Advisories

Build Better Passwords for Online Security this “Change Your Password Day”
What do your bank, social media, and email accounts share? A password! Passwords are one of the most critical lines of defence against cyber attacks. They help ensure our data is only accessed by authorised users, even in the event of device theft or loss. Many people choose passwords found in the dictionary and reuse them across multiple accounts, meaning that once a cybercriminal has

Data Privacy Week: 4 Ways to Protect Your Data
So what’s the big deal about privacy, anyway? When you avoid taking measures to take control of your data, you make yourself susceptible to identity theft, which can lead to several issues, including financial loss and damage to your online footprint. Throughout this Data Privacy Week, CIRT-BS covered topics around practising discernment in sharing specific data with various services and taking action on our decisions through

Data Privacy Week: Get Comfortable with Privacy
We may feel despair about how our data is collected and used by our apps and web services—especially as they often request more data than necessary. But here’s the silver lining, thanks to privacy rules like the GDPR and Data Protection Act: you have some control! Privacy rules help protect us, the users. Websites and apps are now increasing transparency around the info they collect and how

Data Privacy Week: The Privacy & Convenience Trade-off
Think about the last application you downloaded on your mobile phone. It could be a messaging tool, an engaging social media platform, or even a GPS navigator. Whatever the app may be, mobile applications add considerable value to our lives… but at what cost? The truth is, while these apps may provide convenience, they also infringe on your privacy by collecting extensive data on you and
Introduction to Cybersecurity
Imagine the chaos of a world where your online financial systems are compromised daily, you have difficulty accessing email accounts when you want to, and your local meteorologists cannot detect the next storm before it happens. This is a glimpse into the reality of a world without cybersecurity. CISA, the United States’ Cybersecurity & Infrastructure Security Agency, defines cybersecurity as the art of protecting networks,

Understanding Akira Ransomware and Ransomware Trends: A Comprehensive Analysis
Author: Marcus Knowles Jr. CIRT Analyst In the rapidly evolving landscape of cybersecurity, ransomware attacks have emerged as one of the most pervasive and damaging threats to businesses worldwide. Among the myriad ransomware families, one name has been making headlines – Akira. Understanding the origins, evolution, and tactics employed by Akira is crucial in the fight against this potent digital adversary. Ransomware families reported in

Cyber Steward’s Guide to Online Christmas Shopping
Cyber Steward’s Guide to Online Christmas Shopping Spot the Real Deals Learn the difference between genuine offers and too-good-to-be-true scams. Secure Your Transactions Use trusted payment methods and ensure the website’s security before entering your details. Keep Software Updated Running the latest security software is your first defence against cyber threats. Watch Out for Fake Reviews Rely on verified purchase reviews and be wary of

Safer Students — Get Safe Online
Keep Your Students Safer Students spend much time online in today’s digital world. Online is great fun, but cyberbullying, oversharing, and clickjacking may cause them harm. Get Safe Online provides valuable information to prepare students to navigate the online world. We want every student while online to say with confidence #lAmSafer. Visit getsafeonline.bs to find out how students can stay safe online. Choose Secure

Keep Your Online Identity on Lock
11 April 2023 is recognised as Identity Management Day. Below are some practical tips on keeping your online identity on lock. Protect personal information. Don’t post NIB cards, Driver’s Licences, and other identifiable info. Close old accounts. Unused accounts are easier to hack. Stay alert for scams. Beware of giveaways, quizzes and surveys soliciting banking info. Avoid app sharing. If one app is hacked, linked

Advisory: FortiBleed Credential Leak Exposes Thousands of Fortinet VPN Devices Worldwide
Recent reports from cybersecurity researchers have identified a large-scale credential exposure event, known as FortiBleed, involving credentials associated with Fortinet VPN and firewall devices worldwide.

