Resources
New Advisory: (Critical) FortiManager Zero-Day Exploitation
ⓘ This advisory addresses a zero-day vulnerability impacting FortiManager and FortiManagerCloud. Attention constituent: A known, successfully exploited critical zero-day vulnerability (CVE-2024-47575) has been identified in Fortinet’s FortiManager and FortiManager Cloud platforms. This vulnerability stems
WhatsApp Account Hijacking Scams Advisory
ⓘ This advisory addresses an increase in compromised WhatsApp accounts. Attention constituent: CIRT-BS is advising members of the public to stay alert as a sophisticated scam targeting WhatsApp users is on
New Advisory: CrowdStrike Update Crashes Windows Systems Worldwide
ⓘ This advisory addresses a recent update to CrowdStrike’s Falcon sensor which has led to widespread Blue Screen of Death errors. Attention Microsoft service users: A recent update to CrowdStrike’s
Akira Ransomware Exploits Critical Vulnerabilities in ESXi VMware and VPNs
ⓘ This advisory addresses the increase of Akira Ransomware attacks on critical information infrastructure due to VPN vulnerabilities. Attention constituent: CIRT-BS is observing an uptick in Akira Ransomware malware attacks
Consumer Loan Scams
Attention Constituent: We would like to inform you about a series of consumer loan scams originating from actors posing as third-party representatives of financial institutions, including Central Bank of The
Multiple Nation-State Threat Actors Exploit Multiple Zoho Manage Engine Products
Attention Constituent: ######################################### ## S E C U R I T Y A D V I S O R Y ## ######################################### Title
WhatsApp Account Hijacking Scams Advisory
ⓘ This advisory addresses an increase in compromised WhatsApp accounts. Attention constituent: CIRT-BS is advising members of the public to stay alert as a sophisticated scam targeting WhatsApp users is on the rise. Cybercriminals are hacking accounts and deceiving users’ friends and family into sending money by posing as trusted contacts. How the Scam Works Scammers make contact, sometimes with a WhatsApp call, and use fake
CrowdStrike Update (Phishing Attempts)
ⓘ This advisory addresses new phishing attempts related to CrowdStrike’s Falcon sensor crash. Attention Constituents: Since CrowdStrike deployed its international Falcon sensor fix last Friday, 19 July 2024, Crowd Strike Intelligence has identified that threat actors are leveraging this event for malicious purposes such as: Distributing a malicious zip file named “crowdstirke-hotfix.zip”; Establishing fraudulent domains to mimic CrowdStrike; Sending phishing emails posing as CrowdStrike support
New Advisory: CrowdStrike Update Crashes Windows Systems Worldwide
ⓘ This advisory addresses a recent update to CrowdStrike’s Falcon sensor which has led to widespread Blue Screen of Death errors. Attention Microsoft service users: A recent update to CrowdStrike’s Falcon sensor has led to widespread Blue Screen of Death (BSOD) errors on Windows hosts, resulting in disruptions locally to several services, including payment processing, and global disruptions. CrowdStrike has deployed a fix for this
“Free Money” WhatsApp Scam
ⓘ This advisory addresses an uptick in “free money” scams on WhatsApp. Attention constituent: CIRT-BS is observing an uptick in “free money” scams on WhatsApp involving threat actors impersonating the “Ministry of Labour and [Public Service]” and offering mobile device “top-ups” to solicit personally identifiable information like internet protocol (IP) addresses and telephone numbers from members of the general public. In the attacks, actors are
Parcel Delivery Scams
ⓘ This advisory addresses an uptick in parcel delivery scams. Attention constituent: CIRT-BS is observing an uptick in parcel delivery scams involving threat actors impersonating Bahamas Postal Services’ (BPS) website to solicit payment and personally identifiable information from members of the general public. Actors are sending SMS messages from the telephone number “+0123456789” advising recipients that their “delivery” is on hold and requesting they visit
Consumer Loan Scams
Attention Constituent: We would like to inform you about a series of consumer loan scams originating from actors posing as third-party representatives of financial institutions, including Central Bank of The Bahamas and Bank of The Bahamas Limited. Sources: https://www.centralbankbahamas.com/ and https://www.facebook.com/BOBBankofSolutions/ CIRT-BS reminds you that scammers often attempt to draw on your emotions by creating a sense of urgency and appearing to be trustworthy. Remember to do
Build Better Passwords for Online Security this “Change Your Password Day”
What do your bank, social media, and email accounts share? A password! Passwords are one of the most critical lines of defence against cyber attacks. They help ensure our data is only accessed by authorised users, even in the event of device theft or loss. Many people choose passwords found in the dictionary and reuse them across multiple accounts, meaning that once a cybercriminal has
