Resources
New Advisory: Fake Investment Scams Using Deepfake Videos
ⓘ This advisory addresses fake investment scams. CIRT-BS is urging the public to stay vigilant as new scams circulate online and fraudulent websites are impersonating local media houses to promote
New Advisory: Active Exploitation of Ivanti Vulnerabilities
ⓘ Attackers are targeting Ivanti Connect Secure appliances using known vulnerabilities. Attackers may sometimes maintain persistent, undetected access even after patching systems. Advisory Overview Advisory Type Technical Author Marcus Knowles
New Advisory: Critical Exploitation of Known Fortinet Vulnerabilities
ⓘ We are reaching out to let you know about ongoing attacks targeting Fortinet devices using known vulnerabilities. In some cases, the attackers can remain undetected even after patching. Attention
New Advisory: Critical Vulnerability Found in Remote Access VPNs
ⓘ Your system could be at risk of being affected by several CVEs targeting SSL VPNs. CIRT-BS is advising that unpatched VPN devices are being actively scanned for vulnerabilities. These
New Advisory: (Critical) Authentication Bypass Vulnerability (FortiOS, FortiProxy, and FortiSwitch Manager)
ⓘ This advisory addresses a critical vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager platforms. Attention constituent: CVE-2022-40684 is a critical authentication bypass vulnerability impacting Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager platforms. This
New Advisory: (Critical) FortiOS Vulnerability
ⓘ This advisory addresses a critical vulnerability impacting FortiOS systems (CVE-2024-55591). Attention constituent: A critical vulnerability (CVE-2024-55591) has been identified in Fortinet’s FortiOS systems. This vulnerability stems from an authentication
“Free Money” WhatsApp Scam
ⓘ This advisory addresses an uptick in “free money” scams on WhatsApp. Attention constituent: CIRT-BS is observing an uptick in “free money” scams on WhatsApp involving threat actors impersonating the “Ministry of Labour and [Public Service]” and offering mobile device “top-ups” to solicit personally identifiable information like internet protocol (IP) addresses and telephone numbers from members of the general public. In the attacks, actors are
Parcel Delivery Scams
ⓘ This advisory addresses an uptick in parcel delivery scams. Attention constituent: CIRT-BS is observing an uptick in parcel delivery scams involving threat actors impersonating Bahamas Postal Services’ (BPS) website to solicit payment and personally identifiable information from members of the general public. Actors are sending SMS messages from the telephone number “+0123456789” advising recipients that their “delivery” is on hold and requesting they visit
Consumer Loan Scams
Attention Constituent: We would like to inform you about a series of consumer loan scams originating from actors posing as third-party representatives of financial institutions, including Central Bank of The Bahamas and Bank of The Bahamas Limited. Sources: https://www.centralbankbahamas.com/ and https://www.facebook.com/BOBBankofSolutions/ CIRT-BS reminds you that scammers often attempt to draw on your emotions by creating a sense of urgency and appearing to be trustworthy. Remember to do
Build Better Passwords for Online Security this “Change Your Password Day”
What do your bank, social media, and email accounts share? A password! Passwords are one of the most critical lines of defence against cyber attacks. They help ensure our data is only accessed by authorised users, even in the event of device theft or loss. Many people choose passwords found in the dictionary and reuse them across multiple accounts, meaning that once a cybercriminal has
Data Privacy Week: 4 Ways to Protect Your Data
So what’s the big deal about privacy, anyway? When you avoid taking measures to take control of your data, you make yourself susceptible to identity theft, which can lead to several issues, including financial loss and damage to your online footprint. Throughout this Data Privacy Week, CIRT-BS covered topics around practising discernment in sharing specific data with various services and taking action on our decisions through
Data Privacy Week: Get Comfortable with Privacy
We may feel despair about how our data is collected and used by our apps and web services—especially as they often request more data than necessary. But here’s the silver lining, thanks to privacy rules like the GDPR and Data Protection Act: you have some control! Privacy rules help protect us, the users. Websites and apps are now increasing transparency around the info they collect and how
Data Privacy Week: The Privacy & Convenience Trade-off
Think about the last application you downloaded on your mobile phone. It could be a messaging tool, an engaging social media platform, or even a GPS navigator. Whatever the app may be, mobile applications add considerable value to our lives… but at what cost? The truth is, while these apps may provide convenience, they also infringe on your privacy by collecting extensive data on you and
Introduction to Cybersecurity
