Stay Sharp: Your Phishing and Smishing Survival Kit Body
Cybercriminals are getting smarter but so can you. The National Computer Incident Response Team of The Bahamas (CIRT‑BS) has launched the Phishing and Smishing Survival Kit to help you spot
CIRT‑BS Advisory: Beware of Fraudulent NIB Smart Card Renewal Text Scam
CIRT‑BS warns the public about fraudulent messages impersonating the National Insurance Board (NIB). These scams aim to deceive recipients into clicking unsafe links or sharing personal information under the guise
Smishing vs Phishing: Understanding the Dual Threat
Cyber‑criminals continue to evolve their tactics, targeting both mobile and desktop users. Smishing uses SMS or messaging apps to lure victims into clicking fraudulent links or sharing sensitive data. Phishing
Advisory: Fake Traffic Fine Payment Scam
The National Computer Incident Response Team of The Bahamas (CIRT-BS) is aware of fraudulent websites impersonating legitimate government services and attempting to collect fake traffic fine payments. These scams use
Bahamas Election Security Awareness 2026
Daily Election Checklist: Stay Informed. Stay Secure. Verifying information is everyone’s responsibility: Follow updates from official government channels and the Parliamentary Registration Department Rely on verified Bahamian news outlets for
Child Online Protection Webinar: A Conversation That Matters
On May 20, 2026, the National Computer Incident Response Team of The Bahamas (CIRT‑BS) will host the Child Online Protection Webinar, uniting international experts to explore how we can build
Microsoft Security: Windows Server Update Service
ⓘ We are reaching out to let you know that Windows Server Update Service is vulnerable and can be exploited via Remote Code Execution by attacker to gain unauthorized access to critical systems. Attention constituent: A critical vulnerability exists in Microsoft Windows Server Update Services (WSUS) that allows a remote, unauthenticated attacker to execute unauthorized code on affected systems. The issue is caused by improper
Regional Spike in Medusa Ransomware
ⓘ We are reaching out to let you know there has been a sharp rise in Vadir infostealer infections globally, posing a growing threat to your data. Advisory Overview Advisory Type Technical Author Etienne Bowleg Date 16 September 2025 We have observed an increase in ransomware attacks in our region attributed to the Medusa group, one of the most active and aggressive ransomware campaigns currently
Vidar Infostealer Spyware on The Rise
ⓘ We are reaching out to let you know there has been a sharp rise in Vadir infostealer infections globally, posing a growing threat to your data. Advisory Overview Advisory Type Technical Author Emilio Smith Date 15 September 2025 There has been a noticeable increase in Vidar spyware infections affecting systems worldwide. Vidar is a type of malicious software (spyware) that quietly collects sensitive information
New Advisory: Critical SonicWall SSL-VPN Zero-Day Exploit
ⓘ We are reaching out to let you know about a zero-day security vulnerability in Gen 7 SonicWall firewalls that attackers are currently exploiting. Advisory Overview Advisory Type Technical Author Emilio Smith Date 15 August 2025 There is an ongoing threat of attacks from the Akira ransomware group targeting Gen 7 SonicWall firewalls where SSL-VPN has been enabled. This group is exploiting a zero-day vulnerability,
Deepfake Investment Scam Continues to Evolve
ⓘ This advisory is about an ongoing scam campaign containing deepfake video content of senior government officials. The scams are designed to trick you into sharing your personal information or making a payment. Threat actors are creating “copycat” versions of local news websites to make their scams look legitimate, and solicit personal information and payments. They use social media websites like Facebook and WhatsApp to
New Advisory: Fake Investment Scams Using Deepfake Videos
ⓘ This advisory addresses fake investment scams. CIRT-BS is urging the public to stay vigilant as new scams circulate online and fraudulent websites are impersonating local media houses to promote a fake investment opportunity linked to Central Bank of The Bahamas. To boost credibility and traffic, the scammers are using artificial intelligence to generate “deepfake” videos of various news personalities as well as Central Bank
New Advisory: Active Exploitation of Ivanti Vulnerabilities
ⓘ Attackers are targeting Ivanti Connect Secure appliances using known vulnerabilities. Attackers may sometimes maintain persistent, undetected access even after patching systems. Advisory Overview Advisory Type Technical Author Marcus Knowles Date 17 April 2025 Ivanti and CISA recently reported active exploitation of several critical vulnerabilities in Ivanti network access security appliances. UNC5221, a China-linked threat group, uses these vulnerabilities to break into networks, deploy custom
