Description: An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems. CVE-2021-41355 impacts users of PowerShell 7.1.To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt. Mitigations: Admins are advised to install the updated PowerShell...
Read More
DESCRIPTION:A vulnerability has been discovered in Microsoft MSHTML, which couldallow for remote code execution. MSHTML (also known as Trident) is theengine used for Internet Explorer. It is also used by Microsoft Officeapplications for rendering web based content. Successful exploitation ofthis vulnerability could result in remote code execution in the contextof the affected user. Depending on the privileges associated with theuser, an attacker could view, change,...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox,Firefox Extended Support Release (ESR), and Thunderbird, the most severeof which could allow for arbitrary code execution. Mozilla Firefox is aweb browser used to access the Internet. Mozilla Firefox ESR is aversion of the web browser intended to be deployed in largeorganizations. Successful exploitation of these vulnerabilities couldallow for arbitrary code execution. Depending on the privilegesassociated with the...
Read More
In the world of cyber security threats, Ransomware is a comparatively new word which has become a big concern in the recent years. In the US, May 2016 was the second worst month for Ransomware attacks in history. It came to light first time in the last year and caused a huge loss of data. What is Ransomware? Ransomware is a type of malware that...
Read More
Nowadays password is the most popular authentication system for every online operations. Password has become a must for secured access in most websites. A password policy is a set of rules that aims to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. A password policy is a part of the official regulations of an organization...
Read More
In recent years, Bangladesh has become one of the most vulnerable countries in cyber space. Cyber-attacks often took place, which caused loss of assets in very recent time. With the increasing number of internet users, the number of attacks ratio is also going up. According to the Kaspersky Security Bulletin 2015, Bangladesh is in the second position in the level of infection among all the...
Read More
BGD e-GOV CIRT has successfully completed its one year on 27 July, 2016. An agreement between Bangladesh Computer Council & Norway Registered Development was signed on July 27 2015 for establishment of BGD e-GOV CIRT. According to the office order issued by Bangladesh Computer Council on 11th January 2015, a CIRT team was established under the project “Leveraging ICT for Growth, Employment and Governance Project...
Read More
Government of Bangladesh Information Security Manual (GoBISM) has been published on 29 February 2016. The Government of Bangladesh Information Security Manual (GoBISM) is the explanations of processes and controls that are important for the protection of Bangladesh Government unclassified information and systems. This manual is intended for use by Bangladesh Government departments, agencies and organizations. The document is made based on International Standards ISO/IEC 27001...
Read More
On 28th June 2016 as a part of the procedures to support and secure the use of information technology, Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT) has received mandate published by Information and Communication Technology Division, Ministry of Posts, Telecommunication and IT, Government of People’s Republic of Bangladesh. It is to be mentioned that the CIRT team is working under the project “Leveraging...
Read More