Stay Sharp: Your Phishing and Smishing Survival Kit Body
Cybercriminals are getting smarter but so can you. The National Computer Incident Response Team of The Bahamas (CIRT‑BS) has launched the Phishing and Smishing Survival

Advisory: Beware of Fraudulent NIB Smart Card Renewal Text Scam
CIRT‑BS warns the public about fraudulent messages impersonating the National Insurance Board (NIB). These scams aim to deceive recipients into clicking unsafe links or sharing

Advisory: Fake Traffic Fine Payment Scam
The National Computer Incident Response Team of The Bahamas (CIRT-BS) is aware of fraudulent websites impersonating legitimate government services and attempting to collect fake traffic
Actively Exploited SQL Injection in FortiClient EMS
ⓘ We are reaching out to let you know that a critical, actively exploited vulnerability has been identified in Fortinet’s FortiClient EMS platform. Attention constituent:
CISCO AsyncOS Zero Day Vulnerability
ⓘ We are reaching out to let you know that there is a newly identified advanced persistent threat (APT) that has been exploiting a zero-day
Threat Actors Hijacking Microsoft Teams Accounts
ⓘ We are reaching out to let you know there is a vulnerability in Microsoft Teams that allows threat actors to impersonate valid users. Attention
New Advisory: Beware Fraudulent Hurricane Melissa Relief Websites
ⓘ We are reaching out to let you know that of fraudulent and malicious websites scamming victims via fake Hurricane Melissa relief donation charities/organisations. Attention
LockBit 5.0 Ransomware Threat Resurgence Alert
ⓘ We are reaching out to let you know that a new variant of the LockBit ransomware, known as LockBit 5.0, has recently emerged. Attention
Cisco IOS: SNMP Denial Of Service and Remote Code Execution Vulnerability
ⓘ We are reaching out to let you know that Cisco IOS is vulnerable and can be exploited via Remote Code Execution by attacker to
Microsoft Security: Windows Server Update Service
ⓘ We are reaching out to let you know that Windows Server Update Service is vulnerable and can be exploited via Remote Code Execution by
Regional Spike in Medusa Ransomware
ⓘ We are reaching out to let you know there has been a sharp rise in Vadir infostealer infections globally, posing a growing threat to
Vidar Infostealer Spyware on The Rise
ⓘ We are reaching out to let you know there has been a sharp rise in Vadir infostealer infections globally, posing a growing threat to
New Advisory: Critical SonicWall SSL-VPN Zero-Day Exploit
ⓘ We are reaching out to let you know about a zero-day security vulnerability in Gen 7 SonicWall firewalls that attackers are currently exploiting. Advisory
Deepfake Investment Scam Continues to Evolve
ⓘ This advisory is about an ongoing scam campaign containing deepfake video content of senior government officials. The scams are designed to trick you into
New Advisory: Fake Investment Scams Using Deepfake Videos
ⓘ This advisory addresses fake investment scams. CIRT-BS is urging the public to stay vigilant as new scams circulate online and fraudulent websites are impersonating
New Advisory: Active Exploitation of Ivanti Vulnerabilities
ⓘ Attackers are targeting Ivanti Connect Secure appliances using known vulnerabilities. Attackers may sometimes maintain persistent, undetected access even after patching systems. Advisory Overview Advisory
New Advisory: Critical Exploitation of Known Fortinet Vulnerabilities
ⓘ We are reaching out to let you know about ongoing attacks targeting Fortinet devices using known vulnerabilities. In some cases, the attackers can remain
New Advisory: Critical Vulnerability Found in Remote Access VPNs
ⓘ Your system could be at risk of being affected by several CVEs targeting SSL VPNs. CIRT-BS is advising that unpatched VPN devices are being
New Advisory: (Critical) Authentication Bypass Vulnerability (FortiOS, FortiProxy, and FortiSwitch Manager)
ⓘ This advisory addresses a critical vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager platforms. Attention constituent: CVE-2022-40684 is a critical authentication bypass vulnerability impacting Fortinet’s FortiOS,

