DESCRIPTION:A vulnerability has been discovered in WebKit GTK and WPE WebKit whichcould allow for arbitrary code execution. * WebKitGTK is a full-featured port of the WebKit rendering engine,suitable for projects requiring any kind of web integration, from hybridHTML/CSS applications to full-fledged web browsers.* WPE is the reference WebKit port for embedded and low-consumptioncomputer devices. Successful exploitation of this vulnerability could allow for arbitrarycode execution. Depending...
Read More
Security researchers have found over 500,000 Huawei smartphone users have downloaded applications tainted with the Joker malware that unwittingly subscribes users to premium mobile services. A report from antivirus maker Doctor Web notes that the malicious apps retained their advertised functionality but downloaded components that subscribed users to premium mobile services. To keep users in the dark the infected apps requested access to notifications, which...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Microsoft ExchangeServer (on premises version) , the most severe of which could allow forarbitrary code execution. Microsoft Exchange Server is a mail serverused to run and manage an organization’s email services. Successfulexploitation of the most severe of these vulnerabilities could allow anattacker to execute arbitrary code in the context of the mail server.Depending on the privileges associated with the...
Read More
DESCRIPTION:A vulnerability has been discovered in Adobe ColdFusion, which couldallow for arbitrary code execution. Adobe ColdFusion is a webapplication development platform. Successful exploitation of thisvulnerability could result in an attacker executing arbitrary code inthe context of the affected application. Depending on the privilegesassociated with the application, an attacker could then installprograms; view, change, or delete data; or create new accounts with fulluser rights. Applications that...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Cisco RV series smallbusiness routers, the most severe of which could allow for arbitrarycode execution. The Cisco RV series routers are recommended forconnecting your small business’ internal network devices to each other.Successful exploitation of the most severe of these vulnerabilitiescould allow an unauthenticated, remote attacker to execute arbitrarycode on the affected systems. IMPACT:Multiple vulnerabilities have been discovered in Cisco...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in Google Chrome, the mostsevere of which could allow for arbitrary code execution. Google Chromeis a web browser used to access the Internet. Successful exploitation ofthe most severe of these vulnerabilities could allow an attacker toexecute arbitrary code in the context of the browser. Depending on theprivileges associated with the application, an attacker could view,change, or delete data. If this...
Read More
Short Description: Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. The vulnerabilities recently being exploited were CVE-2021-26855, CVE-2021-26857,...
Read More
Short Description: Hangover threat group (aka Neon, Viceroy Tiger, MONSOON) carrying out targeted cyberattacks deploying BackConfig malware attacks against government and military organizations in South Asia including Bangladesh. Hangover Group is a cyberespionage group that was first observed in December 2013 carrying on a cyberattack against a telecom corporation in Norway. The Hangover Group’s initial vector of compromise is to carry out spear-phishing campaigns. The...
Read More
The state-run Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT) and Cyber Wales in the United Kingdom signed a memorandum of understanding (MoU) recently to mark the 50th anniversary of Bangladesh’s Independence Day. The MoU will help reinforce the bilateral relations in various fields including economic, investment, protection against cyber-attacks and advisory, and pave the way for further cooperation with BGD e-GOV CIRT and...
Read More
DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis...
Read More
