Microsoft Releases November 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. Therefore, BtCIRT recommended users and administrators to review Microsoft’s November 2022 Security Update Guide and Deployment Information and apply the necessary updates....

VMware Releases Security Updates

VMware has released security updates to address multiple vulnerabilities in VMware Workspace ONE Assist. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. Therefore, BtCIRT recommended users and administrators to review VMware Security Advisory VMSA-2022-0028 and apply the necessary updates and workarounds....

OpenSSL Releases Security Update

OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, “can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution,” allowing them to take control of an affected system. BtCIRT recommended users and administrators to review the OpenSSL advisory, blog, OpenSSL 3.0.7 announcement, and upgrade to OpenSSL 3.0.7. For additional information on...

BtCIRT Annual Report July 2021 -June 2022

The annual report covers all the major activities, initiatives and incidents handled by the Bhutan Computer Incident Response Team (BtCIRT) for the 2021-2022 financial year (FY), from July 2021 till June 2022. In 2021, although the COVID pandemic continued and the nation experienced a few lock downs and restrictions, BtCIRT was able to meet some critical targets for the year. The country’s first ever “Cybersecurity Week” was successfully conducted. Articles and alerts on latest cyber trends, threats, vulnerabilities and best practices were also published. Majority of the workshops and training were carried out online due to the pandemic....