Data Privacy Week: 4 Ways to Protect Your Data
So what’s the big deal about privacy, anyway? When you avoid taking measures to take control of your data, you make yourself susceptible to identity theft, which can lead to several issues, including financial loss and damage to your online footprint. Throughout this Data Privacy Week, CIRT-BS covered topics around practising discernment in sharing specific data with various services and taking action on our decisions through
Data Privacy Week: Get Comfortable with Privacy
We may feel despair about how our data is collected and used by our apps and web services—especially as they often request more data than necessary. But here’s the silver lining, thanks to privacy rules like the GDPR and Data Protection Act: you have some control! Privacy rules help protect us, the users. Websites and apps are now increasing transparency around the info they collect and how
Data Privacy Week: 4 Ways to Protect Your Data
So what’s the big deal about privacy, anyway? When you avoid taking measures to take control of your data, you make yourself susceptible to identity theft, which can lead to several issues, including financial loss and damage to your online footprint. Throughout this Data Privacy Week, CIRT-BS covered topics around practising discernment in sharing specific data with various services and taking action on our decisions through
Data Privacy Week: Get Comfortable with Privacy
We may feel despair about how our data is collected and used by our apps and web services—especially as they often request more data than necessary. But here’s the silver lining, thanks to privacy rules like the GDPR and Data Protection Act: you have some control! Privacy rules help protect us, the users. Websites and apps are now increasing transparency around the info they collect and how
Data Privacy Week: The Privacy & Convenience Trade-off
Think about the last application you downloaded on your mobile phone. It could be a messaging tool, an engaging social media platform, or even a GPS navigator. Whatever the app may be, mobile applications add considerable value to our lives… but at what cost? The truth is, while these apps may provide convenience, they also infringe on your privacy by collecting extensive data on you and
Introduction to Cybersecurity
Imagine the chaos of a world where your online financial systems are compromised daily, you have difficulty accessing email accounts when you want to, and your local meteorologists cannot detect the next storm before it happens. This is a glimpse into the reality of a world without cybersecurity. CISA, the United States’ Cybersecurity & Infrastructure Security Agency, defines cybersecurity as the art of protecting networks,
Understanding Akira Ransomware and Ransomware Trends: A Comprehensive Analysis
Author: Marcus Knowles Jr. CIRT Analyst In the rapidly evolving landscape of cybersecurity, ransomware attacks have emerged as one of the most pervasive and damaging threats to businesses worldwide. Among the myriad ransomware families, one name has been making headlines – Akira. Understanding the origins, evolution, and tactics employed by Akira is crucial in the fight against this potent digital adversary. Ransomware families reported in
Cyber Steward’s Guide to Online Christmas Shopping
Cyber Steward’s Guide to Online Christmas Shopping Spot the Real Deals Learn the difference between genuine offers and too-good-to-be-true scams. Secure Your Transactions Use trusted payment methods and ensure the website’s security before entering your details. Keep Software Updated Running the latest security software is your first defence against cyber threats. Watch Out for Fake Reviews Rely on verified purchase reviews and be wary of
Safer Students — Get Safe Online
Keep Your Students Safer Students spend much time online in today’s digital world. Online is great fun, but cyberbullying, oversharing, and clickjacking may cause them harm. Get Safe Online provides valuable information to prepare students to navigate the online world. We want every student while online to say with confidence #lAmSafer. Visit getsafeonline.bs to find out how students can stay safe online. Choose Secure
Keep Your Online Identity on Lock
11 April 2023 is recognised as Identity Management Day. Below are some practical tips on keeping your online identity on lock. Protect personal information. Don’t post NIB cards, Driver’s Licences, and other identifiable info. Close old accounts. Unused accounts are easier to hack. Stay alert for scams. Beware of giveaways, quizzes and surveys soliciting banking info. Avoid app sharing. If one app is hacked, linked
World Backup Day
Did you know that 31 March has been dubbed the day to backup and better protect your data? Losing important digital files happen way more than you think! CIRT-BS is here to help you avoid being fooled with the 3-2-1 Backup Rule.
- RFC 2350