Alerts

Akira Ransomware Exploits Critical Vulnerabilities in ESXi VMware and VPNs

ⓘ This advisory addresses the increase of Akira Ransomware attacks on critical information infrastructure due to VPN vulnerabilities. Attention constituent:  CIRT-BS is observing an uptick in Akira Ransomware malware attacks impacting Bahamian critical infrastructure. Arika Ransomware, which emerged in March 2023, has two distinct variants that target outdated versions of VMware ESXi virtual machines, encrypting the files […]

Akira Ransomware Exploits Critical Vulnerabilities in ESXi VMware and VPNs Read More »

Consumer Loan Scams

Attention Constituent:  We would like to inform you about a series of consumer loan scams originating from actors posing as third-party representatives of financial institutions, including Central Bank of The Bahamas and Bank of The Bahamas Limited. Sources: https://www.centralbankbahamas.com/ and https://www.facebook.com/BOBBankofSolutions/ CIRT-BS reminds you that scammers often attempt to draw on your emotions by creating a sense

Consumer Loan Scams Read More »

Multiple Nation-State Threat Actors Exploit Multiple Zoho Manage Engine Products

Attention Constituent:     ######################################### ##  S E C U R I T Y   A D V I S O R Y  ## ######################################### Title            : Multiple Nation-State Threat Actors Exploit Multiple Zoho ManageEngine products Advisory ID      : CIRT-BS-2023-0004 Version          : 1.00 Probability  

Multiple Nation-State Threat Actors Exploit Multiple Zoho Manage Engine Products Read More »

Cisco Router / Adaptive Security Appliance (ASA) and FTD Software Vulnerability

Attention Constituent:     ######################################### ##  S E C U R I T Y   A D V I S O R Y  ## ######################################### Title            : Cisco Router / Adaptive Security Appliance (ASA) and FTD Software Vulnerability Advisory ID      : CIRT-BS-2023-0005 Version          : 1.00

Cisco Router / Adaptive Security Appliance (ASA) and FTD Software Vulnerability Read More »

Dropbox discloses breach after hacker stole 130 GitHub repositories

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was

Dropbox discloses breach after hacker stole 130 GitHub repositories Read More »

ABOUT “BLUEBLEED”SERVICE AND THE VULNERABILITY OF MICROSOFT AWS SERVERS

Attack info First seen 2022-09-24 • Last seen 2022-10-19 On October 19, 2022, Socradar announced a vulnerability they discovered in several misconfigured Microsoft AWS servers. They also announced the launch of the BlueBleed service, which contains data downloaded from several misconfigured Microsoft AWS servers. Link to the Socradar announcement – hxxps://socradar[.]io/sensitive-data-of-65000-entities-in-111- countries-leaked-due-to-a-single-misconfigured-data-bucket/ The exposed files in

ABOUT “BLUEBLEED”SERVICE AND THE VULNERABILITY OF MICROSOFT AWS SERVERS Read More »

New PHP information-stealing malware targets Facebook accounts

A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers from WithSecure in July 2022, who linked the attacks to Vietnamese hackers. Those campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core malware masquerading

New PHP information-stealing malware targets Facebook accounts Read More »

Magniber ransomware now infects Windows users via JavaScript files

A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates. Threat actors created in September websites that promoted fake antivirus and security updates for Windows 10. The downloaded malicious files (ZIP archives) contained JavaScript that initiated an intricate infection with the file-encrypting malware. A report from HP’s threat intelligence

Magniber ransomware now infects Windows users via JavaScript files Read More »

CVE-2022-41352: Remote Code Execution Vulnerability in Zimbra Collaboration Suite CVSS 3.0: 9.8 (Critical)

Vulnerability Description An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however,

CVE-2022-41352: Remote Code Execution Vulnerability in Zimbra Collaboration Suite CVSS 3.0: 9.8 (Critical) Read More »

Scroll to Top
Skip to content