet VPN Devices Worldwide
Recent reports from cybersecurity researchers have identified a large-scale credential exposure event, known as FortiBleed, involving credentials associated with Fortinet VPN and firewall devices worldwide.

Stay Sharp: Your Phishing and Smishing Survival Kit Body
Cybercriminals are getting smarter but so can you. The National Computer Incident Response Team of The Bahamas (CIRT‑BS) has launched the Phishing and Smishing Survival

Advisory: Beware of Fraudulent NIB Smart Card Renewal Text Scam
CIRT‑BS warns the public about fraudulent messages impersonating the National Insurance Board (NIB). These scams aim to deceive recipients into clicking unsafe links or sharing

Advisory: Fake Traffic Fine Payment Scam
The National Computer Incident Response Team of The Bahamas (CIRT-BS) is aware of fraudulent websites impersonating legitimate government services and attempting to collect fake traffic
Actively Exploited SQL Injection in FortiClient EMS
ⓘ We are reaching out to let you know that a critical, actively exploited vulnerability has been identified in Fortinet’s FortiClient EMS platform. Attention constituent:
CISCO AsyncOS Zero Day Vulnerability
ⓘ We are reaching out to let you know that there is a newly identified advanced persistent threat (APT) that has been exploiting a zero-day
Threat Actors Hijacking Microsoft Teams Accounts
ⓘ We are reaching out to let you know there is a vulnerability in Microsoft Teams that allows threat actors to impersonate valid users. Attention
New Advisory: Beware Fraudulent Hurricane Melissa Relief Websites
ⓘ We are reaching out to let you know that of fraudulent and malicious websites scamming victims via fake Hurricane Melissa relief donation charities/organisations. Attention
LockBit 5.0 Ransomware Threat Resurgence Alert
ⓘ We are reaching out to let you know that a new variant of the LockBit ransomware, known as LockBit 5.0, has recently emerged. Attention
Cisco IOS: SNMP Denial Of Service and Remote Code Execution Vulnerability
ⓘ We are reaching out to let you know that Cisco IOS is vulnerable and can be exploited via Remote Code Execution by attacker to
Microsoft Security: Windows Server Update Service
ⓘ We are reaching out to let you know that Windows Server Update Service is vulnerable and can be exploited via Remote Code Execution by
Regional Spike in Medusa Ransomware
ⓘ We are reaching out to let you know there has been a sharp rise in Vadir infostealer infections globally, posing a growing threat to
Vidar Infostealer Spyware on The Rise
ⓘ We are reaching out to let you know there has been a sharp rise in Vadir infostealer infections globally, posing a growing threat to
New Advisory: Critical SonicWall SSL-VPN Zero-Day Exploit
ⓘ We are reaching out to let you know about a zero-day security vulnerability in Gen 7 SonicWall firewalls that attackers are currently exploiting. Advisory
Deepfake Investment Scam Continues to Evolve
ⓘ This advisory is about an ongoing scam campaign containing deepfake video content of senior government officials. The scams are designed to trick you into
New Advisory: Fake Investment Scams Using Deepfake Videos
ⓘ This advisory addresses fake investment scams. CIRT-BS is urging the public to stay vigilant as new scams circulate online and fraudulent websites are impersonating
New Advisory: Active Exploitation of Ivanti Vulnerabilities
ⓘ Attackers are targeting Ivanti Connect Secure appliances using known vulnerabilities. Attackers may sometimes maintain persistent, undetected access even after patching systems. Advisory Overview Advisory
New Advisory: Critical Exploitation of Known Fortinet Vulnerabilities
ⓘ We are reaching out to let you know about ongoing attacks targeting Fortinet devices using known vulnerabilities. In some cases, the attackers can remain
New Advisory: Critical Vulnerability Found in Remote Access VPNs
ⓘ Your system could be at risk of being affected by several CVEs targeting SSL VPNs. CIRT-BS is advising that unpatched VPN devices are being
New Advisory: (Critical) Authentication Bypass Vulnerability (FortiOS, FortiProxy, and FortiSwitch Manager)
ⓘ This advisory addresses a critical vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager platforms. Attention constituent: CVE-2022-40684 is a critical authentication bypass vulnerability impacting Fortinet’s FortiOS,

