Category: ALERTS/NEWS

OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, “can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution,” allowing them to take control of an affected system. BtCIRT recommended users and administrators to review the OpenSSL advisory, blog, OpenSSL 3.0.7 announcement, and upgrade to OpenSSL 3.0.7. For additional information on...

The annual report covers all the major activities, initiatives and incidents handled by the Bhutan Computer Incident Response Team (BtCIRT) for the 2021-2022 financial year (FY), from July 2021 till June 2022. In 2021, although the COVID pandemic continued and the nation experienced a few lock downs and restrictions, BtCIRT was able to meet some critical targets for the year. The country’s first ever “Cybersecurity Week” was successfully conducted. Articles and alerts on latest cyber trends, threats, vulnerabilities and best practices were also published. Majority of the workshops and training were carried out online due to the pandemic....

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.  Therefore BtCIRT recommended users and administrators to review the following Samba Security Announcements and apply the necessary updates and workarounds.  •    CVE-2022-3437  •    CVE-2022-3592...

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device.  Therefore BtCIRT recommended users and administrators to review the Apple security updates page for the following products and apply the necessary updates as soon as possible:  •    Safari 16.1 •    iOS 16.1 and iPadOS 16 •    macOS Big Sur 11.7.1 •    macOS Monterey 12.6.1•    macOS Ventura 13 •    tvOS 16.1 •    watchOS 9.1 ...

Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine (ISE). A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security Advisories page.  Therefore,BtCIRT recommended users and administrators to review Cisco Advisory cisco-sa-ise-path-trav-Dz5dpzyM and apply the necessary updates....