Imagine the chaos of a world where your online financial systems are compromised daily, you have difficulty accessing email accounts when you want to, and your local meteorologists cannot detect the next storm before it happens. This is a glimpse into the reality of a world without cybersecurity. CISA, the United States’ Cybersecurity & Infrastructure Security Agency, defines cybersecurity as the art of protecting networks,
Understanding Akira Ransomware and Ransomware Trends: A Comprehensive Analysis
Author: Marcus Knowles Jr. CIRT Analyst In the rapidly evolving landscape of cybersecurity, ransomware attacks have emerged as one of the most pervasive and damaging threats to businesses worldwide. Among the myriad ransomware families, one name has been making headlines – Akira. Understanding the origins, evolution, and tactics employed by Akira is crucial in the fight against this potent digital adversary. Ransomware families reported in
The Deal on Cyber Monday
Cyber Monday is a great time to score on big deals; however, cyber criminals use this day to try to score big with your wallet and personal identifiable information as well. As you shop online, especially throughout the holiday season, remember these few tips: Before You Shop Enrol in payment alerts. Some card issuers offer payment alerts so you are always aware of your transactional
Cybersecurity Awareness Month: The Truth About Software Updates
Those pesky updates. They’re annoying but so critical to do! While, at times, they may seem inconvenient, these updates ensure that your devices and apps remain protected from the latest threats. An Apple Example In 2019, Apple introduced a group FaceTime feature. Shortly after its release, a 14-year-old initiated a group call and discovered a major security flaw: they could eavesdrop on a call recipient
Cybersecurity Awareness Month: Now That’s a Red Flag: Watch Out for Phish!
Did you know that one of the most common cyber attacks reported at the National CIRT originate from a phishing attempt that an unlucky victim fell for? This unfortunate fact reminds us why learning to recognise and report phishing attempts is critical. Below we list five red flags to look out for as you become more sensitive to phishing attempts. A message tone that is
Cybersecurity Awareness Month: Enable MFA; Disable the Hackers
Last week, we kicked off Cybersecurity Awareness Month, detailing strong passwords as your first line of defence against a cyber attack; this week, we cover the second: multi-factor authentication (MFA). Multi-factor Authentication adds an extra layer of security by requiring two or more methods of verification to access your accounts. Rather than relying solely on a password, MFA can come in several forms. These include
Cybersecurity Awareness Month: Use a Strong Password + a Password Manager
Cybersecurity professionals always say it, but it’s true: passwords are your first line of defence against data breaches. Because of this, it is crucial to make them strong and difficult to crack. Remember these three keys to make your passwords stronger: Make them long. The longer a password is, the more challenging to crack. CIRT-BS and other industry experts recommend passwords of 16 characters minimum.
Help Secure Our World this Cybersecurity Awareness Month
Welcome to Cybersecurity Awareness Month, an international initiative that educates everyone about online safety and empowers individuals and organisations to protect their data from cybercrime. Amidst large-scale data breaches and cyber-attacks, Cybersecurity Awareness Month reminds us about simple, effective ways to remain safe online, protect personal data, and ultimately help secure our world. The National Computer Incident Response Team of The Bahamas (CIRT-BS) is proud
Cash or Card? 10 Tips to Outsmart Card Fraud
In its 2022 Annual Report, the Bahamian monetary regulator, Central Bank of The Bahamas, reported over $15M in fraud complaints from debit and credit card users.[1] In many instances, better handling of financial cards could help to protect potential victims. This article shares ten practical but effective recommendations for protecting your financial accounts through your bank cards. (1) Invest in an RFID-blocking wallet to store
Don’t Get Reeled In! Recognising and Reporting Phishing
Have you ever received an email from a foreigner requesting financial assistance? How about a text message claiming you’ve won a particular prize for a competition you’ve never entered? In cybersecurity, these scams are commonly known as “phishing” attempts. Believed to come from the term “phoney fishing,” the Internet Engineering Task Force defines phishing as a technique for attempting to acquire sensitive data (e.g.
Spring Forward into Cyber Hygiene
Remember that time changes this Sunday! We move forward one hour. As you take time to update your clocks and declutter your homes this weekend, CIRT-BS reminds you to ensure that your cyber hygiene is being taken care of, too! Organise Your Files Clean folders make spotting malicious files and viruses easier. Review Bank Statements Check for unauthorised transactions and query them.
- RFC 2350
