When you log into your facebook using your id and password- you get an access token in return. These tokens are the equivalent of digital keys that keep people logged in to Facebook, so they don’t need to re-enter their password every time they use the app. This access token is used to prove your identity throughout all your activities in facebook- the likes/comments that...
Read More
A new form of misinformation is poised to spread through online communities as the 2018 midterm election campaigns heat up. Called “deepfakes” after the pseudonymous online account that popularized the technique – which may have chosen its name because the process uses a technical method called “deep learning” – these fake videos look very realistic. So far, people have used deepfake videos in pornography and...
Read More
ওআইসি-সার্ট (The Organization of The Islamic Cooperation – Computer Emergency Response Teams, OIC-CERT) একটি নেতৃস্থানীয় আন্তর্জাতিক সংস্থা যার মূল লক্ষ্য হল সমগ্র বিশ্বব্যাপী সাইবার সুরক্ষা প্ল্যাটফর্ম তৈরিতে অগ্রণী ভূমিকা পালন করা এবং বিশ্বের বিভিন্ন সার্ট সংস্থাগুলোর মাঝে অভ্যন্তরীণ সহযোগিতার মাধ্যমে সাইবার হুমকিগুলো মোকাবেলা ও হ্রাস করা। ওআইসি-সার্ট প্রতি বছরই তার সদস্য সংস্থাগুলোর সক্ষমতা যাচাইয়ের লক্ষে সাইবার সিকিউরিটি ড্রিলের আয়োজন করে থাকে। বিশ্বের সাম্প্রতিক কোন একটি...
Read More
Background OIC-CERT CYBER SECURITY DRILL is an annual event for OIC-CERT members to build a better and secure Cybersecurity ecosystem, including the capacity in incident handling with suitable and comprehensive response as well as engaging better collaboration and coordination among CSIRT organizations from different countries. The final goal of this event is to get a more realistic experience in anticipating and handling some incidents related...
Read More
BGD e-GOV CIRT has been listed as Trusted Introducer of TF-CSIRT from 14 September 2018. Constituency of BGD e-GOV CIRT are all governmental institutions of Bangladesh. Constituency sector is “government” and constituency type is “mixed” (internal and external). Part of the constituency is using National Data Center (NDC) located at BCC where host their IT resources and services. Security and Incident Response teams manage the...
Read More
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution...
Read More
Recently, there have been many incidents of ransomware attacks. Once users are infected by ransomware, it is almost impossible to decrypt it by technical means that users can only be forced to abandon data or pay ransom to solve. Therefore, unlike other virus Trojans, the “pre-defense strategy” is different from the “after-the-fact killing strategy”. Today, we would like to make a brief summary of the...
Read More
Description: Microsoft has released updates to address multiple vulnerabilities in Microsoft software. The September security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps ChakraCore Adobe Flash Player .NET Framework Microsoft.Data.OData ASP.NET Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are...
Read More
Description: Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion. These updates address an important vulnerability in Adobe Flash Player 30.0.0.154 and earlier versions. Successful exploitation could lead to information disclosure. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/flash-player/apsb18-31.html https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html
A few days ago, an elevation of privilege vulnerability in Windows was exposed, but only two days later, an organization called Powerpool was eyeing this vulnerability, and also produced a Trojan. Even though the Trojan is produced in a very short period, its attack power is still significant. Once the computer is attacked, the attacker can intercept the user’s screen to upload and download files,...
Read More