New Advisory: Critical Exploitation of Known Fortinet Vulnerabilities
ⓘ We are reaching out to let you know about ongoing attacks targeting Fortinet devices using known vulnerabilities. In some cases, the attackers can remain undetected even after patching. Attention constituent: Fortinet and CISA recently reported active exploitation of several known vulnerabilities in Fortinet devices. These include switches, firewalls, and other related products, many of which are widely used for secure remote access. Attackers are
New Advisory: Critical Vulnerability Found in Remote Access VPNs
ⓘ Your system could be at risk of being affected by several CVEs targeting SSL VPNs. CIRT-BS is advising that unpatched VPN devices are being actively scanned for vulnerabilities. These include many widely used brands detailed below. The attacks are using previously breached credentials and brute force to bypass weak or misconfigured MFA to access devices and/or deploy ransomware. Advisory Overview Advisory Type Technical Author
Data Privacy Week: The Privacy & Convenience Trade-off
Think about the last application you downloaded on your mobile phone. It could be a messaging tool, an engaging social media platform, or even a GPS navigator. Whatever the app may be, mobile applications add considerable value to our lives… but at what cost? The truth is, while these apps may provide convenience, they also infringe on your privacy by collecting extensive data on you and
Introduction to Cybersecurity
Imagine the chaos of a world where your online financial systems are compromised daily, you have difficulty accessing email accounts when you want to, and your local meteorologists cannot detect the next storm before it happens. This is a glimpse into the reality of a world without cybersecurity. CISA, the United States’ Cybersecurity & Infrastructure Security Agency, defines cybersecurity as the art of protecting networks,
Understanding Akira Ransomware and Ransomware Trends: A Comprehensive Analysis
Author: Marcus Knowles Jr. CIRT Analyst In the rapidly evolving landscape of cybersecurity, ransomware attacks have emerged as one of the most pervasive and damaging threats to businesses worldwide. Among the myriad ransomware families, one name has been making headlines – Akira. Understanding the origins, evolution, and tactics employed by Akira is crucial in the fight against this potent digital adversary. Ransomware families reported in
Cyber Steward’s Guide to Online Christmas Shopping
Cyber Steward’s Guide to Online Christmas Shopping Spot the Real Deals Learn the difference between genuine offers and too-good-to-be-true scams. Secure Your Transactions Use trusted payment methods and ensure the website’s security before entering your details. Keep Software Updated Running the latest security software is your first defence against cyber threats. Watch Out for Fake Reviews Rely on verified purchase reviews and be wary of
Safer Students — Get Safe Online
Keep Your Students Safer Students spend much time online in today’s digital world. Online is great fun, but cyberbullying, oversharing, and clickjacking may cause them harm. Get Safe Online provides valuable information to prepare students to navigate the online world. We want every student while online to say with confidence #lAmSafer. Visit getsafeonline.bs to find out how students can stay safe online. Choose Secure
Keep Your Online Identity on Lock
11 April 2023 is recognised as Identity Management Day. Below are some practical tips on keeping your online identity on lock. Protect personal information. Don’t post NIB cards, Driver’s Licences, and other identifiable info. Close old accounts. Unused accounts are easier to hack. Stay alert for scams. Beware of giveaways, quizzes and surveys soliciting banking info. Avoid app sharing. If one app is hacked, linked
World Backup Day
Did you know that 31 March has been dubbed the day to backup and better protect your data? Losing important digital files happen way more than you think! CIRT-BS is here to help you avoid being fooled with the 3-2-1 Backup Rule.
Don’t become victim to cyber attacks.
Don’t become victim to cyber attacks. Protect sensitive data and improve your digital privacy. Password-protect your devices. Keep software and apps updated. Choose incognito or private browsing. Login with two-factor authentication. Manage unique passwords with a password manager. Browse public Wi-FI with a VPN. Disable unnecessary mobile app permissions. Backup & encrypt sensitive data.
Happy Valentine’s Day
Online dating is becoming increasingly popular in our communities and while many may be searching for their Valentine via dating apps and social media platforms, unexpected dangers are always present! Be careful of the following: ‘Catfishers’ who create fake online dating profiles. Romance scammers asking for money. Scammers phishing for personal information. Fake online dating sites. Sharing private/sensitive photos online. Accepting friend requests from unknown
- RFC 2350