Updates
CVE-2022-41352: Remote Code Execution Vulnerability in Zimbra Collaboration Suite CVSS 3.0: 9.8 (Critical)
Vulnerability Description An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat
Keep Your Online Identity on Lock
11 April 2023 is recognised as Identity Management Day. Below are some practical tips on keeping your online identity on lock. Protect personal information. Don’t post NIB cards, Driver’s Licences, and other identifiable info. Close old accounts. Unused accounts are easier to hack. Stay alert for scams. Beware of giveaways, quizzes and surveys soliciting banking info. Avoid app sharing. If one app is hacked, linked
World Backup Day
Did you know that 31 March has been dubbed the day to backup and better protect your data? Losing important digital files happen way more than you think! CIRT-BS is here to help you avoid being fooled with the 3-2-1 Backup Rule.
Don’t become victim to cyber attacks.
Don’t become victim to cyber attacks. Protect sensitive data and improve your digital privacy. Password-protect your devices. Keep software and apps updated. Choose incognito or private browsing. Login with two-factor authentication. Manage unique passwords with a password manager. Browse public Wi-FI with a VPN. Disable unnecessary mobile app permissions. Backup & encrypt sensitive data.
Happy Valentine’s Day
Online dating is becoming increasingly popular in our communities and while many may be searching for their Valentine via dating apps and social media platforms, unexpected dangers are always present! Be careful of the following: ‘Catfishers’ who create fake online dating profiles. Romance scammers asking for money. Scammers phishing for personal information. Fake online dating sites. Sharing private/sensitive photos online. Accepting friend requests from unknown
National CIRT Mission Trip
The Bahamas’ National Computer Incident Response Team (CIRT-BS) hosted representatives from the Organization of American States (OAS) and CIRT Trinidad (TT CSIRT) during 31st January – 2nd February, 2023, while on a mission trip to Nassau, Bahamas. Sessions held were aimed at providing recommendations on implementation strategies for the establishment of CIRT-BS. The sessions included a review of the technical design documents, the National Cybersecurity
Cybersecurity New Year’s Resolutions
HAPPY NEW YEAR! The Computer Incident Response Team of The Bahamas (CIRT-BS) wishes you a happy, safe and secure 2023! We are pleased to share seven (7) New Year’s Resolutions that you can adopt to improve your cybersecurity.
Recap: Cybersecurity Month 2022
On Thursday, 27th October 2022, the Computer Incident Response Team of The Bahamas (CIRT-BS) organized and hosted a webinar under the theme: Creating a Cyber Smart Bahamas Through Education and Awareness. Over one hundred (100) attendees had the opportunity to receive cyber security essentials and ask questions during the Q&A that followed each presentation as CIRT-BS brought Cybersecurity Month 2022 to a close. Webinar Presenter Included: Sametria
The Bahamas strengthens its cybersecurity capacity
The Bahamas has launched a project with ITU to set up a national Computer Incident Response Team (CIRT) to help protect the small island country’s critical digital infrastructure and data. The National Cybersecurity Project, started in January and officially launched in February at national level, aims to help assess current Bahamian capabilities in this rapidly evolving field, as well as develop its National Cybersecurity Strategy.
The Deal on Cyber Monday
Cyber Monday is a great time to score on big deals; however, cyber criminals use this day to try to score big with your wallet
The Bahamas’ National Cybersecurity Strategy
The National Cybersecurity Strategy (NCS) is a set of strategic principles, guidelines, objectives, and specific measures to mitigate risk associated with cybersecurity. The document is
Wrong QR Code
SIKE! You scanned the wrong QR Code. QR Codes, or quick response codes, are convenient tools that allow us to share electronic information quickly. However,
New Advisory: (Critical) FortiManager Zero-Day Exploitation
ⓘ This advisory addresses a zero-day vulnerability impacting FortiManager and FortiManagerCloud. Attention constituent: A known, successfully exploited critical zero-day vulnerability (CVE-2024-47575) has been identified in
Cybersecurity Awareness Month: The Truth About Software Updates
Those pesky updates. They’re annoying but so critical to do! While, at times, they may seem inconvenient, these updates ensure that your devices and apps
Cybersecurity Awareness Month: Now That’s a Red Flag: Watch Out for Phish!
