Updates

Dropbox discloses breach after hacker stole 130 GitHub repositories

Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was sent. “To date, our investigation has found that the code

Read More »

ABOUT “BLUEBLEED”SERVICE AND THE VULNERABILITY OF MICROSOFT AWS SERVERS

Attack info First seen 2022-09-24 • Last seen 2022-10-19 On October 19, 2022, Socradar announced a vulnerability they discovered in several misconfigured Microsoft AWS servers. They also announced the launch of the BlueBleed service, which contains data downloaded from several misconfigured Microsoft AWS servers. Link to the Socradar announcement – hxxps://socradar[.]io/sensitive-data-of-65000-entities-in-111- countries-leaked-due-to-a-single-misconfigured-data-bucket/ The exposed files in the misconfigured bucket include; POE documents, SOW documents, Invoices, Product

Read More »

New PHP information-stealing malware targets Facebook accounts

A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers from WithSecure in July 2022, who linked the attacks to Vietnamese hackers. Those campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core malware masquerading as a PDF document supposedly containing details about a marketing

Read More »

Magniber ransomware now infects Windows users via JavaScript files

A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates. Threat actors created in September websites that promoted fake antivirus and security updates for Windows 10. The downloaded malicious files (ZIP archives) contained JavaScript that initiated an intricate infection with the file-encrypting malware. A report from HP’s threat intelligence team notes that Magniber ransomware operators demanded payment of up to $2,500

Read More »

CVE-2022-41352: Remote Code Execution Vulnerability in Zimbra Collaboration Suite CVSS 3.0: 9.8 (Critical)

Vulnerability Description An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat

Read More »
Tips for helping to keep your online identity secure.

Keep Your Online Identity on Lock

11 April 2023 is recognised as Identity Management Day. Below are some practical tips on keeping your online identity on lock. Protect personal information. Don’t post NIB cards, Driver’s Licences, and other identifiable info. Close old accounts. Unused accounts are easier to hack. Stay alert for scams. Beware of giveaways, quizzes and surveys soliciting banking info. Avoid app sharing. If one app is hacked, linked

Read More »
World Backup Day advisory on following the 3-2-1 Backup rule.

World Backup Day

Did you know that 31 March has been dubbed the day to backup and better protect your data? Losing important digital files happen way more than you think! CIRT-BS is here to help you avoid being fooled with the 3-2-1 Backup Rule.

Read More »
Digital Privacy

Don’t become victim to cyber attacks.

Don’t become victim to cyber attacks. Protect sensitive data and improve your digital privacy. Password-protect your devices. Keep software and apps updated. Choose incognito or private browsing. Login with two-factor authentication. Manage unique passwords with a password manager. Browse public Wi-FI with a VPN. Disable unnecessary mobile app permissions. Backup & encrypt sensitive data.

Read More »
Tips for avoiding scams around Valentine's Day

Happy Valentine’s Day

Online dating is becoming increasingly popular in our communities and while many may be searching for their Valentine via dating apps and social media platforms, unexpected dangers are always present! Be careful of the following: ‘Catfishers’ who create fake online dating profiles. Romance scammers asking for money. Scammers phishing for personal information. Fake online dating sites. Sharing private/sensitive photos online. Accepting friend requests from unknown

Read More »

CIRT-BS March Week Recap

Last week, our team participated in a series of engagements. We began at the University of The Bahamas Business Week, delivering a session on “Understanding

Read More »
Scroll to Top
Skip to content