by CIRT Team
OBSERVED APT-C-61 THREAT ACTOR’S MALICIOUS ACTIVITIES TARGETING BANGLADESH
CYBER THREAT ALERT Cyber Threat Intelligence unit of BGD e-GOV CIRT recently observed a series of malicious and suspicious activities, organized by an unknown APT group named APT-C-61, which was being observed starting in mid-2021. In primary observation, till now the target was important organizations such as national institutions, military industry, and scientific research institutions of Pakistan and Bangladesh to steal classified information. Details are...
Read More
by CIRT Team
CVE-2020-0951: Windows Defender Application Control Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploited this vulnerability could execute PowerShell commands that would be blocked by WDAC. The CVE-2020-0951 vulnerability affects both PowerShell 7 and PowerShell 7.1 versions.To check the PowerShell version you are running and determine if you are vulnerable to attacks...
Read More
by CIRT Team
CVE-2021-41355: .NET Core and Visual Studio Information Disclosure Vulnerability
Description: An Information Disclosure vulnerability exists in .NET where System.DirectoryServices.Protocols.LdapConnection may send credentials in plain text on non-Windows Operating systems. CVE-2021-41355 impacts users of PowerShell 7.1.To check the PowerShell version you are running and determine if you are vulnerable to attacks exploiting these two bugs, you can execute the pwsh -v command from a Command Prompt. Mitigations: Admins are advised to install the updated PowerShell...
Read More
by CIRT Team
A Vulnerability in Microsoft MSHTML Could Allow for Remote Code Execution
DESCRIPTION:A vulnerability has been discovered in Microsoft MSHTML, which couldallow for remote code execution. MSHTML (also known as Trident) is theengine used for Internet Explorer. It is also used by Microsoft Officeapplications for rendering web based content. Successful exploitation ofthis vulnerability could result in remote code execution in the contextof the affected user. Depending on the privileges associated with theuser, an attacker could view, change,...
Read More
by CIRT Team
Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Arbitrary Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in Mozilla Firefox,Firefox Extended Support Release (ESR), and Thunderbird, the most severeof which could allow for arbitrary code execution. Mozilla Firefox is aweb browser used to access the Internet. Mozilla Firefox ESR is aversion of the web browser intended to be deployed in largeorganizations. Successful exploitation of these vulnerabilities couldallow for arbitrary code execution. Depending on the privilegesassociated with the...
Read More
by CIRT Team
A Vulnerability in Confluence Server and Data Center Could Allow for Arbitrary Code Execution
DESCRIPTION:A vulnerability has been discovered in Confluence Server and DataCenter, which could allow for arbitrary code execution. Confluence is awiki tool used to help teams collaborate and share knowledgeefficiently. Successful exploitation of this vulnerability could allowan unauthenticated user to execute arbitrary code on a Confluence Serveror Data Center instance. Depending on the privileges associated with theinstance, an attacker could view, change, or delete data. IMPACT:US...
Read More
by CIRT Team
Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution
DESCRIPTION:Multiple vulnerabilities have been discovered in the Google Androidoperating system (OS), the most severe of which could allow for remotecode execution. Android is an operating system developed by Google formobile devices, including, but not limited to, smartphones, tablets, andwatches. Successful exploitation of the most severe of thesevulnerabilities could allow for remote code execution within the contextof a privileged process. Depending on the privileges associated withthis...
Read More
by CIRT Team
Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860
Apple has released security updates to address vulnerabilities—CVE-2021-30858 and CVE-2021-30860—in multiple products. An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild. CISA encourages users and administrators to review the security update pages for the following products and apply the necessary updates. macOS Big Sur 11.6...
Read More
by CIRT Team
A Vulnerability in Confluence Server and Data Center Could Allow for Arbitrary Code Execution
DESCRIPTION:A vulnerability has been discovered in Confluence Server and DataCenter, which could allow for arbitrary code execution. Confluence is awiki tool used to help teams collaborate and share knowledgeefficiently. Successful exploitation of this vulnerability could allowan unauthenticated user to execute arbitrary code on a Confluence Serveror Data Center instance. Depending on the privileges associated with theinstance, an attacker could view, change, or delete data. IMPACT:A...
Read More
