Sites promoting a bogus Corona Antivirus are taking advantage of the current COVID-19 pandemic to promote and distribute a malicious payload that will infect the target’s computer with the BlackNET RAT and add it to a botnet. The two sites promoting the fake antivirus software can be found at antivirus-covid19[.]site and corona-antivirus[.]com as discovered by the Malwarebytes Threat Intelligence team and researchers at MalwareHunterTeam, respectively. While the former was...
Read More
Threat actors are utilizing the global spread of COVID-19 (Coronavirus) to conduct malicious activity. As the world responds to this threat in various ways, actors are attempting to use the chaos to their advantage. COVID-19 is being weaponized for scare tactics by threat actors for conducting malicious activity utilizing different Tactics, Techniques, and Procedures (TTPs). While the majority of observations made by Anomali Threat Research...
Read More
As governments attempt to marshal the right response to the COVID-19 outbreak, their efforts are being complicated by malware – including ransomware – attacks continuing to hit healthcare organizations. Some of those facilities are not only treating patients with the disease but also serving as frontline virus-testing labs. See Also: Role of Deception in the ‘New Normal’ With COVID-19 declared a pandemic by the World Health Organization, healthcare...
Read More
The Zeus Sphinx banking Trojan has recently resurfaced after a three years hiatus as part of a coronavirus-themed phishing campaign, the most common theme behind most attacks by far during the current pandemic. Zeus Sphinx (also known as Zloader and Terdot) is a malware strain that was initially spotted back in August 2015 when its operators used it to attack several British financial targets and it is...
Read More
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security. Report : Following is the CVE report from BGD e-GOV CIRT for the month of March 2020.
মোবাইল ফোন বিবর্তনের ধারাবাহিকতায় বর্তমানে স্মার্টফোন সবার হাতেই। স্মার্টফোন ব্যবহারে একে অপরের সাথে যোগাযোগের মাধ্যমগুলোতে বেশ বৈচিত্র এসেছে। মোবাইলের ব্যবহার আগের মত শুধু কল করা বা মেসেজ আদান প্রদানেই সীমাবদ্ধ নেই। অনেকগুলো সফটওয়্যার এখন স্মার্টফোনে ব্যবহৃত হয়। হোয়াটসঅ্যাপ তাদের মধ্যে অন্যতম। হোয়াটসঅ্যাপ চ্যাটিং-এর মূলধারনা থেকে আবির্ভাব হলেও বর্তমানে বিশ্বব্যপী বহুল প্রচলিত যোগাযোগ মাধ্যমগুলোর একটিতে পরিণত হয়েছে। হোয়াটসঅ্যাপ ব্যবহারে কিছু বিষয়ের প্রতি খুব যত্নবান হতে হবে...
Read More
Description: A vulnerability has been discovered in Microsoft Windows SMB Server that could allow for remote code execution. This vulnerability is due to an error in handling maliciously crafted compressed data packets within version 3.1.1 of Server Message Blocks. To exploit this vulnerability, an attacker can send specially crafted compressed data packets to a target Microsoft Server Message Block 3.0 (SMBv3) server. Clients who connects...
Read More
Dated : 11 March 2020 The Asia Pacific Computer Emergency Response Team (APCERT) today has successfully completed its annual drill to test the response capability of leading Computer Security Incident Response Teams (CSIRT) within the Asia Pacific economies. The theme of this year’s APCERT Drill is “Banker doubles down on Miner”. This exercise reflects real incidents and issues that exist on the Internet. The participants...
Read More
Various government-backed hacking groups and APTs are targeting and exploiting a vulnerability in Microsoft Exchange email servers. The vulnerability was patched last month February 2020. Volexity, a UK cyber security firm was the first to discover these exploitation attempts on Friday. But neither did they share the names of the hacking groups nor did they comment further on the matter. It is rumoured that the...
Read More