Updates
Deepfake Investment Scam Continues to Evolve
ⓘ This advisory is about an ongoing scam campaign containing deepfake video content of senior government officials. The scams are designed to trick you into sharing your personal information or making a payment. Threat actors are creating “copycat” versions of local news websites to make their scams look legitimate, and solicit personal information and payments. They use social media websites like Facebook and WhatsApp to
New Advisory: Fake Investment Scams Using Deepfake Videos
ⓘ This advisory addresses fake investment scams. CIRT-BS is urging the public to stay vigilant as new scams circulate online and fraudulent websites are impersonating local media houses to promote a fake investment opportunity linked to Central Bank of The Bahamas. To boost credibility and traffic, the scammers are using artificial intelligence to generate “deepfake” videos of various news personalities as well as Central Bank
New Advisory: Active Exploitation of Ivanti Vulnerabilities
ⓘ Attackers are targeting Ivanti Connect Secure appliances using known vulnerabilities. Attackers may sometimes maintain persistent, undetected access even after patching systems. Advisory Overview Advisory Type Technical Author Marcus Knowles Date 17 April 2025 Ivanti and CISA recently reported active exploitation of several critical vulnerabilities in Ivanti network access security appliances. UNC5221, a China-linked threat group, uses these vulnerabilities to break into networks, deploy custom
New Advisory: Critical Exploitation of Known Fortinet Vulnerabilities
ⓘ We are reaching out to let you know about ongoing attacks targeting Fortinet devices using known vulnerabilities. In some cases, the attackers can remain undetected even after patching. Attention constituent: Fortinet and CISA recently reported active exploitation of several known vulnerabilities in Fortinet devices. These include switches, firewalls, and other related products, many of which are widely used for secure remote access. Attackers are
New Advisory: Critical Vulnerability Found in Remote Access VPNs
ⓘ Your system could be at risk of being affected by several CVEs targeting SSL VPNs. CIRT-BS is advising that unpatched VPN devices are being actively scanned for vulnerabilities. These include many widely used brands detailed below. The attacks are using previously breached credentials and brute force to bypass weak or misconfigured MFA to access devices and/or deploy ransomware. Advisory Overview Advisory Type Technical Author
PRESS RELEASE: THE BAHAMAS TRAINS 150+ COUNSELLORS TO LEAD THE CHARGE IN CHILD ONLINE PROTECTION WITH CIRT-BS WORKSHOP
Participants gather at the University of The Bahamas, RBC Auditorium, Franklyn Wilson Graduate Centre 19-20 February 2025 for the CIRT-BS and ITU Child Online Protection Workshop NASSAU, The Bahamas—Over 150 guidance counsellors were in attendance for the nation’s first “Train-the-Trainer” Child Online Protection (COP) Workshop, held in-person and online 19-20 February 2025, at the University of The Bahamas, RBC Auditorium, Franklyn Wilson Graduate Centre. The
PRESS RELEASE: MIN. HALKITIS: CYBER SECURITY IS “A KEY PILLAR OF ECONOMIC STABILITY” – CIRT-BS AND INDUSTRY EXPERTS UNITE AT ALIV BUSINESS CYBER SECURITY SUMMIT
Minister of Economic Affairs, Senator the Hon. Michael Halkitis delivering welcome remarks at the ALIV Business Cyber Security Summit 2025 NASSAU, The Bahamas—Cyber security experts, government officials, and industry leaders convened at the ALIV Business Cyber Security Summit on 20 February 2025, to address the growing cyber threats facing businesses and national infrastructure across the country. Under the theme “Securing the Future: Navigating Cyber Challenges
New Advisory: (Critical) Authentication Bypass Vulnerability (FortiOS, FortiProxy, and FortiSwitch Manager)
ⓘ This advisory addresses a critical vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager platforms. Attention constituent: CVE-2022-40684 is a critical authentication bypass vulnerability impacting Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager platforms. This flaw enables attackers to gain unauthorised administrative access, potentially leading to system compromise, data theft, and operational disruption. A leaked list of 15,000 vulnerable IP addresses has heightened the risk of exploitation. Immediate action is
New Advisory: (Critical) FortiOS Vulnerability
ⓘ This advisory addresses a critical vulnerability impacting FortiOS systems (CVE-2024-55591). Attention constituent: A critical vulnerability (CVE-2024-55591) has been identified in Fortinet’s FortiOS systems. This vulnerability stems from an authentication bypass flaw in the FortiOS web management interface. Exploitation of this vulnerability allows remote, unauthenticated attackers to gain unauthorised administrative access and execute arbitrary actions on affected systems. CVE: CVE-2024-55591 Severity: Critical (CVSS: 9.8) Affected Platforms: FortiOS systems