Did you know that one of the most common cyber attacks reported at the National CIRT originate from a phishing attempt that an unlucky victim
Join Us for the “Secure Our World” Cybersecurity Awareness Month Webinar + Q&A
Register for the CIRT-BS Cybersecurity Awareness Webinar to secure your spot. Join Us for the “Secure Our World” Cybersecurity Awareness Month Webinar + Q&A Cybersecurity is
PRESS RELEASE: Bahamas’ National CIRT Director Sametria McKinney Honoured for Advancing Global Cyber Security
FOR IMMEDIATE RELEASE 17 October 2024 Bahamas’ National CIRT Director Sametria McKinney Honoured for Advancing Global Cyber Security NASSAU, The Bahamas—The National Computer Incident Response
Cybersecurity Awareness Month: Enable MFA; Disable the Hackers
Last week, we kicked off Cybersecurity Awareness Month, detailing strong passwords as your first line of defence against a cyber attack; this week, we cover
Cybersecurity Awareness Month: Use a Strong Password + a Password Manager
Cybersecurity professionals always say it, but it’s true: passwords are your first line of defence against data breaches. Because of this, it is crucial to
PRESS RELEASE: CIRT-BS CELEBRATES CYBERSECURITY AWARENESS MONTH WITH “SECURE OUR WORLD” CAMPAIGN
NASSAU, The Bahamas—The National Computer Incident Response Team of The Bahamas (CIRT-BS) is proud to announce Cybersecurity Awareness Month 2024 with a focus on the
Help Secure Our World this Cybersecurity Awareness Month
Welcome to Cybersecurity Awareness Month, an international initiative that educates everyone about online safety and empowers individuals and organisations to protect their data from cybercrime.
WhatsApp Account Hijacking Scams Advisory
ⓘ This advisory addresses an increase in compromised WhatsApp accounts. Attention constituent: CIRT-BS is advising members of the public to stay alert as a sophisticated scam
CrowdStrike Update (Phishing Attempts)
ⓘ This advisory addresses new phishing attempts related to CrowdStrike’s Falcon sensor crash. Attention Constituents: Since CrowdStrike deployed its international Falcon sensor fix last Friday,
New Advisory: CrowdStrike Update Crashes Windows Systems Worldwide
ⓘ This advisory addresses a recent update to CrowdStrike’s Falcon sensor which has led to widespread Blue Screen of Death errors. Attention Microsoft service users:
“Free Money” WhatsApp Scam
ⓘ This advisory addresses an uptick in “free money” scams on WhatsApp. Attention constituent: CIRT-BS is observing an uptick in “free money” scams on WhatsApp
Press Release: CIRT-BS Observes Uptick in Parcel Delivery “Smishing” Scams Impacting Members of the General Public
New Providence, The Bahamas—The National Computer Incident Response Team of The Bahamas (CIRT-BS) is observing an uptick in parcel delivery scams involving threat actors impersonating
Parcel Delivery Scams
ⓘ This advisory addresses an uptick in parcel delivery scams. Attention constituent: CIRT-BS is observing an uptick in parcel delivery scams involving threat actors impersonating
Request 1-on-1 Meeting (Organisations Only)
CIRT-BS is offering in-person and virtual introductory one-on-one meetings and tours with our team for government organisations and critical information infrastructure. To request a meeting
Akira Ransomware Exploits Critical Vulnerabilities in ESXi VMware and VPNs
ⓘ This advisory addresses the increase of Akira Ransomware attacks on critical information infrastructure due to VPN vulnerabilities. Attention constituent: CIRT-BS is observing an uptick