WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes
Instant messaging app WhatsApp is down since 12.30 pm today as users are not able to send messages to group chats and only one tick was showing to messages sent to individuals. The messages sent to Group chats are not being delivered. Many WhatsApp users reported facing issues with their chats globally. Not only smartphone users but even WhatsApp web and WhatsApp desktop apps were...
Read More
বিজিডি ই-গভ সার্ট এর আয়োজনে আর্থিক প্রতিষ্ঠান সমূহের সাইবার ড্রিল ২০২২ অনুষ্ঠিত
তথ্য ও যোগাযোগ প্রযুক্তি বিভাগের আওতায় স্থাপিত বাংলাদেশ সরকারের জাতীয় কম্পিউটার ইনসিডেন্ট রেসপন্স টিম ‘বিজিডি ই-গভ সার্ট’ -এর বাৎসরিক আয়োজনে ২২-১০-২০২২ তারিখে ব্যাংক ও আর্থিক প্রতিষ্ঠান সমূহের জন্য একটি সাইবার ড্রিল অনুষ্ঠিত হয়। এ সাইবার ড্রিলে ব্যাংক ও আর্থিক প্রতিষ্ঠান হতে ৫০ টি টিমে ২৩২ জন সক্রিয়ভাবে অংশগ্রহণ করেন। ইস্টার্ন ব্যাংক লি. এর EBL Defend Ace টিম, এক্সিম ব্যাংক লি. এর EXM Cyber Rangers এবং...
Read More
ABOUT “BLUEBLEED”SERVICE AND THE VULNERABILITY OF MICROSOFT AWS SERVERS
Attack infoFirst seen 2022-09-24 • Last seen 2022-10-19On October 19, 2022, Socradar announced a vulnerability they discovered in several misconfiguredMicrosoft AWS servers. They also announced the launch of the BlueBleed service, which contains datadownloaded from several misconfigured Microsoft AWS servers.Link to the Socradar announcement – hxxps://socradar[.]io/sensitive-data-of-65000-entities-in-111-countries-leaked-due-to-a-single-misconfigured-data-bucket/ The exposed files in the misconfigured bucket include; POE documents,SOW documents,Invoices,Product orders,Product offers,Project details,Signed customer documents,POC (Proof of Concept)...
Read More
by CIRT Team
CVE-2022-42889: Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults
Vulnerability Description:Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These...
Read More
by CIRT Team
CVE-2022-41352: Remote Code Execution Vulnerability in Zimbra Collaboration Suite
CVSS 3.0: 9.8 (Critical) Vulnerability DescriptionAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a...
Read More
New PHP information-stealing malware targets Facebook accounts
A new Ducktail phishing campaign is spreading a never-before-seen Windows information-stealing malware written in PHP used to steal Facebook accounts, browser data, and cryptocurrency wallets. Ducktail phishing campaigns were first revealed by researchers from WithSecure in July 2022, who linked the attacks to Vietnamese hackers. Those campaigns relied on social engineering attacks through LinkedIn, pushing .NET Core malware masquerading as a PDF document supposedly containing details about a marketing...
Read More
Magniber ransomware now infects Windows users via JavaScript files
A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates. Threat actors created in September websites that promoted fake antivirus and security updates for Windows 10. The downloaded malicious files (ZIP archives) contained JavaScript that initiated an intricate infection with the file-encrypting malware. A report from HP’s threat intelligence team notes that Magniber ransomware operators demanded payment of up to $2,500...
Read More
Feature-Rich ‘Alchimist’ Cyberattack Framework Targets Windows, Mac, Linux Environments
Experts discovered a new attack framework, including a C2 tool dubbed Alchimist, used in attacks against Windows, macOS, and Linux systems. Researchers from Cisco Talos discovered a new, previously undocumented attack framework that included a C2 dubbed Alchimist. The framework is likely being used in attacks aimed at Windows, macOS, and Linux systems. The experts also spotted a new GoLang malware dubbed Insekt supporting remote...
Read More
by CIRT Team
CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy
An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiOS, FortiProxy and FortiSwitchManager may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. Exploitation Status: Fortinet recommends immediately validating systems against the following indicator of compromise in the device’s logs: user=”Local_Process_Access” Affected ProductsFortiOS version 7.2.0 through 7.2.1FortiOS version 7.0.0 through 7.0.6FortiProxy version 7.2.0FortiProxy...
Read More
CVE-2022-41352: Remote Code Execution Vulnerability in Zimbra Collaboration Suite CVSS 3.0: 9.8 (Critical)
Vulnerability DescriptionAn issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation...
Read More