Deepfake Investment Scam Continues to Evolve
ⓘ This advisory is about an ongoing scam campaign containing deepfake video content of senior government officials. The scams are designed to trick you into
New Advisory: Fake Investment Scams Using Deepfake Videos
ⓘ This advisory addresses fake investment scams. CIRT-BS is urging the public to stay vigilant as new scams circulate online and fraudulent websites are impersonating
New Advisory: Active Exploitation of Ivanti Vulnerabilities
ⓘ Attackers are targeting Ivanti Connect Secure appliances using known vulnerabilities. Attackers may sometimes maintain persistent, undetected access even after patching systems. Advisory Overview Advisory
New Advisory: Critical Exploitation of Known Fortinet Vulnerabilities
ⓘ We are reaching out to let you know about ongoing attacks targeting Fortinet devices using known vulnerabilities. In some cases, the attackers can remain
New Advisory: Critical Vulnerability Found in Remote Access VPNs
ⓘ Your system could be at risk of being affected by several CVEs targeting SSL VPNs. CIRT-BS is advising that unpatched VPN devices are being
PRESS RELEASE: THE BAHAMAS TRAINS 150+ COUNSELLORS TO LEAD THE CHARGE IN CHILD ONLINE PROTECTION WITH CIRT-BS WORKSHOP
Participants gather at the University of The Bahamas, RBC Auditorium, Franklyn Wilson Graduate Centre 19-20 February 2025 for the CIRT-BS and ITU Child Online Protection
PRESS RELEASE: MIN. HALKITIS: CYBER SECURITY IS “A KEY PILLAR OF ECONOMIC STABILITY” – CIRT-BS AND INDUSTRY EXPERTS UNITE AT ALIV BUSINESS CYBER SECURITY SUMMIT
Minister of Economic Affairs, Senator the Hon. Michael Halkitis delivering welcome remarks at the ALIV Business Cyber Security Summit 2025 NASSAU, The Bahamas—Cyber security experts,
New Advisory: (Critical) Authentication Bypass Vulnerability (FortiOS, FortiProxy, and FortiSwitch Manager)
ⓘ This advisory addresses a critical vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager platforms. Attention constituent: CVE-2022-40684 is a critical authentication bypass vulnerability impacting Fortinet’s FortiOS,
New Advisory: (Critical) FortiOS Vulnerability
ⓘ This advisory addresses a critical vulnerability impacting FortiOS systems (CVE-2024-55591). Attention constituent: A critical vulnerability (CVE-2024-55591) has been identified in Fortinet’s FortiOS systems. This
PRESS RELEASE: he Bahamas Strengthens Cybersecurity with National Cybersecurity Strategy Launch and Multi-day Workshop
NASSAU, The Bahamas—The country took a significant leap forward in safeguarding its digital infrastructure with the official launch of the National Cybersecurity Strategy (NCS) for
The Deal on Cyber Monday
Cyber Monday is a great time to score on big deals; however, cyber criminals use this day to try to score big with your wallet
The Bahamas’ National Cybersecurity Strategy
The National Cybersecurity Strategy (NCS) is a set of strategic principles, guidelines, objectives, and specific measures to mitigate risk associated with cybersecurity. The document is
Wrong QR Code
SIKE! You scanned the wrong QR Code. QR Codes, or quick response codes, are convenient tools that allow us to share electronic information quickly. However,
New Advisory: (Critical) FortiManager Zero-Day Exploitation
ⓘ This advisory addresses a zero-day vulnerability impacting FortiManager and FortiManagerCloud. Attention constituent: A known, successfully exploited critical zero-day vulnerability (CVE-2024-47575) has been identified in
Cybersecurity Awareness Month: The Truth About Software Updates
Those pesky updates. They’re annoying but so critical to do! While, at times, they may seem inconvenient, these updates ensure that your devices and apps
Cybersecurity Awareness Month: Now That’s a Red Flag: Watch Out for Phish!
Did you know that one of the most common cyber attacks reported at the National CIRT originate from a phishing attempt that an unlucky victim
Join Us for the “Secure Our World” Cybersecurity Awareness Month Webinar + Q&A
Register for the CIRT-BS Cybersecurity Awareness Webinar to secure your spot. Join Us for the “Secure Our World” Cybersecurity Awareness Month Webinar + Q&A Cybersecurity is
PRESS RELEASE: Bahamas’ National CIRT Director Sametria McKinney Honoured for Advancing Global Cyber Security
FOR IMMEDIATE RELEASE 17 October 2024 Bahamas’ National CIRT Director Sametria McKinney Honoured for Advancing Global Cyber Security NASSAU, The Bahamas—The National Computer Incident Response
Cybersecurity Awareness Month: Enable MFA; Disable the Hackers
Last week, we kicked off Cybersecurity Awareness Month, detailing strong passwords as your first line of defence against a cyber attack; this week, we cover
Cybersecurity Awareness Month: Use a Strong Password + a Password Manager
Cybersecurity professionals always say it, but it’s true: passwords are your first line of defence against data breaches. Because of this, it is crucial to
